@mastra/server 1.0.4-alpha.1 → 1.0.4

package/dist/index.cjs

@@ -1,2 +1,8 @@
 'use strict';
 
+// src/index.ts
+throw new Error(`No exports are available from the top-level "@mastra/server" package.
+
+Use specific subpath imports instead, e.g. "@mastra/server/handlers" or "@mastra/server/handlers/tools".`);
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,MAAM,IAAI,KAAA,CAAM,CAAA;;AAAA,wGAAA,CAEyF,CAAA","file":"index.cjs","sourcesContent":["throw new Error(`No exports are available from the top-level \"@mastra/server\" package.\n\nUse specific subpath imports instead, e.g. \"@mastra/server/handlers\" or \"@mastra/server/handlers/tools\".`);\n"]}

package/dist/index.d.ts

@@ -1 +1,2 @@
 export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -1 +1,6 @@
+// src/index.ts
+throw new Error(`No exports are available from the top-level "@mastra/server" package.
 
+Use specific subpath imports instead, e.g. "@mastra/server/handlers" or "@mastra/server/handlers/tools".`);
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";AAAA,MAAM,IAAI,KAAA,CAAM,CAAA;;AAAA,wGAAA,CAEyF,CAAA","file":"index.js","sourcesContent":["throw new Error(`No exports are available from the top-level \"@mastra/server\" package.\n\nUse specific subpath imports instead, e.g. \"@mastra/server/handlers\" or \"@mastra/server/handlers/tools\".`);\n"]}

package/dist/server/a2a/protocol.d.ts

@@ -0,0 +1,8 @@
+import type { JSONRPCError, JSONRPCResponse, Message } from '@mastra/core/a2a';
+import type { CoreMessage } from '@mastra/core/llm';
+import type { IMastraLogger } from '@mastra/core/logger';
+export declare function normalizeError(error: any, reqId: number | string | null, taskId?: string, logger?: IMastraLogger): JSONRPCResponse<null, unknown>;
+export declare function createErrorResponse(id: number | string | null, error: JSONRPCError<unknown>): JSONRPCResponse<null, unknown>;
+export declare function createSuccessResponse<T>(id: number | string | null, result: T): JSONRPCResponse<T>;
+export declare function convertToCoreMessage(message: Message): CoreMessage;
+//# sourceMappingURL=protocol.d.ts.map

package/dist/server/a2a/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../../src/server/a2a/protocol.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,eAAe,EAAE,OAAO,EAAQ,MAAM,kBAAkB,CAAC;AACrF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,wBAAgB,cAAc,CAC5B,KAAK,EAAE,GAAG,EACV,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAC7B,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,aAAa,GACrB,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAoBhC;AAED,wBAAgB,mBAAmB,CACjC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAC1B,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC,GAC3B,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAOhC;AAED,wBAAgB,qBAAqB,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAWlG;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,WAAW,CAKlE"}

package/dist/server/a2a/store.cjs

@@ -0,0 +1,25 @@
+'use strict';
+
+// src/server/a2a/store.ts
+var InMemoryTaskStore = class {
+  store = /* @__PURE__ */ new Map();
+  activeCancellations = /* @__PURE__ */ new Set();
+  async load({ agentId, taskId }) {
+    const entry = this.store.get(`${agentId}-${taskId}`);
+    if (!entry) {
+      return null;
+    }
+    return { ...entry };
+  }
+  async save({ agentId, data }) {
+    const key = `${agentId}-${data.id}`;
+    if (!data.id) {
+      throw new Error("Task ID is required");
+    }
+    this.store.set(key, { ...data });
+  }
+};
+
+exports.InMemoryTaskStore = InMemoryTaskStore;
+//# sourceMappingURL=store.cjs.map
+//# sourceMappingURL=store.cjs.map

package/dist/server/a2a/store.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/a2a/store.ts"],"names":[],"mappings":";;;AAEO,IAAM,oBAAN,MAAwB;AAAA,EACrB,KAAA,uBAA+B,GAAA,EAAI;AAAA,EACpC,mBAAA,uBAA0B,GAAA,EAAY;AAAA,EAE7C,MAAM,IAAA,CAAK,EAAE,OAAA,EAAS,QAAO,EAA8D;AACzF,IAAA,MAAM,KAAA,GAAQ,KAAK,KAAA,CAAM,GAAA,CAAI,GAAG,OAAO,CAAA,CAAA,EAAI,MAAM,CAAA,CAAE,CAAA;AAEnD,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,OAAO,EAAE,GAAG,KAAA,EAAM;AAAA,EACpB;AAAA,EAEA,MAAM,IAAA,CAAK,EAAE,OAAA,EAAS,MAAK,EAAmD;AAE5E,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,KAAK,EAAE,CAAA,CAAA;AACjC,IAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AACA,IAAA,IAAA,CAAK,MAAM,GAAA,CAAI,GAAA,EAAK,EAAE,GAAG,MAAM,CAAA;AAAA,EACjC;AACF","file":"store.cjs","sourcesContent":["import type { Task } from '@mastra/core/a2a';\n\nexport class InMemoryTaskStore {\n  private store: Map<string, Task> = new Map();\n  public activeCancellations = new Set<string>();\n\n  async load({ agentId, taskId }: { agentId: string; taskId: string }): Promise<Task | null> {\n    const entry = this.store.get(`${agentId}-${taskId}`);\n\n    if (!entry) {\n      return null;\n    }\n\n    // Return copies to prevent external mutation\n    return { ...entry };\n  }\n\n  async save({ agentId, data }: { agentId: string; data: Task }): Promise<void> {\n    // Store copies to prevent internal mutation if caller reuses objects\n    const key = `${agentId}-${data.id}`;\n    if (!data.id) {\n      throw new Error('Task ID is required');\n    }\n    this.store.set(key, { ...data });\n  }\n}\n"]}

