@mastra/server 1.29.0-alpha.4 → 1.29.0-alpha.6

package/dist/chunk-TRPW2ALA.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/server/auth/defaults.ts","../src/server/auth/path-pattern.ts","../src/server/auth/helpers.ts"],"names":[],"mappings":";;;AAGO,IAAM,iBAAA,GAAsC;AAAA,EACjD,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,EACpB,MAAA,EAAQ,CAAC,MAAA,EAAQ,aAAa,CAAA;AAAA;AAAA,EAE9B,KAAA,EAAO;AAAA;AAAA,IAEL;AAAA,MACE,WAAW,CAAA,IAAA,KAAQ;AACjB,QAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,EAAM;AAC7C,UAAA,IAAI,aAAa,IAAA,EAAM;AACrB,YAAA,OAAO,CAAC,CAAC,IAAA,CAAK,OAAA;AAAA,UAChB;AAEA,UAAA,IAAI,UAAU,IAAA,EAAM;AAClB,YAAA,OAAO,KAAK,IAAA,KAAS,OAAA;AAAA,UACvB;AAAA,QACF;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MACA,KAAA,EAAO;AAAA;AACT;AAEJ;;;ACcO,SAAS,KAAA,CAAM,OAAwB,KAAA,EAAgC;AAC5E,EAAA,IAAI,iBAAiB,MAAA,EAAQ,OAAO,EAAE,IAAA,EAAM,KAAA,EAAO,SAAS,KAAA,EAAM;AAElE,EAAA,IAAI,CAAA;AACJ,EAAA,IAAI,CAAA;AACJ,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI,GAAA;AACJ,EAAA,MAAM,OAAiB,EAAC;AACxB,EAAA,IAAI,OAAA,GAAU,EAAA;AACd,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAE3B,EAAA,GAAA,CAAI,CAAC,CAAA,IAAK,GAAA,CAAI,KAAA,EAAM;AAEpB,EAAA,OAAQ,GAAA,GAAM,GAAA,CAAI,KAAA,EAAM,EAAI;AAC1B,IAAA,CAAA,GAAI,IAAI,CAAC,CAAA;AACT,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AACX,MAAA,OAAA,IAAW,GAAA,CAAI,CAAC,CAAA,KAAM,GAAA,GAAM,YAAA,GAAe,OAAA;AAAA,IAC7C,CAAA,MAAA,IAAW,MAAM,GAAA,EAAK;AACpB,MAAA,CAAA,GAAI,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,CAAC,CAAA;AACtB,MAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,CAAC,CAAA;AACxB,MAAA,IAAA,CAAK,KAAK,GAAA,CAAI,SAAA,CAAU,CAAA,EAAG,CAAC,CAAC,CAAC,CAAA,GAAI,CAAA,GAAI,CAAC,CAAC,CAAC,GAAA,GAAM,GAAA,GAAM,GAAA,CAAI,MAAM,CAAC,CAAA;AAChE,MAAA,OAAA,IAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,gBAAA,GAAmB,WAAA;AAC9C,MAAA,IAAI,CAAC,CAAC,CAAC,GAAA,cAAiB,CAAC,CAAC,CAAC,CAAA,GAAI,GAAA,GAAM,EAAA,IAAM,IAAA,GAAO,GAAA,CAAI,UAAU,GAAG,CAAA;AAAA,IACrE,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,GAAA,GAAM,GAAA;AAAA,IACnB;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,OAAA,EAAS,IAAI,MAAA,CAAO,GAAA,GAAM,WAA+B,QAAQ,GAAG;AAAA,GACtE;AACF;;;AC1DO,IAAM,sBAAA,GAAyB,CACpC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,aAAA,GAAgB,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AACvC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,EAAG;AAC5C,IAAA,OAAO,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,KAAM,IAAA;AAAA,EACtD;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,KAAM,IAAA;AAAA,EACpD;AAGA,EAAA,KAAA,MAAW,CAAC,QAAA,EAAU,YAAY,CAAA,IAAK,qBAAA,CAAsB,SAAQ,EAAG;AACtE,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AACvC,IAAA,IAAI,eAAe,EAAA,EAAI;AACrB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,WAAA,GAAc,QAAA,CAAS,SAAA,CAAU,CAAA,EAAG,UAAU,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,QAAA,CAAS,SAAA,CAAU,UAAA,GAAa,CAAC,CAAA;AAGtD,IAAA,IAAI,WAAA,KAAgB,MAAA,IAAU,WAAA,KAAgB,KAAA,EAAO;AACnD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,kBAAA,CAAmB,IAAA,EAAM,YAAY,CAAA,EAAG;AAC1C,MAAA,OAAO,YAAA,KAAiB,IAAA;AAAA,IAC1B;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAOO,IAAM,yBAAyB,CACpC,IAAA,EACA,MAAA,EACA,SAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OACE,OAAA,CAAQ,IAAI,UAAA,KAAe,MAAA;AAAA,GAEzB,CAAC,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,eAAe,KAAK,CAAC,sBAAA,CAAuB,IAAA,EAAM,MAAA,EAAQ,qBAAqB,CAAA;AAAA,EAEzG,SAAA,CAAU,yBAAyB,CAAA,KAAM,MAAA,CAAA;AAE/C;AAEO,IAAM,mBAAA,GAAsB,CACjC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,aAAA,GAAgB,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AACvC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,EAAG;AAC5C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA;AAAA,EACjD;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA;AAAA,EAC/C;AAGA,EAAA,KAAA,MAAW,CAAC,QAAA,EAAU,YAAY,CAAA,IAAK,qBAAA,CAAsB,SAAQ,EAAG;AACtE,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AACvC,IAAA,IAAI,eAAe,EAAA,EAAI;AACrB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,WAAA,GAAc,QAAA,CAAS,SAAA,CAAU,CAAA,EAAG,UAAU,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,QAAA,CAAS,SAAA,CAAU,UAAA,GAAa,CAAC,CAAA;AAGtD,IAAA,IAAI,WAAA,KAAgB,MAAA,IAAU,WAAA,KAAgB,KAAA,EAAO;AACnD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,kBAAA,CAAmB,IAAA,EAAM,YAAY,CAAA,EAAG;AAC1C,MAAA,OAAO,CAAC,YAAA;AAAA,IACV;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAQO,IAAM,eAAA,GAAkB,CAC7B,IAAA,EACA,MAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OAAO,UAAA,CAAW,MAAM,MAAA,EAAQ,eAAe,KAAK,sBAAA,CAAuB,IAAA,EAAM,QAAQ,qBAAqB,CAAA;AAChH;AAEO,IAAM,iBAAA,GAAoB,CAAC,IAAA,EAAc,MAAA,EAAgB,UAAA,KAA0C;AAExG,EAAA,MAAM,YAAA,GAAe,CAAC,GAAI,iBAAA,CAAkB,MAAA,IAAU,EAAC,EAAI,GAAI,UAAA,CAAW,MAAA,IAAU,EAAG,CAAA;AAEvF,EAAA,OAAO,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,YAAY,CAAA;AAC9C;AAEA,IAAM,UAAA,GAAa,CACjB,IAAA,EACA,MAAA,EACA,QAAA,KACY;AACZ,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,uBAAuB,QAAA,EAAU;AAC1C,IAAA,IAAI,+BAA+B,MAAA,EAAQ;AACzC,MAAA,IAAI,mBAAA,CAAoB,IAAA,CAAK,IAAI,CAAA,EAAG;AAClC,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAA,KAAwB,QAAA,IAAY,kBAAA,CAAmB,IAAA,EAAM,mBAAmB,CAAA,EAAG;AAC5F,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAM,OAAA,CAAQ,mBAAmB,CAAA,IAAK,mBAAA,CAAoB,WAAW,CAAA,EAAG;AAC1E,MAAA,MAAM,CAAC,OAAA,EAAS,eAAe,CAAA,GAAI,mBAAA;AACnC,MAAA,IAAI,mBAAmB,IAAA,EAAM,OAAO,KAAK,iBAAA,CAAkB,eAAA,EAAiB,MAAM,CAAA,EAAG;AACnF,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT,CAAA;AAEO,IAAM,kBAAA,GAAqB,CAAC,IAAA,EAAc,OAAA,KAA6B;AAQ5E,EAAA,MAAM,EAAE,OAAA,EAAS,KAAA,EAAM,GAAI,MAAM,OAAO,CAAA;AACxC,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAEO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAc,QAAA,KAA8D;AAC1G,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,OAAO,kBAAA,CAAmB,MAAM,QAAQ,CAAA;AAAA,EAC1C;AAEA,EAAA,IAAI,oBAAoB,MAAA,EAAQ;AAC9B,IAAA,OAAO,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC3B,IAAA,OAAO,SAAS,IAAA,CAAK,CAAA,CAAA,KAAK,kBAAA,CAAmB,IAAA,EAAM,CAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,iBAAA,GAAoB,CAAC,MAAA,EAA2B,KAAA,KAA2B;AACtF,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA,KAAW,KAAA;AAAA,EACpB;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,IAAA,OAAO,MAAA,CAAO,SAAS,KAAK,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAqBA,IAAM,IAAA,GAAmB,EAAE,MAAA,EAAQ,MAAA,EAAO;AAQnC,IAAM,uBAAuB,OAAwB;AAAA,EAC1D,MAAA;AAAA,EACA,KAAA;AAAA,EACA;AACF,CAAA,KAA0D;AACxD,EAAA,MAAM,kBAAkB,KAAA,CAAM,OAAA,CAAQ,aAAA,EAAe,EAAE,EAAE,IAAA,EAAK;AAC9D,EAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AACvC,EAAA,IAAI,CAAC,UAAA,IAAc,OAAO,UAAA,CAAW,sBAAsB,UAAA,EAAY;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAQ,MAAM,UAAA,CAAW,iBAAA,CAAkB,eAAA,EAAiB,OAAc,CAAA;AAC5E;AAMO,IAAM,kBAAA,GAAqB,OAAO,GAAA,KAAoD;AAC3F,EAAA,MAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAA,EAAW,MAAA,EAAQ,YAAY,qBAAA,EAAuB,cAAA,EAAgB,UAAA,EAAY,KAAA,EAAM,GAAI,GAAA;AAOlH,EAAA,MAAM,eAAA,GAAkB,OAAO,UAAA,CAAW,iBAAA,KAAsB,UAAA;AAChE,EAAA,IAAI,CAAC,mBAAmB,sBAAA,CAAuB,IAAA,EAAM,QAAQ,SAAA,EAAW,UAAA,EAAY,qBAAqB,CAAA,EAAG;AAC1G,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,MAAA,EAAQ,UAAA,EAAY,qBAAqB,CAAA,EAAG;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAA,CAAkB,IAAA,EAAM,MAAA,EAAQ,UAAU,CAAA,EAAG;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAIA,EAAA,IAAI,IAAA;AAEJ,EAAA,IAAI;AACF,IAAA,IAAI,OAAO,UAAA,CAAW,iBAAA,KAAsB,UAAA,EAAY;AACtD,MAAA,IAAA,GAAO,MAAM,UAAA,CAAW,iBAAA,CAAkB,KAAA,IAAS,IAAI,UAAiB,CAAA;AAAA,IAC1E,CAAA,MAAO;AACL,MAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,IAC3D;AAEA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,0BAAA,EAA2B,EAAE;AAAA,IACrF;AAEA,IAAA,cAAA,CAAe,GAAA,CAAI,QAAQ,IAAI,CAAA;AAE/B,IAAA,IAAI,OAAO,UAAA,CAAW,mBAAA,KAAwB,UAAA,EAAY;AACxD,MAAA,IAAI;AACF,QAAA,MAAM,UAAA,GAAa,UAAA,CAAW,mBAAA,CAAoB,IAAI,CAAA;AACtD,QAAA,IAAI,UAAA,EAAY;AACd,UAAA,cAAA,CAAe,GAAA,CAAI,wBAAwB,UAAU,CAAA;AAAA,QACvD;AAAA,MACF,SAAS,QAAA,EAAU;AACjB,QAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,4BAAA,EAA8B;AAAA,UACtD,KAAA,EAAO,QAAA,YAAoB,KAAA,GAAQ,EAAE,OAAA,EAAS,SAAS,OAAA,EAAS,KAAA,EAAO,QAAA,CAAS,KAAA,EAAM,GAAI;AAAA,SAC3F,CAAA;AACD,QAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,mDAAA,EAAoD,EAAE;AAAA,MAC9G;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,OAAO,SAAA,EAAU;AACtC,MAAA,MAAM,eAAe,YAAA,EAAc,IAAA;AAEnC,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,SAAS,QAAA,IAAY,EAAE,QAAQ,IAAA,CAAA,EAAO;AACxD,UAAA,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA,CAAK,mFAAmF,CAAA;AAAA,QAC9G,CAAA,MAAO;AACL,UAAA,MAAM,WAAA,GAAc,MAAM,YAAA,CAAa,cAAA,CAAe,IAAc,CAAA;AACpE,UAAA,cAAA,CAAe,GAAA,CAAI,mBAAmB,WAAW,CAAA;AAEjD,UAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,CAAa,QAAA,CAAS,IAAc,CAAA;AACxD,UAAA,cAAA,CAAe,GAAA,CAAI,aAAa,KAAK,CAAA;AAAA,QACvC;AAAA,MACF;AAAA,IACF,SAAS,SAAA,EAAW;AAClB,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,6CAAA,EAA+C;AAAA,QACvE,KAAA,EAAO,SAAA,YAAqB,KAAA,GAAQ,EAAE,OAAA,EAAS,UAAU,OAAA,EAAS,KAAA,EAAO,SAAA,CAAU,KAAA,EAAM,GAAI;AAAA,OAC9F,CAAA;AAAA,IACH;AAAA,EACF,SAAS,GAAA,EAAK;AACZ,IAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,sBAAA,EAAwB;AAAA,MAChD,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI;AAAA,KAC5E,CAAA;AACD,IAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,0BAAA,EAA2B,EAAE;AAAA,EACrF;AAIA,EAAA,IAAI,eAAA,IAAmB,UAAA,IAAc,OAAO,UAAA,CAAW,kBAAkB,UAAA,EAAY;AACnF,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,MAAM,UAAA,CAAW,aAAA,CAAc,MAAM,UAAiB,CAAA;AAE3E,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,MAC1E;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,sCAAA,EAAwC;AAAA,QAChE,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI;AAAA,OAC5E,CAAA;AACD,MAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,qBAAA,EAAsB,EAAE;AAAA,IAChF;AAAA,EACF,WAAW,WAAA,IAAe,UAAA,IAAc,OAAO,UAAA,CAAW,cAAc,UAAA,EAAY;AAClF,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,IAAI,qBAAA,EAAsB;AAC/C,MAAA,MAAM,eAAe,MAAM,UAAA,CAAW,UAAU,IAAA,EAAM,MAAA,EAAQ,MAAM,YAAmB,CAAA;AAEvF,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,MAC1E;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,kCAAA,EAAoC;AAAA,QAC5D,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI,GAAA;AAAA,QAC3E,IAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,qBAAA,EAAsB,EAAE;AAAA,IAChF;AAAA,EACF,CAAA,MAAA,IAAW,WAAW,UAAA,IAAc,UAAA,CAAW,SAAS,UAAA,CAAW,KAAA,CAAM,SAAS,CAAA,EAAG;AACnF,IAAA,MAAM,eAAe,MAAM,UAAA,CAAW,WAAW,KAAA,EAAO,IAAA,EAAM,QAAQ,IAAI,CAAA;AAE1E,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,IAC1E;AAAA,EACF,CAAA,MAAO;AAIL,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AACzC,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,IAAI,iBAAA,CAAkB,KAAA,IAAS,iBAAA,CAAkB,KAAA,CAAM,SAAS,CAAA,EAAG;AACjE,QAAA,MAAM,eAAe,MAAM,UAAA,CAAW,kBAAkB,KAAA,EAAO,IAAA,EAAM,QAAQ,IAAI,CAAA;AAEjF,QAAA,IAAI,CAAC,YAAA,EAAc;AACjB,UAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,QAC1E;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAGO,IAAM,UAAA,GAAa,OACxB,KAAA,EACA,IAAA,EACA,QACA,IAAA,KACqB;AAErB,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,IAAS,EAAC,EAAG;AAC3B,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AAEtB,IAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,IAAA,CAAK,IAAI,CAAA,EAAG;AACrC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,OAAA,IAAW,CAAC,kBAAkB,IAAA,CAAK,OAAA,EAAS,MAAM,CAAA,EAAG;AAC5D,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,IAAA,CAAK,SAAA;AACvB,IAAA,IAAI,OAAO,cAAc,UAAA,EAAY;AACnC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,OAAA,EAAQ,CACnC,IAAA,CAAK,MAAM,SAAA,CAAU,IAAI,CAAC,CAAA,CAC1B,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,KAAK,KAAA,EAAO;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAGA,EAAA,OAAO,KAAA;AACT","file":"chunk-TRPW2ALA.js","sourcesContent":["import type { MastraAuthConfig } from '@mastra/core/server';\n\n// Default configuration that can be extended by clients\nexport const defaultAuthConfig: MastraAuthConfig = {\n  protected: ['/api/*'],\n  public: ['/api', '/api/auth/*'],\n  // Simple rule system\n  rules: [\n    // Admin users can do anything\n    {\n      condition: user => {\n        if (typeof user === 'object' && user !== null) {\n          if ('isAdmin' in user) {\n            return !!user.isAdmin;\n          }\n\n          if ('role' in user) {\n            return user.role === 'admin';\n          }\n        }\n        return false;\n      },\n      allow: true,\n    },\n  ],\n};\n","/**\n * Path pattern matching utility\n * Inlined from regexparam v3.0.0 (MIT License)\n * https://github.com/lukeed/regexparam\n *\n * Copyright (c) Luke Edwards <luke.edwards05@gmail.com> (lukeed.com)\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to deal\n * in the Software without restriction, including without limitation the rights\n * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n * copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in all\n * copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n * SOFTWARE.\n */\n\nexport interface ParsedPattern {\n  keys: string[] | false;\n  pattern: RegExp;\n}\n\n/**\n * Parse a route pattern into a RegExp\n * Supports:\n * - Named parameters: /users/:id\n * - Optional parameters: /users/:id?\n * - Wildcards: /files/*\n * - Mixed patterns: /api/:version/users/:id\n */\nexport function parse(input: string | RegExp, loose?: boolean): ParsedPattern {\n  if (input instanceof RegExp) return { keys: false, pattern: input };\n\n  let c: string;\n  let o: number;\n  let tmp: string | undefined;\n  let ext: number;\n  const keys: string[] = [];\n  let pattern = '';\n  const arr = input.split('/');\n\n  arr[0] || arr.shift();\n\n  while ((tmp = arr.shift())) {\n    c = tmp[0]!;\n    if (c === '*') {\n      keys.push(c);\n      pattern += tmp[1] === '?' ? '(?:/(.*))?' : '/(.*)';\n    } else if (c === ':') {\n      o = tmp.indexOf('?', 1);\n      ext = tmp.indexOf('.', 1);\n      keys.push(tmp.substring(1, !!~o ? o : !!~ext ? ext : tmp.length));\n      pattern += !!~o && !~ext ? '(?:/([^/]+?))?' : '/([^/]+?)';\n      if (!!~ext) pattern += (!!~o ? '?' : '') + '\\\\' + tmp.substring(ext);\n    } else {\n      pattern += '/' + tmp;\n    }\n  }\n\n  return {\n    keys: keys,\n    pattern: new RegExp('^' + pattern + (loose ? '(?=$|/)' : '/?$'), 'i'),\n  };\n}\n\n/**\n * Test if a path matches a pattern\n */\nexport function matchPath(path: string, pattern: string | RegExp): boolean {\n  const { pattern: regex } = parse(pattern);\n  return regex.test(path);\n}\n","import type { IRBACProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { Mastra } from '@mastra/core/mastra';\nimport type { MastraAuthConfig } from '@mastra/core/server';\nimport type { HonoRequest } from 'hono';\n\nimport { MASTRA_RESOURCE_ID_KEY } from '../constants';\nimport { defaultAuthConfig } from './defaults';\nimport { parse } from './path-pattern';\n\n/**\n * Check if a route is a registered custom route that requires authentication.\n * Returns true only if the route is explicitly registered with requiresAuth: true.\n * Returns false if the route is not in the config or has requiresAuth: false.\n */\nexport const isProtectedCustomRoute = (\n  path: string,\n  method: string,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  if (!customRouteAuthConfig) {\n    return false;\n  }\n\n  // Check exact match first (fast path for static routes)\n  const exactRouteKey = `${method}:${path}`;\n  if (customRouteAuthConfig.has(exactRouteKey)) {\n    return customRouteAuthConfig.get(exactRouteKey) === true;\n  }\n\n  // Check exact match for ALL method\n  const allRouteKey = `ALL:${path}`;\n  if (customRouteAuthConfig.has(allRouteKey)) {\n    return customRouteAuthConfig.get(allRouteKey) === true;\n  }\n\n  // Check pattern matches for dynamic routes (e.g., '/users/:id')\n  for (const [routeKey, requiresAuth] of customRouteAuthConfig.entries()) {\n    const colonIndex = routeKey.indexOf(':');\n    if (colonIndex === -1) {\n      continue; // Skip malformed keys\n    }\n\n    const routeMethod = routeKey.substring(0, colonIndex);\n    const routePattern = routeKey.substring(colonIndex + 1);\n\n    // Check if method matches (exact match or ALL)\n    if (routeMethod !== method && routeMethod !== 'ALL') {\n      continue;\n    }\n\n    // Check if path matches the pattern\n    if (pathMatchesPattern(path, routePattern)) {\n      return requiresAuth === true;\n    }\n  }\n\n  return false; // Not in config = not a protected custom route\n};\n\n/**\n * Check if request is from dev playground\n * @param getHeader - Function to get header value from request\n * @param customRouteAuthConfig - Map of custom route auth configurations\n */\nexport const isDevPlaygroundRequest = (\n  path: string,\n  method: string,\n  getHeader: (name: string) => string | undefined,\n  authConfig: MastraAuthConfig,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return (\n    process.env.MASTRA_DEV === 'true' &&\n    // Allow if path doesn't match protected patterns AND is not a protected custom route\n    ((!isAnyMatch(path, method, protectedAccess) && !isProtectedCustomRoute(path, method, customRouteAuthConfig)) ||\n      // Or if has playground header\n      getHeader('x-mastra-dev-playground') === 'true')\n  );\n};\n\nexport const isCustomRoutePublic = (\n  path: string,\n  method: string,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  if (!customRouteAuthConfig) {\n    return false;\n  }\n\n  // Check exact match first (fast path for static routes)\n  const exactRouteKey = `${method}:${path}`;\n  if (customRouteAuthConfig.has(exactRouteKey)) {\n    return !customRouteAuthConfig.get(exactRouteKey); // True when route opts out of auth\n  }\n\n  // Check exact match for ALL method\n  const allRouteKey = `ALL:${path}`;\n  if (customRouteAuthConfig.has(allRouteKey)) {\n    return !customRouteAuthConfig.get(allRouteKey);\n  }\n\n  // Check pattern matches for dynamic routes (e.g., '/users/:id')\n  for (const [routeKey, requiresAuth] of customRouteAuthConfig.entries()) {\n    const colonIndex = routeKey.indexOf(':');\n    if (colonIndex === -1) {\n      continue; // Skip malformed keys\n    }\n\n    const routeMethod = routeKey.substring(0, colonIndex);\n    const routePattern = routeKey.substring(colonIndex + 1);\n\n    // Check if method matches (exact match or ALL)\n    if (routeMethod !