@mastra/server 1.34.1-alpha.0 → 1.35.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (291) hide show
  1. package/CHANGELOG.md +62 -0
  2. package/dist/{api-schema-manifest-ONJGSFU6.js → api-schema-manifest-HTSK7CWD.js} +4 -4
  3. package/dist/{api-schema-manifest-ONJGSFU6.js.map → api-schema-manifest-HTSK7CWD.js.map} +1 -1
  4. package/dist/{api-schema-manifest-RW2XKWHV.cjs → api-schema-manifest-WVM7QABS.cjs} +6 -6
  5. package/dist/{api-schema-manifest-RW2XKWHV.cjs.map → api-schema-manifest-WVM7QABS.cjs.map} +1 -1
  6. package/dist/{chunk-IQVS4IDI.cjs → chunk-2CT57Y5S.cjs} +28 -28
  7. package/dist/{chunk-IQVS4IDI.cjs.map → chunk-2CT57Y5S.cjs.map} +1 -1
  8. package/dist/{chunk-FXOO4Y2Q.cjs → chunk-2GEO7VUJ.cjs} +6 -6
  9. package/dist/{chunk-FXOO4Y2Q.cjs.map → chunk-2GEO7VUJ.cjs.map} +1 -1
  10. package/dist/{chunk-FTU4TI4A.cjs → chunk-2SYGQRXY.cjs} +98 -100
  11. package/dist/chunk-2SYGQRXY.cjs.map +1 -0
  12. package/dist/{chunk-KVUAUYOV.js → chunk-35DMDUVM.js} +6 -7
  13. package/dist/chunk-35DMDUVM.js.map +1 -0
  14. package/dist/{chunk-PSKJOI66.cjs → chunk-3BL73LS3.cjs} +38 -38
  15. package/dist/{chunk-PSKJOI66.cjs.map → chunk-3BL73LS3.cjs.map} +1 -1
  16. package/dist/{chunk-EAK4XE4C.cjs → chunk-3SPUSGBT.cjs} +63 -65
  17. package/dist/chunk-3SPUSGBT.cjs.map +1 -0
  18. package/dist/{chunk-SCGVY5IZ.cjs → chunk-3T7LIPHA.cjs} +11 -11
  19. package/dist/{chunk-SCGVY5IZ.cjs.map → chunk-3T7LIPHA.cjs.map} +1 -1
  20. package/dist/{chunk-3PY3QBC7.js → chunk-4UPPXNWW.js} +4 -6
  21. package/dist/chunk-4UPPXNWW.js.map +1 -0
  22. package/dist/{chunk-QPMT252K.cjs → chunk-4WXROF2X.cjs} +8 -8
  23. package/dist/{chunk-QPMT252K.cjs.map → chunk-4WXROF2X.cjs.map} +1 -1
  24. package/dist/{chunk-B7WXS33B.js → chunk-53OYU4CP.js} +3 -3
  25. package/dist/{chunk-B7WXS33B.js.map → chunk-53OYU4CP.js.map} +1 -1
  26. package/dist/{chunk-CWAY5KJO.js → chunk-5PPFITJ3.js} +3 -3
  27. package/dist/{chunk-CWAY5KJO.js.map → chunk-5PPFITJ3.js.map} +1 -1
  28. package/dist/{chunk-XHPHVJYC.cjs → chunk-5THYUHCG.cjs} +35 -35
  29. package/dist/{chunk-XHPHVJYC.cjs.map → chunk-5THYUHCG.cjs.map} +1 -1
  30. package/dist/{chunk-TTJ3DYZH.cjs → chunk-7ASFLZZ6.cjs} +7 -7
  31. package/dist/{chunk-TTJ3DYZH.cjs.map → chunk-7ASFLZZ6.cjs.map} +1 -1
  32. package/dist/chunk-7BDWHV3B.cjs +615 -0
  33. package/dist/{chunk-XHDRHNLP.cjs.map → chunk-7BDWHV3B.cjs.map} +1 -1
  34. package/dist/{chunk-USEYAK7Q.js → chunk-7BM2AIKU.js} +4 -4
  35. package/dist/{chunk-USEYAK7Q.js.map → chunk-7BM2AIKU.js.map} +1 -1
  36. package/dist/{chunk-Q5GKSNJQ.js → chunk-AY5TY4EN.js} +3 -3
  37. package/dist/{chunk-Q5GKSNJQ.js.map → chunk-AY5TY4EN.js.map} +1 -1
  38. package/dist/{chunk-QO4NGLIB.cjs → chunk-AZORAK4H.cjs} +2 -2
  39. package/dist/{chunk-QO4NGLIB.cjs.map → chunk-AZORAK4H.cjs.map} +1 -1
  40. package/dist/{chunk-YUF2UULB.js → chunk-BE7IP4ZJ.js} +5 -18
  41. package/dist/chunk-BE7IP4ZJ.js.map +1 -0
  42. package/dist/{chunk-CD77652U.cjs → chunk-BVZLX6R4.cjs} +10 -10
  43. package/dist/{chunk-CD77652U.cjs.map → chunk-BVZLX6R4.cjs.map} +1 -1
  44. package/dist/{chunk-ZFWY6K7L.cjs → chunk-CUMEATMZ.cjs} +10 -10
  45. package/dist/{chunk-ZFWY6K7L.cjs.map → chunk-CUMEATMZ.cjs.map} +1 -1
  46. package/dist/{chunk-Q4UAJHCH.cjs → chunk-DBG7BFWZ.cjs} +26 -27
  47. package/dist/chunk-DBG7BFWZ.cjs.map +1 -0
  48. package/dist/{chunk-O4WUSYFT.cjs → chunk-DZWFQD53.cjs} +6 -6
  49. package/dist/{chunk-O4WUSYFT.cjs.map → chunk-DZWFQD53.cjs.map} +1 -1
  50. package/dist/{chunk-5D3Y5X23.cjs → chunk-DZXHO72E.cjs} +7 -7
  51. package/dist/{chunk-5D3Y5X23.cjs.map → chunk-DZXHO72E.cjs.map} +1 -1
  52. package/dist/{chunk-JNBGZHPM.js → chunk-E53AJNZB.js} +2 -2
  53. package/dist/{chunk-JNBGZHPM.js.map → chunk-E53AJNZB.js.map} +1 -1
  54. package/dist/{chunk-GOLFAE27.cjs → chunk-EG3QNCBQ.cjs} +8 -8
  55. package/dist/{chunk-GOLFAE27.cjs.map → chunk-EG3QNCBQ.cjs.map} +1 -1
  56. package/dist/{chunk-X5WAPD5D.js → chunk-FLVMO2FZ.js} +3 -3
  57. package/dist/{chunk-X5WAPD5D.js.map → chunk-FLVMO2FZ.js.map} +1 -1
  58. package/dist/{chunk-B3WN7PUA.js → chunk-FRFWWBSS.js} +3 -3
  59. package/dist/{chunk-B3WN7PUA.js.map → chunk-FRFWWBSS.js.map} +1 -1
  60. package/dist/{chunk-AYF6JSMR.cjs → chunk-GPLCXP3B.cjs} +8 -8
  61. package/dist/{chunk-AYF6JSMR.cjs.map → chunk-GPLCXP3B.cjs.map} +1 -1
  62. package/dist/{chunk-NC5OJJ7J.js → chunk-H5FPSS2N.js} +36 -36
  63. package/dist/{chunk-NC5OJJ7J.js.map → chunk-H5FPSS2N.js.map} +1 -1
  64. package/dist/{chunk-XDG66XR6.js → chunk-HOTUR6VH.js} +5 -5
  65. package/dist/{chunk-XDG66XR6.js.map → chunk-HOTUR6VH.js.map} +1 -1
  66. package/dist/{chunk-KSXGQR7R.js → chunk-I63ON7JW.js} +3 -3
  67. package/dist/{chunk-KSXGQR7R.js.map → chunk-I63ON7JW.js.map} +1 -1
  68. package/dist/{chunk-WT32DTOX.js → chunk-IDUFQ5HG.js} +3 -3
  69. package/dist/{chunk-WT32DTOX.js.map → chunk-IDUFQ5HG.js.map} +1 -1
  70. package/dist/{chunk-VUOJ2L6F.js → chunk-JGTLNFH2.js} +3 -3
  71. package/dist/{chunk-VUOJ2L6F.js.map → chunk-JGTLNFH2.js.map} +1 -1
  72. package/dist/{chunk-ZA36LMFH.cjs → chunk-JTMIZMGO.cjs} +11 -11
  73. package/dist/{chunk-ZA36LMFH.cjs.map → chunk-JTMIZMGO.cjs.map} +1 -1
  74. package/dist/{chunk-IYCFQWRD.js → chunk-JW4P6OFG.js} +3 -3
  75. package/dist/{chunk-IYCFQWRD.js.map → chunk-JW4P6OFG.js.map} +1 -1
  76. package/dist/{chunk-CMTMKEXG.cjs → chunk-JX4UGU4A.cjs} +7 -7
  77. package/dist/{chunk-CMTMKEXG.cjs.map → chunk-JX4UGU4A.cjs.map} +1 -1
  78. package/dist/{chunk-IGIN7S7J.cjs → chunk-KDZIZ3LV.cjs} +20 -21
  79. package/dist/chunk-KDZIZ3LV.cjs.map +1 -0
  80. package/dist/{chunk-RDNOXYZG.cjs → chunk-KEAF4TVC.cjs} +10 -10
  81. package/dist/{chunk-RDNOXYZG.cjs.map → chunk-KEAF4TVC.cjs.map} +1 -1
  82. package/dist/{chunk-6Y4P7VLA.js → chunk-L2RZNUOW.js} +3 -3
  83. package/dist/{chunk-6Y4P7VLA.js.map → chunk-L2RZNUOW.js.map} +1 -1
  84. package/dist/{chunk-VW5OEICB.js → chunk-LBEQ4EE4.js} +3 -15
  85. package/dist/chunk-LBEQ4EE4.js.map +1 -0
  86. package/dist/{chunk-DMVDNMBE.js → chunk-LL2CVXJG.js} +3 -3
  87. package/dist/{chunk-DMVDNMBE.js.map → chunk-LL2CVXJG.js.map} +1 -1
  88. package/dist/{chunk-DNF4M637.js → chunk-LQRPDQCE.js} +3 -3
  89. package/dist/{chunk-DNF4M637.js.map → chunk-LQRPDQCE.js.map} +1 -1
  90. package/dist/{chunk-MFMWTGJR.js → chunk-LXXKGWXS.js} +3 -3
  91. package/dist/{chunk-MFMWTGJR.js.map → chunk-LXXKGWXS.js.map} +1 -1
  92. package/dist/{chunk-T7W5Y7B4.js → chunk-M4IITA2G.js} +3 -3
  93. package/dist/{chunk-T7W5Y7B4.js.map → chunk-M4IITA2G.js.map} +1 -1
  94. package/dist/{chunk-EZC6QXA2.js → chunk-M7CTMLXS.js} +3 -3
  95. package/dist/{chunk-EZC6QXA2.js.map → chunk-M7CTMLXS.js.map} +1 -1
  96. package/dist/{chunk-CGQLGFJU.cjs → chunk-M7VWAJP3.cjs} +10 -10
  97. package/dist/{chunk-CGQLGFJU.cjs.map → chunk-M7VWAJP3.cjs.map} +1 -1
  98. package/dist/{chunk-I7TANA3T.cjs → chunk-MFBVMCPB.cjs} +14 -27
  99. package/dist/chunk-MFBVMCPB.cjs.map +1 -0
  100. package/dist/{chunk-K6WK3UHV.js → chunk-MJBD3YYS.js} +4 -5
  101. package/dist/chunk-MJBD3YYS.js.map +1 -0
  102. package/dist/{chunk-XIK72ACQ.js → chunk-N63KDS6D.js} +4 -4
  103. package/dist/{chunk-XIK72ACQ.js.map → chunk-N63KDS6D.js.map} +1 -1
  104. package/dist/{chunk-XR3KGF26.js → chunk-NG62OLVA.js} +3 -3
  105. package/dist/{chunk-XR3KGF26.js.map → chunk-NG62OLVA.js.map} +1 -1
  106. package/dist/{chunk-AJEJDKPH.cjs → chunk-NPMJ6FRL.cjs} +56 -56
  107. package/dist/{chunk-AJEJDKPH.cjs.map → chunk-NPMJ6FRL.cjs.map} +1 -1
  108. package/dist/{chunk-XENEMPZA.cjs → chunk-OG3CV6IN.cjs} +10 -10
  109. package/dist/{chunk-XENEMPZA.cjs.map → chunk-OG3CV6IN.cjs.map} +1 -1
  110. package/dist/{chunk-TRR6JRF7.cjs → chunk-OMLB6EMJ.cjs} +9 -9
  111. package/dist/{chunk-TRR6JRF7.cjs.map → chunk-OMLB6EMJ.cjs.map} +1 -1
  112. package/dist/{chunk-H6ZPZN7O.js → chunk-OMODGV6O.js} +4 -4
  113. package/dist/{chunk-H6ZPZN7O.js.map → chunk-OMODGV6O.js.map} +1 -1
  114. package/dist/{chunk-DECVQ646.cjs → chunk-PG4IJL7T.cjs} +8 -8
  115. package/dist/{chunk-DECVQ646.cjs.map → chunk-PG4IJL7T.cjs.map} +1 -1
  116. package/dist/{chunk-6MVJ6FCV.cjs → chunk-PYZAUXQX.cjs} +11 -11
  117. package/dist/{chunk-6MVJ6FCV.cjs.map → chunk-PYZAUXQX.cjs.map} +1 -1
  118. package/dist/{chunk-WVEUJ2TR.cjs → chunk-R3R6VJRM.cjs} +24 -24
  119. package/dist/{chunk-WVEUJ2TR.cjs.map → chunk-R3R6VJRM.cjs.map} +1 -1
  120. package/dist/{chunk-72W42JL4.cjs → chunk-RUKCZLXN.cjs} +42 -4
  121. package/dist/chunk-RUKCZLXN.cjs.map +1 -0
  122. package/dist/{chunk-367HIQ3I.cjs → chunk-SUNXO2H2.cjs} +8 -8
  123. package/dist/{chunk-367HIQ3I.cjs.map → chunk-SUNXO2H2.cjs.map} +1 -1
  124. package/dist/{chunk-PNIBQ2M2.js → chunk-SWCWNQL5.js} +3 -3
  125. package/dist/{chunk-PNIBQ2M2.js.map → chunk-SWCWNQL5.js.map} +1 -1
  126. package/dist/{chunk-JOUPK2UV.js → chunk-T2YPTXXE.js} +22 -5
  127. package/dist/chunk-T2YPTXXE.js.map +1 -0
  128. package/dist/{chunk-MFNDUYSI.js → chunk-TMLOBNMN.js} +4 -4
  129. package/dist/{chunk-MFNDUYSI.js.map → chunk-TMLOBNMN.js.map} +1 -1
  130. package/dist/{chunk-3LMGA7MG.js → chunk-TTGG4FBC.js} +4 -6
  131. package/dist/chunk-TTGG4FBC.js.map +1 -0
  132. package/dist/{chunk-6WVLPY55.js → chunk-TXKPEOUP.js} +5 -5
  133. package/dist/{chunk-6WVLPY55.js.map → chunk-TXKPEOUP.js.map} +1 -1
  134. package/dist/{chunk-XS2T5V4A.js → chunk-U2HTITB4.js} +49 -4
  135. package/dist/chunk-U2HTITB4.js.map +1 -0
  136. package/dist/{chunk-ZGS4PKNB.js → chunk-U7A3FCF3.js} +5 -5
  137. package/dist/{chunk-ZGS4PKNB.js.map → chunk-U7A3FCF3.js.map} +1 -1
  138. package/dist/{chunk-4HBM6E5X.cjs → chunk-UQ2H32RT.cjs} +6 -6
  139. package/dist/{chunk-4HBM6E5X.cjs.map → chunk-UQ2H32RT.cjs.map} +1 -1
  140. package/dist/{chunk-6GVFKBOJ.cjs → chunk-URAYY3ZG.cjs} +9 -9
  141. package/dist/{chunk-6GVFKBOJ.cjs.map → chunk-URAYY3ZG.cjs.map} +1 -1
  142. package/dist/{chunk-B3CHYE7C.js → chunk-UT2JT5GC.js} +3 -3
  143. package/dist/{chunk-B3CHYE7C.js.map → chunk-UT2JT5GC.js.map} +1 -1
  144. package/dist/{chunk-E4FBZ6IM.js → chunk-VTMAYC4R.js} +3 -3
  145. package/dist/{chunk-E4FBZ6IM.js.map → chunk-VTMAYC4R.js.map} +1 -1
  146. package/dist/{chunk-NBJTFFVY.cjs → chunk-W3FAEXOQ.cjs} +16 -16
  147. package/dist/{chunk-NBJTFFVY.cjs.map → chunk-W3FAEXOQ.cjs.map} +1 -1
  148. package/dist/{chunk-PQBLAVC3.js → chunk-WUXXEGDS.js} +6 -7
  149. package/dist/chunk-WUXXEGDS.js.map +1 -0
  150. package/dist/{chunk-IXMG5MXS.js → chunk-WWXG4HNX.js} +3 -3
  151. package/dist/{chunk-IXMG5MXS.js.map → chunk-WWXG4HNX.js.map} +1 -1
  152. package/dist/{chunk-JUKMJRY4.cjs → chunk-XHA6OBT3.cjs} +13 -25
  153. package/dist/chunk-XHA6OBT3.cjs.map +1 -0
  154. package/dist/{chunk-PEBJXUDQ.js → chunk-XT5ZVU5J.js} +3 -3
  155. package/dist/{chunk-PEBJXUDQ.js.map → chunk-XT5ZVU5J.js.map} +1 -1
  156. package/dist/{chunk-EEIOEGUZ.cjs → chunk-Y65G4C35.cjs} +88 -89
  157. package/dist/chunk-Y65G4C35.cjs.map +1 -0
  158. package/dist/{chunk-P3PDPKJZ.cjs → chunk-Y6MWNLAA.cjs} +5 -5
  159. package/dist/{chunk-P3PDPKJZ.cjs.map → chunk-Y6MWNLAA.cjs.map} +1 -1
  160. package/dist/{chunk-UPMAE2XP.cjs → chunk-YSC2EP5G.cjs} +11 -11
  161. package/dist/{chunk-UPMAE2XP.cjs.map → chunk-YSC2EP5G.cjs.map} +1 -1
  162. package/dist/{chunk-QXKYA2XA.cjs → chunk-Z35VW4BM.cjs} +49 -4
  163. package/dist/chunk-Z35VW4BM.cjs.map +1 -0
  164. package/dist/{chunk-KPVRISSU.js → chunk-ZIR2AE52.js} +3 -3
  165. package/dist/{chunk-KPVRISSU.js.map → chunk-ZIR2AE52.js.map} +1 -1
  166. package/dist/{dist-2RJEYXQW.cjs → dist-5GW5WUSJ.cjs} +24 -20
  167. package/dist/dist-5GW5WUSJ.cjs.map +1 -0
  168. package/dist/{dist-XOBMRGKS.js → dist-PWSP7TGP.js} +9 -5
  169. package/dist/dist-PWSP7TGP.js.map +1 -0
  170. package/dist/docs/SKILL.md +1 -1
  171. package/dist/docs/assets/SOURCE_MAP.json +1 -1
  172. package/dist/{observational-memory-7PMPJCPD-4KDHV6QS.js → observational-memory-SYNXJVL4-ATVV3WOD.js} +3 -3
  173. package/dist/{observational-memory-7PMPJCPD-4KDHV6QS.js.map → observational-memory-SYNXJVL4-ATVV3WOD.js.map} +1 -1
  174. package/dist/{observational-memory-7PMPJCPD-WP2GREA7.cjs → observational-memory-SYNXJVL4-CJCHK6QY.cjs} +26 -26
  175. package/dist/{observational-memory-7PMPJCPD-WP2GREA7.cjs.map → observational-memory-SYNXJVL4-CJCHK6QY.cjs.map} +1 -1
  176. package/dist/server/handlers/a2a.cjs +14 -14
  177. package/dist/server/handlers/a2a.js +1 -1
  178. package/dist/server/handlers/agent-builder.cjs +16 -16
  179. package/dist/server/handlers/agent-builder.js +1 -1
  180. package/dist/server/handlers/agent-versions.cjs +8 -8
  181. package/dist/server/handlers/agent-versions.js +1 -1
  182. package/dist/server/handlers/agents.cjs +41 -41
  183. package/dist/server/handlers/agents.d.ts.map +1 -1
  184. package/dist/server/handlers/agents.js +1 -1
  185. package/dist/server/handlers/auth.cjs +11 -11
  186. package/dist/server/handlers/auth.js +1 -1
  187. package/dist/server/handlers/background-tasks.cjs +4 -4
  188. package/dist/server/handlers/background-tasks.js +1 -1
  189. package/dist/server/handlers/channels.cjs +5 -5
  190. package/dist/server/handlers/channels.js +1 -1
  191. package/dist/server/handlers/conversations.cjs +5 -5
  192. package/dist/server/handlers/conversations.js +1 -1
  193. package/dist/server/handlers/datasets.cjs +26 -26
  194. package/dist/server/handlers/datasets.js +1 -1
  195. package/dist/server/handlers/logs.cjs +4 -4
  196. package/dist/server/handlers/logs.js +1 -1
  197. package/dist/server/handlers/mcp-client-versions.cjs +8 -8
  198. package/dist/server/handlers/mcp-client-versions.js +1 -1
  199. package/dist/server/handlers/mcp.cjs +11 -11
  200. package/dist/server/handlers/mcp.d.ts.map +1 -1
  201. package/dist/server/handlers/mcp.js +1 -1
  202. package/dist/server/handlers/memory.cjs +27 -27
  203. package/dist/server/handlers/memory.js +1 -1
  204. package/dist/server/handlers/observability-new-endpoints.cjs +28 -28
  205. package/dist/server/handlers/observability-new-endpoints.js +1 -1
  206. package/dist/server/handlers/observability.cjs +39 -39
  207. package/dist/server/handlers/observability.js +2 -2
  208. package/dist/server/handlers/processor-providers.cjs +3 -3
  209. package/dist/server/handlers/processor-providers.js +1 -1
  210. package/dist/server/handlers/processors.cjs +4 -4
  211. package/dist/server/handlers/processors.js +1 -1
  212. package/dist/server/handlers/prompt-block-versions.cjs +8 -8
  213. package/dist/server/handlers/prompt-block-versions.js +1 -1
  214. package/dist/server/handlers/responses.cjs +4 -4
  215. package/dist/server/handlers/responses.js +1 -1
  216. package/dist/server/handlers/responses.storage.cjs +8 -8
  217. package/dist/server/handlers/responses.storage.js +1 -1
  218. package/dist/server/handlers/schedules.cjs +6 -6
  219. package/dist/server/handlers/schedules.js +1 -1
  220. package/dist/server/handlers/scorer-versions.cjs +8 -8
  221. package/dist/server/handlers/scorer-versions.js +1 -1
  222. package/dist/server/handlers/scores.cjs +7 -7
  223. package/dist/server/handlers/scores.js +1 -1
  224. package/dist/server/handlers/stored-agents.cjs +7 -7
  225. package/dist/server/handlers/stored-agents.js +1 -1
  226. package/dist/server/handlers/stored-mcp-clients.cjs +6 -6
  227. package/dist/server/handlers/stored-mcp-clients.js +1 -1
  228. package/dist/server/handlers/stored-prompt-blocks.cjs +6 -6
  229. package/dist/server/handlers/stored-prompt-blocks.js +1 -1
  230. package/dist/server/handlers/stored-scorers.cjs +6 -6
  231. package/dist/server/handlers/stored-scorers.js +1 -1
  232. package/dist/server/handlers/stored-skills.cjs +7 -7
  233. package/dist/server/handlers/stored-skills.js +1 -1
  234. package/dist/server/handlers/stored-workspaces.cjs +6 -6
  235. package/dist/server/handlers/stored-workspaces.js +1 -1
  236. package/dist/server/handlers/system.cjs +3 -3
  237. package/dist/server/handlers/system.js +1 -1
  238. package/dist/server/handlers/tool-providers.cjs +5 -5
  239. package/dist/server/handlers/tool-providers.js +1 -1
  240. package/dist/server/handlers/tools.cjs +6 -6
  241. package/dist/server/handlers/tools.d.ts.map +1 -1
  242. package/dist/server/handlers/tools.js +1 -1
  243. package/dist/server/handlers/utils.cjs +10 -10
  244. package/dist/server/handlers/utils.js +1 -1
  245. package/dist/server/handlers/vector.cjs +16 -16
  246. package/dist/server/handlers/vector.js +1 -1
  247. package/dist/server/handlers/voice.cjs +8 -8
  248. package/dist/server/handlers/voice.js +1 -1
  249. package/dist/server/handlers/workflows.cjs +26 -26
  250. package/dist/server/handlers/workflows.d.ts.map +1 -1
  251. package/dist/server/handlers/workflows.js +1 -1
  252. package/dist/server/handlers/workspace.cjs +26 -26
  253. package/dist/server/handlers/workspace.js +1 -1
  254. package/dist/server/handlers.cjs +30 -30
  255. package/dist/server/handlers.js +15 -15
  256. package/dist/server/server-adapter/index.cjs +178 -21
  257. package/dist/server/server-adapter/index.cjs.map +1 -1
  258. package/dist/server/server-adapter/index.d.ts +5 -0
  259. package/dist/server/server-adapter/index.d.ts.map +1 -1
  260. package/dist/server/server-adapter/index.js +164 -7
  261. package/dist/server/server-adapter/index.js.map +1 -1
  262. package/dist/server/server-adapter/routes/index.d.ts +2 -9
  263. package/dist/server/server-adapter/routes/index.d.ts.map +1 -1
  264. package/dist/server/server-adapter/routes/route-builder.d.ts +2 -10
  265. package/dist/server/server-adapter/routes/route-builder.d.ts.map +1 -1
  266. package/package.json +4 -4
  267. package/dist/chunk-3LMGA7MG.js.map +0 -1
  268. package/dist/chunk-3PY3QBC7.js.map +0 -1
  269. package/dist/chunk-6KDKASVR.js +0 -22
  270. package/dist/chunk-6KDKASVR.js.map +0 -1
  271. package/dist/chunk-72W42JL4.cjs.map +0 -1
  272. package/dist/chunk-EAK4XE4C.cjs.map +0 -1
  273. package/dist/chunk-EEIOEGUZ.cjs.map +0 -1
  274. package/dist/chunk-FTU4TI4A.cjs.map +0 -1
  275. package/dist/chunk-I7TANA3T.cjs.map +0 -1
  276. package/dist/chunk-IGIN7S7J.cjs.map +0 -1
  277. package/dist/chunk-JOUPK2UV.js.map +0 -1
  278. package/dist/chunk-JUKMJRY4.cjs.map +0 -1
  279. package/dist/chunk-K6WK3UHV.js.map +0 -1
  280. package/dist/chunk-KVUAUYOV.js.map +0 -1
  281. package/dist/chunk-L4M23OMB.cjs +0 -44
  282. package/dist/chunk-L4M23OMB.cjs.map +0 -1
  283. package/dist/chunk-PQBLAVC3.js.map +0 -1
  284. package/dist/chunk-Q4UAJHCH.cjs.map +0 -1