package/dist/server/a2a/store.d.ts

@@ -0,0 +1,14 @@
+import type { Task } from '@mastra/core/a2a';
+export declare class InMemoryTaskStore {
+    private store;
+    activeCancellations: Set<string>;
+    load({ agentId, taskId }: {
+        agentId: string;
+        taskId: string;
+    }): Promise<Task | null>;
+    save({ agentId, data }: {
+        agentId: string;
+        data: Task;
+    }): Promise<void>;
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/server/a2a/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../../src/server/a2a/store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAE7C,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,KAAK,CAAgC;IACtC,mBAAmB,cAAqB;IAEzC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAWpF,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAQ9E"}

package/dist/server/a2a/store.js

@@ -0,0 +1,23 @@
+// src/server/a2a/store.ts
+var InMemoryTaskStore = class {
+  store = /* @__PURE__ */ new Map();
+  activeCancellations = /* @__PURE__ */ new Set();
+  async load({ agentId, taskId }) {
+    const entry = this.store.get(`${agentId}-${taskId}`);
+    if (!entry) {
+      return null;
+    }
+    return { ...entry };
+  }
+  async save({ agentId, data }) {
+    const key = `${agentId}-${data.id}`;
+    if (!data.id) {
+      throw new Error("Task ID is required");
+    }
+    this.store.set(key, { ...data });
+  }
+};
+
+export { InMemoryTaskStore };
+//# sourceMappingURL=store.js.map
+//# sourceMappingURL=store.js.map

package/dist/server/a2a/store.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/a2a/store.ts"],"names":[],"mappings":";AAEO,IAAM,oBAAN,MAAwB;AAAA,EACrB,KAAA,uBAA+B,GAAA,EAAI;AAAA,EACpC,mBAAA,uBAA0B,GAAA,EAAY;AAAA,EAE7C,MAAM,IAAA,CAAK,EAAE,OAAA,EAAS,QAAO,EAA8D;AACzF,IAAA,MAAM,KAAA,GAAQ,KAAK,KAAA,CAAM,GAAA,CAAI,GAAG,OAAO,CAAA,CAAA,EAAI,MAAM,CAAA,CAAE,CAAA;AAEnD,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,OAAO,EAAE,GAAG,KAAA,EAAM;AAAA,EACpB;AAAA,EAEA,MAAM,IAAA,CAAK,EAAE,OAAA,EAAS,MAAK,EAAmD;AAE5E,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,KAAK,EAAE,CAAA,CAAA;AACjC,IAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AACA,IAAA,IAAA,CAAK,MAAM,GAAA,CAAI,GAAA,EAAK,EAAE,GAAG,MAAM,CAAA;AAAA,EACjC;AACF","file":"store.js","sourcesContent":["import type { Task } from '@mastra/core/a2a';\n\nexport class InMemoryTaskStore {\n  private store: Map<string, Task> = new Map();\n  public activeCancellations = new Set<string>();\n\n  async load({ agentId, taskId }: { agentId: string; taskId: string }): Promise<Task | null> {\n    const entry = this.store.get(`${agentId}-${taskId}`);\n\n    if (!entry) {\n      return null;\n    }\n\n    // Return copies to prevent external mutation\n    return { ...entry };\n  }\n\n  async save({ agentId, data }: { agentId: string; data: Task }): Promise<void> {\n    // Store copies to prevent internal mutation if caller reuses objects\n    const key = `${agentId}-${data.id}`;\n    if (!data.id) {\n      throw new Error('Task ID is required');\n    }\n    this.store.set(key, { ...data });\n  }\n}\n"]}

package/dist/server/a2a/tasks.d.ts

@@ -0,0 +1,20 @@
+import type { Message, Task, TaskStatus, TaskContext, TaskArtifactUpdateEvent } from '@mastra/core/a2a';
+import type { IMastraLogger } from '@mastra/core/logger';
+import type { InMemoryTaskStore } from './store.js';
+export declare function applyUpdateToTask(current: Task, update: Omit<TaskStatus, 'timestamp'> | TaskArtifactUpdateEvent): Task;
+export declare function loadOrCreateTask({ agentId, taskId, taskStore, message, contextId, metadata, logger, }: {
+    agentId: string;
+    taskId: string;
+    taskStore: InMemoryTaskStore;
+    message: Message;
+    contextId?: string;
+    metadata?: Record<string, unknown>;
+    logger?: IMastraLogger;
+}): Promise<Task>;
+export declare function createTaskContext({ task, userMessage, history, activeCancellations, }: {
+    task: Task;
+    userMessage: Message;
+    history: Message[];
+    activeCancellations: Set<string>;
+}): TaskContext;
+//# sourceMappingURL=tasks.d.ts.map

package/dist/server/a2a/tasks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tasks.d.ts","sourceRoot":"","sources":["../../../src/server/a2a/tasks.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,IAAI,EAEJ,UAAU,EACV,WAAW,EACX,uBAAuB,EAExB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAUjD,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,IAAI,EACb,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,GAAG,uBAAuB,GAC9D,IAAI,CA8CN;AAED,wBAAsB,gBAAgB,CAAC,EACrC,OAAO,EACP,MAAM,EACN,SAAS,EACT,OAAO,EACP,SAAS,EACT,QAAQ,EACR,MAAM,GACP,EAAE;IACD,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,iBAAiB,CAAC;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB,GAAG,OAAO,CAAC,IAAI,CAAC,CAoDhB;AAED,wBAAgB,iBAAiB,CAAC,EAChC,IAAI,EACJ,WAAW,EACX,OAAO,EACP,mBAAmB,GACpB,EAAE;IACD,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,OAAO,CAAC;IACrB,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CAClC,GAAG,WAAW,CAOd"}