== method && routeMethod !== 'ALL') {\n      continue;\n    }\n\n    // Check if path matches the pattern\n    if (pathMatchesPattern(path, routePattern)) {\n      return !requiresAuth; // True when route opts out of auth\n    }\n  }\n\n  return false;\n};\n\n// NOTE: This uses isProtectedCustomRoute (default-allow for unknown paths) rather than\n// !isCustomRoutePublic (default-deny). This is intentional — all registered server and\n// custom routes are auth-checked via registerRoute/checkRouteAuth regardless of this\n// function. The '/api/*' protected pattern exists as a user-facing override mechanism.\n// The old default-deny logic incorrectly blocked non-API paths (e.g. '/', '/agents')\n// which prevented the studio login page from loading in production.\nexport const isProtectedPath = (\n  path: string,\n  method: string,\n  authConfig: MastraAuthConfig,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return isAnyMatch(path, method, protectedAccess) || isProtectedCustomRoute(path, method, customRouteAuthConfig);\n};\n\nexport const canAccessPublicly = (path: string, method: string, authConfig: MastraAuthConfig): boolean => {\n  // Check if this path+method combination is publicly accessible\n  const publicAccess = [...(defaultAuthConfig.public || []), ...(authConfig.public || [])];\n\n  return isAnyMatch(path, method, publicAccess);\n};\n\nconst isAnyMatch = (\n  path: string,\n  method: string,\n  patterns: MastraAuthConfig['protected'] | MastraAuthConfig['public'],\n): boolean => {\n  if (!patterns) {\n    return false;\n  }\n\n  for (const patternPathOrMethod of patterns) {\n    if (patternPathOrMethod instanceof RegExp) {\n      if (patternPathOrMethod.test(path)) {\n        return true;\n      }\n    }\n\n    if (typeof patternPathOrMethod === 'string' && pathMatchesPattern(path, patternPathOrMethod)) {\n      return true;\n    }\n\n    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {\n      const [pattern, methodOrMethods] = patternPathOrMethod;\n      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {\n        return true;\n      }\n    }\n  }\n\n  return false;\n};\n\nexport const pathMatchesPattern = (path: string, pattern: string): boolean => {\n  // Use regexparam for battle-tested path matching\n  // Supports:\n  // - Exact paths: '/api/users'\n  // - Wildcards: '/api/agents/*' matches '/api/agents/123'\n  // - Path parameters: '/users/:id' matches '/users/123'\n  // - Optional parameters: '/users/:id?' matches '/users' and '/users/123'\n  // - Mixed patterns: '/api/:version/users/:id/profile'\n  const { pattern: regex } = parse(pattern);\n  return regex.test(path);\n};\n\nexport const pathMatchesRule = (path: string, rulePath: string | RegExp | string[] | undefined): boolean => {\n  if (!rulePath) return true; // No path specified means all paths\n\n  if (typeof rulePath === 'string') {\n    return pathMatchesPattern(path, rulePath);\n  }\n\n  if (rulePath instanceof RegExp) {\n    return rulePath.test(path);\n  }\n\n  if (Array.isArray(rulePath)) {\n    return rulePath.some(p => pathMatchesPattern(path, p));\n  }\n\n  return false;\n};\n\nexport const matchesOrIncludes = (values: string | string[], value: string): boolean => {\n  if (typeof values === 'string') {\n    return values === value;\n  }\n\n  if (Array.isArray(values)) {\n    return values.includes(value);\n  }\n\n  return false;\n};\n\n// ── Core auth middleware ──\n// Framework-agnostic auth logic extracted from adapter middlewares.\n// Each adapter builds an AuthMiddlewareContext and delegates to coreAuthMiddleware.\n\nexport interface AuthMiddlewareContext {\n  path: string;\n  method: string;\n  getHeader: (name: string) => string | undefined;\n  mastra: Mastra;\n  authConfig: MastraAuthConfig;\n  customRouteAuthConfig?: Map<string, boolean>;\n  requestContext: { get: (key: string) => unknown; set: (key: string, value: unknown) => void };\n  rawRequest: unknown;\n  token: string | null;\n  buildAuthorizeContext: () => unknown;\n}\n\nexport type AuthResult = { action: 'next' } | { action: 'error'; status: number; body: Record<string, unknown> };\n\nconst pass: AuthResult = { action: 'next' };\n\nexport interface GetAuthenticatedUserOptions {\n  mastra: Mastra;\n  token: string;\n  request: Request | HonoRequest;\n}\n\nexport const getAuthenticatedUser = async <TUser = unknown>({\n  mastra,\n  token,\n  request,\n}: GetAuthenticatedUserOptions): Promise<TUser | null> => {\n  const normalizedToken = token.replace(/^Bearer\\s+/i, '').trim();\n  if (!normalizedToken) {\n    return null;\n  }\n\n  const authConfig = mastra.getServer()?.auth;\n  if (!authConfig || typeof authConfig.authenticateToken !== 'function') {\n    return null;\n  }\n\n  return (await authConfig.authenticateToken(normalizedToken, request as any)) as TUser | null;\n};\n\n/**\n * Single auth middleware: authenticate → authorize.\n * Skip checks (dev playground, unprotected path, public path) are evaluated once.\n */\nexport const coreAuthMiddleware = async (ctx: AuthMiddlewareContext): Promise<AuthResult> => {\n  const { path, method, getHeader, mastra, authConfig, customRouteAuthConfig, requestContext, rawRequest, token } = ctx;\n\n  // ── Skip checks (evaluated once) ──\n\n  // Only bypass auth for dev playground when no real auth provider is configured.\n  // When auth IS configured (has authenticateToken), we need the full auth flow\n  // so user/roles/permissions are set in requestContext.\n  const hasAuthProvider = typeof authConfig.authenticateToken === 'function';\n  if (!hasAuthProvider && isDevPlaygroundRequest(path, method, getHeader, authConfig, customRouteAuthConfig)) {\n    return pass;\n  }\n\n  if (!isProtectedPath(path, method, authConfig, customRouteAuthConfig)) {\n    return pass;\n  }\n\n  if (canAccessPublicly(path, method, authConfig)) {\n    return pass;\n  }\n\n  // ── Authentication ──\n\n  let user: unknown;\n\n  try {\n    if (typeof authConfig.authenticateToken === 'function') {\n      user = await authConfig.authenticateToken(token ?? '', rawRequest as any);\n    } else {\n      throw new Error('No token verification method configured');\n    }\n\n    if (!user) {\n      return { action: 'error', status: 401, body: { error: 'Invalid or expired token' } };\n    }\n\n    requestContext.set('user', user);\n\n    if (typeof authConfig.mapUserToResourceId === 'function') {\n      try {\n        const resourceId = authConfig.mapUserToResourceId(user);\n        if (resourceId) {\n          requestContext.set(MASTRA_RESOURCE_ID_KEY, resourceId);\n        }\n      } catch (mapError) {\n        mastra.getLogger()?.error('mapUserToResourceId failed', {\n          error: mapError instanceof Error ? { message: mapError.message, stack: mapError.stack } : mapError,\n        });\n        return { action: 'error', status: 500, body: { error: 'Failed to map authenticated user to a resource ID' } };\n      }\n    }\n\n    try {\n      const serverConfig = mastra.getServer();\n      const rbacProvider = serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n\n      if (rbacProvider) {\n        if (!user || typeof user !== 'object' || !('id' in user)) {\n          mastra.getLogger()?.warn('RBAC: authenticated user missing required \"id\" field, skipping permission loading');\n        } else {\n          const permissions = await rbacProvider.getPermissions(user as EEUser);\n          requestContext.set('userPermissions', permissions);\n\n          const roles = await rbacProvider.getRoles(user as EEUser);\n          requestContext.set('userRoles', roles);\n        }\n      }\n    } catch (rbacError) {\n      mastra.getLogger()?.error('RBAC: failed to load user permissions/roles', {\n        error: rbacError instanceof Error ? { message: rbacError.message, stack: rbacError.stack } : rbacError,\n      });\n    }\n  } catch (err) {\n    mastra.getLogger()?.error('Authentication error', {\n      error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n    });\n    return { action: 'error', status: 401, body: { error: 'Invalid or expired token' } };\n  }\n\n  // ── Authorization ──\n\n  if ('authorizeUser' in authConfig && typeof authConfig.authorizeUser === 'function') {\n    try {\n      const isAuthorized = await authConfig.authorizeUser(user, rawRequest as any);\n\n      if (!isAuthorized) {\n        return { action: 'error', status: 403, body: { error: 'Access denied' } };\n      }\n    } catch (err) {\n      mastra.getLogger()?.error('Authorization error in authorizeUser', {\n        error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n      });\n      return { action: 'error', status: 