  285. package/dist/chunk-QXKYA2XA.cjs.map +0 -1
  286. package/dist/chunk-VW5OEICB.js.map +0 -1
  287. package/dist/chunk-XHDRHNLP.cjs +0 -615
  288. package/dist/chunk-XS2T5V4A.js.map +0 -1
  289. package/dist/chunk-YUF2UULB.js.map +0 -1
  290. package/dist/dist-2RJEYXQW.cjs.map +0 -1
  291. package/dist/dist-XOBMRGKS.js.map +0 -1
package/dist/server/server-adapter/index.cjs CHANGED
@@ -1,10 +1,10 @@
1
1
  'use strict';
2
2
 
3
- var chunkXHDRHNLP_cjs = require('../../chunk-XHDRHNLP.cjs');
3
+ var chunk7BDWHV3B_cjs = require('../../chunk-7BDWHV3B.cjs');
4
4
  var chunkY5LNMKEY_cjs = require('../../chunk-Y5LNMKEY.cjs');
5
5
  var chunkLTYRUL3Q_cjs = require('../../chunk-LTYRUL3Q.cjs');
6
6
  var chunk5XW4MKE6_cjs = require('../../chunk-5XW4MKE6.cjs');
7
- var chunkQO4NGLIB_cjs = require('../../chunk-QO4NGLIB.cjs');
7
+ var chunkAZORAK4H_cjs = require('../../chunk-AZORAK4H.cjs');
8
8
  var chunkB34S64RC_cjs = require('../../chunk-B34S64RC.cjs');
9
9
  var requestContext = require('@mastra/core/request-context');
10
10
  var server = require('@mastra/core/server');
@@ -103,6 +103,121 @@ function redactStreamChunk(chunk) {
103
103
  }
104
104
 
105
105
  // src/server/server-adapter/index.ts
106
+ function isProtectedFGARoute(route) {
107
+ return route.requiresAuth !== false;
108
+ }
109
+ function formatRoute(route) {
110
+ return `${route.method} ${route.path}`;
111
+ }
112
+ function getFGAProvider(mastra) {
113
+ return mastra?.getServer?.()?.fga;
114
+ }
115
+ function getFGARouteInfo(route) {
116
+ return {
117
+ path: route.path,
118
+ method: route.method,
119
+ requiresAuth: route.requiresAuth,
120
+ requiresPermission: route.requiresPermission,
121
+ fga: route.fga
122
+ };
123
+ }
124
+ function getRoutePermissions(route) {
125
+ return [chunk7BDWHV3B_cjs.getEffectivePermission(route), route.fga?.permission].filter(
126
+ (permission) => Boolean(permission)
127
+ );
128
+ }
129
+ function getToolRoutePermission(path) {
130
+ return path.includes("/execute") ? "tools:execute" : "tools:read";
131
+ }
132
+ function getBuiltInRouteFGAConfig(route) {
133
+ if (!isProtectedFGARoute(route) || !route.path || !route.method) {
134
+ return null;
135
+ }
136
+ const permission = chunk7BDWHV3B_cjs.getEffectivePermission(route);
137
+ if (!permission) {
138
+ return null;
139
+ }
140
+ const path = route.path;
141
+ if (path.startsWith("/agents/:agentId/tools/:toolId")) {
142
+ return {
143
+ resourceType: "tool",
144
+ resourceId: ({ agentId, toolId }) => `${String(agentId)}:${String(toolId)}`,
145
+ permission: getToolRoutePermission(path)
146
+ };
147
+ }
148
+ if (path.startsWith("/agents/:agentId")) {
149
+ return { resourceType: "agent", resourceIdParam: "agentId", permission };
150
+ }
151
+ if (path.startsWith("/workflows/:workflowId")) {
152
+ return { resourceType: "workflow", resourceIdParam: "workflowId", permission };
153
+ }
154
+ if (path.startsWith("/tools/:toolId")) {
155
+ return { resourceType: "tool", resourceIdParam: "toolId", permission };
156
+ }
157
+ if (path.startsWith("/mcp/:serverId/tools/:toolId")) {
158
+ return {
159
+ resourceType: "tool",
160
+ resourceId: ({ serverId, toolId }) => JSON.stringify([String(serverId), String(toolId)]),
161
+ permission: getToolRoutePermission(path)
162
+ };
163
+ }
164
+ if (path.startsWith("/mcp/:serverId")) {
165
+ return { resourceType: "mcp", resourceIdParam: "serverId", permission };
166
+ }
167
+ if (path.startsWith("/memory/threads/:threadId") || path.startsWith("/memory/network/threads/:threadId")) {
168
+ return { resourceType: "thread", resourceIdParam: "threadId", permission };
169
+ }
170
+ if (path === "/memory/threads" || path === "/memory/network/threads") {
171
+ return {
172
+ resourceType: "thread",
173
+ resourceId: ({ threadId, resourceId }) => {
174
+ if (typeof threadId === "string") return threadId;
175
+ return typeof resourceId === "string" ? resourceId : void 0;
176
+ },
177
+ permission
178
+ };
179
+ }
180
+ if (path === "/memory/save-messages" || path === "/memory/network/save-messages") {
181
+ return {
182
+ resourceType: "thread",
183
+ resourceId: ({ messages }) => {
184
+ if (!Array.isArray(messages)) return void 0;
185
+ const threadId = messages.find(
186
+ (message) => message && typeof message === "object" && "threadId" in message
187
+ )?.threadId;
188
+ return typeof threadId === "string" ? threadId : void 0;
189
+ },
190
+ permission
191
+ };
192
+ }
193
+ if (path === "/v1/responses") {
194
+ return { resourceType: "agent", resourceIdParam: "agent_id", permission };
195
+ }
196
+ if (path.startsWith("/v1/responses/:responseId")) {
197
+ return { resourceType: "response", resourceIdParam: "responseId", permission };
198
+ }
199
+ if (path === "/v1/conversations") {
200
+ return { resourceType: "agent", resourceIdParam: "agent_id", permission };
201
+ }
202
+ if (path.startsWith("/v1/conversations/:conversationId")) {
203
+ return { resourceType: "conversation", resourceIdParam: "conversationId", permission };
204
+ }
205
+ return null;
206
+ }
207
+ async function resolveRouteFGAConfig(fgaProvider, route, requestContext, params) {
208
+ if (route.fga) {
209
+ return route.fga;
210
+ }
211
+ const resolvedConfig = await fgaProvider.resolveRouteFGA?.({
212
+ route: getFGARouteInfo(route),
213
+ params,
214
+ requestContext
215
+ });
216
+ if (resolvedConfig) {
217
+ return resolvedConfig;
218
+ }
219
+ return getBuiltInRouteFGAConfig(route);
220
+ }
106
221
  function getSchemaTypeName(schema) {
107
222
  const schemaDef = schema?._def ?? schema?.def;
108
223
  return schemaDef?.typeName ?? schemaDef?.type;
@@ -338,7 +453,7 @@ var MastraServer = class _MastraServer extends server.MastraServerBase {
338
453
  if (!rbacProvider) {
339
454
  return null;
340
455
  }
341
- const requiredPermission = chunkXHDRHNLP_cjs.getEffectivePermission(route);
456
+ const requiredPermission = chunk7BDWHV3B_cjs.getEffectivePermission(route);
342
457
  if (!requiredPermission) {
343
458
  return null;
344
459
  }
@@ -356,6 +471,7 @@ var MastraServer = class _MastraServer extends server.MastraServerBase {
356
471
  this.registerAuthMiddleware();
357
472
  this.registerHttpLoggingMiddleware();
358
473
  await this.validateEELicense();
474
+ await this.validateFGAPolicyCoverage();
359
475
  await this.registerCustomApiRoutes();
360
476
  await this.registerRoutes();
361
477
  }
@@ -390,6 +506,38 @@ Ensure @mastra/core is updated to a version that includes EE support.`
390
506
  );
391
507
  }
392
508
  }
509
+ /**
510
+ * Validate route-level FGA policy coverage when an FGA provider opts into
511
+ * startup checks.
512
+ */
513
+ async validateFGAPolicyCoverage() {
514
+ const serverConfig = this.mastra.getServer();
515
+ const fgaProvider = serverConfig?.fga;
516
+ if (!fgaProvider) return;
517
+ const customRoutes = (this.customApiRoutes ?? serverConfig?.apiRoutes ?? []).filter(
518
+ (route) => !route._mastraInternal
519
+ );
520
+ const routes = [...chunk7BDWHV3B_cjs.SERVER_ROUTES, ...customRoutes];
521
+ if (fgaProvider.validatePermissions) {
522
+ const permissions = [...new Set(routes.flatMap((route) => getRoutePermissions(route)))];
523
+ await fgaProvider.validatePermissions(permissions);
524
+ }
525
+ const auditMode = fgaProvider.auditProtectedRoutes ?? (fgaProvider.requireForProtectedRoutes ? "warn" : false);
526
+ if (!auditMode || fgaProvider.resolveRouteFGA) return;
527
+ const missingRoutes = routes.filter(
528
+ (route) => isProtectedFGARoute(route) && !route.fga && !getBuiltInRouteFGAConfig(route)
529
+ );
530
+ if (missingRoutes.length === 0) return;
531
+ const routeList = missingRoutes.map((route) => formatRoute(route));
532
+ const message = `[mastra/auth-ee] FGA is configured but ${missingRoutes.length} protected route${missingRoutes.length === 1 ? " is" : "s are"} missing FGA metadata: ${routeList.join(", ")}`;
533
+ if (auditMode === "error") {
534
+ throw new Error(message);
535
+ }
536
+ this.mastra.getLogger()?.warn(message, {
537
+ routes: routeList,
538
+ count: missingRoutes.length
539
+ });
540
+ }
393
541
  /**
394
542
  * Override in adapters to register custom API routes defined via registerApiRoute().
395
543
  * Called by init() between registerAuthMiddleware() and registerRoutes().
@@ -524,13 +672,13 @@ Ensure @mastra/core is updated to a version that includes EE support.`
524
672
  * Builds the OpenAPI spec object with servers field and custom route paths.
525
673
  */
526
674
  buildOpenAPISpec(config, prefix) {
527
- const openApiSpec = chunkQO4NGLIB_cjs.generateOpenAPIDocument(chunkXHDRHNLP_cjs.SERVER_ROUTES, config);
675
+ const openApiSpec = chunkAZORAK4H_cjs.generateOpenAPIDocument(chunk7BDWHV3B_cjs.SERVER_ROUTES, config);
528
676
  if (prefix) {
529
677
  openApiSpec.servers = [{ url: prefix }];
530
678
  }
531
679
  const allCustomRoutes = this.customApiRoutes ?? this.mastra.getServer()?.apiRoutes;
532
680
  if (allCustomRoutes && allCustomRoutes.length > 0) {
533
- const customPaths = chunkQO4NGLIB_cjs.convertCustomRoutesToOpenAPIPaths(allCustomRoutes);
681
+ const customPaths = chunkAZORAK4H_cjs.convertCustomRoutesToOpenAPIPaths(allCustomRoutes);
534
682
  if (prefix) {
535
683
  for (const pathKey of Object.keys(customPaths)) {
536
684
  if (!customPaths[pathKey].servers) {
@@ -559,7 +707,7 @@ Ensure @mastra/core is updated to a version that includes EE support.`
559
707
  await this.registerRoute(app, openApiRoute, { prefix });
560
708
  }
561
709
  async registerRoutes() {
562
- for (const route of chunkXHDRHNLP_cjs.SERVER_ROUTES) {
710
+ for (const route of chunk7BDWHV3B_cjs.SERVER_ROUTES) {
563
711
  await this.registerRoute(this.app, route, { prefix: this.prefix });
564
712
  }
565
713
  if (this.openapiPath) {
@@ -619,10 +767,19 @@ Ensure @mastra/core is updated to a version that includes EE support.`
619
767
  }
620
768
  };
621
769
  async function checkRouteFGA(mastra, route, requestContext, params) {
622
- const fgaConfig = route.fga;
623
- if (!fgaConfig) return null;
624
- const fgaProvider = mastra?.getServer?.()?.fga;
770
+ const fgaProvider = getFGAProvider(mastra);
625
771
  if (!fgaProvider) return null;
772
+ const fgaConfig = await resolveRouteFGAConfig(fgaProvider, route, requestContext, params);
773
+ if (!fgaConfig) {
774
+ if (fgaProvider.requireForProtectedRoutes && isProtectedFGARoute(route)) {
775
+ return {
776
+ status: 403,
777
+ error: "Forbidden",
778
+ message: "FGA authorization denied: route FGA metadata is required"
779
+ };
780
+ }
781
+ return null;
782
+ }
626
783
  const user = requestContext?.get("user");
627
784
  if (!user) {
628
785
  return {
@@ -639,7 +796,7 @@ async function checkRouteFGA(mastra, route, requestContext, params) {
639
796
  message: "FGA authorization denied: route FGA metadata is incomplete"
640
797
  };
641
798
  }
642
- const permission = fgaConfig.permission || (route.path ? chunkXHDRHNLP_cjs.getEffectivePermission(route) : null) || `${getFGAResourcePermissionSlug(fgaConfig.resourceType)}:${deriveFGAAction(route.method)}`;
799
+ const permission = fgaConfig.permission || (route.path ? chunk7BDWHV3B_cjs.getEffectivePermission(route) : null) || `${getFGAResourcePermissionSlug(fgaConfig.resourceType)}:${deriveFGAAction(route.method)}`;
643
800
  const authorized = await fgaProvider.check(user, {
644
801
  resource: { type: fgaConfig.resourceType, id: resourceId },
645
802
  permission,
@@ -680,23 +837,23 @@ function getFGAResourcePermissionSlug(resourceType) {
680
837
 
681
838
  Object.defineProperty(exports, "SERVER_ROUTES", {
682
839
  enumerable: true,
683
- get: function () { return chunkXHDRHNLP_cjs.SERVER_ROUTES; }
840
+ get: function () { return chunk7BDWHV3B_cjs.SERVER_ROUTES; }
684
841
  });
685
842
  Object.defineProperty(exports, "deriveAction", {
686
843
  enumerable: true,
687
- get: function () { return chunkXHDRHNLP_cjs.deriveAction; }
844
+ get: function () { return chunk7BDWHV3B_cjs.deriveAction; }
688
845
  });
689
846
  Object.defineProperty(exports, "derivePermission", {
690
847
  enumerable: true,
691
- get: function () { return chunkXHDRHNLP_cjs.derivePermission; }
848
+ get: function () { return chunk7BDWHV3B_cjs.derivePermission; }
692
849
  });
693
850
  Object.defineProperty(exports, "extractResource", {
694
851
  enumerable: true,
695
- get: function () { return chunkXHDRHNLP_cjs.extractResource; }
852
+ get: function () { return chunk7BDWHV3B_cjs.extractResource; }
696
853
  });
697
854
  Object.defineProperty(exports, "getEffectivePermission", {
698
855
  enumerable: true,
699
- get: function () { return chunkXHDRHNLP_cjs.getEffectivePermission; }
856
+ get: function () { return chunk7BDWHV3B_cjs.getEffectivePermission; }
700
857
  });
701
858
  Object.defineProperty(exports, "WorkflowRegistry", {
702
859
  enumerable: true,
@@ -728,27 +885,27 @@ Object.defineProperty(exports, "isStudioClientTypeHeader", {
728
885
  });
729
886
  Object.defineProperty(exports, "createPublicRoute", {
730
887
  enumerable: true,
731
- get: function () { return chunkQO4NGLIB_cjs.createPublicRoute; }
888
+ get: function () { return chunkAZORAK4H_cjs.createPublicRoute; }
732
889
  });
733
890
  Object.defineProperty(exports, "createRoute", {
734
891
  enumerable: true,
735
- get: function () { return chunkQO4NGLIB_cjs.createRoute; }
892
+ get: function () { return chunkAZORAK4H_cjs.createRoute; }
736
893
  });
737
894
  Object.defineProperty(exports, "generateOpenAPIDocument", {
738
895
  enumerable: true,
739
- get: function () { return chunkQO4NGLIB_cjs.generateOpenAPIDocument; }
896
+ get: function () { return chunkAZORAK4H_cjs.generateOpenAPIDocument; }
740
897
  });
741
898
  Object.defineProperty(exports, "jsonQueryParam", {
742
899
  enumerable: true,
743
- get: function () { return chunkQO4NGLIB_cjs.jsonQueryParam; }
900
+ get: function () { return chunkAZORAK4H_cjs.jsonQueryParam; }
744
901
  });
745
902
  Object.defineProperty(exports, "pickParams", {
746
903
  enumerable: true,
747
- get: function () { return chunkQO4NGLIB_cjs.pickParams; }
904
+ get: function () { return chunkAZORAK4H_cjs.pickParams; }
748
905
  });
749
906
  Object.defineProperty(exports, "wrapSchemaForQueryParams", {
750
907
  enumerable: true,
751
- get: function () { return chunkQO4NGLIB_cjs.wrapSchemaForQueryParams; }
908
+ get: function () { return chunkAZORAK4H_cjs.wrapSchemaForQueryParams; }
752
909
  });
753
910
  exports.MastraServer = MastraServer;
754
911
  exports.checkRouteFGA = checkRouteFGA;
package/dist/server/server-adapter/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/server/server-adapter/redact.ts","../../../src/server/server-adapter/index.ts"],"names":["z","MastraServerBase","normalizeRoutePath","requestContext","RequestContext","isReservedRequestContextKey","isStudioClientTypeHeader","MASTRA_CLIENT_TYPE_HEADER","MASTRA_IS_STUDIO_KEY","coreAuthMiddleware","getEffectivePermission","Hono","generateOpenAPIDocument","SERVER_ROUTES","convertCustomRoutesToOpenAPIPaths","formatZodError"],"mappings":";;;;;;;;;;;;;;AAMA,SAAS,gBAAgB,OAAA,EAA2D;AAClF,EAAA,MAAM,eAAA,GAAkB,EAAE,GAAG,OAAA,EAAQ;AAGrC,EAAA,IAAI,eAAA,CAAgB,QAAA,IAAY,OAAO,eAAA,CAAgB,aAAa,QAAA,EAAU;AAC5E,IAAA,MAAM,EAAE,OAAA,EAAS,GAAG,YAAA,KAAiB,eAAA,CAAgB,QAAA;AACrD,IAAA,eAAA,CAAgB,QAAA,GAAW,YAAA;AAAA,EAC7B;AAGA,EAAA,IAAI,eAAA,CAAgB,MAAA,IAAU,OAAO,eAAA,CAAgB,WAAW,QAAA,EAAU;AACxE,IAAA,MAAM,MAAA,GAAS,EAAE,GAAI,eAAA,CAAgB,MAAA,EAAmC;AACxE,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAA,EAAG;AAC/B,MAAA,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,KAAkC;AACjE,QAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,EAAU;AACpC,UAAA,MAAM,EAAE,OAAA,EAAS,GAAG,QAAA,EAAS,GAAI,IAAA;AACjC,UAAA,OAAO,QAAA;AAAA,QACT;AACA,QAAA,OAAO,IAAA;AAAA,MACT,CAAC,CAAA;AAAA,IACH;AACA,IAAA,eAAA,CAAgB,MAAA,GAAS,MAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,eAAA;AACT;AAyBO,SAAS,kBAAsC,KAAA,EAA6C;AACjG,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,KAAA;AAEnB,EAAA,QAAQ,MAAM,IAAA;AAAM,IAClB,KAAK,YAAA,EAAc;AAEjB,MAAA,IAAI,aAAa,UAAA,IAAc,UAAA,CAAW,WAAW,OAAO,UAAA,CAAW,YAAY,QAAA,EAAU;AAE3F,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,WAAA,EAAY,GAAI,OAAA;AACpC,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM,YAAA;AAAA,UACN,OAAA,EAAS;AAAA,YACP,GAAG,WAAA;AAAA;AAAA,YAEH,SAAS;AAAC;AACZ,SACF;AAAA,MACF,CAAA,MAAA,IAAW,aAAa,UAAA,EAAY;AAElC,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM,YAAA;AAAA;AAAA,UAEN,SAAS;AAAC,SACZ;AAAA,MACF;AACA,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,IAEA,KAAK,aAAA,EAAe;AAElB,MAAA,IAAI,aAAa,UAAA,IAAc,UAAA,CAAW,WAAW,OAAO,UAAA,CAAW,YAAY,QAAA,EAAU;AAE3F,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM,aAAA;AAAA,UACN,OAAA,EAAS,gBAAgB,OAAkC;AAAA,SAC7D;AAAA,MACF,CAAA,MAAA,IAAW,aAAa,UAAA,EAAY;AAElC,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM;AAAA,SACR;AAAA,MACF;AACA,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,IAEA,KAAK,QAAA,EAAU;AAEb,MAAA,IAAI,aAAa,UAAA,IAAc,UAAA,CAAW,WAAW,OAAO,UAAA,CAAW,YAAY,QAAA,EAAU;AAE3F,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM,QAAA;AAAA,UACN,OAAA,EAAS,gBAAgB,OAAkC;AAAA,SAC7D;AAAA,MACF,CAAA,MAAA,IAAW,aAAa,UAAA,EAAY;AAElC,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM;AAAA,SACR;AAAA,MACF;AACA,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,IAEA;AAEE,MAAA,OAAO,KAAA;AAAA;AAEb;;;ACtCA,SAAS,kBAAkB,MAAA,EAA0C;AACnE,EAAA,MAAM,SAAA,GAAa,MAAA,EAAgB,IAAA,IAAS,MAAA,EAAgB,GAAA;AAC5D,EAAA,OAAO,SAAA,EAAW,YAAY,SAAA,EAAW,IAAA;AAC3C;AAEA,SAAS,uBAAuB,MAAA,EAAoC;AAClE,EAAA,IAAI,KAAA,GAAQ,MAAA;AACZ,EAAA,IAAI,QAAA,GAAW,kBAAkB,KAAK,CAAA;AAEtC,EAAA,OACE,aAAa,aAAA,IACb,QAAA,KAAa,iBACb,QAAA,KAAa,UAAA,IACb,aAAa,UAAA,EACb;AACA,IAAA,MAAM,QAAA,GAAY,KAAA,EAAe,IAAA,IAAS,KAAA,EAAe,GAAA;AACzD,IAAA,IAAI,CAAC,UAAU,SAAA,EAAW;AACxB,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,KAAA,GAAQ,QAAA,CAAS,SAAA;AACjB,IAAA,QAAA,GAAW,kBAAkB,KAAK,CAAA;AAAA,EACpC;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,uBAAA,CACP,kBACA,MAAA,EAC2C;AAC3C,EAAA,IAAI,EAAE,gBAAA,YAA4BA,IAAA,CAAE,SAAA,CAAA,EAAY;AAC9C,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,YAAA,GAA0D,EAAE,GAAG,MAAA,EAAO;AAC5E,EAAA,MAAM,QAAQ,gBAAA,CAAiB,KAAA;AAE/B,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,WAAW,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AACtD,IAAA,MAAM,QAAA,GAAW,aAAa,GAAG,CAAA;AACjC,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