package/dist/server/auth/defaults.d.ts

@@ -0,0 +1,3 @@
+import type { MastraAuthConfig } from '@mastra/core/server';
+export declare const defaultAuthConfig: MastraAuthConfig;
+//# sourceMappingURL=defaults.d.ts.map

package/dist/server/auth/defaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../../src/server/auth/defaults.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5D,eAAO,MAAM,iBAAiB,EAAE,gBAsB/B,CAAC"}

package/dist/server/auth/helpers.d.ts

@@ -0,0 +1,14 @@
+import type { MastraAuthConfig } from '@mastra/core/server';
+/**
+ * Check if request is from dev playground
+ * @param getHeader - Function to get header value from request
+ */
+export declare const isDevPlaygroundRequest: (path: string, method: string, getHeader: (name: string) => string | undefined, authConfig: MastraAuthConfig) => boolean;
+export declare const isCustomRoutePublic: (path: string, method: string, customRouteAuthConfig?: Map<string, boolean>) => boolean;
+export declare const isProtectedPath: (path: string, method: string, authConfig: MastraAuthConfig, customRouteAuthConfig?: Map<string, boolean>) => boolean;
+export declare const canAccessPublicly: (path: string, method: string, authConfig: MastraAuthConfig) => boolean;
+export declare const pathMatchesPattern: (path: string, pattern: string) => boolean;
+export declare const pathMatchesRule: (path: string, rulePath: string | RegExp | string[] | undefined) => boolean;
+export declare const matchesOrIncludes: (values: string | string[], value: string) => boolean;
+export declare const checkRules: (rules: MastraAuthConfig["rules"], path: string, method: string, user: unknown) => Promise<boolean>;
+//# sourceMappingURL=helpers.d.ts.map

package/dist/server/auth/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../src/server/auth/helpers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAI5D;;;GAGG;AACH,eAAO,MAAM,sBAAsB,GACjC,MAAM,MAAM,EACZ,QAAQ,MAAM,EACd,WAAW,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,EAC/C,YAAY,gBAAgB,KAC3B,OAMF,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,MAAM,MAAM,EACZ,QAAQ,MAAM,EACd,wBAAwB,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAC3C,OAkBF,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,MAAM,MAAM,EACZ,QAAQ,MAAM,EACd,YAAY,gBAAgB,EAC5B,wBAAwB,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAC3C,OAGF,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,EAAE,QAAQ,MAAM,EAAE,YAAY,gBAAgB,KAAG,OAK9F,CAAC;AAiCF,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,EAAE,SAAS,MAAM,KAAG,OAQlE,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,MAAM,MAAM,EAAE,UAAU,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,KAAG,OAgBhG,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,QAAQ,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,MAAM,KAAG,OAU5E,CAAC;AAGF,eAAO,MAAM,UAAU,GACrB,OAAO,gBAAgB,CAAC,OAAO,CAAC,EAChC,MAAM,MAAM,EACZ,QAAQ,MAAM,EACd,MAAM,OAAO,KACZ,OAAO,CAAC,OAAO,CA+BjB,CAAC"}