500, body: { error: 'Authorization error' } };\n    }\n  } else if ('authorize' in authConfig && typeof authConfig.authorize === 'function') {\n    try {\n      const authorizeCtx = ctx.buildAuthorizeContext();\n      const isAuthorized = await authConfig.authorize(path, method, user, authorizeCtx as any);\n\n      if (!isAuthorized) {\n        return { action: 'error', status: 403, body: { error: 'Access denied' } };\n      }\n    } catch (err) {\n      mastra.getLogger()?.error('Authorization error in authorize', {\n        error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n        path,\n        method,\n      });\n      return { action: 'error', status: 500, body: { error: 'Authorization error' } };\n    }\n  } else if ('rules' in authConfig && authConfig.rules && authConfig.rules.length > 0) {\n    const isAuthorized = await checkRules(authConfig.rules, path, method, user);\n\n    if (!isAuthorized) {\n      return { action: 'error', status: 403, body: { error: 'Access denied' } };\n    }\n  } else {\n    // No explicit authorization configured (authorizeUser, authorize, or rules)\n    // Check if RBAC is configured - if not, allow authenticated users through\n    // (auth-only mode = authenticated users get full access)\n    const rbacProvider = mastra.getServer()?.rbac;\n    if (rbacProvider) {\n      if (defaultAuthConfig.rules && defaultAuthConfig.rules.length > 0) {\n        const isAuthorized = await checkRules(defaultAuthConfig.rules, path, method, user);\n\n        if (!isAuthorized) {\n          return { action: 'error', status: 403, body: { error: 'Access denied' } };\n        }\n      } else {\n        return { action: 'error', status: 403, body: { error: 'Access denied' } };\n      }\n    }\n  }\n\n  return pass;\n};\n\n// Check authorization rules\nexport const checkRules = async (\n  rules: MastraAuthConfig['rules'],\n  path: string,\n  method: string,\n  user: unknown,\n): Promise<boolean> => {\n  // Go through rules in order (first match wins)\n  for (const i in rules || []) {\n    const rule = rules?.[i]!;\n    // Check if rule applies to this path\n    if (!pathMatchesRule(path, rule.path)) {\n      continue;\n    }\n\n    // Check if rule applies to this method\n    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {\n      continue;\n    }\n\n    // Rule matches, check conditions\n    const condition = rule.condition;\n    if (typeof condition === 'function') {\n      const allowed = await Promise.resolve()\n        .then(() => condition(user))\n        .catch(() => false);\n\n      if (allowed) {\n        return true;\n      }\n    } else if (rule.allow) {\n      return true;\n    }\n  }\n\n  // No matching rules, deny by default\n  return false;\n};\n"]}

package/dist/chunk-ZEVZ6OJY.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/server/schemas/a2a.ts"],"names":[],"mappings":";;;AAGO,IAAM,oBAAA,GAAuB,EAAE,MAAA,CAAO;AAAA,EAC3C,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,iCAAiC;AAChE,CAAC;AAEM,IAAM,iBAAA,GAAoB,qBAAqB,MAAA,CAAO;AAAA,EAC3D,MAAA,EAAQ,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,gCAAgC;AAC9D,CAAC;AAKD,IAAM,wCAAA,GAA2C,EAAE,MAAA,CAAO;AAAA,EACxD,OAAA,EAAS,EAAE,KAAA,CAAM,CAAA,CAAE,QAAQ,CAAA,CAAE,SAAS,uDAAuD,CAAA;AAAA,EAC7F,aAAa,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,sBAAsB;AACpE,CAAC,CAAA;AAED,IAAM,4BAAA,GAA+B,EAAE,MAAA,CAAO;AAAA,EAC5C,GAAA,EAAK,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wCAAwC,CAAA;AAAA,EACjE,IAAI,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,wEAAwE,CAAA;AAAA,EAC3G,OAAO,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,mCAAmC,CAAA;AAAA,EACzE,cAAA,EAAgB,yCAAyC,QAAA;AAC3D,CAAC,CAAA;AAED,IAAM,8BAAA,GAAiC,EAAE,MAAA,CAAO;AAAA,EAC9C,mBAAA,EAAqB,EAAE,KAAA,CAAM,CAAA,CAAE,QAAQ,CAAA,CAAE,SAAS,0CAA0C,CAAA;AAAA,EAC5F,UAAU,CAAA,CAAE,OAAA,GAAU,QAAA,EAAS,CAAE,SAAS,6DAA6D,CAAA;AAAA,EACvG,eAAe,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,2CAA2C,CAAA;AAAA,EACzF,sBAAA,EAAwB,6BAA6B,QAAA;AACvD,CAAC,CAAA;AAGD,IAAM,cAAA,GAAiB,EAAE,MAAA,CAAO;AAAA,EAC9B,MAAM,CAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,CAAE,SAAS,gCAAgC,CAAA;AAAA,EACjE,IAAA,EAAM,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,cAAc,CAAA;AAAA,EACxC,QAAA,EAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,4CAA4C;AAC9G,CAAC,CAAA;AAED,IAAM,mBAAA,GAAsB,EAAE,MAAA,CAAO;AAAA,EACnC,KAAA,EAAO,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,oCAAoC,CAAA;AAAA,EAC/D,UAAU,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,gCAAgC,CAAA;AAAA,EACzE,MAAM,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,4BAA4B;AACnE,CAAC,CAAA;AAED,IAAM,iBAAA,GAAoB,EAAE,MAAA,CAAO;AAAA,EACjC,GAAA,EAAK,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,0BAA0B,CAAA;AAAA,EACnD,UAAU,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,gCAAgC,CAAA;AAAA,EACzE,MAAM,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,4BAA4B;AACnE,CAAC,CAAA;AAED,IAAM,cAAA,GAAiB,EAAE,MAAA,CAAO;AAAA,EAC9B,MAAM,CAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,CAAE,SAAS,gCAAgC,CAAA;AAAA,EACjE,IAAA,EAAM,EAAE,KAAA,CAAM,CAAC,qBAAqB,iBAAiB,CAAC,CAAA,CAAE,QAAA,CAAS,qCAAqC,CAAA;AAAA,EACtG,QAAA,EAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,4CAA4C;AAC9G,CAAC,CAAA;AAED,IAAM,cAAA,GAAiB,EAAE,MAAA,CAAO;AAAA,EAC9B,MAAM,CAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,CAAE,SAAS,gCAAgC,CAAA;AAAA,EACjE,IAAA,EAAM,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,CAAS,yBAAyB,CAAA;AAAA,EAC1E,QAAA,EAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,4CAA4C;AAC9G,CAAC,CAAA;AAED,IAAM,aAAa,CAAA,CAAE,KAAA,CAAM,CAAC,cAAA,EAAgB,cAAA,EAAgB,cAAc,CAAC,CAAA;AAG3E,IAAM,aAAA,GAAgB,EAAE,MAAA,CAAO;AAAA,EAC7B,MAAM,CAAA,CAAE,OAAA,CAAQ,SAAS,CAAA,CAAE,SAAS,YAAY,CAAA;AAAA,EAChD,SAAA,EAAW,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,2CAA2C,CAAA;AAAA,EAC1E,IAAA,EAAM,EAAE,IAAA,CAAK,CAAC,QAAQ,OAAO,CAAC,CAAA,CAAE,QAAA,CAAS,uBAAuB,CAAA;AAAA,EAChE,OAAO,CAAA,CAAE,KAAA,CAAM,UAAU,CAAA,CAAE,SAAS,iBAAiB,CAAA;AAAA,EACrD,WAAW,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,4CAA4C,CAAA;AAAA,EACtF,QAAQ,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,8CAA8C,CAAA;AAAA,EACrF,gBAAA,EAAkB,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,MAAA,EAAQ,CAAA,CAAE,QAAA,EAAS,CAAE,QAAA,CAAS,qDAAqD,CAAA;AAAA,EAC/G,UAAA,EAAY,CAAA,CACT,KAAA,CAAM,CAAA,CAAE,MAAA,EAAQ,CAAA,CAChB,QAAA,EAAS,CACT,QAAA,CAAS,wEAAwE,CAAA;AAAA,EACpF,QAAA,EAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,oBAAoB;AACtF,CAAC,CAAA;AAGD,IAAM,uBAAA,GAA0B,EAAE,MAAA,CAAO;AAAA,EACvC,OAAA,EAAS,aAAA;AAAA,EACT,aAAA,EAAe,+BAA+B,QAAA,EAAS;AAAA,EACvD,QAAA,EAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,oBAAoB;AACtF,CAAC,CAAA;AAGD,IAAM,qBAAA,GAAwB,EAAE,MAAA,CAAO;AAAA,EACrC,EAAA,EAAI,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,SAAS,CAAA;AAAA,EACjC,eAAe,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,2CAA2C,CAAA;AAAA,EACzF,QAAA,EAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,IAAU,CAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAC9C,CAAC,CAAA;AAGD,IAAM,kBAAA,GAAqB,EAAE,MAAA,CAAO;AAAA,EAClC,EAAA,EAAI,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,SAAS,CAAA;AAAA,EACjC,QAAA,EAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,IAAU,CAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAC9C,CAAC,CAAA;AAGM,IAAM,qBAAA,GAAwB,EAAE,MAAA,CAAO;AAAA,EAC5C,OAAA,EAAS,aAAA;AAAA,EACT,QAAA,EAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,IAAU,CAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA;AAC1C,CAAC;AAEM,IAAM,mBAAA,GAAsB,EAAE,MAAA,CAAO;AAAA,EAC1C,EAAA,EAAI,EAAE,MAAA;AACR,CAAC;AAGD,IAAM,6BAA6B,CAAA,CAAE,KAAA,CAAM,CAAC,uBAAA,EAAyB,qBAAA,EAAuB,kBAAkB,CAAC,CAAA;AAExG,IAAM,wBAAA,GAA2B,EAAE,MAAA,CAAO;AAAA,EAC/C,OAAA,EAAS,CAAA,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxB,EAAA,EAAI,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,QAAO,EAAG,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA;AAAA,EACpC,MAAA,EAAQ,EAAE,IAAA,CAAK,CAAC,gBAAgB,gBAAA,EAAkB,WAAA,EAAa,cAAc,CAAC,CAAA;AAAA,EAC9E,MAAA,EAAQ;AACV,CAAC;AAGM,IAAM,uBAAA,GAA0B,EAAE,MAAA,CAAO;AAAA,EAC9C,IAAA,EAAM,EAAE,MAAA,EAAO;AAAA,EACf,WAAA,EAAa,EAAE,MAAA,EAAO;AAAA,EACtB,GAAA,EAAK,EAAE,MAAA,EAAO;AAAA,EACd,QAAA,EAAU,EACP,MAAA,CAAO;AAAA,IACN,YAAA,EAAc,EAAE,MAAA,EAAO;AAAA,IACvB,GAAA,EAAK,EAAE,MAAA;AAAO,GACf,EACA,QAAA,EAAS;AAAA,EACZ,OAAA,EAAS,EAAE,MAAA,EAAO;AAAA,EAClB,YAAA,EAAc,EAAE,MAAA,CAAO;AAAA,IACrB,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,IAChC,iBAAA,EAAmB,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,IACxC,sBAAA,EAAwB,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAAS,GAC9C,CAAA;AAAA,EACD,iBAAA,EAAmB,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,QAAQ,CAAA;AAAA,EACrC,kBAAA,EAAoB,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,QAAQ,CAAA;AAAA,EACtC,QAAQ,CAAA,CAAE,KAAA;AAAA,IACR,EAAE,MAAA,CAAO;AAAA,MACP,EAAA,EAAI,EAAE,MAAA,EAAO;AAAA,MACb,IAAA,EAAM,EAAE,MAAA,EAAO;AAAA,MACf,WAAA,EAAa,EAAE,MAAA,EAAO;AAAA,MACtB,MAAM,CAAA,CAAE,KAAA,CAAM,EAAE,MAAA,EAAQ,EAAE,QAAA;AAAS,KACpC;AAAA;AAEL,CAAC;AAEM,IAAM,kBAAA,GAAqB,EAAE,OAAA;AAE7B,IAAM,4BAAA,GAA+B,EAAE,OAAA","file":"chunk-ZEVZ6OJY.js","sourcesContent":["import { z } from 'zod/v4';\n\n// Path parameter schemas\nexport const a2aAgentIdPathParams = z.object({\n  agentId: z.string().describe('Unique identifier for the agent'),\n});\n\nexport const a2aTaskPathParams = a2aAgentIdPathParams.extend({\n  taskId: z.string().describe('Unique identifier for the task'),\n});\n\n// Body schemas for A2A protocol\n\n// Push notification schemas\nconst pushNotificationAuthenticationInfoSchema = z.object({\n  schemes: z.array(z.string()).describe('Supported authentication schemes - e.g. Basic, Bearer'),\n  credentials: z.string().optional().describe('Optional credentials'),\n});\n\nconst pushNotificationConfigSchema = z.object({\n  url: z.string().describe('URL for sending the push notifications'),\n  id: z.string().optional().describe('Push Notification ID - created by server to support multiple callbacks'),\n  token: z.string().optional().describe('Token unique to this task/session'),\n  authentication: pushNotificationAuthenticationInfoSchema.optional(),\n});\n\nconst messageSendConfigurationSchema = z.object({\n  acceptedOutputModes: z.array(z.string()).describe('Accepted output modalities by the client'),\n  blocking: z.boolean().optional().describe('If the server should treat the client as a blocking request'),\n  historyLength: z.number().optional().describe('Number of recent messages to be retrieved'),\n  pushNotificationConfig: pushNotificationConfigSchema.optional(),\n});\n\n// Part schemas\nconst textPartSchema = z.object({\n  kind: z.literal('text').describe('Part type - text for TextParts'),\n  text: z.string().describe('Text content'),\n  metadata: z.record(z.string(), z.unknown()).optional().describe('Optional metadata associated with the part'),\n});\n\nconst fileWithBytesSchema = z.object({\n  bytes: z.string().describe('base64 encoded content of the file'),\n  mimeType: z.string().optional().describe('Optional mimeType for the file'),\n  name: z.string().optional().describe('Optional name for the file'),\n});\n\nconst fileWithUriSchema = z.object({\n  uri: z.string().describe('URL for the File content'),\n  mimeType: z.string().optional().describe('Optional mimeType for the file'),\n  name: z.string().optional().describe('Optional name for the file'),\n});\n\nconst filePartSchema = z.object({\n  kind: z.literal('file').describe('Part type - file for FileParts'),\n  file: z.union([fileWithBytesSchema, fileWithUriSchema]).describe('File content either as url or bytes'),\n  metadata: z.record(z.string(), z.unknown()).optional().describe('Optional metadata associated with the part'),\n});\n\nconst dataPartSchema = z.object({\n  kind: z.literal('data').describe('Part type - data for DataParts'),\n  data: z.record(z.string(), z.unknown()).describe('Structured data content'),\n  metadata: z.record(z.string(), z.unknown()).optional().describe('Optional metadata associated with the part'),\n});\n\nconst partSchema = z.union([textPartSchema, filePartSchema, dataPartSchema]);\n\n// Message schema\nconst messageSchema = z.object({\n  kind: z.literal('message').describe('Event type'),\n  messageId: z.string().describe('Identifier created by the message creator'),\n  role: z.enum(['user', 'agent']).describe(\"Message sender's role\"),\n  parts: z.array(partSchema).describe('Message content'),\n  contextId: z.string().optional().describe('The context the message is associated with'),\n  taskId: z.string().optional().describe('Identifier of task the message is related to'),\n  referenceTaskIds: z.array(z.string()).optional().describe('List of tasks referenced as context by this message'),\n  extensions: z\n    .array(z.string())\n    .optional()\n    .describe('The URIs of extensions that are present or contributed to this Message'),\n  metadata: z.record(z.string(), z.unknown()).optional().describe('Extension metadata'),\n});\n\n// MessageSendParams schema\nconst messageSendParamsSchema = z.object({\n  message: messageSchema,\n  configuration: messageSendConfigurationSchema.optional(),\n  metadata: z.record(z.string(), z.unknown()).optional().describe('Extension metadata'),\n});\n\n// TaskQueryParams schema\nconst taskQueryParamsSchema = z.object({\n  id: z.string().describe('Task id'),\n  historyLength: z.number().optional().describe('Number of recent messages to be retrieved'),\n  metadata: z.record(z.string(), z.unknown()).optional(),\n});\n\n// TaskIdParams schema\nconst taskIdParamsSchema = z.object({\n  id: z.string().describe('Task id'),\n  metadata: z.record(z.string(), z.unknown()).optional(),\n});\n\n// Legacy schema for backwards compatibility\nexport const messageSendBodySchema = z.object({\n  message: messageSchema,\n  metadata: z.record(z.string(), z.any()).optional(),\n});\n\nexport const taskQueryBodySchema = z.object({\n  id: z.string(),\n});\n\n// Union of all possible params types\nconst agentExecutionParamsSchema = z.union([messageSendParamsSchema, taskQueryParamsSchema, taskIdParamsSchema]);\n\nexport const agentExecutionBodySchema = z.object({\n  jsonrpc: z.literal('2.0'),\n  id: z.union([z.string(), z.number()]),\n  method: z.enum(['message/send', 'message/stream', 'tasks/get', 'tasks/cancel']),\n  params: agentExecutionParamsSchema,\n});\n\n// Response schemas\nexport const agentCardResponseSchema = z.object({\n  name: z.string(),\n  description: z.string(),\n  url: z.string(),\n  provider: z\n    .object({\n      organization: z.string(),\n      url: z.string(),\n    })\n    .optional(),\n  version: z.string(),\n  capabilities: z.object({\n    streaming: z.boolean().optional(),\n    pushNotifications: z.boolean().optional(),\n    stateTransitionHistory: z.boolean().optional(),\n  }),\n  defaultInputModes: z.array(z.string()),\n  defaultOutputModes: z.array(z.string()),\n  skills: z.array(\n    z.object({\n      id: z.string(),\n      name: z.string(),\n      description: z.string(),\n      tags: z.array(z.string()).optional(),\n    }),\n  ),\n});\n\nexport const taskResponseSchema = z.unknown(); // Complex task state structure\n\nexport const agentExecutionResponseSchema = z.unknown(); // JSON-RPC response\n"]}

package/dist/chunk-ZL5RCH6A.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/server/auth/defaults.ts","../src/server/auth/path-pattern.ts","../src/server/auth/helpers.ts"],"names":["MASTRA_RESOURCE_ID_KEY"],"mappings":";;;;;AAGO,IAAM,iBAAA,GAAsC;AAAA,EACjD,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,EACpB,MAAA,EAAQ,CAAC,MAAA,EAAQ,aAAa,CAAA;AAAA;AAAA,EAE9B,KAAA,EAAO;AAAA;AAAA,IAEL;AAAA,MACE,WAAW,CAAA,IAAA,KAAQ;AACjB,QAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,EAAM;AAC7C,UAAA,IAAI,aAAa,IAAA,EAAM;AACrB,YAAA,OAAO,CAAC,CAAC,IAAA,CAAK,OAAA;AAAA,UAChB;AAEA,UAAA,IAAI,UAAU,IAAA,EAAM;AAClB,YAAA,OAAO,KAAK,IAAA,KAAS,OAAA;AAAA,UACvB;AAAA,QACF;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MACA,KAAA,EAAO;AAAA;AACT;AAEJ;;;ACcO,SAAS,KAAA,CAAM,OAAwB,KAAA,EAAgC;AAC5E,EAAA,IAAI,iBAAiB,MAAA,EAAQ,OAAO,EAAE,IAAA,EAAM,KAAA,EAAO,SAAS,KAAA,EAAM;AAElE,EAAA,IAAI,CAAA;AACJ,EAAA,IAAI,CAAA;AACJ,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI,GAAA;AACJ,EAAA,MAAM,OAAiB,EAAC;AACxB,EAAA,IAAI,OAAA,GAAU,EAAA;AACd,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAE3B,EAAA,GAAA,CAAI,CAAC,CAAA,IAAK,GAAA,CAAI,KAAA,EAAM;AAEpB,EAAA,OAAQ,GAAA,GAAM,GAAA,CAAI,KAAA,EAAM,EAAI;AAC1B,IAAA,CAAA,GAAI,IAAI,CAAC,CAAA;AACT,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AACX,MAAA,OAAA,IAAW,GAAA,CAAI,CAAC,CAAA,KAAM,GAAA,GAAM,YAAA,GAAe,OAAA;AAAA,IAC7C,CAAA,MAAA,IAAW,MAAM,GAAA,EAAK;AACpB,MAAA,CAAA,GAAI,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,CAAC,CAAA;AACtB,MAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,CAAC,CAAA;AACxB,MAAA,IAAA,CAAK,KAAK,GAAA,CAAI,SAAA,CAAU,CAAA,EAAG,CAAC,CAAC,CAAC,CAAA,GAAI,CAAA,GAAI,CAAC,CAAC,CAAC,GAAA,GAAM,GAAA,GAAM,GAAA,CAAI,MAAM,CAAC,CAAA;AAChE,MAAA,OAAA,IAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,gBAAA,GAAmB,WAAA;AAC9C,MAAA,IAAI,CAAC,CAAC,CAAC,GAAA,cAAiB,CAAC,CAAC,CAAC,CAAA,GAAI,GAAA,GAAM,EAAA,IAAM,IAAA,GAAO,GAAA,CAAI,UAAU,GAAG,CAAA;AAAA,IACrE,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,GAAA,GAAM,GAAA;AAAA,IACnB;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,OAAA,EAAS,IAAI,MAAA,CAAO,GAAA,GAAM,WAA+B,QAAQ,GAAG;AAAA,GACtE;AACF;;;AC1DO,IAAM,sBAAA,GAAyB,CACpC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,aAAA,GAAgB,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AACvC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,EAAG;AAC5C,IAAA,OAAO,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,KAAM,IAAA;AAAA,EACtD;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,KAAM,IAAA;AAAA,EACpD;AAGA,EAAA,KAAA,MAAW,CAAC,QAAA,EAAU,YAAY,CAAA,IAAK,qBAAA,CAAsB,SAAQ,EAAG;AACtE,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AACvC,IAAA,IAAI,eAAe,EAAA,EAAI;AACrB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,WAAA,GAAc,QAAA,CAAS,SAAA,CAAU,CAAA,EAAG,UAAU,