,GAAiB,uBAAuB,WAAW,CAAA;AACzD,IAAA,MAAM,QAAA,GAAW,kBAAkB,cAAc,CAAA;AACjD,IAAA,MAAM,SAAA,GACJ,QAAA,KAAa,WAAA,IACb,QAAA,KAAa,UAAA,IACb,QAAA,KAAa,WAAA,IACb,QAAA,KAAa,QAAA,IACb,QAAA,KAAa,OAAA,IACb,QAAA,KAAa,QAAA;AAEf,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,YAAA,CAAa,GAAG,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,QAAQ,CAAA;AAAA,IACzC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO,YAAA;AACT;AAYO,SAAS,qBAAqB,QAAA,EAAoE;AACvG,EAAA,MAAM,cAA+C,EAAC;AAEtD,EAAA,MAAM,gBAAwD,EAAC;AAE/D,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACnD,IAAA,MAAM,YAAA,GAAe,GAAA,CAAI,KAAA,CAAM,uBAAuB,CAAA;AACtD,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,MAAM,MAAA,GAAS,aAAa,CAAC,CAAA;AAC7B,MAAA,MAAM,KAAA,GAAQ,aAAa,CAAC,CAAA;AAC5B,MAAA,MAAM,WAAW,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,GAChC,KAAA,CAAM,OAAO,CAAC,CAAA,KAAmB,OAAO,CAAA,KAAM,QAAQ,CAAA,CAAE,CAAC,IACzD,OAAO,KAAA,KAAU,WACf,KAAA,GACA,MAAA;AACN,MAAA,IAAI,aAAa,MAAA,EAAW;AAC1B,QAAA,IAAI,CAAC,aAAA,CAAc,MAAM,CAAA,EAAG;AAC1B,UAAA,aAAA,CAAc,MAAM,IAAI,EAAC;AAAA,QAC3B;AACA,QAAA,aAAA,CAAc,MAAM,CAAA,CAAG,KAAK,CAAA,GAAI,QAAA;AAAA,MAClC;AAAA,IACF,CAAA,MAAA,IAAW,OAAO,KAAA,KAAU,QAAA,EAAU;AACpC,MAAA,WAAA,CAAY,GAAG,CAAA,GAAI,KAAA;AAAA,IACrB,CAAA,MAAA,IAAW,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAE/B,MAAA,MAAM,eAAe,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA,KAAmB,OAAO,MAAM,QAAQ,CAAA;AAE3E,MAAA,WAAA,CAAY,GAAG,CAAA,GAAI,YAAA,CAAa,WAAW,CAAA,GAAI,YAAA,CAAa,CAAC,CAAA,GAAK,YAAA;AAAA,IACpE;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,CAAC,MAAA,EAAQ,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,aAAa,CAAA,EAAG;AAC9D,IAAA,IAAI,EAAE,UAAU,WAAA,CAAA,EAAc;AAC5B,MAAA,WAAA,CAAY,MAAM,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAAA,IAC/C;AAAA,EACF;AAEA,EAAA,OAAO,WAAA;AACT;AAgBO,IAAe,YAAA,GAAf,MAAe,aAAA,SAAgDC,uBAAA,CAAuB;AAAA,EACjF,MAAA;AAAA,EACA,gBAAA;AAAA,EACA,KAAA;AAAA,EACA,MAAA;AAAA,EACA,WAAA;AAAA,EACA,SAAA;AAAA,EACA,qBAAA;AAAA,EACA,aAAA;AAAA,EACA,iBAAA;AAAA,EACA,eAAA;AAAA,EACA,UAAA;AAAA,EACF,kBAAA,GAEG,IAAA;AAAA,EAEX,WAAA,CAAY;AAAA,IACV,GAAA;AAAA,IACA,MAAA;AAAA,IACA,gBAAA;AAAA,IACA,KAAA;AAAA,IACA,MAAA,GAAS,MAAA;AAAA,IACT,WAAA,GAAc,EAAA;AAAA,IACd,SAAA;AAAA,IACA,qBAAA;AAAA,IACA,aAAA;AAAA,IACA,eAAA;AAAA,IACA;AAAA,GACF,EAgBG;AACD,IAAA,KAAA,CAAM,EAAE,GAAA,EAAK,IAAA,EAAM,cAAA,EAAgB,CAAA;AACnC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,gBAAA,GAAmB,gBAAA;AACxB,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AACb,IAAA,IAAA,CAAK,MAAA,GAASC,qCAAmB,MAAM,CAAA;AACvC,IAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AACnB,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AACjB,IAAA,IAAA,CAAK,qBAAA,GAAwB,qBAAA;AAC7B,IAAA,IAAA,CAAK,aAAA,GAAgB,EAAE,MAAA,EAAQ,IAAA,EAAM,GAAG,aAAA,EAAc;AACtD,IAAA,IAAA,CAAK,eAAA,GAAkB,eAAA;AACvB,IAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAGlB,IAAA,MAAM,YAAA,GAAe,OAAO,SAAA,EAAU;AACtC,IAAA,IAAA,CAAK,iBAAA,GAAoB,IAAA,CAAK,kBAAA,CAAmB,YAAA,EAAc,OAAO,UAAU,CAAA;AAGhF,IAAA,MAAA,CAAO,gBAAgB,IAAI,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,mBAAmB,MAAA,EAAqE;AAC9F,IAAA,IAAI,WAAW,IAAA,EAAM;AAEnB,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,KAAA,EAAO,MAAA;AAAA,QACP,aAAA,EAAe,CAAC,eAAA,EAAiB,QAAQ;AAAA,OAC3C;AAAA,IACF;AACA,IAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,CAAO,OAAA,EAAS;AAEhD,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,KAAA,EAAO,OAAO,KAAA,IAAS,MAAA;AAAA,QACvB,cAAc,MAAA,CAAO,YAAA;AAAA,QACrB,gBAAgB,MAAA,CAAO,cAAA;AAAA,QACvB,oBAAoB,MAAA,CAAO,kBAAA;AAAA,QAC3B,eAAe,CAAC,mBAAG,IAAI,GAAA,CAAI,CAAC,GAAG,CAAC,eAAA,EAAiB,QAAQ,GAAG,GAAI,MAAA,CAAO,iBAAiB,EAAG,CAAC,CAAC;AAAA,OAC/F;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOU,iBAAiB,IAAA,EAAuB;AAChD,IAAA,IAAI,CAAC,IAAA,CAAK,iBAAA,EAAmB,OAAA,EAAS;AACpC,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,iBAAA,CAAkB,YAAA,IAAgB,EAAC;AAC7D,IAAA,OAAO,CAAC,YAAA,CAAa,IAAA,CAAK,CAAC,QAAA,KAAqB,IAAA,KAAS,QAAA,IAAY,IAAA,CAAK,UAAA,CAAW,QAAA,GAAW,GAAG,CAAC,CAAA;AAAA,EACtG;AAAA,EAEU,mBAAA,CAAoB;AAAA,IAC5B,oBAAA;AAAA,IACA;AAAA,GACF,EAGmB;AACjB,IAAA,MAAMC,gBAAA,GAAiB,IAAIC,6BAAA,EAAe;AAC1C,IAAA,IAAI,kBAAA,EAAoB;AACtB,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,kBAAkB,CAAA,EAAG;AAC7D,QAAA,IAAIC,6CAAA,CAA4B,GAAG,CAAA,EAAG;AACtC,QAAAF,gBAAA,CAAe,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AACA,IAAA,IAAI,oBAAA,EAAsB;AACxB,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,oBAAoB,CAAA,EAAG;AAC/D,QAAA,IAAIE,6CAAA,CAA4B,GAAG,CAAA,EAAG;AACtC,QAAAF,gBAAA,CAAe,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AACA,IAAA,OAAOA,gBAAA;AAAA,EACT;AAAA,EAEU,6BAAA,CAA8B;AAAA,IACtC,cAAA;AAAA,IACA;AAAA,GACF,EAGS;AACP,IAAA,IAAIG,0CAAA,CAAyB,SAAA,CAAUC,2CAAyB,CAAC,CAAA,EAAG;AAClE,MAAA,cAAA,CAAe,GAAA,CAAIC,wCAAsB,IAAI,CAAA;AAAA,IAC/C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAgB,cAAA,CACd,KAAA,EACA,OAAA,EAWqF;AACrF,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AAG5C,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAO,IAAA;AAAA,IACT;AAIA,IAAA,IAAI,KAAA,CAAM,iBAAiB,KAAA,EAAO;AAChC,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,SAAA,CAAU,eAAe,CAAA;AACpD,IAAA,IAAI,QAAuB,UAAA,GAAa,UAAA,CAAW,OAAA,CAAQ,SAAA,EAAW,EAAE,CAAA,GAAI,IAAA;AAC5E,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,KAAA,GAAQ,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA,IAAK,IAAA;AAAA,IACxC;AAGA,IAAA,MAAM,MAAA,GAAS,MAAMC,oCAAA,CAAmB;AAAA,MACtC,MAAM,OAAA,CAAQ,IAAA;AAAA,MACd,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,WAAW,OAAA,CAAQ,SAAA;AAAA,MACnB,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,UAAA;AAAA,MACA,uBAAuB,IAAA,CAAK,qBAAA;AAAA,MAC5B,gBAAgB,OAAA,CAAQ,cAAA;AAAA,MACxB,YAAY,OAAA,CAAQ,OAAA;AAAA,MACpB,KAAA;AAAA,MACA,qBAAA,EAAuB,OAAA,CAAQ,qBAAA,KAA0B,MAAM,IAAA;AAAA,KAChE,CAAA;AAED,IAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAQ;AAE5B,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,EAAE,MAAA,EAAQ,GAAA,EAAK,OAAO,EAAA,EAAI,OAAA,EAAS,OAAO,OAAA,EAAQ;AAAA,MAC3D;AACA,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,MAAM,YAAY,MAAA,CAAO,IAAA;AACzB,IAAA,OAAO,EAAE,MAAA,EAAQ,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO,WAAW,KAAA,IAAS,eAAA,EAAiB,OAAA,EAAS,MAAA,CAAO,OAAA,EAAQ;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcU,oBAAA,CACR,KAAA,EACA,eAAA,EACA,eAAA,EAC2D;AAG3D,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AAC9C,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,MAAM,kBAAA,GAAqBC,yCAAuB,KAAK,CAAA;AAGvD,IAAA,IAAI,CAAC,kBAAA,EAAoB;AACvB,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,IAAI,CAAC,eAAA,IAAmB,CAAC,eAAA,CAAgB,eAAA,EAAiB,kBAAkB,CAAA,EAAG;AAC7E,MAAA,OAAO;AAAA,QACL,MAAA,EAAQ,GAAA;AAAA,QACR,KAAA,EAAO,WAAA;AAAA,QACP,OAAA,EAAS,gCAAgC,kBAAkB,CAAA;AAAA,OAC7D;AAAA,IACF;AAEA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAUA,MAAM,IAAA,GAAO;AACX,IAAA,IAAA,CAAK,yBAAA,EAA0B;AAC/B,IAAA,IAAA,CAAK,sBAAA,EAAuB;AAC5B,IAAA,IAAA,CAAK,6BAAA,EAA8B;AACnC,IAAA,MAAM,KAAK,iBAAA,EAAkB;AAC7B,IAAA,MAAM,KAAK,uBAAA,EAAwB;AACnC,IAAA,MAAM,KAAK,cAAA,EAAe;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iBAAA,GAAmC;AACvC,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU;AAC3C,IAAA,MAAM,kBAAA,GAAqB,CAAC,YAAA,EAAc,IAAA,GAAO,MAAA,GAAS,MAAM,YAAA,EAAc,GAAA,GAAM,KAAA,GAAQ,IAAI,CAAA,CAAE,MAAA;AAAA,MAChG,CAAC,YAA+B,OAAA,KAAY;AAAA,KAC9C;AAEA,IAAA,IAAI,kBAAA,CAAmB,WAAW,CAAA,EAAG;AAErC,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,WAAA,EAAY,GAAI,MAAM,OAAO,sBAAsB,CAAA;AAC3D,MAAA,IAAI,CAAC,aAAY,EAAG;AAClB,QAAA,MAAM,WAAA,GAAc,kBAAA,CAAmB,IAAA,CAAK,OAAO,CAAA;AACnD,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,oBAAoB,WAAW,CAAA,CAAA,EAAI,mBAAmB,MAAA,KAAW,CAAA,GAAI,OAAO,KAAK,CAAA;AAAA,EAC5E,WAAW,CAAA,CAAA,EAAI,kBAAA,CAAmB,MAAA,KAAW,CAAA,GAAI,aAAa,SAAS,CAAA;AAAA;AAAA,oEAAA;AAAA,SAG9E;AAAA,MACF;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,eAAe,KAAA,IAAS,GAAA,CAAI,OAAA,CAAQ,UAAA,CAAW,kBAAkB,CAAA,EAAG;AACtE,QAAA,MAAM,GAAA;AAAA,MACR;AAEA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,iBAAA,EAAoB,kBAAA,CAAmB,IAAA,CAAK,OAAO,CAAC,IAAI,kBAAA,CAAmB,MAAA,KAAW,CAAA,GAAI,IAAA,GAAO,KAAK,CAAA;AAAA,qEAAA;AAAA,OAExG;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,uBAAA,GAAyC;AAAA,EAG/C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMU,yBAAyB,MAAA,EAA0B;AAC3D,IAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,EAAA;AAC9B,IAAA,IAAI,CAAC,MAAA,EAAQ;AACb,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,MAAM,eAAA,EAAiB;AAC3B,MAAA,IAAI,KAAA,CAAM,KAAK,UAAA,CAAW,CAAA,EAAG,MAAM,CAAA,CAAA,CAAG,CAAA,IAAK,KAAA,CAAM,IAAA,KAAS,MAAA,EAAQ;AAChE,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,kBAAA,EAAqB,KAAA,CAAM,IAAI,CAAA,uBAAA,EAA0B,MAAM,CAAA,0FAAA,EAE3B,KAAA,CAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,EAAQ,SAAS,CAAC,CAAA,GAAA;AAAA,SAC3E;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAgB,uBAAA,GAA4C;AAC1D,IAAA,MAAM,SAAS,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,MAAA,CAAO,WAAU,EAAG,SAAA;AAChE,IAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,MAAA,KAAW,GAAG,OAAO,KAAA;AAE3C,IAAA,MAAM,gBAAA,GAAmB,iCAAA;AACzB,IAAA,MAAM,SAAS,IAAA,CAAK,MAAA;AAEpB,IAAA,MAAM,GAAA,GAAM,IAAIC,SAAA,EAGb;AAGH,IAAA,GAAA,CAAI,GAAA,CAAI,GAAA,EAAK,OAAO,CAAA,EAAG,IAAA,KAAS;AAC9B,MAAA,CAAA,CAAE,GAAA,CAAI,UAAU,MAAM,CAAA;AACtB,MAAA,CAAA,CAAE,IAAI,gBAAA,EAAkB,CAAA,CAAE,KAAK,cAAA,IAAkB,IAAIP,+BAAgB,CAAA;AACrE,MAAA,MAAM,IAAA,EAAK;AAAA,IACb,CAAC,CAAA;AAID,IAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,OAAA;AAC/C,IAAA,GAAA,CAAI,OAAA,CAAQ,CAAC,GAAA,EAAK,CAAA,KAAM;AACtB,MAAA,IAAI,aAAA,EAAe;AACjB,QAAA,OAAO,aAAA,CAAc,KAAK,CAAC,CAAA;AAAA,MAC7B;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD,CAAC,CAAA;AAED,IAAA,IAAA,CAAK,yBAAyB,MAAM,CAAA;AAGpC,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,MAAM,OAAA,GACJ,SAAA,IAAa,KAAA,IAAS,KAAA,CAAM,UACxB,KAAA,CAAM,OAAA,GACN,eAAA,IAAmB,KAAA,GACjB,MAAM,KAAA,CAAM,aAAA,CAAc,EAAE,MAAA,EAAQ,CAAA,GACpC,MAAA;AACR,MAAA,IAAI,CAAC,OAAA,EAAS;AAEd,MAAA,MAAM,cAAqB,EAAC;AAC5B,MAAA,IAAI,MAAM,UAAA,EAAY;AACpB,QAAA,WAAA,CAAY,IAAA,CAAK,GAAI,KAAA,CAAM,OAAA,CAAQ,KAAA,CAAM,UAAU,CAAA,GAAI,KAAA,CAAM,UAAA,GAAa,CAAC,KAAA,CAAM,UAAU,CAAE,CAAA;AAAA,MAC/F;AAEA,MAAA,MAAM,WAAA,GAAc,CAAC,GAAG,WAAA,EAAa,OAAO,CAAA;AAC5C,MAAA,IAAI,KAAA,CAAM,WAAW,KAAA,EAAO;AAC1B,QAAA,GAAA,CAAI,GAAA,CAAI,KAAA,CAAM,IAAA,EAAM,WAAA,CAAY,CAAC,GAAI,GAAG,WAAA,CAAY,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,MAC9D,CAAA,MAAO;AACL,QAAA,GAAA,CAAI,EAAA,CAAG,KAAA,CAAM,MAAA,EAAQ,KAAA,CAAM,IAAA,EAAM,WAAA,CAAY,CAAC,CAAA,EAAI,GAAG,WAAA,CAAY,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,MAC3E;AAAA,IACF;AAGA,IAAA,GAAA,CAAI,SAAS,MAAM,IAAI,QAAA,CAAS,IAAA,EAAM,EAAE,MAAA,EAAQ,GAAA,EAAK,OAAA,EAAS,EAAE,CAAC,gBAAgB,GAAG,MAAA,EAAO,EAAG,CAAC,CAAA;AAE/F,IAAA,IAAA,CAAK,qBAAqB,OAAO,OAAA,EAAS,QAAQ,GAAA,CAAI,KAAA,CAAM,SAAS,GAAG,CAAA;AACxE,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAgB,wBAAA,CACd,GAAA,EACA,MAAA,EACA,OAAA,EACA,MACA,cAAA,EAC0B;AAC1B,IAAA,IAAI,CAAC,IAAA,CAAK,kBAAA,EAAoB,OAAO,IAAA;AAErC,IAAA,MAAM,YAAA,GAAe,IAAI,OAAA,EAAQ;AACjC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,YAAA,CAAa,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,WAAA,IACjD,KAAA,CAAM,QAAQ,KAAK,CAAA;AAC1B,QAAA,KAAA,CAAM,QAAQ,CAAA,CAAA,KAAK;AACjB,UAAA,YAAA,CAAa,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,QAC5B,CAAC,CAAA;AAAA,IACL;AAEA,IAAA,MAAM,IAAA,GAAoB,EAAE,MAAA,EAAQ,OAAA,EAAS,YAAA,EAAa;AAC1D,IAAA,IAAI,CAAC,QAAQ,KAAA,EAAO,OAAO,EAAE,QAAA,CAAS,MAAM,CAAA,IAAK,IAAA,KAAS,MAAA,EAAW;AACnE,MAAA,IAAI,IAAA,YAAgB,WAAA,IAAe,IAAA,YAAgB,UAAA,IAAc,gBAAgB,cAAA,EAAgB;AAC/F,QAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,QAAA,IAAI,gBAAgB,cAAA,EAAgB;AAClC,UAAC,KAAa,MAAA,GAAS,MAAA;AAAA,QACzB;AAAA,MACF,CAAA,MAAO;AACL,QAAA,MAAM,WAAA,GAAA,CAAe,OAAO,OAAA,CAAQ,cAAc,MAAM,QAAA,GAAW,OAAA,CAAQ,cAAc,CAAA,GAAI,EAAA,KAAO,EAAA;AACpG,QAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,UAAA,IAAA,CAAK,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,QACjC,CAAA,MAAA,IAAW,OAAO,IAAA,KAAS,QAAA,EAAU;AACnC,UAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,IAAI,UAAA,CAAW,OAAA,CAAQ,KAAK,IAAI,CAAA;AAChD,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,mBAAmB,OAAA,EAAS,EAAE,gBAAgB,CAAA;AAE1E,IAAA,IAAI,SAAS,OAAA,CAAQ,GAAA,CAAI,iCAAiC,CAAA,KAAM,QAAQ,OAAO,IAAA;AAC/E,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAgB,wBAAA,CACd,QAAA,EACA,OAAA,EAKe;AACf,IAAA,MAAM,UAA6C,EAAC;AACpD,IAAA,QAAA,CAAS,OAAA,CAAQ,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AACvC,MAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,YAAA,EAAc;AACtC,QAAA,OAAA,CAAQ,GAAG,CAAA,GAAI,KAAA;AAAA,MACjB;AAAA,IACF,CAAC,CAAA;AACD,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,OAAA,CAAQ,YAAA,IAAe;AACnD,IAAA,IAAI,UAAA,IAAc,UAAA,CAAW,MAAA,GAAS,CAAA,EAAG;AACvC,MAAA,OAAA,CAAQ,YAAY,CAAA,GAAI,UAAA;AAAA,IAC1B;AACA,IAAA,OAAA,CAAQ,SAAA,CAAU,QAAA,CAAS,MAAA,EAAQ,OAAO,CAAA;AAE1C,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAM,MAAA,GAAS,QAAA,CAAS,IAAA,CAAK,SAAA,EAAU;AACvC,MAAA,IAAI;AACF,QAAA,OAAO,IAAA,EAAM;AACX,UAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,OAAO,IAAA,EAAK;AAC1C,UAAA,IAAI,IAAA,EAAM;AACV,UAAA,OAAA,CAAQ,MAAM,KAAK,CAAA;AAAA,QACrB;AAAA,MACF,CAAA,SAAE;AACA,QAAA,OAAA,CAAQ,GAAA,EAAI;AAAA,MACd;AAAA,IACF,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,QAAA,CAAS,IAAA,EAAM,CAAA;AAAA,IACnC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAA,CAAiB,QAAiE,MAAA,EAAsB;AAC9G,IAAA,MAAM,WAAA,GAAcQ,yCAAA,CAAwBC,+BAAA,EAAe,MAAM,CAAA;AAEjE,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,WAAA,CAAY,OAAA,GAAU,CAAC,EAAE,GAAA,EAAK,QAAQ,CAAA;AAAA,IACxC;AAGA,IAAA,MAAM,kBAAkB,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,MAAA,CAAO,WAAU,EAAG,SAAA;AACzE,IAAA,IAAI,eAAA,IAAmB,eAAA,CAAgB,MAAA,GAAS,CAAA,EAAG;AACjD,MAAA,MAAM,WAAA,GAAcC,oDAAkC,eAAe,CAAA;AACrE,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,KAAA,MAAW,OAAA,IAAW,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,EAAG;AAC9C,UAAA,IAAI,CAAC,WAAA,CAAY,OAAO,CAAA,CAAE,OAAA,EAAS;AACjC,YAAA,WAAA,CAAY,OAAO,CAAA,CAAE,OAAA,GAAU,CAAC,EAAE,GAAA,EAAK,KAAK,CAAA;AAAA,UAC9C;AAAA,QACF;AAAA,MACF;AACA,MAAA,WAAA,CAAY,QAAQ,EAAE,GAAG,WAAA,CAAY,KAAA,EAAO,GAAG,WAAA,EAAY;AAAA,IAC7D;AAEA,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEA,MAAM,qBAAqB,GAAA,EAAW,MAAA,GAAwB,EAAC,EAAG,EAAE,QAAO,EAAuC;AAChH,IAAA,MAAM;AAAA,MACJ,KAAA,GAAQ,YAAA;AAAA,MACR,OAAA,GAAU,OAAA;AAAA,MACV,WAAA,GAAc,mBAAA;AAAA,MACd,IAAA,GAAO;AAAA,KACT,GAAI,MAAA;AAEJ,IAAA,MAAM,WAAA,GAAc,KAAK,gBAAA,CAAiB,EAAE,OAAO,OAAA,EAAS,WAAA,IAAe,MAAM,CAAA;AAEjF,IAAA,MAAM,YAAA,GAA4B;AAAA,MAChC,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA;AAAA,MACA,YAAA,EAAc,MAAA;AAAA,MACd,SAAS,YAAY;AAAA,KACvB;AAEA,IAAA,MAAM,KAAK,aAAA,CAAc,GAAA,EAAK,YAAA,EAAc,EAAE,QAAQ,CAAA;AAAA,EACxD;AAAA,EAEA,MAAM,cAAA,GAAgC;AAIpC,IAAA,KAAA,MAAW,SAASD,+BAAA,EAAe;AACjC,MAAA,MAAM,IAAA,CAAK,cAAc,IAAA,CAAK,GAAA,EAAK,OAAO,EAAE,MAAA,EAAQ,IAAA,CAAK,MAAA,EAAQ,CAAA;AAAA,IACnE;AAEA,IAAA,IAAI,KAAK,WAAA,EAAa;AACpB,MAAA,MAAM,UAAA,GAAa;AAAA,QACjB,KAAA,EAAO,YAAA;AAAA,QACP,OAAA,EAAS,OAAA;AAAA,QACT,WAAA,EAAa;AAAA,OACf;AAEA,MAAA,MAAM,IAAA,CAAK,oBAAA,CAAqB,IAAA,CAAK,GAAA,EAAK,EAAE,GAAG,UAAA,EAAY,IAAA,EAAM,IAAA,CAAK,aAAY,EAAG,EAAE,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA;AAAA,IAC9G;AAAA,EACF;AAAA,EAEA,MAAM,eAAA,CAAgB,KAAA,EAAoB,MAAA,EAA8D;AACtG,IAAA,MAAM,kBAAkB,KAAA,CAAM,eAAA;AAC9B,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,OAAO,eAAA,CAAgB,WAAW,MAAM,CAAA;AAAA,EAC1C;AAAA,EAEA,MAAM,gBAAA,CAAiB,KAAA,EAAoB,MAAA,EAAuE;AAChH,IAAA,MAAM,mBAAmB,KAAA,CAAM,gBAAA;AAC/B,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,gBAAA,GAAmB,uBAAA,CAAwB,gBAAA,EAAkC,MAAM,CAAA;AACzF,IAAA,OAAO,gBAAA,CAAiB,WAAW,gBAAgB,CAAA;AAAA,EACrD;AAAA,EAEA,MAAM,SAAA,CAAU,KAAA,EAAoB,IAAA,EAAiC;AACnE,IAAA,MAAM,aAAa,KAAA,CAAM,UAAA;AACzB,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO,UAAA,CAAW,WAAW,IAAI,CAAA;AAAA,EACnC;AAAA,EAEA,OAAwB,cAAA,GAAyD;AAAA,IAC/E,KAAA,EAAO,kBAAA;AAAA,IACP,IAAA,EAAM,cAAA;AAAA,IACN,IAAA,EAAM;AAAA,GACR;AAAA,EAEU,sBAAA,CACR,KAAA,EACA,KAAA,EACA,OAAA,EACyB;AACzB,IAAA,MAAM,OAAO,KAAA,CAAM,iBAAA,IAAqB,IAAA,CAAK,MAAA,CAAO,WAAU,EAAG,iBAAA;AAEjE,IAAA,IAAI,IAAA,EAAM;AACR,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,EAAO,OAAO,CAAA;AAClC,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,OAAO,MAAA;AAAA,QACT;AAAA,MACF,SAAS,SAAA,EAAW;AAClB,QAAA,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,wCAAA,EAA0C;AAAA,UACvE,KAAA,EAAO,SAAA,YAAqB,KAAA,GAAQ,EAAE,OAAA,EAAS,UAAU,OAAA,EAAS,KAAA,EAAO,SAAA,CAAU,KAAA,EAAM,GAAI;AAAA,SAC9F,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,GAAA;AAAA,MACR,MAAME,gCAAA,CAAe,KAAA,EAAO,aAAA,CAAa,cAAA,CAAe,OAAO,CAAC;AAAA,KAClE;AAAA,EACF;AACF;AAMA,eAAsB,aAAA,CACpB,MAAA,EACA,KAAA,EACA,cAAA,EACA,MAAA,EACoE;AACpE,EAAA,MAAM,YAAY,KAAA,CAAM,GAAA;AACxB,EAAA,IAAI,CAAC,WAAW,OAAO,IAAA;AAEvB,EAAA,MAAM,WAAA,GAAc,MAAA,EAAQ,SAAA,IAAY,EAAG,GAAA;AAC3C,EAAA,IAAI,CAAC,aAAa,OAAO,IAAA;AAEzB,EAAA,MAAM,IAAA,GAAO,cAAA,EAAgB,GAAA,CAAI,MAAM,CAAA;AACvC,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,GAAA;AAAA,MACR,KAAA,EAAO,WAAA;AAAA,MACP,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAEA,EAAA,MAAM,aACJ,OAAO,SAAA,CAAU,eAAe,UAAA,GAC5B,SAAA,CAAU,WAAW,MAAA,EAAQ,EAAE,gBAAgB,CAAA,GAC/C,UAAU,UAAA,KAAe,SAAA,CAAU,kBAAmB,MAAA,CAAO,SAAA,CAAU,eAAe,CAAA,GAAe,MAAA,CAAA;AAC3G,EAAA,IAAI,CAAC,SAAA,CAAU,YAAA,IAAgB,CAAC,UAAA,EAAY;AAC1C,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,GAAA;AAAA,MACR,KAAA,EAAO,WAAA;AAAA,MACP,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AACA,EAAA,MAAM,aACJ,SAAA,CAAU,UAAA,KACT,MAAM,IAAA,GAAOL,wCAAA,CAAuB,KAAK,CAAA,GAAI,IAAA,CAAA,IAC9C,CAAA,EAAG,4BAAA,CAA6B,UAAU,YAAY,CAAC,IAAI,eAAA,CAAgB,KAAA,CAAM,MAAM,CAAC,CAAA,CAAA;AAE1F,EAAA,MAAM,UAAA,GAAa,MAAM,WAAA,CAAY,KAAA,CAAM,IAAA,EAAM;AAAA,IAC/C,UAAU,EAAE,IAAA,EAAM,SAAA,CAAU,YAAA,EAAc,IAAI,UAAA,EAAW;AAAA,IACzD,UAAA;AAAA,IACA,OAAA,EAAS,EAAE,UAAA,EAAY,cAAA;AAAe,GACvC,CAAA;AAED,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,GAAA;AAAA,MACR,KAAA,EAAO,WAAA;AAAA,MACP,SAAS,CAAA,iCAAA,EAAoC,UAAU,OAAO,SAAA,CAAU,YAAY,IAAI,UAAU,CAAA;AAAA,KACpG;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,gBAAgB,MAAA,EAAwB;AAC/C,EAAA,QAAQ,MAAA,CAAO,aAAY;AAAG,IAC5B,KAAK,KAAA;AACH,MAAA,OAAO,MAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,MAAA;AAAA,IACL,KAAK,KAAA;AAAA,IACL,KAAK,OAAA;AACH,MAAA,OAAO,OAAA;AAAA,IACT;AACE,MAAA,OAAO,MAAA;AAAA;AAEb;AAEA,SAAS,6BAA6B,YAAA,EAA8B;AAClE,EAAA,MAAM,uBAAA,GAAkD;AAAA,IACtD,KAAA,EAAO,QAAA;AAAA,IACP,QAAA,EAAU,WAAA;AAAA,IACV,IAAA,EAAM,OAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACV;AAEA,EAAA,OAAO,uBAAA,CAAwB,YAAY,CAAA,IAAK,YAAA;AAClD","file":"index.cjs","sourcesContent":["import type { ChunkType } from '@mastra/core/stream';\n\n/**\n * Redacts request data from a v2 format payload.