package/dist/server/auth/index.cjs

@@ -0,0 +1,137 @@
+'use strict';
+
+// src/server/auth/defaults.ts
+var defaultAuthConfig = {
+  protected: ["/api/*"],
+  public: ["/api"],
+  // Simple rule system
+  rules: [
+    // Admin users can do anything
+    {
+      condition: (user) => {
+        if (typeof user === "object" && user !== null) {
+          if ("isAdmin" in user) {
+            return !!user.isAdmin;
+          }
+          if ("role" in user) {
+            return user.role === "admin";
+          }
+        }
+        return false;
+      },
+      allow: true
+    }
+  ]
+};
+
+// src/server/auth/helpers.ts
+var isDevPlaygroundRequest = (path, method, getHeader, authConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return process.env.MASTRA_DEV === "true" && (!isAnyMatch(path, method, protectedAccess) || getHeader("x-mastra-dev-playground") === "true");
+};
+var isCustomRoutePublic = (path, method, customRouteAuthConfig) => {
+  if (!customRouteAuthConfig) {
+    return false;
+  }
+  const routeKey = `${method}:${path}`;
+  if (customRouteAuthConfig.has(routeKey)) {
+    return !customRouteAuthConfig.get(routeKey);
+  }
+  const allRouteKey = `ALL:${path}`;
+  if (customRouteAuthConfig.has(allRouteKey)) {
+    return !customRouteAuthConfig.get(allRouteKey);
+  }
+  return false;
+};
+var isProtectedPath = (path, method, authConfig, customRouteAuthConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);
+};
+var canAccessPublicly = (path, method, authConfig) => {
+  const publicAccess = [...defaultAuthConfig.public || [], ...authConfig.public || []];
+  return isAnyMatch(path, method, publicAccess);
+};
+var isAnyMatch = (path, method, patterns) => {
+  if (!patterns) {
+    return false;
+  }
+  for (const patternPathOrMethod of patterns) {
+    if (patternPathOrMethod instanceof RegExp) {
+      if (patternPathOrMethod.test(path)) {
+        return true;
+      }
+    }
+    if (typeof patternPathOrMethod === "string" && pathMatchesPattern(path, patternPathOrMethod)) {
+      return true;
+    }
+    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {
+      const [pattern, methodOrMethods] = patternPathOrMethod;
+      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {
+        return true;
+      }
+    }
+  }
+  return false;
+};
+var pathMatchesPattern = (path, pattern) => {
+  if (pattern.endsWith("*")) {
+    const prefix = pattern.slice(0, -1);
+    return path.startsWith(prefix);
+  }
+  return path === pattern;
+};
+var pathMatchesRule = (path, rulePath) => {
+  if (!rulePath) return true;
+  if (typeof rulePath === "string") {
+    return pathMatchesPattern(path, rulePath);
+  }
+  if (rulePath instanceof RegExp) {
+    return rulePath.test(path);
+  }
+  if (Array.isArray(rulePath)) {
+    return rulePath.some((p) => pathMatchesPattern(path, p));
+  }
+  return false;
+};
+var matchesOrIncludes = (values, value) => {
+  if (typeof values === "string") {
+    return values === value;
+  }
+  if (Array.isArray(values)) {
+    return values.includes(value);
+  }
+  return false;
+};
+var checkRules = async (rules, path, method, user) => {
+  for (const i in rules || []) {
+    const rule = rules?.[i];
+    if (!pathMatchesRule(path, rule.path)) {
+      continue;
+    }
+    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {
+      continue;
+    }
+    const condition = rule.condition;
+    if (typeof condition === "function") {
+      const allowed = await Promise.resolve().then(() => condition(user)).catch(() => false);
+      if (allowed) {
+        return true;
+      }
+    } else if (rule.allow) {
+      return true;
+    }
+  }
+  return false;
+};
+
+exports.canAccessPublicly = canAccessPublicly;
+exports.checkRules = checkRules;
+exports.defaultAuthConfig = defaultAuthConfig;
+exports.isCustomRoutePublic = isCustomRoutePublic;
+exports.isDevPlaygroundRequest = isDevPlaygroundRequest;
+exports.isProtectedPath = isProtectedPath;
+exports.matchesOrIncludes = matchesOrIncludes;
+exports.pathMatchesPattern = pathMatchesPattern;
+exports.pathMatchesRule = pathMatchesRule;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/server/auth/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/auth/defaults.ts","../../../src/server/auth/helpers.ts"],"names":[],"mappings":";;;AAGO,IAAM,iBAAA,GAAsC;AAAA,EACjD,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,EACpB,MAAA,EAAQ,CAAC,MAAM,CAAA;AAAA;AAAA,EAEf,KAAA,EAAO;AAAA;AAAA,IAEL;AAAA,MACE,WAAW,CAAA,IAAA,KAAQ;AACjB,QAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,EAAM;AAC7C,UAAA,IAAI,aAAa,IAAA,EAAM;AACrB,YAAA,OAAO,CAAC,CAAC,IAAA,CAAK,OAAA;AAAA,UAChB;AAEA,UAAA,IAAI,UAAU,IAAA,EAAM;AAClB,YAAA,OAAO,KAAK,IAAA,KAAS,OAAA;AAAA,UACvB;AAAA,QACF;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MACA,KAAA,EAAO;AAAA;AACT;AAEJ;;;ACjBO,IAAM,sBAAA,GAAyB,CACpC,IAAA,EACA,MAAA,EACA,WACA,UAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OACE,OAAA,CAAQ,GAAA,CAAI,UAAA,KAAe,MAAA,KAC1B,CAAC,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,eAAe,CAAA,IAAK,SAAA,CAAU,yBAAyB,CAAA,KAAM,MAAA,CAAA;AAE5F;AAEO,IAAM,mBAAA,GAAsB,CACjC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,QAAA,GAAW,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAClC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,QAAQ,CAAA,EAAG;AACvC,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,QAAQ,CAAA;AAAA,EAC5C;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA;AAAA,EAC/C;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,eAAA,GAAkB,CAC7B,IAAA,EACA,MAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OAAO,UAAA,CAAW,MAAM,MAAA,EAAQ,eAAe,KAAK,CAAC,mBAAA,CAAoB,IAAA,EAAM,MAAA,EAAQ,qBAAqB,CAAA;AAC9G;AAEO,IAAM,iBAAA,GAAoB,CAAC,IAAA,EAAc,MAAA,EAAgB,UAAA,KAA0C;AAExG,EAAA,MAAM,YAAA,GAAe,CAAC,GAAI,iBAAA,CAAkB,MAAA,IAAU,EAAC,EAAI,GAAI,UAAA,CAAW,MAAA,IAAU,EAAG,CAAA;AAEvF,EAAA,OAAO,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,YAAY,CAAA;AAC9C;AAEA,IAAM,UAAA,GAAa,CACjB,IAAA,EACA,MAAA,EACA,QAAA,KACY;AACZ,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,uBAAuB,QAAA,EAAU;AAC1C,IAAA,IAAI,+BAA+B,MAAA,EAAQ;AACzC,MAAA,IAAI,mBAAA,CAAoB,IAAA,CAAK,IAAI,CAAA,EAAG;AAClC,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAA,KAAwB,QAAA,IAAY,kBAAA,CAAmB,IAAA,EAAM,mBAAmB,CAAA,EAAG;AAC5F,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAM,OAAA,CAAQ,mBAAmB,CAAA,IAAK,mBAAA,CAAoB,WAAW,CAAA,EAAG;AAC1E,MAAA,MAAM,CAAC,OAAA,EAAS,eAAe,CAAA,GAAI,mBAAA;AACnC,MAAA,IAAI,mBAAmB,IAAA,EAAM,OAAO,KAAK,iBAAA,CAAkB,eAAA,EAAiB,MAAM,CAAA,EAAG;AACnF,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT,CAAA;AAEO,IAAM,kBAAA,GAAqB,CAAC,IAAA,EAAc,OAAA,KAA6B;AAG5E,EAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,GAAG,CAAA,EAAG;AACzB,