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,QAAA,CAAS,SAAA,CAAU,UAAA,GAAa,CAAC,CAAA;AAGtD,IAAA,IAAI,WAAA,KAAgB,MAAA,IAAU,WAAA,KAAgB,KAAA,EAAO;AACnD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,kBAAA,CAAmB,IAAA,EAAM,YAAY,CAAA,EAAG;AAC1C,MAAA,OAAO,YAAA,KAAiB,IAAA;AAAA,IAC1B;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAOO,IAAM,yBAAyB,CACpC,IAAA,EACA,MAAA,EACA,SAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OACE,OAAA,CAAQ,IAAI,UAAA,KAAe,MAAA;AAAA,GAEzB,CAAC,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,eAAe,KAAK,CAAC,sBAAA,CAAuB,IAAA,EAAM,MAAA,EAAQ,qBAAqB,CAAA;AAAA,EAEzG,SAAA,CAAU,yBAAyB,CAAA,KAAM,MAAA,CAAA;AAE/C;AAEO,IAAM,mBAAA,GAAsB,CACjC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,aAAA,GAAgB,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AACvC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,EAAG;AAC5C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA;AAAA,EACjD;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA;AAAA,EAC/C;AAGA,EAAA,KAAA,MAAW,CAAC,QAAA,EAAU,YAAY,CAAA,IAAK,qBAAA,CAAsB,SAAQ,EAAG;AACtE,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AACvC,IAAA,IAAI,eAAe,EAAA,EAAI;AACrB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,WAAA,GAAc,QAAA,CAAS,SAAA,CAAU,CAAA,EAAG,UAAU,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,QAAA,CAAS,SAAA,CAAU,UAAA,GAAa,CAAC,CAAA;AAGtD,IAAA,IAAI,WAAA,KAAgB,MAAA,IAAU,WAAA,KAAgB,KAAA,EAAO;AACnD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,kBAAA,CAAmB,IAAA,EAAM,YAAY,CAAA,EAAG;AAC1C,MAAA,OAAO,CAAC,YAAA;AAAA,IACV;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAQO,IAAM,eAAA,GAAkB,CAC7B,IAAA,EACA,MAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OAAO,UAAA,CAAW,MAAM,MAAA,EAAQ,eAAe,KAAK,sBAAA,CAAuB,IAAA,EAAM,QAAQ,qBAAqB,CAAA;AAChH;AAEO,IAAM,iBAAA,GAAoB,CAAC,IAAA,EAAc,MAAA,EAAgB,UAAA,KAA0C;AAExG,EAAA,MAAM,YAAA,GAAe,CAAC,GAAI,iBAAA,CAAkB,MAAA,IAAU,EAAC,EAAI,GAAI,UAAA,CAAW,MAAA,IAAU,EAAG,CAAA;AAEvF,EAAA,OAAO,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,YAAY,CAAA;AAC9C;AAEA,IAAM,UAAA,GAAa,CACjB,IAAA,EACA,MAAA,EACA,QAAA,KACY;AACZ,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,uBAAuB,QAAA,EAAU;AAC1C,IAAA,IAAI,+BAA+B,MAAA,EAAQ;AACzC,MAAA,IAAI,mBAAA,CAAoB,IAAA,CAAK,IAAI,CAAA,EAAG;AAClC,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAA,KAAwB,QAAA,IAAY,kBAAA,CAAmB,IAAA,EAAM,mBAAmB,CAAA,EAAG;AAC5F,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAM,OAAA,CAAQ,mBAAmB,CAAA,IAAK,mBAAA,CAAoB,WAAW,CAAA,EAAG;AAC1E,MAAA,MAAM,CAAC,OAAA,EAAS,eAAe,CAAA,GAAI,mBAAA;AACnC,MAAA,IAAI,mBAAmB,IAAA,EAAM,OAAO,KAAK,iBAAA,CAAkB,eAAA,EAAiB,MAAM,CAAA,EAAG;AACnF,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT,CAAA;AAEO,IAAM,kBAAA,GAAqB,CAAC,IAAA,EAAc,OAAA,KAA6B;AAQ5E,EAAA,MAAM,EAAE,OAAA,EAAS,KAAA,EAAM,GAAI,MAAM,OAAO,CAAA;AACxC,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAEO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAc,QAAA,KAA8D;AAC1G,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,OAAO,kBAAA,CAAmB,MAAM,QAAQ,CAAA;AAAA,EAC1C;AAEA,EAAA,IAAI,oBAAoB,MAAA,EAAQ;AAC9B,IAAA,OAAO,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC3B,IAAA,OAAO,SAAS,IAAA,CAAK,CAAA,CAAA,KAAK,kBAAA,CAAmB,IAAA,EAAM,CAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,iBAAA,GAAoB,CAAC,MAAA,EAA2B,KAAA,KAA2B;AACtF,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA,KAAW,KAAA;AAAA,EACpB;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,IAAA,OAAO,MAAA,CAAO,SAAS,KAAK,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAqBA,IAAM,IAAA,GAAmB,EAAE,MAAA,EAAQ,MAAA,EAAO;AAQnC,IAAM,uBAAuB,OAAwB;AAAA,EAC1D,MAAA;AAAA,EACA,KAAA;AAAA,EACA;AACF,CAAA,KAA0D;AACxD,EAAA,MAAM,kBAAkB,KAAA,CAAM,OAAA,CAAQ,aAAA,EAAe,EAAE,EAAE,IAAA,EAAK;AAC9D,EAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AACvC,EAAA,IAAI,CAAC,UAAA,IAAc,OAAO,UAAA,CAAW,sBAAsB,UAAA,EAAY;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAQ,MAAM,UAAA,CAAW,iBAAA,CAAkB,eAAA,EAAiB,OAAc,CAAA;AAC5E;AAMO,IAAM,kBAAA,GAAqB,OAAO,GAAA,KAAoD;AAC3F,EAAA,MAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAA,EAAW,MAAA,EAAQ,YAAY,qBAAA,EAAuB,cAAA,EAAgB,UAAA,EAAY,KAAA,EAAM,GAAI,GAAA;AAOlH,EAAA,MAAM,eAAA,GAAkB,OAAO,UAAA,CAAW,iBAAA,KAAsB,UAAA;AAChE,EAAA,IAAI,CAAC,mBAAmB,sBAAA,CAAuB,IAAA,EAAM,QAAQ,SAAA,EAAW,UAAA,EAAY,qBAAqB,CAAA,EAAG;AAC1G,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,MAAA,EAAQ,UAAA,EAAY,qBAAqB,CAAA,EAAG;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAA,CAAkB,IAAA,EAAM,MAAA,EAAQ,UAAU,CAAA,EAAG;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAIA,EAAA,IAAI,IAAA;AAEJ,EAAA,IAAI;AACF,IAAA,IAAI,OAAO,UAAA,CAAW,iBAAA,KAAsB,UAAA,EAAY;AACtD,MAAA,IAAA,GAAO,MAAM,UAAA,CAAW,iBAAA,CAAkB,KAAA,IAAS,IAAI,UAAiB,CAAA;AAAA,IAC1E,CAAA,MAAO;AACL,MAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,IAC3D;AAEA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,0BAAA,EAA2B,EAAE;AAAA,IACrF;AAEA,IAAA,cAAA,CAAe,GAAA,CAAI,QAAQ,IAAI,CAAA;AAE/B,IAAA,IAAI,OAAO,UAAA,CAAW,mBAAA,KAAwB,UAAA,EAAY;AACxD,MAAA,IAAI;AACF,QAAA,MAAM,UAAA,GAAa,UAAA,CAAW,mBAAA,CAAoB,IAAI,CAAA;AACtD,QAAA,IAAI,UAAA,EAAY;AACd,UAAA,cAAA,CAAe,GAAA,CAAIA,0CAAwB,UAAU,CAAA;AAAA,QACvD;AAAA,MACF,SAAS,QAAA,EAAU;AACjB,QAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,4BAAA,EAA8B;AAAA,UACtD,KAAA,EAAO,QAAA,YAAoB,KAAA,GAAQ,EAAE,OAAA,EAAS,SAAS,OAAA,EAAS,KAAA,EAAO,QAAA,CAAS,KAAA,EAAM,GAAI;AAAA,SAC3F,CAAA;AACD,QAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,mDAAA,EAAoD,EAAE;AAAA,MAC9G;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,OAAO,SAAA,EAAU;AACtC,MAAA,MAAM,eAAe,YAAA,EAAc,IAAA;AAEnC,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,SAAS,QAAA,IAAY,EAAE,QAAQ,IAAA,CAAA,EAAO;AACxD,UAAA,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA,CAAK,mFAAmF,CAAA;AAAA,QAC9G,CAAA,MAAO;AACL,UAAA,MAAM,WAAA,GAAc,MAAM,YAAA,CAAa,cAAA,CAAe,IAAc,CAAA;AACpE,UAAA,cAAA,CAAe,GAAA,CAAI,mBAAmB,WAAW,CAAA;AAEjD,UAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,CAAa,QAAA,CAAS,IAAc,CAAA;AACxD,UAAA,cAAA,CAAe,GAAA,CAAI,aAAa,KAAK,CAAA;AAAA,QACvC;AAAA,MACF;AAAA,IACF,SAAS,SAAA,EAAW;AAClB,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,6CAAA,EAA+C;AAAA,QACvE,KAAA,EAAO,SAAA,YAAqB,KAAA,GAAQ,EAAE,OAAA,EAAS,UAAU,OAAA,EAAS,KAAA,EAAO,SAAA,CAAU,KAAA,EAAM,GAAI;AAAA,OAC9F,CAAA;AAAA,IACH;AAAA,EACF,SAAS,GAAA,EAAK;AACZ,IAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,sBAAA,EAAwB;AAAA,MAChD,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI;AAAA,KAC5E,CAAA;AACD,IAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,0BAAA,EAA2B,EAAE;AAAA,EACrF;AAIA,EAAA,IAAI,eAAA,IAAmB,UAAA,IAAc,OAAO,UAAA,CAAW,kBAAkB,UAAA,EAAY;AACnF,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,MAAM,UAAA,CAAW,aAAA,CAAc,MAAM,UAAiB,CAAA;AAE3E,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,MAC1E;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,sCAAA,EAAwC;AAAA,QAChE,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI;AAAA,OAC5E,CAAA;AACD,MAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,qBAAA,EAAsB,EAAE;AAAA,IAChF;AAAA,EACF,WAAW,WAAA,IAAe,UAAA,IAAc,OAAO,UAAA,CAAW,cAAc,UAAA,EAAY;AAClF,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,IAAI,qBAAA,EAAsB;AAC/C,MAAA,MAAM,eAAe,MAAM,UAAA,CAAW,UAAU,IAAA,EAAM,MAAA,EAAQ,MAAM,YAAmB,CAAA;AAEvF,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,MAC1E;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,kCAAA,EAAoC;AAAA,QAC5D,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI,GAAA;AAAA,QAC3E,IAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,qBAAA,EAAsB,EAAE;AAAA,IAChF;AAAA,EACF,CAAA,MAAA,IAAW,WAAW,UAAA,IAAc,UAAA,CAAW,SAAS,UAAA,CAAW,KAAA,CAAM,SAAS,CAAA,EAAG;AACnF,IAAA,MAAM,eAAe,MAAM,UAAA,CAAW,WAAW,KAAA,EAAO,IAAA,EAAM,QAAQ,IAAI,CAAA;AAE1E,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,IAC1E;AAAA,EACF,CAAA,MAAO;AAIL,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AACzC,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,IAAI,iBAAA,CAAkB,KAAA,IAAS,iBAAA,CAAkB,KAAA,CAAM,SAAS,CAAA,EAAG;AACjE,QAAA,MAAM,eAAe,MAAM,UAAA,CAAW,kBAAkB,KAAA,EAAO,IAAA,EAAM,QAAQ,IAAI,CAAA;AAEjF,QAAA,IAAI,CAAC,YAAA,EAAc;AACjB,UAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,QAC1E;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAE;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAGO,IAAM,UAAA,GAAa,OACxB,KAAA,EACA,IAAA,EACA,QACA,IAAA,KACqB;AAErB,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,IAAS,EAAC,EAAG;AAC3B,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AAEtB,IAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,IAAA,CAAK,IAAI,CAAA,EAAG;AACrC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,OAAA,IAAW,CAAC,kBAAkB,IAAA,CAAK,OAAA,EAAS,MAAM,CAAA,EAAG;AAC5D,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,IAAA,CAAK,SAAA;AACvB,IAAA,IAAI,OAAO,cAAc,UAAA,EAAY;AACnC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,OAAA,EAAQ,CACnC,IAAA,CAAK,MAAM,SAAA,CAAU,IAAI,CAAC,CAAA,CAC1B,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,KAAK,KAAA,EAAO;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAGA,EAAA,OAAO,KAAA;AACT","file":"chunk-ZL5RCH6A.cjs","sourcesContent":["import type { MastraAuthConfig } from '@mastra/core/server';\n\n// Default configuration that can be extended by clients\nexport const defaultAuthConfig: MastraAuthConfig = {\n  protected: ['/api/*'],\n  public: ['/api', '/api/auth/*'],\n  // Simple rule system\n  rules: [\n    // Admin users can do anything\n    {\n      condition: user => {\n        if (typeof user === 'object' && user !