\n * Removes `metadata.request` and `output.steps[].request` from the payload.\n */\nfunction redactV2Payload(payload: Record<string, unknown>): Record<string, unknown> {\n const redactedPayload = { ...payload };\n\n // Remove metadata.request\n if (redactedPayload.metadata && typeof redactedPayload.metadata === 'object') {\n const { request, ...metadataRest } = redactedPayload.metadata as Record<string, unknown>;\n redactedPayload.metadata = metadataRest;\n }\n\n // Remove request from output.steps[]\n if (redactedPayload.output && typeof redactedPayload.output === 'object') {\n const output = { ...(redactedPayload.output as Record<string, unknown>) };\n if (Array.isArray(output.steps)) {\n output.steps = output.steps.map((step: Record<string, unknown>) => {\n if (step && typeof step === 'object') {\n const { request, ...stepRest } = step;\n return stepRest;\n }\n return step;\n });\n }\n redactedPayload.output = output;\n }\n\n return redactedPayload;\n}\n\n/**\n * Redacts sensitive data from stream chunks before they are sent to clients.\n *\n * This function strips out request bodies that may contain sensitive information\n * such as system prompts, tool definitions, API keys, and other configuration data.\n *\n * Handles both v1 (legacy) and v2 stream formats:\n *\n * v1 format (fields at root level):\n * - `step-start.request` - Contains the full LLM request body\n * - `step-finish.request` - Contains the request body\n * - `finish.request` - Contains the request body (if present)\n *\n * v2 format (fields nested in payload):\n * - `step-start.payload.request` - Contains the full LLM request body\n * - `step-finish.payload.metadata.request` - Contains the request metadata\n * - `step-finish.payload.output.steps[].request` - Contains request data for each step\n * - `finish.payload.metadata.request` - Contains the request metadata\n * - `finish.payload.output.steps[].request` - Contains request data for each step\n *\n * @param chunk - The stream chunk to redact\n * @returns A new chunk with sensitive data removed, or the original chunk if no redaction needed\n */\nexport function redactStreamChunk<OUTPUT = undefined>(chunk: ChunkType<OUTPUT>): ChunkType<OUTPUT> {\n if (!chunk || typeof chunk !== 'object') {\n return chunk;\n }\n\n const typedChunk = chunk as Record<string, unknown>;\n\n switch (chunk.type) {\n case 'step-start': {\n // Check if this is v2 format (has payload) or v1 format (request at root)\n if ('payload' in typedChunk && typedChunk.payload && typeof typedChunk.payload === 'object') {\n // v2 format: Remove request from payload\n const { payload, ...rest } = typedChunk;\n const { request, ...payloadRest } = payload as Record<string, unknown>;\n return {\n ...rest,\n type: 'step-start',\n payload: {\n ...payloadRest,\n // Keep an empty request object to maintain structure but remove body\n request: {},\n },\n } as ChunkType<OUTPUT>;\n } else if ('request' in typedChunk) {\n // v1 format: Remove request at root level\n const { request, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'step-start',\n // Keep an empty request object to maintain structure\n request: {},\n } as unknown as ChunkType<OUTPUT>;\n }\n return chunk;\n }\n\n case 'step-finish': {\n // Check if this is v2 format (has payload) or v1 format (request at root)\n if ('payload' in typedChunk && typedChunk.payload && typeof typedChunk.payload === 'object') {\n // v2 format: Remove request from metadata and output.steps[].request\n const { payload, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'step-finish',\n payload: redactV2Payload(payload as Record<string, unknown>),\n } as ChunkType<OUTPUT>;\n } else if ('request' in typedChunk) {\n // v1 format: Remove request at root level\n const { request, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'step-finish',\n } as unknown as ChunkType<OUTPUT>;\n }\n return chunk;\n }\n\n case 'finish': {\n // Check if this is v2 format (has payload) or v1 format (request at root)\n if ('payload' in typedChunk && typedChunk.payload && typeof typedChunk.payload === 'object') {\n // v2 format: Remove request from metadata and output.steps[].request\n const { payload, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'finish',\n payload: redactV2Payload(payload as Record<string, unknown>),\n } as ChunkType<OUTPUT>;\n } else if ('request' in typedChunk) {\n // v1 format: Remove request at root level\n const { request, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'finish',\n } as unknown as ChunkType<OUTPUT>;\n }\n return chunk;\n }\n\n default:\n // Other chunk types don't contain sensitive request data\n return chunk;\n }\n}\n","import type { ToolsInput } from '@mastra/core/agent';\nimport type { Mastra } from '@mastra/core/mastra';\nimport { RequestContext } from '@mastra/core/request-context';\nimport { MastraServerBase } from '@mastra/core/server';\nimport type { ApiRoute, HttpLoggingConfig, ValidationErrorContext, ValidationErrorResponse } from '@mastra/core/server';\nimport { Hono } from 'hono';\nimport type { ZodError } from 'zod/v4';\nimport { z } from 'zod/v4';\n\nimport type { InMemoryTaskStore } from '../a2a/store';\nimport { coreAuthMiddleware } from '../auth/helpers';\nimport {\n MASTRA_CLIENT_TYPE_HEADER,\n MASTRA_IS_STUDIO_KEY,\n isReservedRequestContextKey,\n isStudioClientTypeHeader,\n} from '../constants';\nimport { formatZodError } from '../handlers/error';\nimport { normalizeRoutePath } from '../utils';\nimport { generateOpenAPIDocument, convertCustomRoutesToOpenAPIPaths } from './openapi-utils';\nimport { SERVER_ROUTES, getEffectivePermission } from './routes';\nimport type { ServerRoute } from './routes';\n\nexport * from './routes';\nexport { redactStreamChunk } from './redact';\nexport {\n MASTRA_CLIENT_TYPE_HEADER,\n MASTRA_IS_STUDIO_KEY,\n MASTRA_STUDIO_CLIENT_TYPE,\n isReservedRequestContextKey,\n isStudioClientTypeHeader,\n} from '../constants';\n\nexport { WorkflowRegistry, normalizeRoutePath } from '../utils';\n\nexport interface OpenAPIConfig {\n title?: string;\n version?: string;\n description?: string;\n path?: string;\n}\n\nexport interface BodyLimitOptions {\n maxSize: number;\n onError: (error: unknown) => unknown;\n}\n\nexport interface StreamOptions {\n /**\n * When true (default), redacts sensitive data from stream chunks\n * (system prompts, tool definitions, API keys) before sending to clients.\n *\n * Set to false to include full request data in stream chunks (useful for\n * debugging or internal services that need access to this data).\n *\n * @default true\n */\n redact?: boolean;\n}\n\n/**\n * MCP transport options for configuring MCP HTTP and SSE transports.\n */\nexport interface MCPOptions {\n /**\n * When true, runs in stateless mode without session management.\n * Ideal for serverless environments (Cloudflare Workers, Vercel Edge, etc.)\n * where you can't maintain persistent connections across requests.\n *\n * @default false\n */\n serverless?: boolean;\n /**\n * Custom session ID generator function.\n */\n sessionIdGenerator?: () => string;\n}\n\n/**\n * Query parameter values parsed from HTTP requests.\n * Supports both single values and arrays (for repeated query params like ?tag=a&tag=b).\n */\nexport type QueryParamValue = string | string[];\n\n/**\n * Parsed request parameters returned by getParams().\n */\nexport interface ParsedRequestParams {\n urlParams: Record<string, string>;\n queryParams: Record<string, QueryParamValue>;\n body: unknown;\n /**\n * Error that occurred while parsing the request body.\n * When set, the server should return a 400 Bad Request response.\n */\n bodyParseError?: {\n message: string;\n };\n}\n\nfunction getSchemaTypeName(schema: z.ZodTypeAny): string | undefined {\n const schemaDef = (schema as any)?._def ?? (schema as any)?.def;\n return schemaDef?.typeName ?? schemaDef?.type;\n}\n\nfunction unwrapOptionalNullable(schema: z.ZodTypeAny): z.ZodTypeAny {\n let inner = schema;\n let typeName = getSchemaTypeName(inner);\n\n while (\n typeName === 'ZodOptional' ||\n typeName === 'ZodNullable' ||\n typeName === 'optional' ||\n typeName === 'nullable'\n ) {\n const innerDef = (inner as any)?._def ?? (inner as any)?.def;\n if (!innerDef?.innerType) {\n return inner;\n }\n inner = innerDef.innerType;\n typeName = getSchemaTypeName(inner);\n }\n\n return inner;\n}\n\nfunction parseComplexQueryParams(\n queryParamSchema: z.ZodTypeAny,\n params: Record<string, QueryParamValue>,\n): Record<string, QueryParamValue | unknown> {\n if (!(queryParamSchema instanceof z.ZodObject)) {\n return params;\n }\n\n const parsedParams: Record<string, QueryParamValue | unknown> = { ...params };\n const shape = queryParamSchema.shape as Record<string, z.ZodTypeAny>;\n\n for (const [key, fieldSchema] of Object.entries(shape)) {\n const rawValue = parsedParams[key];\n if (typeof rawValue !== 'string') {\n continue;\n }\n\n const unwrappedField = unwrapOptionalNullable(fieldSchema);\n const typeName = getSchemaTypeName(unwrappedField);\n const isComplex =\n typeName === 'ZodObject' ||\n typeName === 'ZodArray' ||\n typeName === 'ZodRecord' ||\n typeName === 'object' ||\n typeName === 'array' ||\n typeName === 'record';\n\n if (!isComplex) {\n continue;\n }\n\n try {\n parsedParams[key] = JSON.parse(rawValue);\n } catch {\n // Keep original string; schema validation will surface a clear error.\n }\n }\n\n return parsedParams;\n}\n\n/**\n * Normalizes query parameters from various HTTP framework formats to a consistent structure.\n * Handles both single string values and arrays (for repeated query params like ?tag=a&tag=b).\n * Reconstructs bracket-notation keys (e.g., `orderBy[field]=createdAt`) into JSON strings\n * so that z.preprocess JSON.parse can handle them.\n * Filters out non-string values that some frameworks may include.\n *\n * @param rawQuery - Raw query parameters from the HTTP framework (may contain strings, arrays, or nested objects)\n * @returns Normalized query parameters as Record<string, string | string[]>\n */\nexport function normalizeQueryParams(rawQuery: Record<string, unknown>): Record<string, QueryParamValue> {\n const queryParams: Record<string, QueryParamValue> = {};\n // Collect bracket-notation keys: e.g., \"orderBy[field]\" → parent \"orderBy\", child \"field\"\n const bracketGroups: Record<string, Record<string, string>> = {};\n\n for (const [key, value] of Object.entries(rawQuery)) {\n const bracketMatch = key.match(/^([^[]+)\\[([^\\]]+)\\]$/);\n if (bracketMatch) {\n const parent = bracketMatch[1]!;\n const child = bracketMatch[2]!;\n const strValue = Array.isArray(value)\n ? value.filter((v): v is string => typeof v === 'string')[0]\n : typeof value === 'string'\n ? value\n : undefined;\n if (strValue !== undefined) {\n if (!bracketGroups[parent]) {\n bracketGroups[parent] = {};\n }\n bracketGroups[parent]![child] = strValue;\n }\n } else if (typeof value === 'string') {\n queryParams[key] = value;\n } else if (Array.isArray(value)) {\n // Filter to only string values (some frameworks include nested objects)\n const stringValues = value.filter((v): v is string => typeof v === 'string');\n // Convert single-value arrays back to strings for compatibility\n queryParams[key] = stringValues.length === 1 ? stringValues[0]! : stringValues;\n }\n }\n\n // Merge bracket groups as JSON strings (only if the parent key wasn't already set directly)\n for (const [parent, children] of Object.entries(bracketGroups)) {\n if (!(parent in queryParams)) {\n queryParams[parent] = JSON.stringify(children);\n }\n }\n\n return queryParams;\n}\n\n/**\n * Abstract base class for server adapters that handle HTTP requests.\n *\n * This class extends `MastraServerBase` to inherit app storage functionality\n * and provides the framework for registering routes, middleware, and handling requests.\n *\n * Framework-specific adapters in @mastra/hono and @mastra/express extend this class\n * (both named `MastraServer` in their respective packages) and implement the abstract\n * methods for their specific framework.\n *\n * @template TApp - The type of the server app (e.g., Hono, Express Application)\n * @template TRequest - The type of the request object\n * @template TResponse - The type of the response object\n */\nexport abstract class MastraServer<TApp, TRequest, TResponse> extends MastraServerBase<TApp> {\n protected mastra: Mastra;\n protected bodyLimitOptions?: BodyLimitOptions;\n protected tools?: ToolsInput;\n protected prefix?: string;\n protected openapiPath?: string;\n protected taskStore?: InMemoryTaskStore;\n protected customRouteAuthConfig?: Map<string, boolean>;\n protected streamOptions: StreamOptions;\n protected httpLoggingConfig?: HttpLoggingConfig;\n protected customApiRoutes?: ApiRoute[];\n protected mcpOptions?: MCPOptions;\n private customRouteHandler:\n | ((request: Request, env?: { requestContext?: RequestContext }) => Promise<Response>)\n | null = null;\n\n constructor({\n app,\n mastra,\n bodyLimitOptions,\n tools,\n prefix = '/api',\n openapiPath = '',\n taskStore,\n customRouteAuthConfig,\n streamOptions,\n customApiRoutes,\n mcpOptions,\n }: {\n app: TApp;\n mastra: Mastra;\n bodyLimitOptions?: BodyLimitOptions;\n tools?: ToolsInput;\n prefix?: string;\n openapiPath?: string;\n taskStore?: InMemoryTaskStore;\n customRouteAuthConfig?: Map<string, boolean>;\n streamOptions?: StreamOptions;\n customApiRoutes?: ApiRoute[];\n /**\n * MCP transport options applied to all MCP HTTP and SSE routes.\n * Individual routes can override these via MCPHttpTransportResult.mcpOptions.\n */\n mcpOptions?: MCPOptions;\n }) {\n super({ app, name: 'MastraServer' });\n this.mastra = mastra;\n this.bodyLimitOptions = bodyLimitOptions;\n this.tools = tools;\n this.prefix = normalizeRoutePath(prefix);\n this.openapiPath = openapiPath;\n this.taskStore = taskStore;\n this.customRouteAuthConfig = customRouteAuthConfig;\n this.streamOptions = { redact: true, ...streamOptions };\n this.customApiRoutes = customApiRoutes;\n this.mcpOptions = mcpOptions;\n\n // Parse HTTP logging configuration\n const serverConfig = mastra.getServer();\n this.httpLoggingConfig = this.parseLoggingConfig(serverConfig?.build?.apiReqLogs);\n\n // Automatically register this adapter with Mastra so getServerApp() works\n mastra.setMastraServer(this);\n }\n\n /**\n * Parses the apiReqLogs configuration into a normalized HttpLoggingConfig.\n * @param config - The raw config value from server.build.apiReqLogs\n * @returns Normalized HttpLoggingConfig or undefined if disabled\n */\n private parseLoggingConfig(config?: boolean | HttpLoggingConfig): HttpLoggingConfig | undefined {\n if (config === true) {\n // Default configuration when enabled with just `true`\n return {\n enabled: true,\n level: 'info',\n redactHeaders: ['authorization', 'cookie'],\n };\n }\n if (typeof config === 'object' && config.enabled) {\n // Merge user config with defaults\n return {\n enabled: true,\n level: config.level || 'info',\n excludePaths: config.excludePaths,\n includeHeaders: config.includeHeaders,\n includeQueryParams: config.includeQueryParams,\n redactHeaders: [...new Set([...['authorization', 'cookie'], ...(config.redactHeaders || [])])],\n };\n }\n return undefined;\n }\n\n /**\n * Determines if a request to the given path should be logged.\n * @param path - The request path to check\n * @returns true if the request should be logged, false otherwise\n */\n protected shouldLogRequest(path: string): boolean {\n if (!this.httpLoggingConfig?.enabled) {\n return false;\n }\n\n // Uses segment-aware matching so '/health' excludes '/health' and '/health/deep' but not '/healthcheck'\n const excludePaths = this.httpLoggingConfig.excludePaths || [];\n return !excludePaths.some((excluded: string) => path === excluded || path.startsWith(excluded + '/'));\n }\n\n protected mergeRequestContext({\n paramsRequestContext,\n bodyRequestContext,\n }: {\n paramsRequestContext?: Record<string, any>;\n bodyRequestContext?: Record<string, any>;\n }): RequestContext {\n const requestContext = new RequestContext();\n if (bodyRequestContext) {\n for (const [key, value] of Object.entries(bodyRequestContext)) {\n if (isReservedRequestContextKey(key)) continue;\n requestContext.set(key, value);\n }\n }\n if (paramsRequestContext) {\n for (const [key, value] of Object.entries(paramsRequestContext)) {\n if (isReservedRequestContextKey(key)) continue;\n requestContext.set(key, value);\n }\n }\n return requestContext;\n }\n\n protected applyRequestMetadataToContext({\n requestContext,\n getHeader,\n }: {\n requestContext: RequestContext;\n getHeader: (name: string) => string | undefined;\n }): void {\n if (isStudioClientTypeHeader(getHeader(MASTRA_CLIENT_TYPE_HEADER))) {\n requestContext.set(MASTRA_IS_STUDIO_KEY, true);\n }\n }\n\n /**\n * Check if the current request should be authenticated/authorized.\n * Returns null if auth passes, or an error response if it fails.