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAClC,IAAA,OAAO,IAAA,CAAK,WAAW,MAAM,CAAA;AAAA,EAC/B;AACA,EAAA,OAAO,IAAA,KAAS,OAAA;AAClB;AAEO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAc,QAAA,KAA8D;AAC1G,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,OAAO,kBAAA,CAAmB,MAAM,QAAQ,CAAA;AAAA,EAC1C;AAEA,EAAA,IAAI,oBAAoB,MAAA,EAAQ;AAC9B,IAAA,OAAO,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC3B,IAAA,OAAO,SAAS,IAAA,CAAK,CAAA,CAAA,KAAK,kBAAA,CAAmB,IAAA,EAAM,CAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,iBAAA,GAAoB,CAAC,MAAA,EAA2B,KAAA,KAA2B;AACtF,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA,KAAW,KAAA;AAAA,EACpB;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,IAAA,OAAO,MAAA,CAAO,SAAS,KAAK,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAGO,IAAM,UAAA,GAAa,OACxB,KAAA,EACA,IAAA,EACA,QACA,IAAA,KACqB;AAErB,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,IAAS,EAAC,EAAG;AAC3B,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AAEtB,IAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,IAAA,CAAK,IAAI,CAAA,EAAG;AACrC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,OAAA,IAAW,CAAC,kBAAkB,IAAA,CAAK,OAAA,EAAS,MAAM,CAAA,EAAG;AAC5D,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,IAAA,CAAK,SAAA;AACvB,IAAA,IAAI,OAAO,cAAc,UAAA,EAAY;AACnC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,OAAA,EAAQ,CACnC,IAAA,CAAK,MAAM,SAAA,CAAU,IAAI,CAAC,CAAA,CAC1B,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,KAAK,KAAA,EAAO;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAGA,EAAA,OAAO,KAAA;AACT","file":"index.cjs","sourcesContent":["import type { MastraAuthConfig } from '@mastra/core/server';\n\n// Default configuration that can be extended by clients\nexport const defaultAuthConfig: MastraAuthConfig = {\n  protected: ['/api/*'],\n  public: ['/api'],\n  // Simple rule system\n  rules: [\n    // Admin users can do anything\n    {\n      condition: user => {\n        if (typeof user === 'object' && user !== null) {\n          if ('isAdmin' in user) {\n            return !!user.isAdmin;\n          }\n\n          if ('role' in user) {\n            return user.role === 'admin';\n          }\n        }\n        return false;\n      },\n      allow: true,\n    },\n  ],\n};\n","import type { MastraAuthConfig } from '@mastra/core/server';\n\nimport { defaultAuthConfig } from './defaults';\n\n/**\n * Check if request is from dev playground\n * @param getHeader - Function to get header value from request\n */\nexport const isDevPlaygroundRequest = (\n  path: string,\n  method: string,\n  getHeader: (name: string) => string | undefined,\n  authConfig: MastraAuthConfig,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return (\n    process.env.MASTRA_DEV === 'true' &&\n    (!isAnyMatch(path, method, protectedAccess) || getHeader('x-mastra-dev-playground') === 'true')\n  );\n};\n\nexport const isCustomRoutePublic = (\n  path: string,\n  method: string,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  if (!customRouteAuthConfig) {\n    return false;\n  }\n\n  // Check exact match first\n  const routeKey = `${method}:${path}`;\n  if (customRouteAuthConfig.has(routeKey)) {\n    return !customRouteAuthConfig.get(routeKey); // True when route opts out of auth\n  }\n\n  // Check ALL method\n  const allRouteKey = `ALL:${path}`;\n  if (customRouteAuthConfig.has(allRouteKey)) {\n    return !customRouteAuthConfig.get(allRouteKey);\n  }\n\n  return false;\n};\n\nexport const isProtectedPath = (\n  path: string,\n  method: string,\n  authConfig: MastraAuthConfig,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);\n};\n\nexport const canAccessPublicly = (path: string, method: string, authConfig: MastraAuthConfig): boolean => {\n  // Check if this path+method combination is publicly accessible\n  const publicAccess = [...(defaultAuthConfig.public || []), ...(authConfig.public || [])];\n\n  return isAnyMatch(path, method, publicAccess);\n};\n\nconst isAnyMatch = (\n  path: string,\n  method: string,\n  patterns: MastraAuthConfig['protected'] | MastraAuthConfig['public'],\n): boolean => {\n  if (!patterns) {\n    return false;\n  }\n\n  for (const patternPathOrMethod of patterns) {\n    if (patternPathOrMethod instanceof RegExp) {\n      if (patternPathOrMethod.test(path)) {\n        return true;\n      }\n    }\n\n    if (typeof patternPathOrMethod === 'string' && pathMatchesPattern(path, patternPathOrMethod)) {\n      return true;\n    }\n\n    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {\n      const [pattern, methodOrMethods] = patternPathOrMethod;\n      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {\n        return true;\n      }\n    }\n  }\n\n  return false;\n};\n\nexport const pathMatchesPattern = (path: string, pattern: string): boolean => {\n  // Simple pattern matching that supports wildcards\n  // e.g., '/api/agents/*' matches '/api/agents/123'\n  if (pattern.endsWith('*')) {\n    const prefix = pattern.slice(0, -1);\n    return path.startsWith(prefix);\n  }\n  return path === pattern;\n};\n\nexport const pathMatchesRule = (path: string, rulePath: string | RegExp | string[] | undefined): boolean => {\n  if (!rulePath) return true; // No path specified means all paths\n\n  if (typeof rulePath === 'string') {\n    return pathMatchesPattern(path, rulePath);\n  }\n\n  if (rulePath instanceof RegExp) {\n    return rulePath.test(path);\n  }\n\n  if (Array.isArray(rulePath)) {\n    return rulePath.some(p => pathMatchesPattern(path, p));\n  }\n\n  return false;\n};\n\nexport const matchesOrIncludes = (values: string | string[], value: string): boolean => {\n  if (typeof values === 'string') {\n    return values === value;\n  }\n\n  if (Array.isArray(values)) {\n    return values.includes(value);\n  }\n\n  return false;\n};\n\n// Check authorization rules\nexport const checkRules = async (\n  rules: MastraAuthConfig['rules'],\n  path: string,\n  method: string,\n  user: unknown,\n): Promise<boolean> => {\n  // Go through rules in order (first match wins)\n  for (const i in rules || []) {\n    const rule = rules?.[i]!;\n    // Check if rule applies to this path\n    if (!pathMatchesRule(path, rule.path)) {\n      continue;\n    }\n\n    // Check if rule applies to this method\n    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {\n      continue;\n    }\n\n    // Rule matches, check conditions\n    const condition = rule.condition;\n    if (typeof condition === 'function') {\n      const allowed = await Promise.resolve()\n        .then(() => condition(user))\n        .catch(() => false);\n\n      if (allowed) {\n        return true;\n      }\n    } else if (rule.allow) {\n      return true;\n    }\n  }\n\n  // No matching rules, deny by default\n  return false;\n};\n"]}