== null) {\n          if ('isAdmin' in user) {\n            return !!user.isAdmin;\n          }\n\n          if ('role' in user) {\n            return user.role === 'admin';\n          }\n        }\n        return false;\n      },\n      allow: true,\n    },\n  ],\n};\n","/**\n * Path pattern matching utility\n * Inlined from regexparam v3.0.0 (MIT License)\n * https://github.com/lukeed/regexparam\n *\n * Copyright (c) Luke Edwards <luke.edwards05@gmail.com> (lukeed.com)\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to deal\n * in the Software without restriction, including without limitation the rights\n * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n * copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in all\n * copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n * SOFTWARE.\n */\n\nexport interface ParsedPattern {\n  keys: string[] | false;\n  pattern: RegExp;\n}\n\n/**\n * Parse a route pattern into a RegExp\n * Supports:\n * - Named parameters: /users/:id\n * - Optional parameters: /users/:id?\n * - Wildcards: /files/*\n * - Mixed patterns: /api/:version/users/:id\n */\nexport function parse(input: string | RegExp, loose?: boolean): ParsedPattern {\n  if (input instanceof RegExp) return { keys: false, pattern: input };\n\n  let c: string;\n  let o: number;\n  let tmp: string | undefined;\n  let ext: number;\n  const keys: string[] = [];\n  let pattern = '';\n  const arr = input.split('/');\n\n  arr[0] || arr.shift();\n\n  while ((tmp = arr.shift())) {\n    c = tmp[0]!;\n    if (c === '*') {\n      keys.push(c);\n      pattern += tmp[1] === '?' ? '(?:/(.*))?' : '/(.*)';\n    } else if (c === ':') {\n      o = tmp.indexOf('?', 1);\n      ext = tmp.indexOf('.', 1);\n      keys.push(tmp.substring(1, !!~o ? o : !!~ext ? ext : tmp.length));\n      pattern += !!~o && !~ext ? '(?:/([^/]+?))?' : '/([^/]+?)';\n      if (!!~ext) pattern += (!!~o ? '?' : '') + '\\\\' + tmp.substring(ext);\n    } else {\n      pattern += '/' + tmp;\n    }\n  }\n\n  return {\n    keys: keys,\n    pattern: new RegExp('^' + pattern + (loose ? '(?=$|/)' : '/?$'), 'i'),\n  };\n}\n\n/**\n * Test if a path matches a pattern\n */\nexport function matchPath(path: string, pattern: string | RegExp): boolean {\n  const { pattern: regex } = parse(pattern);\n  return regex.test(path);\n}\n","import type { IRBACProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { Mastra } from '@mastra/core/mastra';\nimport type { MastraAuthConfig } from '@mastra/core/server';\nimport type { HonoRequest } from 'hono';\n\nimport { MASTRA_RESOURCE_ID_KEY } from '../constants';\nimport { defaultAuthConfig } from './defaults';\nimport { parse } from './path-pattern';\n\n/**\n * Check if a route is a registered custom route that requires authentication.\n * Returns true only if the route is explicitly registered with requiresAuth: true.\n * Returns false if the route is not in the config or has requiresAuth: false.\n */\nexport const isProtectedCustomRoute = (\n  path: string,\n  method: string,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  if (!customRouteAuthConfig) {\n    return false;\n  }\n\n  // Check exact match first (fast path for static routes)\n  const exactRouteKey = `${method}:${path}`;\n  if (customRouteAuthConfig.has(exactRouteKey)) {\n    return customRouteAuthConfig.get(exactRouteKey) === true;\n  }\n\n  // Check exact match for ALL method\n  const allRouteKey = `ALL:${path}`;\n  if (customRouteAuthConfig.has(allRouteKey)) {\n    return customRouteAuthConfig.get(allRouteKey) === true;\n  }\n\n  // Check pattern matches for dynamic routes (e.g., '/users/:id')\n  for (const [routeKey, requiresAuth] of customRouteAuthConfig.entries()) {\n    const colonIndex = routeKey.indexOf(':');\n    if (colonIndex === -1) {\n      continue; // Skip malformed keys\n    }\n\n    const routeMethod = routeKey.substring(0, colonIndex);\n    const routePattern = routeKey.substring(colonIndex + 1);\n\n    // Check if method matches (exact match or ALL)\n    if (routeMethod !== method && routeMethod !== 'ALL') {\n      continue;\n    }\n\n    // Check if path matches the pattern\n    if (pathMatchesPattern(path, routePattern)) {\n      return requiresAuth === true;\n    }\n  }\n\n  return false; // Not in config = not a protected custom route\n};\n\n/**\n * Check if request is from dev playground\n * @param getHeader - Function to get header value from request\n * @param customRouteAuthConfig - Map of custom route auth configurations\n */\nexport const isDevPlaygroundRequest = (\n  path: string,\n  method: string,\n  getHeader: (name: string) => string | undefined,\n  authConfig: MastraAuthConfig,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return (\n    process.env.MASTRA_DEV === 'true' &&\n    // Allow if path doesn't match protected patterns AND is not a protected custom route\n    ((!isAnyMatch(path, method, protectedAccess) && !isProtectedCustomRoute(path, method, customRouteAuthConfig)) ||\n      // Or if has playground header\n      getHeader('x-mastra-dev-playground') === 'true')\n  );\n};\n\nexport const isCustomRoutePublic = (\n  path: string,\n  method: string,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  if (!customRouteAuthConfig) {\n    return false;\n  }\n\n  // Check exact match first (fast path for static routes)\n  const exactRouteKey = `${method}:${path}`;\n  if (customRouteAuthConfig.has(exactRouteKey)) {\n    return !customRouteAuthConfig.get(exactRouteKey); // True when route opts out of auth\n  }\n\n  // Check exact match for ALL method\n  const allRouteKey = `ALL:${path}`;\n  if (customRouteAuthConfig.has(allRouteKey)) {\n    return !customRouteAuthConfig.get(allRouteKey);\n  }\n\n  // Check pattern matches for dynamic routes (e.g., '/users/:id')\n  for (const [routeKey, requiresAuth] of customRouteAuthConfig.entries()) {\n    const colonIndex = routeKey.indexOf(':');\n    if (colonIndex === -1) {\n      continue; // Skip malformed keys\n    }\n\n    const routeMethod = routeKey.substring(0, colonIndex);\n    const routePattern = routeKey.substring(colonIndex + 1);\n\n    // Check if method matches (exact match or ALL)\n    if (routeMethod !== method && routeMethod !== 'ALL') {\n      continue;\n    }\n\n    // Check if path matches the pattern\n    if (pathMatchesPattern(path, routePattern)) {\n      return !requiresAuth; // True when route opts out of auth\n    }\n  }\n\n  return false;\n};\n\n// NOTE: This uses isProtectedCustomRoute (default-allow for unknown paths) rather than\n// !isCustomRoutePublic (default-deny). This is intentional — all registered server and\n// custom routes are auth-checked via registerRoute/checkRouteAuth regardless of this\n// function. The '/api/*' protected pattern exists as a user-facing override mechanism.\n// The old default-deny logic incorrectly blocked non-API paths (e.g. '/', '/agents')\n// which prevented the studio login page from loading in production.\nexport const isProtectedPath = (\n  path: string,\n  method: string,\n  authConfig: MastraAuthConfig,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return isAnyMatch(path, method, protectedAccess) || isProtectedCustomRoute(path, method, customRouteAuthConfig);\n};\n\nexport const canAccessPublicly = (path: string, method: string, authConfig: MastraAuthConfig): boolean => {\n  // Check if this path+method combination is publicly accessible\n  const publicAccess = [...(defaultAuthConfig.public || []), ...(authConfig.public || [])];\n\n  return isAnyMatch(path, method, publicAccess);\n};\n\nconst isAnyMatch = (\n  path: string,\n  method: string,\n  patterns: MastraAuthConfig['protected'] | MastraAuthConfig['public'],\n): boolean => {\n  if (!patterns) {\n    return false;\n  }\n\n  for (const patternPathOrMethod of patterns) {\n    if (patternPathOrMethod instanceof RegExp) {\n      if (patternPathOrMethod.test(path)) {\n        return true;\n      }\n    }\n\n    if (typeof patternPathOrMethod === 'string' && pathMatchesPattern(path, patternPathOrMethod)) {\n      return true;\n    }\n\n    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {\n      const [pattern, methodOrMethods] = patternPathOrMethod;\n      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {\n        return true;\n      }\n    }\n  }\n\n  return false;\n};\n\nexport const pathMatchesPattern = (path: string, pattern: string): boolean => {\n  // Use regexparam for battle-tested path matching\n  // Supports:\n  // - Exact paths: '/api/users'\n  // - Wildcards: '/api/agents/*' matches '/api/agents/123'\n  // - Path parameters: '/users/:id' matches '/users/123'\n  // - Optional parameters: '/users/:id?' matches '/users' and '/users/123'\n  // - Mixed patterns: '/api/:version/users/:id/profile'\n  const { pattern: regex } = parse(pattern);\n  return regex.test(path);\n};\n\nexport const pathMatchesRule = (path: string, rulePath: string | RegExp | string[] | undefined): boolean => {\n  if (!rulePath) return true; // No path specified means all paths\n\n  if (typeof rulePath === 'string') {\n    return pathMatchesPattern(path, rulePath);\n  }\n\n  if (rulePath instanceof RegExp) {\n    return rulePath.test(path);\n  }\n\n  if (Array.isArray(rulePath)) {\n    return rulePath.some(p => pathMatchesPattern(path, p));\n  }\n\n  return false;\n};\n\nexport const matchesOrIncludes = (values: string | string[], value: string): boolean => {\n  if (typeof values === 'string') {\n    return values === value;\n  }\n\n  if (Array.isArray(values)) {\n    return values.includes(value);\n  }\n\n  return false;\n};\n\n// ── Core auth middleware ──\n// Framework-agnostic auth logic extracted from adapter middlewares.