\n *\n * This is a thin wrapper around coreAuthMiddleware that:\n * 1. Handles route-level requiresAuth opt-out (not available in global middleware)\n * 2. Delegates all other auth logic to coreAuthMiddleware\n * 3. Translates the AuthResult into the {status, error} format adapters expect\n */\n protected async checkRouteAuth(\n route: ServerRoute,\n context: {\n path: string;\n method: string;\n getHeader: (name: string) => string | undefined;\n getQuery: (name: string) => string | undefined;\n requestContext: RequestContext;\n /** Raw Request object for cookie-based auth providers */\n request?: Request;\n /** Build framework-specific context for authorize() callback */\n buildAuthorizeContext?: () => unknown;\n },\n ): Promise<{ status: number; error: string; headers?: Record<string, string> } | null> {\n const authConfig = this.mastra.getServer()?.auth;\n\n // No auth config means no auth required\n if (!authConfig) {\n return null;\n }\n\n // Check route-level requiresAuth flag first (explicit per-route setting)\n // This opt-out is route-specific and not available in the global middleware\n if (route.requiresAuth === false) {\n return null;\n }\n\n // Extract token from headers/query\n const authHeader = context.getHeader('authorization');\n let token: string | null = authHeader ? authHeader.replace('Bearer ', '') : null;\n if (!token) {\n token = context.getQuery('apiKey') || null;\n }\n\n // Delegate to coreAuthMiddleware for all auth logic\n const result = await coreAuthMiddleware({\n path: context.path,\n method: context.method,\n getHeader: context.getHeader,\n mastra: this.mastra,\n authConfig,\n customRouteAuthConfig: this.customRouteAuthConfig,\n requestContext: context.requestContext,\n rawRequest: context.request,\n token,\n buildAuthorizeContext: context.buildAuthorizeContext ?? (() => null),\n });\n\n if (result.action === 'next') {\n // Pass through any refresh headers (e.g. Set-Cookie from transparent session refresh)\n if (result.headers) {\n return { status: 200, error: '', headers: result.headers };\n }\n return null;\n }\n\n // Translate AuthResult error to the {status, error} format adapters expect\n const errorBody = result.body as { error?: string } | undefined;\n return { status: result.status, error: errorBody?.error ?? 'Access denied', headers: result.headers };\n }\n\n /**\n * Check if the user has the required permission for a route.\n *\n * Uses convention-based permission derivation:\n * 1. If route has explicit `requiresPermission`, use that\n * 2. Otherwise, derive permission from path/method (e.g., GET /agents → agents:read)\n * 3. Routes with `requiresAuth: false` skip permission checks\n *\n * @param route - The route being accessed\n * @param userPermissions - The user's permissions from the request context\n * @returns Error response if permission denied, null if allowed\n */\n protected checkRoutePermission(\n route: ServerRoute,\n userPermissions: string[] | undefined,\n hasPermissionFn: (userPerms: string[], required: string) => boolean,\n ): { status: number; error: string; message: string } | null {\n // If RBAC is not configured, skip permission checks entirely\n // Auth-only mode = authenticated users get full access\n const rbacProvider = this.mastra.getServer()?.rbac;\n if (!rbacProvider) {\n return null;\n }\n\n // Get the effective permission (explicit or derived)\n const requiredPermission = getEffectivePermission(route);\n\n // No permission required (public route or couldn't derive)\n if (!requiredPermission) {\n return null;\n }\n\n // Check if user has the required permission\n if (!userPermissions || !hasPermissionFn(userPermissions, requiredPermission)) {\n return {\n status: 403,\n error: 'Forbidden',\n message: `Missing required permission: ${requiredPermission}`,\n };\n }\n\n return null;\n }\n\n abstract stream(route: ServerRoute, response: TResponse, result: unknown): Promise<unknown>;\n abstract getParams(route: ServerRoute, request: TRequest): Promise<ParsedRequestParams>;\n abstract sendResponse(route: ServerRoute, response: TResponse, result: unknown): Promise<unknown>;\n abstract registerRoute(app: TApp, route: ServerRoute, { prefix }: { prefix?: string }): Promise<void>;\n abstract registerContextMiddleware(): void;\n abstract registerAuthMiddleware(): void;\n abstract registerHttpLoggingMiddleware(): void;\n\n async init() {\n this.registerContextMiddleware();\n this.registerAuthMiddleware();\n this.registerHttpLoggingMiddleware();\n await this.validateEELicense();\n await this.registerCustomApiRoutes();\n await this.registerRoutes();\n }\n\n /**\n * Validate that EE features have a valid license in production.\n * Throws if RBAC or FGA is configured without a valid license outside dev/test environments.\n */\n async validateEELicense(): Promise<void> {\n const serverConfig = this.mastra.getServer();\n const configuredFeatures = [serverConfig?.rbac ? 'RBAC' : null, serverConfig?.fga ? 'FGA' : null].filter(\n (feature): feature is string => feature !== null,\n );\n\n if (configuredFeatures.length === 0) return;\n\n try {\n const { isEEEnabled } = await import('@mastra/core/auth/ee');\n if (!isEEEnabled()) {\n const featureList = configuredFeatures.join(' and ');\n throw new Error(\n `[mastra/auth-ee] ${featureList} ${configuredFeatures.length === 1 ? 'is' : 'are'} configured but no valid EE license was found.\\n` +\n `${featureList} ${configuredFeatures.length === 1 ? 'requires' : 'require'} a Mastra Enterprise License for production use.\\n` +\n 'Set the MASTRA_EE_LICENSE environment variable with your license key.\\n' +\n 'Learn more: https://github.com/mastra-ai/mastra/blob/main/ee/LICENSE',\n );\n }\n } catch (err) {\n if (err instanceof Error && err.message.startsWith('[mastra/auth-ee]')) {\n throw err;\n }\n // @mastra/core/auth/ee module not available; EE authorization cannot function.\n throw new Error(\n `[mastra/auth-ee] ${configuredFeatures.join(' and ')} ${configuredFeatures.length === 1 ? 'is' : 'are'} configured but the EE module (@mastra/core/auth/ee) could not be loaded.\\n` +\n 'Ensure @mastra/core is updated to a version that includes EE support.',\n );\n }\n }\n\n /**\n * Override in adapters to register custom API routes defined via registerApiRoute().\n * Called by init() between registerAuthMiddleware() and registerRoutes().\n */\n async registerCustomApiRoutes(): Promise<void> {\n // Default no-op. Adapters override this to register custom routes\n // using their framework-specific middleware.\n }\n\n /**\n * Validates that no custom route path collides with the built-in route prefix.\n * Throws if any route path starts with the server's `apiPrefix`.\n */\n protected validateCustomRoutePaths(routes: ApiRoute[]): void {\n const prefix = this.prefix ?? '';\n if (!prefix) return;\n for (const route of routes) {\n if (route._mastraInternal) continue;\n if (route.path.startsWith(`${prefix}/`) || route.path === prefix) {\n throw new Error(\n `Custom API route \"${route.path}\" must not start with \"${prefix}\" — ` +\n `that path is reserved for built-in Mastra routes. ` +\n `Choose a different path (e.g. \"${route.path.replace(prefix, '/custom')}\").`,\n );\n }\n }\n }\n\n /**\n * Creates an internal Hono sub-app with all custom API routes registered.\n * Stores the handler on this instance for use by handleCustomRouteRequest().\n * Returns true if custom routes were found and registered.\n */\n protected async buildCustomRouteHandler(): Promise<boolean> {\n const routes = this.customApiRoutes ?? this.mastra.getServer()?.apiRoutes;\n if (!routes || routes.length === 0) return false;\n\n const NOT_FOUND_HEADER = 'x-mastra-custom-route-not-found';\n const mastra = this.mastra;\n\n const app = new Hono<{\n Bindings: { requestContext?: RequestContext };\n Variables: { mastra: Mastra; requestContext: RequestContext };\n }>();\n\n // Internal context middleware — sets variables that custom route handlers expect\n app.use('*', async (c, next) => {\n c.set('mastra', mastra);\n c.set('requestContext', c.env?.requestContext ?? new RequestContext());\n await next();\n });\n\n // Propagate the server's onError handler so errors from custom route handlers\n // are caught here (not swallowed by Hono's default plain-text 500).\n const serverOnError = this.mastra.getServer()?.onError;\n app.onError((err, c) => {\n if (serverOnError) {\n return serverOnError(err, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n });\n\n this.validateCustomRoutePaths(routes);\n\n // Register each custom route\n for (const route of routes) {\n const handler =\n 'handler' in route && route.handler\n ? route.handler\n : 'createHandler' in route\n ? await route.createHandler({ mastra })\n : undefined;\n if (!handler) continue;\n\n const middlewares: any[] = [];\n if (route.middleware) {\n middlewares.push(...(Array.isArray(route.middleware) ? route.middleware : [route.middleware]));\n }\n\n const allHandlers = [...middlewares, handler];\n if (route.method === 'ALL') {\n app.all(route.path, allHandlers[0]!, ...allHandlers.slice(1));\n } else {\n app.on(route.method, route.path, allHandlers[0]!, ...allHandlers.slice(1));\n }\n }\n\n // Mark unmatched requests so the adapter bridge can fall through to next()\n app.notFound(() => new Response(null, { status: 404, headers: { [NOT_FOUND_HEADER]: 'true' } }));\n\n this.customRouteHandler = async (request, env) => app.fetch(request, env);\n return true;\n }\n\n /**\n * Forwards a request to the internal custom route handler.\n * Returns the Response if a custom route matched, or null to fall through.\n */\n protected async handleCustomRouteRequest(\n url: string,\n method: string,\n headers: Record<string, string | string[] | undefined>,\n body: unknown,\n requestContext?: RequestContext,\n ): Promise<Response | null> {\n if (!this.customRouteHandler) return null;\n\n const fetchHeaders = new Headers();\n for (const [key, value] of Object.entries(headers)) {\n if (typeof value === 'string') fetchHeaders.set(key, value);\n else if (Array.isArray(value))\n value.forEach(v => {\n fetchHeaders.append(key, v);\n });\n }\n\n const init: RequestInit = { method, headers: fetchHeaders };\n if (['POST', 'PUT', 'PATCH'].includes(method) && body !== undefined) {\n if (body instanceof ArrayBuffer || body instanceof Uint8Array || body instanceof ReadableStream) {\n init.body = body as any;\n if (body instanceof ReadableStream) {\n (init as any).duplex = 'half';\n }\n } else {\n const contentType = (typeof headers['content-type'] === 'string' ? headers['content-type'] : '') || '';\n if (contentType.includes('application/json')) {\n init.body = JSON.stringify(body);\n } else if (typeof body === 'string') {\n init.body = body;\n }\n }\n }\n\n const request = new globalThis.Request(url, init);\n const response = await this.customRouteHandler(request, { requestContext });\n\n if (response.headers.get('x-mastra-custom-route-not-found') === 'true') return null;\n return response;\n }\n\n /**\n * Pipes a custom route Response to a Node.js ServerResponse (http.ServerResponse).\n * Works with Koa (ctx.res), Express (res), and Fastify (reply.raw).\n */\n protected async writeCustomRouteResponse(\n response: Response,\n nodeRes: {\n writeHead(status: number, headers: Record<string, string | string[]>): void;\n write(chunk: unknown): void;\n end(data?: string): void;\n },\n ): Promise<void> {\n const headers: Record<string, string | string[]> = {};\n response.headers.forEach((value, key) => {\n if (key.toLowerCase() !== 'set-cookie') {\n headers[key] = value;\n }\n });\n const setCookies = response.headers.getSetCookie?.();\n if (setCookies && setCookies.length > 0) {\n headers['set-cookie'] = setCookies;\n }\n nodeRes.writeHead(response.status, headers);\n\n if (response.body) {\n const reader = response.body.getReader();\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n nodeRes.write(value);\n }\n } finally {\n nodeRes.end();\n }\n } else {\n nodeRes.end(await response.text());\n }\n }\n\n /**\n * Builds the OpenAPI spec object with servers field and custom route paths.\n */\n private buildOpenAPISpec(config: { title: string; version: string; description: string }, prefix?: string): any {\n const openApiSpec = generateOpenAPIDocument(SERVER_ROUTES, config);\n\n if (prefix) {\n openApiSpec.servers = [{ url: prefix }];\n }\n\n // Custom routes are served at root (/), not under the API prefix — add per-path servers override.\n const allCustomRoutes = this.customApiRoutes ?? this.mastra.getServer()?.apiRoutes;\n if (allCustomRoutes && allCustomRoutes.length > 0) {\n const customPaths = convertCustomRoutesToOpenAPIPaths(allCustomRoutes);\n if (prefix) {\n for (const pathKey of Object.keys(customPaths)) {\n if (!customPaths[pathKey].servers) {\n customPaths[pathKey].servers = [{ url: '/' }];\n }\n }\n }\n openApiSpec.paths = { ...openApiSpec.paths, ...customPaths };\n }\n\n return openApiSpec;\n }\n\n async registerOpenAPIRoute(app: TApp, config: OpenAPIConfig = {}, { prefix }: { prefix?: string }): Promise<void> {\n const {\n title = 'Mastra API',\n version = '1.0.0',\n description = 'Mastra Server API',\n path = '/openapi.json',\n } = config;\n\n const openApiSpec = this.buildOpenAPISpec({ title, version, description }, prefix);\n\n const openApiRoute: ServerRoute = {\n method: 'GET',\n path,\n responseType: 'json',\n handler: async () => openApiSpec,\n };\n\n await this.registerRoute(app, openApiRoute, { prefix });\n }\n\n async registerRoutes(): Promise<void> {\n // Register routes sequentially to maintain order - important for routers where\n // more specific routes (e.g., /versions/compare) must be registered before\n // parameterized routes (e.g., /versions/:versionId)\n for (const route of SERVER_ROUTES) {\n await this.registerRoute(this.app, route, { prefix: this.prefix });\n }\n\n if (this.openapiPath) {\n const specConfig = {\n title: 'Mastra API',\n version: '1.0.0',\n description: 'Mastra Server API',\n };\n\n await this.registerOpenAPIRoute(this.app, { ...specConfig, path: this.openapiPath }, { prefix: this.prefix });\n }\n }\n\n async parsePathParams(route: ServerRoute, params: Record<string, string>): Promise<Record<string, any>> {\n const pathParamSchema = route.pathParamSchema;\n if (!pathParamSchema) {\n return params;\n }\n\n return pathParamSchema.parseAsync(params) as Promise<Record<string, any>>;\n }\n\n async parseQueryParams(route: ServerRoute, params: Record<string, QueryParamValue>): Promise<Record<string, any>> {\n const queryParamSchema = route.queryParamSchema;\n if (!queryParamSchema) {\n return params;\n }\n\n const normalizedParams = parseComplexQueryParams(queryParamSchema as z.ZodTypeAny, params);\n return queryParamSchema.parseAsync(normalizedParams) as Promise<Record<string, any>>;\n }\n\n async parseBody(route: ServerRoute, body: unknown): Promise<unknown> {\n const bodySchema = route.bodySchema;\n if (!bodySchema) {\n return body;\n }\n\n return bodySchema.parseAsync(body);\n }\n\n private static readonly CONTEXT_LABELS: Record<ValidationErrorContext, string> = {\n query: 'query parameters',\n body: 'request body',\n path: 'path parameters',\n };\n\n protected resolveValidationError(\n route: ServerRoute,\n error: ZodError,\n context: ValidationErrorContext,\n ): ValidationErrorResponse {\n const hook = route.onValidationError ?? this.mastra.getServer()?.onValidationError;\n\n if (hook) {\n try {\n const result = hook(error, context);\n if (result) {\n return result;\n }\n } catch (hookError) {\n this.mastra.getLogger()?.error('Error in custom onValidationError hook', {\n error: hookError instanceof Error ? { message: hookError.message, stack: hookError.stack } : hookError,\n });\n }\n }\n\n return {\n status: 400,\n body: formatZodError(error, MastraServer.CONTEXT_LABELS[context]),\n };\n }\n}\n\n/**\n * Check FGA authorization for an HTTP route.\n * Returns null if authorized or FGA not configured, or an error object if denied.\n */\nexport async function checkRouteFGA(\n mastra: any,\n route: ServerRoute,\n requestContext: RequestContext,\n params: Record<string, unknown>,\n): Promise<{ status: number; error: string; message: string } | null> {\n const fgaConfig = route.fga;\n if (!fgaConfig) return null;\n\n const fgaProvider = mastra?.getServer?.()?.fga;\n if (!fgaProvider) return null;\n\n const user = requestContext?.get('user');\n if (!user) {\n return {\n status: 403,\n error: 'Forbidden',\n message: 'FGA authorization denied: authenticated user is required',\n };\n }\n\n const resourceId =\n typeof fgaConfig.resourceId === 'function'\n ? fgaConfig.resourceId(params, { requestContext })\n : fgaConfig.resourceId || (fgaConfig.resourceIdParam ? (params[fgaConfig.resourceIdParam] as string) : undefined);\n if (!fgaConfig.resourceType || !resourceId) {\n return {\n status: 403,\n error: 'Forbidden',\n message: 'FGA authorization denied: route FGA metadata is incomplete',\n };\n }\n const permission =\n fgaConfig.permission ||\n (route.path ? getEffectivePermission(route) : null) ||\n `${getFGAResourcePermissionSlug(fgaConfig.resourceType)}:${deriveFGAAction(route.method)}`;\n\n const authorized = await fgaProvider.check(user, {\n resource: { type: fgaConfig.resourceType, id: resourceId },\n permission,\n context: { resourceId, requestContext },\n });\n\n if (!authorized) {\n return {\n status: 403,\n error: 'Forbidden',\n message: `FGA authorization denied: cannot ${permission} on ${fgaConfig.resourceType}:${resourceId}`,\n };\n }\n\n return null;\n}\n\nfunction deriveFGAAction(method: string): string {\n switch (method.toUpperCase()) {\n case 'GET':\n return 'read';\n case 'DELETE':\n return 'delete';\n case 'POST':\n case 'PUT':\n case 'PATCH':\n return 'write';\n default:\n return 'read';\n }\n}\n\nfunction getFGAResourcePermissionSlug(resourceType: string): string {\n const resourcePermissionSlugs: Record<string, string> = {\n agent: 'agents',\n workflow: 'workflows',\n tool: 'tools',\n thread: 'memory',\n };\n\n return resourcePermissionSlugs[resourceType] ?? resourceType;\n}\n"]}
1