package/dist/server/auth/index.d.ts

@@ -0,0 +1,3 @@
+export * from './helpers.js';
+export * from './defaults.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/server/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC"}

package/dist/server/auth/index.js

@@ -0,0 +1,127 @@
+// src/server/auth/defaults.ts
+var defaultAuthConfig = {
+  protected: ["/api/*"],
+  public: ["/api"],
+  // Simple rule system
+  rules: [
+    // Admin users can do anything
+    {
+      condition: (user) => {
+        if (typeof user === "object" && user !== null) {
+          if ("isAdmin" in user) {
+            return !!user.isAdmin;
+          }
+          if ("role" in user) {
+            return user.role === "admin";
+          }
+        }
+        return false;
+      },
+      allow: true
+    }
+  ]
+};
+
+// src/server/auth/helpers.ts
+var isDevPlaygroundRequest = (path, method, getHeader, authConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return process.env.MASTRA_DEV === "true" && (!isAnyMatch(path, method, protectedAccess) || getHeader("x-mastra-dev-playground") === "true");
+};
+var isCustomRoutePublic = (path, method, customRouteAuthConfig) => {
+  if (!customRouteAuthConfig) {
+    return false;
+  }
+  const routeKey = `${method}:${path}`;
+  if (customRouteAuthConfig.has(routeKey)) {
+    return !customRouteAuthConfig.get(routeKey);
+  }
+  const allRouteKey = `ALL:${path}`;
+  if (customRouteAuthConfig.has(allRouteKey)) {
+    return !customRouteAuthConfig.get(allRouteKey);
+  }
+  return false;
+};
+var isProtectedPath = (path, method, authConfig, customRouteAuthConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);
+};
+var canAccessPublicly = (path, method, authConfig) => {
+  const publicAccess = [...defaultAuthConfig.public || [], ...authConfig.public || []];
+  return isAnyMatch(path, method, publicAccess);
+};
+var isAnyMatch = (path, method, patterns) => {
+  if (!patterns) {
+    return false;
+  }
+  for (const patternPathOrMethod of patterns) {
+    if (patternPathOrMethod instanceof RegExp) {
+      if (patternPathOrMethod.test(path)) {
+        return true;
+      }
+    }
+    if (typeof patternPathOrMethod === "string" && pathMatchesPattern(path, patternPathOrMethod)) {
+      return true;
+    }
+    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {
+      const [pattern, methodOrMethods] = patternPathOrMethod;
+      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {
+        return true;
+      }
+    }
+  }
+  return false;
+};
+var pathMatchesPattern = (path, pattern) => {
+  if (pattern.endsWith("*")) {
+    const prefix = pattern.slice(0, -1);
+    return path.startsWith(prefix);
+  }
+  return path === pattern;
+};
+var pathMatchesRule = (path, rulePath) => {
+  if (!rulePath) return true;
+  if (typeof rulePath === "string") {
+    return pathMatchesPattern(path, rulePath);
+  }
+  if (rulePath instanceof RegExp) {
+    return rulePath.test(path);
+  }
+  if (Array.isArray(rulePath)) {
+    return rulePath.some((p) => pathMatchesPattern(path, p));
+  }
+  return false;
+};
+var matchesOrIncludes = (values, value) => {
+  if (typeof values === "string") {
+    return values === value;
+  }
+  if (Array.isArray(values)) {
+    return values.includes(value);
+  }
+  return false;
+};
+var checkRules = async (rules, path, method, user) => {
+  for (const i in rules || []) {
+    const rule = rules?.[i];
+    if (!pathMatchesRule(path, rule.path)) {
+      continue;
+    }
+    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {
+      continue;
+    }
+    const condition = rule.condition;
+    if (typeof condition === "function") {
+      const allowed = await Promise.resolve().then(() => condition(user)).catch(() => false);
+      if (allowed) {
+        return true;
+      }
+    } else if (rule.allow) {
+      return true;
+    }
+  }
+  return false;
+};
+
+export { canAccessPublicly, checkRules, defaultAuthConfig, isCustomRoutePublic, isDevPlaygroundRequest, isProtectedPath, matchesOrIncludes, pathMatchesPattern, pathMatchesRule };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/server/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/auth/defaults.ts","../../../src/server/auth/helpers.ts"],"names":[],"mappings":";AAGO,IAAM,iBAAA,GAAsC;AAAA,EACjD,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,EACpB,MAAA,EAAQ,CAAC,MAAM,CAAA;AAAA;AAAA,EAEf,KAAA,EAAO;AAAA;AAAA,IAEL;AAAA,MACE,WAAW,CAAA,IAAA,KAAQ;AACjB,QAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,EAAM;AAC7C,UAAA,IAAI,aAAa,IAAA,EAAM;AACrB,YAAA,OAAO,CAAC,CAAC,IAAA,CAAK,OAAA;AAAA,UAChB;AAEA,UAAA,IAAI,UAAU,IAAA,EAAM;AAClB,YAAA,OAAO,KAAK,IAAA,KAAS,OAAA;AAAA,UACvB;AAAA,QACF;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MACA,KAAA,EAAO;AAAA;AACT;AAEJ;;;ACjBO,IAAM,sBAAA,GAAyB,CACpC,IAAA,EACA,MAAA,EACA,WACA,UAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OACE,OAAA,CAAQ,GAAA,CAAI,UAAA,KAAe,MAAA,KAC1B,CAAC,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,eAAe,CAAA,IAAK,SAAA,CAAU,yBAAyB,CAAA,KAAM,MAAA,CAAA;AAE5F;AAEO,IAAM,mBAAA,GAAsB,CACjC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,QAAA,GAAW,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAClC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,QAAQ,CAAA,EAAG;AACvC,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,QAAQ,CAAA;AAAA,EAC5C;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA;AAAA,EAC/C;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,eAAA,GAAkB,CAC7B,IAAA,EACA,MAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OAAO,UAAA,CAAW,MAAM,MAAA,EAAQ,eAAe,KAAK,CAAC,mBAAA,CAAoB,IAAA,EAAM,MAAA,EAAQ,qBAAqB,CAAA;AAC9G;AAEO,IAAM,iBAAA,GAAoB,CAAC,IAAA,EAAc,MAAA,EAAgB,UAAA,KAA0C;AAExG,EAAA,MAAM,YAAA,GAAe,CAAC,GAAI,iBAAA,CAAkB,MAAA,IAAU,EAAC,EAAI,GAAI,UAAA,CAAW,MAAA,IAAU,EAAG,CAAA;AAEvF,EAAA,OAAO,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,YAAY,CAAA;AAC9C;AAEA,IAAM,UAAA,GAAa,CACjB,IAAA,EACA,MAAA,EACA,QAAA,KACY;AACZ,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,uBAAuB,QAAA,EAAU;AAC1C,IAAA,IAAI,+BAA+B,MAAA,EAAQ;AACzC,MAAA,IAAI,mBAAA,CAAoB,IAAA,CAAK,IAAI,CAAA,EAAG;AAClC,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAA,KAAwB,QAAA,IAAY,kBAAA,CAAmB,IAAA,EAAM,mBAAmB,CAAA,EAAG;AAC5F,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAM,OAAA,CAAQ,mBAAmB,CAAA,IAAK,mBAAA,CAAoB,WAAW,CAAA,EAAG;AAC1E,MAAA,MAAM,CAAC,OAAA,EAAS,eAAe,CAAA,GAAI,mBAAA;AACnC,MAAA,IAAI,mBAAmB,IAAA,EAAM,OAAO,KAAK,iBAAA,CAAkB,eAAA,EAAiB,MAAM,CAAA,EAAG;AACnF,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT,CAAA;AAEO,IAAM,kBAAA,GAAqB,CAAC,IAAA,EAAc,OAAA,KAA6B;AAG5E,EAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,GAAG,CAAA,EAAG;AACzB,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAClC,IAAA,OAAO,IAAA,CAAK,WAAW,MAAM,CAAA;AAAA,EAC/B;AACA,EAAA,OAAO,IAAA,KAAS,OAAA;AAClB;AAEO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAc,QAAA,KAA8D;AAC1G,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,OAAO,kBAAA,CAAmB,MAAM,QAAQ,CAAA;AAAA,EAC1C;AAEA,EAAA,IAAI,oBAAoB,MAAA,EAAQ;AAC9B,IAAA,OAAO,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC3B,IAAA,OAAO,SAAS,IAAA,CAAK,CAAA,CAAA,KAAK,kBAAA,CAAmB,IAAA,EAAM,CAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,iBAAA,GAAoB,CAAC,MAAA,EAA2B,KAAA,KAA2B;AACtF,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA,KAAW,KAAA;AAAA,EACpB;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,IAAA,OAAO,MAAA,CAAO,SAAS,KAAK,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAGO,IAAM,UAAA,GAAa,OACxB,KAAA,EACA,IAAA,EACA,QACA,IAAA,KACqB;AAErB,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,IAAS,EAAC,EAAG;AAC3B,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AAEtB,IAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,IAAA,CAAK,IAAI,CAAA,EAAG;AACrC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,OAAA,IAAW,CAAC,kBAAkB,IAAA,CAAK,OAAA,EAAS,MAAM,CAAA,EAAG;AAC5D,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,IAAA,CAAK,SAAA;AACvB,IAAA,IAAI,OAAO,cAAc,UAAA,EAAY;AACnC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,OAAA,EAAQ,CACnC,IAAA,CAAK,MAAM,SAAA,CAAU,IAAI,CAAC,CAAA,CAC1B,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,KAAK,KAAA,EAAO;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAGA,EAAA,OAAO,KAAA;AACT","file":"index.js","sourcesContent":["import type { MastraAuthConfig } from '@mastra/core/server';\n\n// Default configuration that can be extended by clients\nexport const defaultAuthConfig: MastraAuthConfig = {\n  protected: ['/api/*'],\n  public: ['/api'],\n  // Simple rule system\n  rules: [\n    // Admin users can do anything\n    {\n      condition: user => {\n        if (typeof user === 'object' && user !== null) {\n          if ('isAdmin' in user) {\n            return !!user.isAdmin;\n          }\n\n          if ('role' in user) {\n            return user.role === 'admin';\n          }\n        }\n        return false;\n      },\n      allow: true,\n    },\n  ],\n};\n","import type { MastraAuthConfig } from '@mastra/core/server';\n\nimport { defaultAuthConfig } from './defaults';\n\n/**\n * Check if request is from dev playground\n * @param getHeader - Function to get header value from request\n */\nexport const isDevPlaygroundRequest = (\n  path: string,\n  method: string,\n  getHeader: (name: string) => string | undefined,\n  authConfig: MastraAuthConfig,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return (\n    process.env.MASTRA_DEV === 'true' &&\n    (!isAnyMatch(path, method, protectedAccess) || getHeader('x-mastra-dev-playground') === 'true')\n  );\n};\n\nexport const isCustomRoutePublic = (\n  path: string,\n  method: string,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  if (!customRouteAuthConfig) {\n    return false;\n  }\n\n  // Check exact match first\n  const routeKey = `${method}:${path}`;\n  if (customRouteAuthConfig.has(routeKey)) {\n    return !customRouteAuthConfig.get(routeKey); // True when route opts out of auth\n  }\n\n  // Check ALL method\n  const allRouteKey = `ALL:${path}`;\n  if (customRouteAuthConfig.has(allRouteKey)) {\n    return !customRouteAuthConfig.get(allRouteKey);\n  }\n\n  return false;\n};\n\nexport const isProtectedPath = (\n  path: string,\n  method: string,\n  authConfig: MastraAuthConfig,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);\n};\n\nexport const canAccessPublicly = (path: string, method: string, authConfig: MastraAuthConfig): boolean => {\n  // Check if this path+method combination is publicly accessible\n  const publicAccess = [...(defaultAuthConfig.public || []), ...(authConfig.public || [])];\n\n  return isAnyMatch(path, method, publicAccess);\n};\n\nconst isAnyMatch = (\n  path: string,\n  method: string,\n  patterns: MastraAuthConfig['protected'] | MastraAuthConfig['public'],\n): boolean => {\n  if (!patterns) {\n    return false;\n  }\n\n  for (const patternPathOrMethod of patterns) {\n    if (patternPathOrMethod instanceof RegExp) {\n      if (patternPathOrMethod.test(path)) {\n        return true;\n      }\n    }\n\n    if (typeof patternPathOrMethod === 'string' && pathMatchesPattern(path, patternPathOrMethod)) {\n      return true;\n    }\n\n    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {\n      const [pattern, methodOrMethods] = patternPathOrMethod;\n      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {\n        return true;\n      }\n    }\n  }\n\n  return false;\n};\n\nexport const pathMatchesPattern = (path: string, pattern: string): boolean => {\n  // Simple pattern matching that supports wildcards\n  // e.g., '/api/agents/*' matches '/api/agents/123'\n  if (pattern.endsWith('*')) {\n    const prefix = pattern.slice(0, -1);\n    return path.startsWith(prefix);\n  }\n  return path === pattern;\n};\n\nexport const pathMatchesRule = (path: string, rulePath: string | RegExp | string[] | undefined): boolean => {\n  if (!rulePath) return true; // No path specified means all paths\n\n  if (typeof rulePath === 'string') {\n    return pathMatchesPattern(path, rulePath);\n  }\n\n  if (rulePath instanceof RegExp) {\n    return rulePath.test(path);\n  }\n\n  if (Array.isArray(rulePath)) {\n    return rulePath.some(p => pathMatchesPattern(path, p));\n  }\n\n  return false;\n};\n\nexport const matchesOrIncludes = (values: string | string[], value: string): boolean => {\n  if (typeof values === 'string') {\n    return values === value;\n  }\n\n  if (Array.isArray(values)) {\n    return values.includes(value);\n  }\n\n  return false;\n};\n\n// Check authorization rules\nexport const checkRules = async (\n  rules: MastraAuthConfig['rules'],\n  path: string,\n  method: string,\n  user: unknown,\n): Promise<boolean> => {\n  // Go through rules in order (first match wins)\n  for (const i in rules || []) {\n    const rule = rules?.[i]!;\n    // Check if rule applies to this path\n    if (!pathMatchesRule(path, rule.path)) {\n      continue;\n    }\n\n    // Check if rule applies to this method\n    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {\n      continue;\n    }\n\n    // Rule matches, check conditions\n    const condition = rule.condition;\n    if (typeof condition === 'function') {\n      const allowed = await Promise.resolve()\n        .then(() => condition(user))\n        .catch(() => false);\n\n      if (allowed) {\n        return true;\n      }\n    } else if (rule.allow) {\n      return true;\n    }\n  }\n\n  // No matching rules, deny by default\n  return false;\n};\n"]}