\n// Each adapter builds an AuthMiddlewareContext and delegates to coreAuthMiddleware.\n\nexport interface AuthMiddlewareContext {\n  path: string;\n  method: string;\n  getHeader: (name: string) => string | undefined;\n  mastra: Mastra;\n  authConfig: MastraAuthConfig;\n  customRouteAuthConfig?: Map<string, boolean>;\n  requestContext: { get: (key: string) => unknown; set: (key: string, value: unknown) => void };\n  rawRequest: unknown;\n  token: string | null;\n  buildAuthorizeContext: () => unknown;\n}\n\nexport type AuthResult = { action: 'next' } | { action: 'error'; status: number; body: Record<string, unknown> };\n\nconst pass: AuthResult = { action: 'next' };\n\nexport interface GetAuthenticatedUserOptions {\n  mastra: Mastra;\n  token: string;\n  request: Request | HonoRequest;\n}\n\nexport const getAuthenticatedUser = async <TUser = unknown>({\n  mastra,\n  token,\n  request,\n}: GetAuthenticatedUserOptions): Promise<TUser | null> => {\n  const normalizedToken = token.replace(/^Bearer\\s+/i, '').trim();\n  if (!normalizedToken) {\n    return null;\n  }\n\n  const authConfig = mastra.getServer()?.auth;\n  if (!authConfig || typeof authConfig.authenticateToken !== 'function') {\n    return null;\n  }\n\n  return (await authConfig.authenticateToken(normalizedToken, request as any)) as TUser | null;\n};\n\n/**\n * Single auth middleware: authenticate → authorize.\n * Skip checks (dev playground, unprotected path, public path) are evaluated once.\n */\nexport const coreAuthMiddleware = async (ctx: AuthMiddlewareContext): Promise<AuthResult> => {\n  const { path, method, getHeader, mastra, authConfig, customRouteAuthConfig, requestContext, rawRequest, token } = ctx;\n\n  // ── Skip checks (evaluated once) ──\n\n  // Only bypass auth for dev playground when no real auth provider is configured.\n  // When auth IS configured (has authenticateToken), we need the full auth flow\n  // so user/roles/permissions are set in requestContext.\n  const hasAuthProvider = typeof authConfig.authenticateToken === 'function';\n  if (!hasAuthProvider && isDevPlaygroundRequest(path, method, getHeader, authConfig, customRouteAuthConfig)) {\n    return pass;\n  }\n\n  if (!isProtectedPath(path, method, authConfig, customRouteAuthConfig)) {\n    return pass;\n  }\n\n  if (canAccessPublicly(path, method, authConfig)) {\n    return pass;\n  }\n\n  // ── Authentication ──\n\n  let user: unknown;\n\n  try {\n    if (typeof authConfig.authenticateToken === 'function') {\n      user = await authConfig.authenticateToken(token ?? '', rawRequest as any);\n    } else {\n      throw new Error('No token verification method configured');\n    }\n\n    if (!user) {\n      return { action: 'error', status: 401, body: { error: 'Invalid or expired token' } };\n    }\n\n    requestContext.set('user', user);\n\n    if (typeof authConfig.mapUserToResourceId === 'function') {\n      try {\n        const resourceId = authConfig.mapUserToResourceId(user);\n        if (resourceId) {\n          requestContext.set(MASTRA_RESOURCE_ID_KEY, resourceId);\n        }\n      } catch (mapError) {\n        mastra.getLogger()?.error('mapUserToResourceId failed', {\n          error: mapError instanceof Error ? { message: mapError.message, stack: mapError.stack } : mapError,\n        });\n        return { action: 'error', status: 500, body: { error: 'Failed to map authenticated user to a resource ID' } };\n      }\n    }\n\n    try {\n      const serverConfig = mastra.getServer();\n      const rbacProvider = serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n\n      if (rbacProvider) {\n        if (!user || typeof user !== 'object' || !('id' in user)) {\n          mastra.getLogger()?.warn('RBAC: authenticated user missing required \"id\" field, skipping permission loading');\n        } else {\n          const permissions = await rbacProvider.getPermissions(user as EEUser);\n          requestContext.set('userPermissions', permissions);\n\n          const roles = await rbacProvider.getRoles(user as EEUser);\n          requestContext.set('userRoles', roles);\n        }\n      }\n    } catch (rbacError) {\n      mastra.getLogger()?.error('RBAC: failed to load user permissions/roles', {\n        error: rbacError instanceof Error ? { message: rbacError.message, stack: rbacError.stack } : rbacError,\n      });\n    }\n  } catch (err) {\n    mastra.getLogger()?.error('Authentication error', {\n      error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n    });\n    return { action: 'error', status: 401, body: { error: 'Invalid or expired token' } };\n  }\n\n  // ── Authorization ──\n\n  if ('authorizeUser' in authConfig && typeof authConfig.authorizeUser === 'function') {\n    try {\n      const isAuthorized = await authConfig.authorizeUser(user, rawRequest as any);\n\n      if (!isAuthorized) {\n        return { action: 'error', status: 403, body: { error: 'Access denied' } };\n      }\n    } catch (err) {\n      mastra.getLogger()?.error('Authorization error in authorizeUser', {\n        error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n      });\n      return { action: 'error', status: 500, body: { error: 'Authorization error' } };\n    }\n  } else if ('authorize' in authConfig && typeof authConfig.authorize === 'function') {\n    try {\n      const authorizeCtx = ctx.buildAuthorizeContext();\n      const isAuthorized = await authConfig.authorize(path, method, user, authorizeCtx as any);\n\n      if (!isAuthorized) {\n        return { action: 'error', status: 403, body: { error: 'Access denied' } };\n      }\n    } catch (err) {\n      mastra.getLogger()?.error('Authorization error in authorize', {\n        error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n        path,\n        method,\n      });\n      return { action: 'error', status: 500, body: { error: 'Authorization error' } };\n    }\n  } else if ('rules' in authConfig && authConfig.rules && authConfig.rules.length > 0) {\n    const isAuthorized = await checkRules(authConfig.rules, path, method, user);\n\n    if (!isAuthorized) {\n      return { action: 'error', status: 403, body: { error: 'Access denied' } };\n    }\n  } else {\n    // No explicit authorization configured (authorizeUser, authorize, or rules)\n    // Check if RBAC is configured - if not, allow authenticated users through\n    // (auth-only mode = authenticated users get full access)\n    const rbacProvider = mastra.getServer()?.rbac;\n    if (rbacProvider) {\n      if (defaultAuthConfig.rules && defaultAuthConfig.rules.length > 0) {\n        const isAuthorized = await checkRules(defaultAuthConfig.rules, path, method, user);\n\n        if (!isAuthorized) {\n          return { action: 'error', status: 403, body: { error: 'Access denied' } };\n        }\n      } else {\n        return { action: 'error', status: 403, body: { error: 'Access denied' } };\n      }\n    }\n  }\n\n  return pass;\n};\n\n// Check authorization rules\nexport const checkRules = async (\n  rules: MastraAuthConfig['rules'],\n  path: string,\n  method: string,\n  user: unknown,\n): Promise<boolean> => {\n  // Go through rules in order (first match wins)\n  for (const i in rules || []) {\n    const rule = rules?.[i]!;\n    // Check if rule applies to this path\n    if (!pathMatchesRule(path, rule.path)) {\n      continue;\n    }\n\n    // Check if rule applies to this method\n    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {\n      continue;\n    }\n\n    // Rule matches, check conditions\n    const condition = rule.condition;\n    if (typeof condition === 'function') {\n      const allowed = await Promise.resolve()\n        .then(() => condition(user))\n        .catch(() => false);\n\n      if (allowed) {\n        return true;\n      }\n    } else if (rule.allow) {\n      return true;\n    }\n  }\n\n  // No matching rules, deny by default\n  return false;\n};\n"]}