+ {"version":3,"sources":["../../../src/server/server-adapter/redact.ts","../../../src/server/server-adapter/index.ts"],"names":["getEffectivePermission","z","MastraServerBase","normalizeRoutePath","requestContext","RequestContext","isReservedRequestContextKey","isStudioClientTypeHeader","MASTRA_CLIENT_TYPE_HEADER","MASTRA_IS_STUDIO_KEY","coreAuthMiddleware","SERVER_ROUTES","Hono","generateOpenAPIDocument","convertCustomRoutesToOpenAPIPaths","formatZodError"],"mappings":";;;;;;;;;;;;;;AAMA,SAAS,gBAAgB,OAAA,EAA2D;AAClF,EAAA,MAAM,eAAA,GAAkB,EAAE,GAAG,OAAA,EAAQ;AAGrC,EAAA,IAAI,eAAA,CAAgB,QAAA,IAAY,OAAO,eAAA,CAAgB,aAAa,QAAA,EAAU;AAC5E,IAAA,MAAM,EAAE,OAAA,EAAS,GAAG,YAAA,KAAiB,eAAA,CAAgB,QAAA;AACrD,IAAA,eAAA,CAAgB,QAAA,GAAW,YAAA;AAAA,EAC7B;AAGA,EAAA,IAAI,eAAA,CAAgB,MAAA,IAAU,OAAO,eAAA,CAAgB,WAAW,QAAA,EAAU;AACxE,IAAA,MAAM,MAAA,GAAS,EAAE,GAAI,eAAA,CAAgB,MAAA,EAAmC;AACxE,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAA,EAAG;AAC/B,MAAA,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,KAAkC;AACjE,QAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,EAAU;AACpC,UAAA,MAAM,EAAE,OAAA,EAAS,GAAG,QAAA,EAAS,GAAI,IAAA;AACjC,UAAA,OAAO,QAAA;AAAA,QACT;AACA,QAAA,OAAO,IAAA;AAAA,MACT,CAAC,CAAA;AAAA,IACH;AACA,IAAA,eAAA,CAAgB,MAAA,GAAS,MAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,eAAA;AACT;AAyBO,SAAS,kBAAsC,KAAA,EAA6C;AACjG,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,KAAA;AAEnB,EAAA,QAAQ,MAAM,IAAA;AAAM,IAClB,KAAK,YAAA,EAAc;AAEjB,MAAA,IAAI,aAAa,UAAA,IAAc,UAAA,CAAW,WAAW,OAAO,UAAA,CAAW,YAAY,QAAA,EAAU;AAE3F,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,WAAA,EAAY,GAAI,OAAA;AACpC,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM,YAAA;AAAA,UACN,OAAA,EAAS;AAAA,YACP,GAAG,WAAA;AAAA;AAAA,YAEH,SAAS;AAAC;AACZ,SACF;AAAA,MACF,CAAA,MAAA,IAAW,aAAa,UAAA,EAAY;AAElC,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM,YAAA;AAAA;AAAA,UAEN,SAAS;AAAC,SACZ;AAAA,MACF;AACA,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,IAEA,KAAK,aAAA,EAAe;AAElB,MAAA,IAAI,aAAa,UAAA,IAAc,UAAA,CAAW,WAAW,OAAO,UAAA,CAAW,YAAY,QAAA,EAAU;AAE3F,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM,aAAA;AAAA,UACN,OAAA,EAAS,gBAAgB,OAAkC;AAAA,SAC7D;AAAA,MACF,CAAA,MAAA,IAAW,aAAa,UAAA,EAAY;AAElC,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM;AAAA,SACR;AAAA,MACF;AACA,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,IAEA,KAAK,QAAA,EAAU;AAEb,MAAA,IAAI,aAAa,UAAA,IAAc,UAAA,CAAW,WAAW,OAAO,UAAA,CAAW,YAAY,QAAA,EAAU;AAE3F,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM,QAAA;AAAA,UACN,OAAA,EAAS,gBAAgB,OAAkC;AAAA,SAC7D;AAAA,MACF,CAAA,MAAA,IAAW,aAAa,UAAA,EAAY;AAElC,QAAA,MAAM,EAAE,OAAA,EAAS,GAAG,IAAA,EAAK,GAAI,UAAA;AAC7B,QAAA,OAAO;AAAA,UACL,GAAG,IAAA;AAAA,UACH,IAAA,EAAM;AAAA,SACR;AAAA,MACF;AACA,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,IAEA;AAEE,MAAA,OAAO,KAAA;AAAA;AAEb;;;ACrCA,SAAS,oBAAoB,KAAA,EAAmD;AAC9E,EAAA,OAAO,MAAM,YAAA,KAAiB,KAAA;AAChC;AAEA,SAAS,YAAY,KAAA,EAAqD;AACxE,EAAA,OAAO,CAAA,EAAG,KAAA,CAAM,MAAM,CAAA,CAAA,EAAI,MAAM,IAAI,CAAA,CAAA;AACtC;AAEA,SAAS,eAAe,MAAA,EAAuC;AAC7D,EAAA,OAAO,MAAA,EAAQ,aAAY,EAAG,GAAA;AAChC;AAEA,SAAS,gBAAgB,KAAA,EAAkC;AACzD,EAAA,OAAO;AAAA,IACL,MAAM,KAAA,CAAM,IAAA;AAAA,IACZ,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,cAAc,KAAA,CAAM,YAAA;AAAA,IACpB,oBAAoB,KAAA,CAAM,kBAAA;AAAA,IAC1B,KAAK,KAAA,CAAM;AAAA,GACb;AACF;AAEA,SAAS,oBAAoB,KAAA,EAAgD;AAC3E,EAAA,OAAO,CAACA,wCAAA,CAAuB,KAAK,GAAG,KAAA,CAAM,GAAA,EAAK,UAAU,CAAA,CAAE,MAAA;AAAA,IAC5D,CAAC,UAAA,KAAuD,OAAA,CAAQ,UAAU;AAAA,GAC5E;AACF;AAEA,SAAS,uBAAuB,IAAA,EAAwC;AACtE,EAAA,OAAO,IAAA,CAAK,QAAA,CAAS,UAAU,CAAA,GAAI,eAAA,GAAkB,YAAA;AACvD;AAEA,SAAS,yBAAyB,KAAA,EAA2C;AAC3E,EAAA,IAAI,CAAC,oBAAoB,KAAK,CAAA,IAAK,CAAC,KAAA,CAAM,IAAA,IAAQ,CAAC,KAAA,CAAM,MAAA,EAAQ;AAC/D,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAaA,yCAAuB,KAAK,CAAA;AAC/C,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAO,KAAA,CAAM,IAAA;AACnB,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,gCAAgC,CAAA,EAAG;AACrD,IAAA,OAAO;AAAA,MACL,YAAA,EAAc,MAAA;AAAA,MACd,UAAA,EAAY,CAAC,EAAE,OAAA,EAAS,MAAA,EAAO,KAAM,CAAA,EAAG,MAAA,CAAO,OAAO,CAAC,CAAA,CAAA,EAAI,MAAA,CAAO,MAAM,CAAC,CAAA,CAAA;AAAA,MACzE,UAAA,EAAY,uBAAuB,IAAI;AAAA,KACzC;AAAA,EACF;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,kBAAkB,CAAA,EAAG;AACvC,IAAA,OAAO,EAAE,YAAA,EAAc,OAAA,EAAS,eAAA,EAAiB,WAAW,UAAA,EAAW;AAAA,EACzE;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,wBAAwB,CAAA,EAAG;AAC7C,IAAA,OAAO,EAAE,YAAA,EAAc,UAAA,EAAY,eAAA,EAAiB,cAAc,UAAA,EAAW;AAAA,EAC/E;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,gBAAgB,CAAA,EAAG;AACrC,IAAA,OAAO,EAAE,YAAA,EAAc,MAAA,EAAQ,eAAA,EAAiB,UAAU,UAAA,EAAW;AAAA,EACvE;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,8BAA8B,CAAA,EAAG;AACnD,IAAA,OAAO;AAAA,MACL,YAAA,EAAc,MAAA;AAAA,MACd,UAAA,EAAY,CAAC,EAAE,QAAA,EAAU,QAAO,KAAM,IAAA,CAAK,SAAA,CAAU,CAAC,OAAO,QAAQ,CAAA,EAAG,MAAA,CAAO,MAAM,CAAC,CAAC,CAAA;AAAA,MACvF,UAAA,EAAY,uBAAuB,IAAI;AAAA,KACzC;AAAA,EACF;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,gBAAgB,CAAA,EAAG;AACrC,IAAA,OAAO,EAAE,YAAA,EAAc,KAAA,EAAO,eAAA,EAAiB,YAAY,UAAA,EAAW;AAAA,EACxE;AAEA,EAAA,IAAI,KAAK,UAAA,CAAW,2BAA2B,KAAK,IAAA,CAAK,UAAA,CAAW,mCAAmC,CAAA,EAAG;AACxG,IAAA,OAAO,EAAE,YAAA,EAAc,QAAA,EAAU,eAAA,EAAiB,YAAY,UAAA,EAAW;AAAA,EAC3E;AAEA,EAAA,IAAI,IAAA,KAAS,iBAAA,IAAqB,IAAA,KAAS,yBAAA,EAA2B;AACpE,IAAA,OAAO;AAAA,MACL,YAAA,EAAc,QAAA;AAAA,MACd,UAAA,EAAY,CAAC,EAAE,QAAA,EAAU,YAAW,KAAM;AACxC,QAAA,IAAI,OAAO,QAAA,KAAa,QAAA,EAAU,OAAO,QAAA;AACzC,QAAA,OAAO,OAAO,UAAA,KAAe,QAAA,GAAW,UAAA,GAAa,MAAA;AAAA,MACvD,CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,IAAA,KAAS,uBAAA,IAA2B,IAAA,KAAS,+BAAA,EAAiC;AAChF,IAAA,OAAO;AAAA,MACL,YAAA,EAAc,QAAA;AAAA,MACd,UAAA,EAAY,CAAC,EAAE,QAAA,EAAS,KAAM;AAC5B,QAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,QAAQ,GAAG,OAAO,MAAA;AACrC,QAAA,MAAM,WAAW,QAAA,CAAS,IAAA;AAAA,UACxB,CAAA,OAAA,KAAW,OAAA,IAAW,OAAO,OAAA,KAAY,YAAY,UAAA,IAAc;AAAA,SACrE,EAAG,QAAA;AACH,QAAA,OAAO,OAAO,QAAA,KAAa,QAAA,GAAW,QAAA,GAAW,MAAA;AAAA,MACnD,CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,SAAS,eAAA,EAAiB;AAC5B,IAAA,OAAO,EAAE,YAAA,EAAc,OAAA,EAAS,eAAA,EAAiB,YAAY,UAAA,EAAW;AAAA,EAC1E;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,2BAA2B,CAAA,EAAG;AAChD,IAAA,OAAO,EAAE,YAAA,EAAc,UAAA,EAAY,eAAA,EAAiB,cAAc,UAAA,EAAW;AAAA,EAC/E;AAEA,EAAA,IAAI,SAAS,mBAAA,EAAqB;AAChC,IAAA,OAAO,EAAE,YAAA,EAAc,OAAA,EAAS,eAAA,EAAiB,YAAY,UAAA,EAAW;AAAA,EAC1E;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,mCAAmC,CAAA,EAAG;AACxD,IAAA,OAAO,EAAE,YAAA,EAAc,cAAA,EAAgB,eAAA,EAAiB,kBAAkB,UAAA,EAAW;AAAA,EACvF;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,eAAe,qBAAA,CACb,WAAA,EACA,KAAA,EACA,cAAA,EACA,MAAA,EAC4C;AAC5C,EAAA,IAAI,MAAM,GAAA,EAAK;AACb,IAAA,OAAO,KAAA,CAAM,GAAA;AAAA,EACf;AAEA,EAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,eAAA,GAAkB;AAAA,IACzD,KAAA,EAAO,gBAAgB,KAAK,CAAA;AAAA,IAC5B,MAAA;AAAA,IACA;AAAA,GACD,CAAA;AACD,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,OAAO,yBAAyB,KAAK,CAAA;AACvC;AAEA,SAAS,kBAAkB,MAAA,EAA0C;AACnE,EAAA,MAAM,SAAA,GAAa,MAAA,EAAgB,IAAA,IAAS,MAAA,EAAgB,GAAA;AAC5D,EAAA,OAAO,SAAA,EAAW,YAAY,SAAA,EAAW,IAAA;AAC3C;AAEA,SAAS,uBAAuB,MAAA,EAAoC;AAClE,EAAA,IAAI,KAAA,GAAQ,MAAA;AACZ,EAAA,IAAI,QAAA,GAAW,kBAAkB,KAAK,CAAA;AAEtC,EAAA,OACE,aAAa,aAAA,IACb,QAAA,KAAa,iBACb,QAAA,KAAa,UAAA,IACb,aAAa,UAAA,EACb;AACA,IAAA,MAAM,QAAA,GAAY,KAAA,EAAe,IAAA,IAAS,KAAA,EAAe,GAAA;AACzD,IAAA,IAAI,CAAC,UAAU,SAAA,EAAW;AACxB,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,KAAA,GAAQ,QAAA,CAAS,SAAA;AACjB,IAAA,QAAA,GAAW,kBAAkB,KAAK,CAAA;AAAA,EACpC;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,uBAAA,CACP,kBACA,MAAA,EAC2C;AAC3C,EAAA,IAAI,EAAE,gBAAA,YAA4BC,IAAA,CAAE,SAAA,CAAA,EAAY;AAC9C,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,YAAA,GAA0D,EAAE,GAAG,MAAA,EAAO;AAC5E,EAAA,MAAM,QAAQ,gBAAA,CAAiB,KAAA;AAE/B,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,WAAW,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AACtD,IAAA,MAAM,QAAA,GAAW,aAAa,GAAG,CAAA;AACjC,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,GAAiB,uBAAuB,WAAW,CAAA;AACzD,IAAA,MAAM,QAAA,GAAW,kBAAkB,cAAc,CAAA;AACjD,IAAA,MAAM,SAAA,GACJ,QAAA,KAAa,WAAA,IACb,QAAA,KAAa,UAAA,IACb,QAAA,KAAa,WAAA,IACb,QAAA,KAAa,QAAA,IACb,QAAA,KAAa,OAAA,IACb,QAAA,KAAa,QAAA;AAEf,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,YAAA,CAAa,GAAG,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,QAAQ,CAAA;AAAA,IACzC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO,YAAA;AACT;AAYO,SAAS,qBAAqB,QAAA,EAAoE;AACvG,EAAA,MAAM,cAA+C,EAAC;AAEtD,EAAA,MAAM,gBAAwD,EAAC;AAE/D,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACnD,IAAA,MAAM,YAAA,GAAe,GAAA,CAAI,KAAA,CAAM,uBAAuB,CAAA;AACtD,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,MAAM,MAAA,GAAS,aAAa,CAAC,CAAA;AAC7B,MAAA,MAAM,KAAA,GAAQ,aAAa,CAAC,CAAA;AAC5B,MAAA,MAAM,WAAW,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,GAChC,KAAA,CAAM,OAAO,CAAC,CAAA,KAAmB,OAAO,CAAA,KAAM,QAAQ,CAAA,CAAE,CAAC,IACzD,OAAO,KAAA,KAAU,WACf,KAAA,GACA,MAAA;AACN,MAAA,IAAI,aAAa,MAAA,EAAW;AAC1B,QAAA,IAAI,CAAC,aAAA,CAAc,MAAM,CAAA,EAAG;AAC1B,UAAA,aAAA,CAAc,MAAM,IAAI,EAAC;AAAA,QAC3B;AACA,QAAA,aAAA,CAAc,MAAM,CAAA,CAAG,KAAK,CAAA,GAAI,QAAA;AAAA,MAClC;AAAA,IACF,CAAA,MAAA,IAAW,OAAO,KAAA,KAAU,QAAA,EAAU;AACpC,MAAA,WAAA,CAAY,GAAG,CAAA,GAAI,KAAA;AAAA,IACrB,CAAA,MAAA,IAAW,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAE/B,MAAA,MAAM,eAAe,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA,KAAmB,OAAO,MAAM,QAAQ,CAAA;AAE3E,MAAA,WAAA,CAAY,GAAG,CAAA,GAAI,YAAA,CAAa,WAAW,CAAA,GAAI,YAAA,CAAa,CAAC,CAAA,GAAK,YAAA;AAAA,IACpE;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,CAAC,MAAA,EAAQ,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,aAAa,CAAA,EAAG;AAC9D,IAAA,IAAI,EAAE,UAAU,WAAA,CAAA,EAAc;AAC5B,MAAA,WAAA,CAAY,MAAM,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAAA,IAC/C;AAAA,EACF;AAEA,EAAA,OAAO,WAAA;AACT;AAgBO,IAAe,YAAA,GAAf,MAAe,aAAA,SAAgDC,uBAAA,CAAuB;AAAA,EACjF,MAAA;AAAA,EACA,gBAAA;AAAA,EACA,KAAA;AAAA,EACA,MAAA;AAAA,EACA,WAAA;AAAA,EACA,SAAA;AAAA,EACA,qBAAA;AAAA,EACA,aAAA;AAAA,EACA,iBAAA;AAAA,EACA,eAAA;AAAA,EACA,UAAA;AAAA,EACF,kBAAA,GAEG,IAAA;AAAA,EAEX,WAAA,CAAY;AAAA,IACV,GAAA;AAAA,IACA,MAAA;AAAA,IACA,gBAAA;AAAA,IACA,KAAA;AAAA,IACA,MAAA,GAAS,MAAA;AAAA,IACT,WAAA,GAAc,EAAA;AAAA,IACd,SAAA;AAAA,IACA,qBAAA;AAAA,IACA,aAAA;AAAA,IACA,eAAA;AAAA,IACA;AAAA,GACF,EAgBG;AACD,IAAA,KAAA,CAAM,EAAE,GAAA,EAAK,IAAA,EAAM,cAAA,EAAgB,CAAA;AACnC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,gBAAA,GAAmB,gBAAA;AACxB,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AACb,IAAA,IAAA,CAAK,MAAA,GAASC,qCAAmB,MAAM,CAAA;AACvC,IAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AACnB,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AACjB,IAAA,IAAA,CAAK,qBAAA,GAAwB,qBAAA;AAC7B,IAAA,IAAA,CAAK,aAAA,GAAgB,EAAE,MAAA,EAAQ,IAAA,EAAM,GAAG,aAAA,EAAc;AACtD,IAAA,IAAA,CAAK,eAAA,GAAkB,eAAA;AACvB,IAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAGlB,IAAA,MAAM,YAAA,GAAe,OAAO,SAAA,EAAU;AACtC,IAAA,IAAA,CAAK,iBAAA,GAAoB,IAAA,CAAK,kBAAA,CAAmB,YAAA,EAAc,OAAO,UAAU,CAAA;AAGhF,IAAA,MAAA,CAAO,gBAAgB,IAAI,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,mBAAmB,MAAA,EAAqE;AAC9F,IAAA,IAAI,WAAW,IAAA,EAAM;AAEnB,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,KAAA,EAAO,MAAA;AAAA,QACP,aAAA,EAAe,CAAC,eAAA,EAAiB,QAAQ;AAAA,OAC3C;AAAA,IACF;AACA,IAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,CAAO,OAAA,EAAS;AAEhD,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,KAAA,EAAO,OAAO,KAAA,IAAS,MAAA;AAAA,QACvB,cAAc,MAAA,CAAO,YAAA;AAAA,QACrB,gBAAgB,MAAA,CAAO,cAAA;AAAA,QACvB,oBAAoB,MAAA,CAAO,kBAAA;AAAA,QAC3B,eAAe,CAAC,mBAAG,IAAI,GAAA,CAAI,CAAC,GAAG,CAAC,eAAA,EAAiB,QAAQ,GAAG,GAAI,MAAA,CAAO,iBAAiB,EAAG,CAAC,CAAC;AAAA,OAC/F;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOU,iBAAiB,IAAA,EAAuB;AAChD,IAAA,IAAI,CAAC,IAAA,CAAK,iBAAA,EAAmB,OAAA,EAAS;AACpC,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,iBAAA,CAAkB,YAAA,IAAgB,EAAC;AAC7D,IAAA,OAAO,CAAC,YAAA,CAAa,IAAA,CAAK,CAAC,QAAA,KAAqB,IAAA,KAAS,QAAA,IAAY,IAAA,CAAK,UAAA,CAAW,QAAA,GAAW,GAAG,CAAC,CAAA;AAAA,EACtG;AAAA,EAEU,mBAAA,CAAoB;AAAA,IAC5B,oBAAA;AAAA,IACA;AAAA,GACF,EAGmB;AACjB,IAAA,MAAMC,gBAAA,GAAiB,IAAIC,6BAAA,EAAe;AAC1C,IAAA,IAAI,kBAAA,EAAoB;AACtB,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,kBAAkB,CAAA,EAAG;AAC7D,QAAA,IAAIC,6CAAA,CAA4B,GAAG,CAAA,EAAG;AACtC,QAAAF,gBAAA,CAAe,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AACA,IAAA,IAAI,oBAAA,EAAsB;AACxB,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,oBAAoB,CAAA,EAAG;AAC/D,QAAA,IAAIE,6CAAA,CAA4B,GAAG,CAAA,EAAG;AACtC,QAAAF,gBAAA,CAAe,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AACA,IAAA,OAAOA,gBAAA;AAAA,EACT;AAAA,EAEU,6BAAA,CAA8B;AAAA,IACtC,cAAA;AAAA,IACA;AAAA,GACF,EAGS;AACP,IAAA,IAAIG,0CAAA,CAAyB,SAAA,CAAUC,2CAAyB,CAAC,CAAA,EAAG;AAClE,MAAA,cAAA,CAAe,GAAA,CAAIC,wCAAsB,IAAI,CAAA;AAAA,IAC/C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAgB,cAAA,CACd,KAAA,EACA,OAAA,EAWqF;AACrF,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AAG5C,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAO,IAAA;AAAA,IACT;AAIA,IAAA,IAAI,KAAA,CAAM,iBAAiB,KAAA,EAAO;AAChC,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,SAAA,CAAU,eAAe,CAAA;AACpD,IAAA,IAAI,QAAuB,UAAA,GAAa,UAAA,CAAW,OAAA,CAAQ,SAAA,EAAW,EAAE,CAAA,GAAI,IAAA;AAC5E,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,KAAA,GAAQ,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA,IAAK,IAAA;AAAA,IACxC;AAGA,IAAA,MAAM,MAAA,GAAS,MAAMC,oCAAA,CAAmB;AAAA,MACtC,MAAM,OAAA,CAAQ,IAAA;AAAA,MACd,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,WAAW,OAAA,CAAQ,SAAA;AAAA,MACnB,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,UAAA;AAAA,MACA,uBAAuB,IAAA,CAAK,qBAAA;AAAA,MAC5B,gBAAgB,OAAA,CAAQ,cAAA;AAAA,MACxB,YAAY,OAAA,CAAQ,OAAA;AAAA,MACpB,KAAA;AAAA,MACA,qBAAA,EAAuB,OAAA,CAAQ,qBAAA,KAA0B,MAAM,IAAA;AAAA,KAChE,CAAA;AAED,IAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAQ;AAE5B,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,EAAE,MAAA,EAAQ,GAAA,EAAK,OAAO,EAAA,EAAI,OAAA,EAAS,OAAO,OAAA,EAAQ;AAAA,MAC3D;AACA,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,MAAM,YAAY,MAAA,CAAO,IAAA;AACzB,IAAA,OAAO,EAAE,MAAA,EAAQ,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO,WAAW,KAAA,IAAS,eAAA,EAAiB,OAAA,EAAS,MAAA,CAAO,OAAA,EAAQ;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcU,oBAAA,CACR,KAAA,EACA,eAAA,EACA,eAAA,EAC2D;AAG3D,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AAC9C,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,MAAM,kBAAA,GAAqBV,yCAAuB,KAAK,CAAA;AAGvD,IAAA,IAAI,CAAC,kBAAA,EAAoB;AACvB,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,IAAI,CAAC,eAAA,IAAmB,CAAC,eAAA,CAAgB,eAAA,EAAiB,kBAAkB,CAAA,EAAG;AAC7E,MAAA,OAAO;AAAA,QACL,MAAA,EAAQ,GAAA;AAAA,QACR,KAAA,EAAO,WAAA;AAAA,QACP,OAAA,EAAS,gCAAgC,kBAAkB,CAAA;AAAA,OAC7D;AAAA,IACF;AAEA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAUA,MAAM,IAAA,GAAO;AACX,IAAA,IAAA,CAAK,yBAAA,EAA0B;AAC/B,IAAA,IAAA,CAAK,sBAAA,EAAuB;AAC5B,IAAA,IAAA,CAAK,6BAAA,EAA8B;AACnC,IAAA,MAAM,KAAK,iBAAA,EAAkB;AAC7B,IAAA,MAAM,KAAK,yBAAA,EAA0B;AACrC,IAAA,MAAM,KAAK,uBAAA,EAAwB;AACnC,IAAA,MAAM,KAAK,cAAA,EAAe;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iBAAA,GAAmC;AACvC,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU;AAC3C,IAAA,MAAM,kBAAA,GAAqB,CAAC,YAAA,EAAc,IAAA,GAAO,MAAA,GAAS,MAAM,YAAA,EAAc,GAAA,GAAM,KAAA,GAAQ,IAAI,CAAA,CAAE,MAAA;AAAA,MAChG,CAAC,YAA+B,OAAA,KAAY;AAAA,KAC9C;AAEA,IAAA,IAAI,kBAAA,CAAmB,WAAW,CAAA,EAAG;AAErC,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,WAAA,EAAY,GAAI,MAAM,OAAO,sBAAsB,CAAA;AAC3D,MAAA,IAAI,CAAC,aAAY,EAAG;AAClB,QAAA,MAAM,WAAA,GAAc,kBAAA,CAAmB,IAAA,CAAK,OAAO,CAAA;AACnD,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,oBAAoB,WAAW,CAAA,CAAA,EAAI,mBAAmB,MAAA,KAAW,CAAA,GAAI,OAAO,KAAK,CAAA;AAAA,EAC5E,WAAW,CAAA,CAAA,EAAI,kBAAA,CAAmB,MAAA,KAAW,CAAA,GAAI,aAAa,SAAS,CAAA;AAAA;AAAA,oEAAA;AAAA,SAG9E;AAAA,MACF;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,eAAe,KAAA,IAAS,GAAA,CAAI,OAAA,CAAQ,UAAA,CAAW,kBAAkB,CAAA,EAAG;AACtE,QAAA,MAAM,GAAA;AAAA,MACR;AAEA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,iBAAA,EAAoB,kBAAA,CAAmB,IAAA,CAAK,OAAO,CAAC,IAAI,kBAAA,CAAmB,MAAA,KAAW,CAAA,GAAI,IAAA,GAAO,KAAK,CAAA;AAAA,qEAAA;AAAA,OAExG;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,yBAAA,GAA2C;AAC/C,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU;AAC3C,IAAA,MAAM,cAAc,YAAA,EAAc,GAAA;AAClC,IAAA,IAAI,CAAC,WAAA,EAAa;AAElB,IAAA,MAAM,gBAAgB,IAAA,CAAK,eAAA,IAAmB,YAAA,EAAc,SAAA,IAAa,EAAC,EAAG,MAAA;AAAA,MAC3E,CAAA,KAAA,KAAS,CAAC,KAAA,CAAM;AAAA,KAClB;AACA,IAAA,MAAM,MAAA,GAAS,CAAC,GAAGW,+BAAA,EAAe,GAAG,YAAY,CAAA;AAEjD,IAAA,IAAI,YAAY,mBAAA,EAAqB;AACnC,MAAA,MAAM,WAAA,GAAc,CAAC,GAAG,IAAI,GAAA,CAAI,MAAA,CAAO,OAAA,CAAQ,CAAA,KAAA,KAAS,mBAAA,CAAoB,KAAK,CAAC,CAAC,CAAC,CAAA;AACpF,MAAA,MAAM,WAAA,CAAY,oBAAoB,WAAW,CAAA;AAAA,IACnD;AAEA,IAAA,MAAM,SAAA,GAAY,WAAA,CAAY,oBAAA,KAAyB,WAAA,CAAY,4BAA4B,MAAA,GAAS,KAAA,CAAA;AACxG,IAAA,IAAI,CAAC,SAAA,IAAa,WAAA,CAAY,eAAA,EAAiB;AAE/C,IAAA,MAAM,gBAAgB,MAAA,CAAO,MAAA;AAAA,MAC3B,CAAA,KAAA,KAAS,oBAAoB,KAAK,CAAA,IAAK,CAAC,KAAA,CAAM,GAAA,IAAO,CAAC,wBAAA,CAAyB,KAAK;AAAA,KACtF;AAEA,IAAA,IAAI,aAAA,CAAc,WAAW,CAAA,EAAG;AAEhC,IAAA,MAAM,YAAY,aAAA,CAAc,GAAA,CAAI,CAAA,KAAA,KAAS,WAAA,CAAY,KAAoB,CAAC,CAAA;AAC9E,IAAA,MAAM,OAAA,GACJ,CAAA,uCAAA,EAA0C,aAAA,CAAc,MAAM,mBAC3D,aAAA,CAAc,MAAA,KAAW,CAAA,GAAI,KAAA,GAAQ,OAAO,CAAA,uBAAA,EAA0B,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAE/F,IAAA,IAAI,cAAc,OAAA,EAAS;AACzB,MAAA,MAAM,IAAI,MAAM,OAAO,CAAA;AAAA,IACzB;AAEA,IAAA,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA,CAAK,OAAA,EAAS;AAAA,MACrC,MAAA,EAAQ,SAAA;AAAA,MACR,OAAO,aAAA,CAAc;AAAA,KACtB,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,uBAAA,GAAyC;AAAA,EAG/C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMU,yBAAyB,MAAA,EAA0B;AAC3D,IAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,EAAA;AAC9B,IAAA,IAAI,CAAC,MAAA,EAAQ;AACb,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,MAAM,eAAA,EAAiB;AAC3B,MAAA,IAAI,KAAA,CAAM,KAAK,UAAA,CAAW,CAAA,EAAG,MAAM,CAAA,CAAA,CAAG,CAAA,IAAK,KAAA,CAAM,IAAA,KAAS,MAAA,EAAQ;AAChE,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,kBAAA,EAAqB,KAAA,CAAM,IAAI,CAAA,uBAAA,EAA0B,MAAM,CAAA,0FAAA,EAE3B,KAAA,CAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,EAAQ,SAAS,CAAC,CAAA,GAAA;AAAA,SAC3E;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAgB,uBAAA,GAA4C;AAC1D,IAAA,MAAM,SAAS,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,MAAA,CAAO,WAAU,EAAG,SAAA;AAChE,IAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,MAAA,KAAW,GAAG,OAAO,KAAA;AAE3C,IAAA,MAAM,gBAAA,GAAmB,iCAAA;AACzB,IAAA,MAAM,SAAS,IAAA,CAAK,MAAA;AAEpB,IAAA,MAAM,GAAA,GAAM,IAAIC,SAAA,EAGb;AAGH,IAAA,GAAA,CAAI,GAAA,CAAI,GAAA,EAAK,OAAO,CAAA,EAAG,IAAA,KAAS;AAC9B,MAAA,CAAA,CAAE,GAAA,CAAI,UAAU,MAAM,CAAA;AACtB,MAAA,CAAA,CAAE,IAAI,gBAAA,EAAkB,CAAA,CAAE,KAAK,cAAA,IAAkB,IAAIP,+BAAgB,CAAA;AACrE,MAAA,MAAM,IAAA,EAAK;AAAA,IACb,CAAC,CAAA;AAID,IAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,OAAA;AAC/C,IAAA,GAAA,CAAI,OAAA,CAAQ,CAAC,GAAA,EAAK,CAAA,KAAM;AACtB,MAAA,IAAI,aAAA,EAAe;AACjB,QAAA,OAAO,aAAA,CAAc,KAAK,CAAC,CAAA;AAAA,MAC7B;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD,CAAC,CAAA;AAED,IAAA,IAAA,CAAK,yBAAyB,MAAM,CAAA;AAGpC,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,MAAM,OAAA,GACJ,SAAA,IAAa,KAAA,IAAS,KAAA,CAAM,UACxB,KAAA,CAAM,OAAA,GACN,eAAA,IAAmB,KAAA,GACjB,MAAM,KAAA,CAAM,aAAA,CAAc,EAAE,MAAA,EAAQ,CAAA,GACpC,MAAA;AACR,MAAA,IAAI,CAAC,OAAA,EAAS;AAEd,MAAA,MAAM,cAAqB,EAAC;AAC5B,MAAA,IAAI,MAAM,UAAA,EAAY;AACpB,QAAA,WAAA,CAAY,IAAA,CAAK,GAAI,KAAA,CAAM,OAAA,CAAQ,KAAA,CAAM,UAAU,CAAA,GAAI,KAAA,CAAM,UAAA,GAAa,CAAC,KAAA,CAAM,UAAU,CAAE,CAAA;AAAA,MAC/F;AAEA,MAAA,MAAM,WAAA,GAAc,CAAC,GAAG,WAAA,EAAa,OAAO,CAAA;AAC5C,MAAA,IAAI,KAAA,CAAM,WAAW,KAAA,EAAO;AAC1B,QAAA,GAAA,CAAI,GAAA,CAAI,KAAA,CAAM,IAAA,EAAM,WAAA,CAAY,CAAC,GAAI,GAAG,WAAA,CAAY,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,MAC9D,CAAA,MAAO;AACL,QAAA,GAAA,CAAI,EAAA,CAAG,