package/dist/server/handlers/a2a.cjs

@@ -0,0 +1,40 @@
+'use strict';
+
+var chunkCLAEGIP5_cjs = require('../../chunk-CLAEGIP5.cjs');
+
+
+
+Object.defineProperty(exports, "AGENT_EXECUTION_ROUTE", {
+  enumerable: true,
+  get: function () { return chunkCLAEGIP5_cjs.AGENT_EXECUTION_ROUTE; }
+});
+Object.defineProperty(exports, "GET_AGENT_CARD_ROUTE", {
+  enumerable: true,
+  get: function () { return chunkCLAEGIP5_cjs.GET_AGENT_CARD_ROUTE; }
+});
+Object.defineProperty(exports, "getAgentCardByIdHandler", {
+  enumerable: true,
+  get: function () { return chunkCLAEGIP5_cjs.getAgentCardByIdHandler; }
+});
+Object.defineProperty(exports, "getAgentExecutionHandler", {
+  enumerable: true,
+  get: function () { return chunkCLAEGIP5_cjs.getAgentExecutionHandler; }
+});
+Object.defineProperty(exports, "handleMessageSend", {
+  enumerable: true,
+  get: function () { return chunkCLAEGIP5_cjs.handleMessageSend; }
+});
+Object.defineProperty(exports, "handleMessageStream", {
+  enumerable: true,
+  get: function () { return chunkCLAEGIP5_cjs.handleMessageStream; }
+});
+Object.defineProperty(exports, "handleTaskCancel", {
+  enumerable: true,
+  get: function () { return chunkCLAEGIP5_cjs.handleTaskCancel; }
+});
+Object.defineProperty(exports, "handleTaskGet", {
+  enumerable: true,
+  get: function () { return chunkCLAEGIP5_cjs.handleTaskGet; }
+});
+//# sourceMappingURL=a2a.cjs.map
+//# sourceMappingURL=a2a.cjs.map

package/dist/server/handlers/a2a.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"a2a.cjs"}