KAAA,CAAM,MAAA,EAAQ,KAAA,CAAM,IAAA,EAAM,WAAA,CAAY,CAAC,CAAA,EAAI,GAAG,WAAA,CAAY,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,MAC3E;AAAA,IACF;AAGA,IAAA,GAAA,CAAI,SAAS,MAAM,IAAI,QAAA,CAAS,IAAA,EAAM,EAAE,MAAA,EAAQ,GAAA,EAAK,OAAA,EAAS,EAAE,CAAC,gBAAgB,GAAG,MAAA,EAAO,EAAG,CAAC,CAAA;AAE/F,IAAA,IAAA,CAAK,qBAAqB,OAAO,OAAA,EAAS,QAAQ,GAAA,CAAI,KAAA,CAAM,SAAS,GAAG,CAAA;AACxE,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAgB,wBAAA,CACd,GAAA,EACA,MAAA,EACA,OAAA,EACA,MACA,cAAA,EAC0B;AAC1B,IAAA,IAAI,CAAC,IAAA,CAAK,kBAAA,EAAoB,OAAO,IAAA;AAErC,IAAA,MAAM,YAAA,GAAe,IAAI,OAAA,EAAQ;AACjC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,YAAA,CAAa,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,WAAA,IACjD,KAAA,CAAM,QAAQ,KAAK,CAAA;AAC1B,QAAA,KAAA,CAAM,QAAQ,CAAA,CAAA,KAAK;AACjB,UAAA,YAAA,CAAa,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,QAC5B,CAAC,CAAA;AAAA,IACL;AAEA,IAAA,MAAM,IAAA,GAAoB,EAAE,MAAA,EAAQ,OAAA,EAAS,YAAA,EAAa;AAC1D,IAAA,IAAI,CAAC,QAAQ,KAAA,EAAO,OAAO,EAAE,QAAA,CAAS,MAAM,CAAA,IAAK,IAAA,KAAS,MAAA,EAAW;AACnE,MAAA,IAAI,IAAA,YAAgB,WAAA,IAAe,IAAA,YAAgB,UAAA,IAAc,gBAAgB,cAAA,EAAgB;AAC/F,QAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,QAAA,IAAI,gBAAgB,cAAA,EAAgB;AAClC,UAAC,KAAa,MAAA,GAAS,MAAA;AAAA,QACzB;AAAA,MACF,CAAA,MAAO;AACL,QAAA,MAAM,WAAA,GAAA,CAAe,OAAO,OAAA,CAAQ,cAAc,MAAM,QAAA,GAAW,OAAA,CAAQ,cAAc,CAAA,GAAI,EAAA,KAAO,EAAA;AACpG,QAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,UAAA,IAAA,CAAK,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,QACjC,CAAA,MAAA,IAAW,OAAO,IAAA,KAAS,QAAA,EAAU;AACnC,UAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,IAAI,UAAA,CAAW,OAAA,CAAQ,KAAK,IAAI,CAAA;AAChD,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,mBAAmB,OAAA,EAAS,EAAE,gBAAgB,CAAA;AAE1E,IAAA,IAAI,SAAS,OAAA,CAAQ,GAAA,CAAI,iCAAiC,CAAA,KAAM,QAAQ,OAAO,IAAA;AAC/E,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAgB,wBAAA,CACd,QAAA,EACA,OAAA,EAKe;AACf,IAAA,MAAM,UAA6C,EAAC;AACpD,IAAA,QAAA,CAAS,OAAA,CAAQ,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AACvC,MAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,YAAA,EAAc;AACtC,QAAA,OAAA,CAAQ,GAAG,CAAA,GAAI,KAAA;AAAA,MACjB;AAAA,IACF,CAAC,CAAA;AACD,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,OAAA,CAAQ,YAAA,IAAe;AACnD,IAAA,IAAI,UAAA,IAAc,UAAA,CAAW,MAAA,GAAS,CAAA,EAAG;AACvC,MAAA,OAAA,CAAQ,YAAY,CAAA,GAAI,UAAA;AAAA,IAC1B;AACA,IAAA,OAAA,CAAQ,SAAA,CAAU,QAAA,CAAS,MAAA,EAAQ,OAAO,CAAA;AAE1C,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAM,MAAA,GAAS,QAAA,CAAS,IAAA,CAAK,SAAA,EAAU;AACvC,MAAA,IAAI;AACF,QAAA,OAAO,IAAA,EAAM;AACX,UAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,OAAO,IAAA,EAAK;AAC1C,UAAA,IAAI,IAAA,EAAM;AACV,UAAA,OAAA,CAAQ,MAAM,KAAK,CAAA;AAAA,QACrB;AAAA,MACF,CAAA,SAAE;AACA,QAAA,OAAA,CAAQ,GAAA,EAAI;AAAA,MACd;AAAA,IACF,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,QAAA,CAAS,IAAA,EAAM,CAAA;AAAA,IACnC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAA,CAAiB,QAAiE,MAAA,EAAsB;AAC9G,IAAA,MAAM,WAAA,GAAcQ,yCAAA,CAAwBF,+BAAA,EAAe,MAAM,CAAA;AAEjE,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,WAAA,CAAY,OAAA,GAAU,CAAC,EAAE,GAAA,EAAK,QAAQ,CAAA;AAAA,IACxC;AAGA,IAAA,MAAM,kBAAkB,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,MAAA,CAAO,WAAU,EAAG,SAAA;AACzE,IAAA,IAAI,eAAA,IAAmB,eAAA,CAAgB,MAAA,GAAS,CAAA,EAAG;AACjD,MAAA,MAAM,WAAA,GAAcG,oDAAkC,eAAe,CAAA;AACrE,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,KAAA,MAAW,OAAA,IAAW,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,EAAG;AAC9C,UAAA,IAAI,CAAC,WAAA,CAAY,OAAO,CAAA,CAAE,OAAA,EAAS;AACjC,YAAA,WAAA,CAAY,OAAO,CAAA,CAAE,OAAA,GAAU,CAAC,EAAE,GAAA,EAAK,KAAK,CAAA;AAAA,UAC9C;AAAA,QACF;AAAA,MACF;AACA,MAAA,WAAA,CAAY,QAAQ,EAAE,GAAG,WAAA,CAAY,KAAA,EAAO,GAAG,WAAA,EAAY;AAAA,IAC7D;AAEA,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEA,MAAM,qBAAqB,GAAA,EAAW,MAAA,GAAwB,EAAC,EAAG,EAAE,QAAO,EAAuC;AAChH,IAAA,MAAM;AAAA,MACJ,KAAA,GAAQ,YAAA;AAAA,MACR,OAAA,GAAU,OAAA;AAAA,MACV,WAAA,GAAc,mBAAA;AAAA,MACd,IAAA,GAAO;AAAA,KACT,GAAI,MAAA;AAEJ,IAAA,MAAM,WAAA,GAAc,KAAK,gBAAA,CAAiB,EAAE,OAAO,OAAA,EAAS,WAAA,IAAe,MAAM,CAAA;AAEjF,IAAA,MAAM,YAAA,GAA4B;AAAA,MAChC,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA;AAAA,MACA,YAAA,EAAc,MAAA;AAAA,MACd,SAAS,YAAY;AAAA,KACvB;AAEA,IAAA,MAAM,KAAK,aAAA,CAAc,GAAA,EAAK,YAAA,EAAc,EAAE,QAAQ,CAAA;AAAA,EACxD;AAAA,EAEA,MAAM,cAAA,GAAgC;AAIpC,IAAA,KAAA,MAAW,SAASH,+BAAA,EAAe;AACjC,MAAA,MAAM,IAAA,CAAK,cAAc,IAAA,CAAK,GAAA,EAAK,OAAO,EAAE,MAAA,EAAQ,IAAA,CAAK,MAAA,EAAQ,CAAA;AAAA,IACnE;AAEA,IAAA,IAAI,KAAK,WAAA,EAAa;AACpB,MAAA,MAAM,UAAA,GAAa;AAAA,QACjB,KAAA,EAAO,YAAA;AAAA,QACP,OAAA,EAAS,OAAA;AAAA,QACT,WAAA,EAAa;AAAA,OACf;AAEA,MAAA,MAAM,IAAA,CAAK,oBAAA,CAAqB,IAAA,CAAK,GAAA,EAAK,EAAE,GAAG,UAAA,EAAY,IAAA,EAAM,IAAA,CAAK,aAAY,EAAG,EAAE,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA;AAAA,IAC9G;AAAA,EACF;AAAA,EAEA,MAAM,eAAA,CAAgB,KAAA,EAAoB,MAAA,EAA8D;AACtG,IAAA,MAAM,kBAAkB,KAAA,CAAM,eAAA;AAC9B,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,OAAO,eAAA,CAAgB,WAAW,MAAM,CAAA;AAAA,EAC1C;AAAA,EAEA,MAAM,gBAAA,CAAiB,KAAA,EAAoB,MAAA,EAAuE;AAChH,IAAA,MAAM,mBAAmB,KAAA,CAAM,gBAAA;AAC/B,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,gBAAA,GAAmB,uBAAA,CAAwB,gBAAA,EAAkC,MAAM,CAAA;AACzF,IAAA,OAAO,gBAAA,CAAiB,WAAW,gBAAgB,CAAA;AAAA,EACrD;AAAA,EAEA,MAAM,SAAA,CAAU,KAAA,EAAoB,IAAA,EAAiC;AACnE,IAAA,MAAM,aAAa,KAAA,CAAM,UAAA;AACzB,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO,UAAA,CAAW,WAAW,IAAI,CAAA;AAAA,EACnC;AAAA,EAEA,OAAwB,cAAA,GAAyD;AAAA,IAC/E,KAAA,EAAO,kBAAA;AAAA,IACP,IAAA,EAAM,cAAA;AAAA,IACN,IAAA,EAAM;AAAA,GACR;AAAA,EAEU,sBAAA,CACR,KAAA,EACA,KAAA,EACA,OAAA,EACyB;AACzB,IAAA,MAAM,OAAO,KAAA,CAAM,iBAAA,IAAqB,IAAA,CAAK,MAAA,CAAO,WAAU,EAAG,iBAAA;AAEjE,IAAA,IAAI,IAAA,EAAM;AACR,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,EAAO,OAAO,CAAA;AAClC,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,OAAO,MAAA;AAAA,QACT;AAAA,MACF,SAAS,SAAA,EAAW;AAClB,QAAA,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,wCAAA,EAA0C;AAAA,UACvE,KAAA,EAAO,SAAA,YAAqB,KAAA,GAAQ,EAAE,OAAA,EAAS,UAAU,OAAA,EAAS,KAAA,EAAO,SAAA,CAAU,KAAA,EAAM,GAAI;AAAA,SAC9F,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,GAAA;AAAA,MACR,MAAMI,gCAAA,CAAe,KAAA,EAAO,aAAA,CAAa,cAAA,CAAe,OAAO,CAAC;AAAA,KAClE;AAAA,EACF;AACF;AAMA,eAAsB,aAAA,CACpB,MAAA,EACA,KAAA,EACA,cAAA,EACA,MAAA,EACoE;AACpE,EAAA,MAAM,WAAA,GAAc,eAAe,MAAM,CAAA;AACzC,EAAA,IAAI,CAAC,aAAa,OAAO,IAAA;AAEzB,EAAA,MAAM,YAAY,MAAM,qBAAA,CAAsB,WAAA,EAAa,KAAA,EAAO,gBAAgB,MAAM,CAAA;AACxF,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,IAAI,WAAA,CAAY,yBAAA,IAA6B,mBAAA,CAAoB,KAAK,CAAA,EAAG;AACvE,MAAA,OAAO;AAAA,QACL,MAAA,EAAQ,GAAA;AAAA,QACR,KAAA,EAAO,WAAA;AAAA,QACP,OAAA,EAAS;AAAA,OACX;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,cAAA,EAAgB,GAAA,CAAI,MAAM,CAAA;AACvC,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,GAAA;AAAA,MACR,KAAA,EAAO,WAAA;AAAA,MACP,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAEA,EAAA,MAAM,aACJ,OAAO,SAAA,CAAU,eAAe,UAAA,GAC5B,SAAA,CAAU,WAAW,MAAA,EAAQ,EAAE,gBAAgB,CAAA,GAC/C,UAAU,UAAA,KAAe,SAAA,CAAU,kBAAmB,MAAA,CAAO,SAAA,CAAU,eAAe,CAAA,GAAe,MAAA,CAAA;AAC3G,EAAA,IAAI,CAAC,SAAA,CAAU,YAAA,IAAgB,CAAC,UAAA,EAAY;AAC1C,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,GAAA;AAAA,MACR,KAAA,EAAO,WAAA;AAAA,MACP,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AACA,EAAA,MAAM,aACJ,SAAA,CAAU,UAAA,KACT,MAAM,IAAA,GAAOf,wCAAA,CAAuB,KAAK,CAAA,GAAI,IAAA,CAAA,IAC9C,CAAA,EAAG,4BAAA,CAA6B,UAAU,YAAY,CAAC,IAAI,eAAA,CAAgB,KAAA,CAAM,MAAM,CAAC,CAAA,CAAA;AAE1F,EAAA,MAAM,UAAA,GAAa,MAAM,WAAA,CAAY,KAAA,CAAM,IAAA,EAAM;AAAA,IAC/C,UAAU,EAAE,IAAA,EAAM,SAAA,CAAU,YAAA,EAAc,IAAI,UAAA,EAAW;AAAA,IACzD,UAAA;AAAA,IACA,OAAA,EAAS,EAAE,UAAA,EAAY,cAAA;AAAe,GACvC,CAAA;AAED,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,GAAA;AAAA,MACR,KAAA,EAAO,WAAA;AAAA,MACP,SAAS,CAAA,iCAAA,EAAoC,UAAU,OAAO,SAAA,CAAU,YAAY,IAAI,UAAU,CAAA;AAAA,KACpG;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,gBAAgB,MAAA,EAAwB;AAC/C,EAAA,QAAQ,MAAA,CAAO,aAAY;AAAG,IAC5B,KAAK,KAAA;AACH,MAAA,OAAO,MAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,MAAA;AAAA,IACL,KAAK,KAAA;AAAA,IACL,KAAK,OAAA;AACH,MAAA,OAAO,OAAA;AAAA,IACT;AACE,MAAA,OAAO,MAAA;AAAA;AAEb;AAEA,SAAS,6BAA6B,YAAA,EAA8B;AAClE,EAAA,MAAM,uBAAA,GAAkD;AAAA,IACtD,KAAA,EAAO,QAAA;AAAA,IACP,QAAA,EAAU,WAAA;AAAA,IACV,IAAA,EAAM,OAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACV;AAEA,EAAA,OAAO,uBAAA,CAAwB,YAAY,CAAA,IAAK,YAAA;AAClD","file":"index.cjs","sourcesContent":["import type { ChunkType } from '@mastra/core/stream';\n\n/**\n * Redacts request data from a v2 format payload.\n * Removes `metadata.request` and `output.steps[].request` from the payload.\n */\nfunction redactV2Payload(payload: Record<string, unknown>): Record<string, unknown> {\n const redactedPayload = { ...payload };\n\n // Remove metadata.request\n if (redactedPayload.metadata && typeof redactedPayload.metadata === 'object') {\n const { request, ...metadataRest } = redactedPayload.metadata as Record<string, unknown>;\n redactedPayload.metadata = metadataRest;\n }\n\n // Remove request from output.steps[]\n if (redactedPayload.output && typeof redactedPayload.output === 'object') {\n const output = { ...(redactedPayload.output as Record<string, unknown>) };\n if (Array.isArray(output.steps)) {\n output.steps = output.steps.map((step: Record<string, unknown>) => {\n if (step && typeof step === 'object') {\n const { request, ...stepRest } = step;\n return stepRest;\n }\n return step;\n });\n }\n redactedPayload.output = output;\n }\n\n return redactedPayload;\n}\n\n/**\n * Redacts sensitive data from stream chunks before they are sent to clients.\n *\n * This function strips out request bodies that may contain sensitive information\n * such as system prompts, tool definitions, API keys, and other configuration data.\n *\n * Handles both v1 (legacy) and v2 stream formats:\n *\n * v1 format (fields at root level):\n * - `step-start.request` - Contains the full LLM request body\n * - `step-finish.request` - Contains the request body\n * - `finish.request` - Contains the request body (if present)\n *\n * v2 format (fields nested in payload):\n * - `step-start.payload.request` - Contains the full LLM request body\n * - `step-finish.payload.metadata.request` - Contains the request metadata\n * - `step-finish.payload.output.steps[].request` - Contains request data for each step\n * - `finish.payload.metadata.request` - Contains the request metadata\n * - `finish.payload.output.steps[].request` - Contains request data for each step\n *\n * @param chunk - The stream chunk to redact\n * @returns A new chunk with sensitive data removed, or the original chunk if no redaction needed\n */\nexport function redactStreamChunk<OUTPUT = undefined>(chunk: ChunkType<OUTPUT>): ChunkType<OUTPUT> {\n if (!chunk || typeof chunk !== 'object') {\n return chunk;\n }\n\n const typedChunk = chunk as Record<string, unknown>;\n\n switch (chunk.type) {\n case 'step-start': {\n // Check if this is v2 format (has payload) or v1 format (request at root)\n if ('payload' in typedChunk && typedChunk.payload && typeof typedChunk.payload === 'object') {\n // v2 format: Remove request from payload\n const { payload, ...rest } = typedChunk;\n const { request, ...payloadRest } = payload as Record<string, unknown>;\n return {\n ...rest,\n type: 'step-start',\n payload: {\n ...payloadRest,\n // Keep an empty request object to maintain structure but remove body\n request: {},\n },\n } as ChunkType<OUTPUT>;\n } else if ('request' in typedChunk) {\n // v1 format: Remove request at root level\n const { request, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'step-start',\n // Keep an empty request object to maintain structure\n request: {},\n } as unknown as ChunkType<OUTPUT>;\n }\n return chunk;\n }\n\n case 'step-finish': {\n // Check if this is v2 format (has payload) or v1 format (request at root)\n if ('payload' in typedChunk && typedChunk.payload && typeof typedChunk.payload === 'object') {\n // v2 format: Remove request from metadata and output.steps[].request\n const { payload, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'step-finish',\n payload: redactV2Payload(payload as Record<string, unknown>),\n } as ChunkType<OUTPUT>;\n } else if ('request' in typedChunk) {\n // v1 format: Remove request at root level\n const { request, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'step-finish',\n } as unknown as ChunkType<OUTPUT>;\n }\n return chunk;\n }\n\n case 'finish': {\n // Check if this is v2 format (has payload) or v1 format (request at root)\n if ('payload' in typedChunk && typedChunk.payload && typeof typedChunk.payload === 'object') {\n // v2 format: Remove request from metadata and output.steps[].request\n const { payload, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'finish',\n payload: redactV2Payload(payload as Record<string, unknown>),\n } as ChunkType<OUTPUT>;\n } else if ('request' in typedChunk) {\n // v1 format: Remove request at root level\n const { request, ...rest } = typedChunk;\n return {\n ...rest,\n type: 'finish',\n } as unknown as ChunkType<OUTPUT>;\n }\n return chunk;\n }\n\n default:\n // Other chunk types don't contain sensitive request data\n return chunk;\n }\n}\n","import type { ToolsInput } from '@mastra/core/agent';\nimport type { FGARouteConfig, FGARouteInfo, IFGAProvider, MastraFGAPermissionInput } from '@mastra/core/auth/ee';\nimport type { Mastra } from '@mastra/core/mastra';\nimport { RequestContext } from '@mastra/core/request-context';\nimport { MastraServerBase } from '@mastra/core/server';\nimport type { ApiRoute, HttpLoggingConfig, ValidationErrorContext, ValidationErrorResponse } from '@mastra/core/server';\nimport { Hono } from 'hono';\nimport type { ZodError } from 'zod/v4';\nimport { z } from 'zod/v4';\n\nimport type { InMemoryTaskStore } from '../a2a/store';\nimport { coreAuthMiddleware } from '../auth/helpers';\nimport {\n MASTRA_CLIENT_TYPE_HEADER,\n MASTRA_IS_STUDIO_KEY,\n isReservedRequestContextKey,\n isStudioClientTypeHeader,\n} from '../constants';\nimport { formatZodError } from '../handlers/error';\nimport { normalizeRoutePath } from '../utils';\nimport { generateOpenAPIDocument, convertCustomRoutesToOpenAPIPaths } from './openapi-utils';\nimport { SERVER_ROUTES, getEffectivePermission } from './routes';\nimport type { ServerRoute } from './routes';\n\nexport * from './routes';\nexport { redactStreamChunk } from './redact';\nexport {\n MASTRA_CLIENT_TYPE_HEADER,\n MASTRA_IS_STUDIO_KEY,\n MASTRA_STUDIO_CLIENT_TYPE,\n isReservedRequestContextKey,\n isStudioClientTypeHeader,\n} from '../constants';\n\nexport { WorkflowRegistry, normalizeRoutePath } from '../utils';\n\nexport interface OpenAPIConfig {\n title?: string;\n version?: string;\n description?: string;\n path?: string;\n}\n\nexport interface BodyLimitOptions {\n maxSize: number;\n onError: (error: unknown) => unknown;\n}\n\nexport interface StreamOptions {\n /**\n * When true (default), redacts sensitive data from stream chunks\n * (system prompts, tool definitions, API keys) before sending to clients.\n *\n * Set to false to include full request data in stream chunks (useful for\n * debugging or internal services that need access to this data).\n *\n * @default true\n */\n redact?: boolean;\n}\n\n/**\n * MCP transport options for configuring MCP HTTP and SSE transports.\n */\nexport interface MCPOptions {\n /**\n * When true, runs in stateless mode without session management.\n * Ideal for serverless environments (Cloudflare Workers, Vercel Edge, etc.)\n * where you can't maintain persistent connections across requests.\n *\n * @default false\n */\n serverless?: boolean;\n /**\n * Custom session ID generator function.\n */\n sessionIdGenerator?: () => string;\n}\n\n/**\n * Query parameter values parsed from HTTP requests.\n * Supports both single values and arrays (for repeated query params like ?tag=a&tag=b).\n */\nexport type QueryParamValue = string | string[];\n\n/**\n * Parsed request parameters returned by getParams().\n */\nexport interface ParsedRequestParams {\n urlParams: Record<string, string>;\n queryParams: Record<string, QueryParamValue>;\n body: unknown;\n /**\n * Error that occurred while parsing the request body.\n * When set, the server should return a 400 Bad Request response.\n */\n bodyParseError?: {\n message: string;\n };\n}\n\nfunction isProtectedFGARoute(route: Pick<ServerRoute, 'requiresAuth'>): boolean {\n return route.requiresAuth !== false;\n}\n\nfunction formatRoute(route: Pick<ServerRoute, 'method' | 'path'>): string {\n return `${route.method} ${route.path}`;\n}\n\nfunction getFGAProvider(mastra: any): IFGAProvider | undefined {\n return mastra?.getServer?.()?.fga as IFGAProvider | undefined;\n}\n\nfunction getFGARouteInfo(route: ServerRoute): FGARouteInfo {\n return {\n path: route.path,\n method: route.method,\n requiresAuth: route.requiresAuth,\n requiresPermission: route.requiresPermission,\n fga: route.fga,\n };\n}\n\nfunction getRoutePermissions(route: ServerRoute): MastraFGAPermissionInput[] {\n return [getEffectivePermission(route), route.fga?.permission].filter(\n (permission): permission is MastraFGAPermissionInput => Boolean(permission),\n );\n}\n\nfunction getToolRoutePermission(path: string): MastraFGAPermissionInput {\n return path.includes('/execute') ? 'tools:execute' : 'tools:read';\n}\n\nfunction getBuiltInRouteFGAConfig(route: ServerRoute): FGARouteConfig | null {\n if (!isProtectedFGARoute(route) || !route.path || !route.method) {\n return null;\n }\n\n const permission = getEffectivePermission(route) as MastraFGAPermissionInput | null;\n if (!permission) {\n return null;\n }\n\n const path = route.path;\n if (path.startsWith('/agents/:agentId/tools/:toolId')) {\n return {\n resourceType: 'tool',\n resourceId: ({ agentId, toolId }) => `${String(agentId)}:${String(toolId)}`,\n permission: getToolRoutePermission(path),\n };\n }\n\n if (path.startsWith('/agents/:agentId')) {\n return { resourceType: 'agent', resourceIdParam: 'agentId', permission };\n }\n\n if (path.startsWith('/workflows/:workflowId')) {\n return { resourceType: 'workflow', resourceIdParam: 'workflowId', permission };\n }\n\n if (path.startsWith('/tools/:toolId')) {\n return { resourceType: 'tool', resourceIdParam: 'toolId', permission };\n }\n\n if (path.startsWith('/mcp/:serverId/tools/:toolId')) {\n return {\n resourceType: 'tool',\n resourceId: ({ serverId, toolId }) => JSON.stringify([String(serverId), String(toolId)]),\n permission: getToolRoutePermission(path),\n };\n }\n\n if (path.startsWith('/mcp/:serverId')) {\n return { resourceType: 'mcp', resourceIdParam: 'serverId', permission };\n }\n\n if (path.startsWith('/memory/threads/:threadId') || path.startsWith('/memory/network/threads/:threadId')) {\n return { resourceType: 'thread', resourceIdParam: 'threadId', permission };\n }\n\n if (path === '/memory/threads' || path === '/memory/network/threads') {\n return {\n resourceType: 'thread',\n resourceId: ({ threadId, resourceId }) => {\n if (typeof threadId === 'string') return threadId;\n return typeof resourceId === 'string' ? resourceId : undefined;\n },\n permission,\n };\n }\n\n if (path === '/memory/save-messages' || path === '/memory/network/save-messages') {\n return {\n resourceType: 'thread',\n resourceId: ({ messages }) => {\n if (!Array.isArray(messages)) return undefined;\n const threadId = messages.find(\n message => message && typeof message === 'object' && 'threadId' in message,\n )?.threadId;\n return typeof threadId === 'string' ? threadId : undefined;\n },\n permission,\n };\n }\n\n if (path === '/v1/responses') {\n return { resourceType: 'agent', resourceIdParam: 'agent_id', permission };\n }\n\n if (path.startsWith('/v1/responses/:responseId')) {\n return { resourceType: 'response', resourceIdParam: 'responseId', permission };\n }\n\n if (path === '/v1/conversations') {\n return { resourceType: 'agent', resourceIdParam: 'agent_id', permission };\n }\n\n if (path.startsWith('/v1/conversations/:conversationId')) {\n return { resourceType: 'conversation', resourceIdParam: 'conversationId', permission };\n }\n\n return null;\n}\n\nasync function resolveRouteFGAConfig(\n fgaProvider: IFGAProvider,\n route: ServerRoute,\n requestContext: RequestContext,\n params: Record<string, unknown>,\n): Promise<FGARouteConfig | null | undefined> {\n if (route.fga) {\n return route.fga;\n }\n\n const resolvedConfig = await fgaProvider.resolveRouteFGA?.({\n route: getFGARouteInfo(route),\n params,\n requestContext,\n });\n if (resolvedConfig) {\n return resolvedConfig;\n }\n\n return getBuiltInRouteFGAConfig(route);\n}\n\nfunction getSchemaTypeName(schema: z.ZodTypeAny): string | undefined {\n const schemaDef = (schema as any)?._def ?? (schema as any)?.def;\n return schemaDef?.typeName ?? schemaDef?.type;\n}\n\nfunction unwrapOptionalNullable(schema: z.ZodTypeAny): z.ZodTypeAny {\n let inner = schema;\n let typeName = getSchemaTypeName(inner);\n\n while (\n typeName === 'ZodOptional' ||\n typeName === 'ZodNullable' ||\n typeName === 'optional' ||\n typeName === 'nullable'\n ) {\n const innerDef = (inner as any)?._def ?? (inner as any)?.def;\n if (!innerDef?.innerType) {\n return inner;\n }\n inner = innerDef.innerType;\n typeName = getSchemaTypeName(inner);\n }\n\n return inner;\n}\n\nfunction parseComplexQueryParams(\n queryParamSchema: z.ZodTypeAny,\n params: Record<string, QueryParamValue>,\n): Record<string, QueryParamValue | unknown> {\n if (!(queryParamSchema instanceof z.ZodObject)) {\n return params;\n }\n\n const parsedParams: Record<string, QueryParamValue | unknown> = { ...params };\n const shape = queryParamSchema.shape as Record<string, z.ZodTypeAny>;\n\n for (const [key, fieldSchema] of Object.entries(shape)) {\n const rawValue = parsedParams[key];\n if (typeof rawValue !== 'string') {\n continue;\n }\n\n const unwrappedField = unwrapOptionalNullable(fieldSchema);\n const typeName = getSchemaTypeName(unwrappedField);\n const isComplex =\n typeName === 'ZodObject' ||\n typeName === 'ZodArray' ||\n typeName === 'ZodRecord' ||\n typeName === 'object' ||\n typeName === 'array' ||\n typeName === 'record';\n\n if (!isComplex) {\n continue;\n }\n\n try {\n parsedParams[key] = JSON.parse(rawValue);\n } catch {\n // Keep original string; schema validation will surface a clear error.\n }\n }\n\n return parsedParams;\n}\n\n/**\n * Normalizes query parameters from various HTTP framework formats to a consistent structure.\n * Handles both single string values and arrays (for repeated query params like ?tag=a&tag=b).\n * Reconstructs bracket-notation keys (e.g., `orderBy[field]=createdAt`) into JSON strings\n * so that z.preprocess JSON.parse can handle them.\n * Filters out non-string values that some frameworks may include.\n *\n * @param rawQuery - Raw query parameters from the HTTP framework (may contain strings, arrays, or nested objects)\n * @returns Normalized query parameters as Record<string, string | string[]>\n */\nexport function normalizeQueryParams(rawQuery: Record<string, unknown>): Record<string, QueryParamValue> {\n const queryParams: Record<string, QueryParamValue> = {};\n // Collect bracket-notation keys: e.g., \"orderBy[field]\" → parent \"orderBy\", child \"field\"\n const bracketGroups: Record<string, Record<string, string>> = {};\n\n for (const [key, value] of Object.entries(rawQuery)) {\n const bracketMatch = key.match(/^([^[]+)\\[([^\\]]+)\\]$/);\n if (bracketMatch) {\n const parent = bracketMatch[1]!;\n const child = bracketMatch[2]!;\n const strValue = Array.isArray(value)\n ? value.filter((v): v is string => typeof v === 'string')[0]\n : typeof value === 'string'\n ? value\n : undefined;\n if (strValue !== undefined) {\n if (!bracketGroups[parent]) {\n bracketGroups[parent] = {};\n }\n bracketGroups[parent]![child] = strValue;\n }\n } else if (typeof value === 'string') {\n queryParams[key] = value;\n } else if (Array.isArray(value)) {\n // Filter to only string values (some frameworks include nested objects)\n const stringValues = value.filter((v): v is string => typeof v === 'string');\n // Convert single-value arrays back to strings for compatibility\n queryParams[key] = stringValues.length === 1 ? stringValues[0]! : stringValues;\n }\n }\n\n // Merge bracket groups as JSON strings (only if the parent key wasn't already set directly)\n for (const [parent, children] of Object.entries(bracketGroups)) {\n if (!(parent in queryParams)) {\n queryParams[parent] = JSON.stringify(children);\n }\n }\n\n return queryParams;\n}\n\n/**\n * Abstract base class for server adapters that handle HTTP requests.\n *\n * This class extends `MastraServerBase` to inherit app storage functionality\n * and provides the framework for registering routes, middleware, and handling requests.\n *\n * Framework-specific adapters in @mastra/hono and @mastra/express extend this class\n * (both named `MastraServer` in their respective packages) and implement the abstract\n * methods for their specific framework.\n *\n * @template TApp - The type of the server app (e.g., Hono, Express Application)\n * @template TRequest - The type of the request object\n * @template TResponse - The type of the response object\n */\nexport abstract class MastraServer<TApp, TRequest, TResponse> extends MastraServerBase<TApp> {\n protected mastra: Mastra;\n protected bodyLimitOptions?: BodyLimitOptions;\n protected tools?: ToolsInput;\n protected prefix?: string;\n protected openapiPath?: string;\n protected taskStore?: InMemoryTaskStore;\n protected customRouteAuthConfig?: Map<string, boolean>;\n protected streamOptions: StreamOptions;\n protected httpLoggingConfig?: HttpLoggingConfig;\n protected customApiRoutes?: ApiRoute[];\n protected mcpOptions?: MCPOptions;\n private customRouteHandler:\n | ((request: Request, env?: { requestContext?: RequestContext }) => Promise<Response>)\n | null = null;\n\n constructor({\n app,\n mastra,\n bodyLimitOptions,\n tools,\n prefix = '/api',\n openapiPath = '',\n taskStore,\n customRouteAuthConfig,\n streamOptions,\n customApiRoutes,\n mcpOptions,\n }: {\n app: TApp;\n mastra: Mastra;\n bodyLimitOptions?: BodyLimitOptions;\n tools?: ToolsInput;\n prefix?: string;\n openapiPath?: string;\n taskStore?: InMemoryTaskStore;\n customRouteAuthConfig?: Map<string, boolean>;\n streamOptions?: StreamOptions;\n customApiRoutes?: ApiRoute[];\n /**\n * MCP transport options applied to all MCP HTTP and SSE routes.\n * Individual routes can override these via MCPHttpTransportResult.mcpOptions.\n */\n mcpOptions?: MCPOptions;\n }) {\n super({ app, name: 'MastraServer' });\n this.mastra = mastra;\n this.bodyLimitOptions = bodyLimitOptions;\n this.tools = tools;\n this.prefix = normalizeRoutePath(prefix);\n this.openapiPath = openapiPath;\n this.taskStore = taskStore;\n this.customRouteAuthConfig = customRouteAuthConfig;\n this.streamOptions = { redact: true, ...streamOptions };\n this.customApiRoutes = customApiRoutes;\n this.mcpOptions = mcpOptions;\n\n // Parse HTTP logging configuration\n const serverConfig = mastra.getServer();\n this.httpLoggingConfig = this.parseLoggingConfig(serverConfig?.build?.apiReqLogs);\n\n // Automatically register this adapter with Mastra so getServerApp() works\n mastra.setMastraServer(this);\n }\n\n /**\n * Parses the apiReqLogs configuration into a normalized HttpLoggingConfig.\n * @param config - The raw config value from server.build.apiReqLogs\n * @returns Normalized HttpLoggingConfig or undefined if disabled\n */\n private parseLoggingConfig(config?: boolean | HttpLoggingConfig): HttpLoggingConfig | undefined {\n if (config === true) {\n // Default configuration when enabled with just `true`\n return {\n enabled: true,\n level: 'info',\n redactHeaders: ['authorization', 'cookie'],\n };\n }\n if (typeof config === 'object' && config.enabled) {\n // Merge user config with defaults\n return {\n enabled: true,\n level: config.level || 'info',\n excludePaths: config.excludePaths,\n includeHeaders: config.includeHeaders,\n includeQueryParams: config.includeQueryParams,\n redactHeaders: [...new Set([...['authorization', 'cookie'], ...(config.redactHeaders || [])])],\n };\n }\n return undefined;\n }\n\n /**\n * Determines if a request to the given path should be logged.\n * @param path - The request path to check\n * @returns true if the request should be logged, false otherwise\n */\n protected shouldLogRequest(path: string): boolean {\n if (!this.httpLoggingConfig?.enabled) {\n return false;\n }\n\n // Uses segment-aware matching so '/health' excludes '/health' and '/health/deep' but not '/healthcheck'\n const excludePaths = this.httpLoggingConfig.excludePaths || [];\n return !excludePaths.some((excluded: string) => path === excluded || path.startsWith(excluded + '/'));\n }\n\n protected mergeRequestContext({\n paramsRequestContext,\n bodyRequestContext,\n }: {\n paramsRequestContext?: Record<string, any>;\n bodyRequestContext?: Record<string, any>;\n }): RequestContext {\n const requestContext = new RequestContext();\n if (bodyRequestContext) {\n for (const [key, value] of Object.entries(bodyRequestContext)) {\n if (isReservedRequestContextKey(key)) continue;\n requestContext.set(key, value);\n }\n }\n if (paramsRequestContext) {\n for (const [key, value] of Object.entries(paramsRequestContext)) {\n if (isReservedRequestContextKey(key)) continue;\n requestContext.set(key, value);\n }\n }\n return requestContext;\n }\n\n protected applyRequestMetadataToContext({\n requestContext,\n getHeader,\n }: {\n requestContext: RequestContext;\n getHeader: (name: string) => string | undefined;\n }): void {\n if (isStudioClientTypeHeader(getHeader(MASTRA_CLIENT_TYPE_HEADER))) {\n requestContext.set(MASTRA_IS_STUDIO_KEY, true);\n }\n }\n\n /**\n * Check if the current request should be authenticated/authorized.\n * Returns null if auth passes, or an error response if it fails.\n *\n * This is a thin wrapper around coreAuthMiddleware that:\n * 1. Handles route-level requiresAuth opt-out (not available in global middleware)\n * 2. Delegates all other auth logic to coreAuthMiddleware\n * 3. Translates the AuthResult into the {status, error} format adapters expect\n */\n protected async checkRouteAuth(\n route: ServerRoute,\n context: {\n path: string;\n method: string;\n getHeader: (name: string) => string | undefined;\n getQuery: (name: string) => string | undefined;\n requestContext: RequestContext;\n /** Raw Request object for cookie-based auth providers */\n request?: Request;\n /** Build framework-specific context for authorize() callback */\n buildAuthorizeContext?: () => unknown;\n },\n ): Promise<{ status: number; error: string; headers?: Record<string, string> } | null> {\n const authConfig = this.mastra.getServer()?.auth;\n\n // No auth config means no auth required\n if (!authConfig) {\n return null;\n }\n\n // Check route-level requiresAuth flag first (explicit per-route setting)\n // This opt-out is route-specific and not available in the global middleware\n if (route.requiresAuth === false) {\n return null;\n }\n\n // Extract token from headers/query\n const authHeader = context.getHeader('authorization');\n let token: string | null = authHeader ? authHeader.replace('Bearer ', '') : null;\n if (!token) {\n token = context.getQuery('apiKey') || null;\n }\n\n // Delegate to coreAuthMiddleware for all auth logic\n const result = await coreAuthMiddleware({\n path: context.path,\n method: context.method,\n getHeader: context.getHeader,\n mastra: this.mastra,\n authConfig,\n customRouteAuthConfig: this.customRouteAuthConfig,\n requestContext: context.requestContext,\n rawRequest: context.request,\n token,\n buildAuthorizeContext: context.buildAuthorizeContext ?? (() => null),\n });\n\n if (result.action === 'next') {\n // Pass through any refresh headers (e.g. Set-Cookie from transparent session refresh)\n if (result.headers) {\n return { status: 200, error: '', headers: result.headers };\n }\n return null;\n }\n\n // Translate AuthResult error to the {status, error} format adapters expect\n const errorBody = result.body as { error?: string } | undefined;\n return { status: result.status, error: errorBody?.error ?? 'Access denied', headers: result.headers };\n }\n\n /**\n * Check if the user has the required permission for a route.\n *\n * Uses convention-based permission derivation:\n * 1. If route has explicit `requiresPermission`, use that\n * 2. Otherwise, derive permission from path/method (e.g., GET /agents → agents:read)\n * 3. Routes with `requiresAuth: false` skip permission checks\n *\n * @param route - The route being accessed\n * @param userPermissions - The user's permissions from the request context\n * @returns Error response if permission denied, null if allowed\n */\n protected checkRoutePermission(\n route: ServerRoute,\n userPermissions: string[] | undefined,\n hasPermissionFn: (userPerms: string[], required: string) => boolean,\n ): { status: number; error: string; message: string } | null {\n // If RBAC is not configured, skip permission checks entirely\n // Auth-only mode = authenticated users get full access\n const rbacProvider = this.mastra.getServer()?.rbac;\n if (!rbacProvider) {\n return null;\n }\n\n // Get the effective permission (explicit or derived)\n const requiredPermission = getEffectivePermission(route);\n\n // No permission required (public route or couldn't derive)\n if (!requiredPermission) {\n return null;\n }\n\n // Check if user has the required permission\n if (!userPermissions || !hasPermissionFn(userPermissions, requiredPermission)) {\n return {\n status: 403,\n error: 'Forbidden',\n message: `Missing required permission: ${requiredPermission}`,\n };\n }\n\n return null;\n }\n\n abstract stream(route: ServerRoute, response: TResponse, result: unknown): Promise<unknown>;\n abstract getParams(route: ServerRoute, request: TRequest): Promise<ParsedRequestParams>;\n abstract sendResponse(route: ServerRoute, response: TResponse, result: unknown): Promise<unknown>;\n abstract registerRoute(app: TApp, route: ServerRoute, { prefix }: { prefix?: string }): Promise<void>;\n abstract registerContextMiddleware(): void;\n abstract registerAuthMiddleware(): void;\n abstract registerHttpLoggingMiddleware(): void;\n\n async init() {\n this.registerContextMiddleware();\n this.registerAuthMiddleware();\n this.registerHttpLoggingMiddleware();\n await this.validateEELicense();\n await this.validateFGAPolicyCoverage();\n await this.registerCustomApiRoutes();\n await this.registerRoutes();\n }\n\n /**\n * Validate that EE features have a valid license in production.\n * Throws if RBAC or FGA is configured without a valid license outside dev/test environments.\n */\n async validateEELicense(): Promise<void> {\n const serverConfig = this.mastra.getServer();\n const configuredFeatures = [serverConfig?.rbac ? 'RBAC' : null, serverConfig?.fga ? 'FGA' : null].filter(\n (feature): feature is string => feature !== null,\n );\n\n if (configuredFeatures.length === 0) return;\n\n try {\n const { isEEEnabled } = await import('@mastra/core/auth/ee');\n if (!isEEEnabled()) {\n const featureList = configuredFeatures.join(' and ');\n throw new Error(\n `[mastra/auth-ee] ${featureList} ${configuredFeatures.length === 1 ? 'is' : 'are'} configured but no valid EE license was found.\\n` +\n `${featureList} ${configuredFeatures.length === 1 ? 'requires' : 'require'} a Mastra Enterprise License for production use.\\n` +\n 'Set the MASTRA_EE_LICENSE environment variable with your license key.\\n' +\n 'Learn more: https://github.com/mastra-ai/mastra/blob/main/ee/LICENSE',\n );\n }\n } catch (err) {\n if (err instanceof Error && err.message.startsWith('[mastra/auth-ee]')) {\n throw err;\n }\n // @mastra/core/auth/ee module not available; EE authorization cannot function.\n throw new Error(\n `[mastra/auth-ee] ${configuredFeatures.join(' and ')} ${configuredFeatures.length === 1 ? 'is' : 'are'} configured but the EE module (@mastra/core/auth/ee) could not be loaded.\\n` +\n 'Ensure @mastra/core is updated to a version that includes EE support.',\n );\n }\n }\n\n /**\n * Validate route-level FGA policy coverage when an FGA provider opts into\n * startup checks.\n */\n async validateFGAPolicyCoverage(): Promise<void> {\n const serverConfig = this.mastra.getServer();\n const fgaProvider = serverConfig?.fga;\n if (!fgaProvider) return;\n\n const customRoutes = (this.customApiRoutes ?? serverConfig?.apiRoutes ?? []).filter(\n route => !route._mastraInternal,\n );\n const routes = [...SERVER_ROUTES, ...customRoutes] as ServerRoute[];\n\n if (fgaProvider.validatePermissions) {\n const permissions = [...new Set(routes.flatMap(route => getRoutePermissions(route)))];\n await fgaProvider.validatePermissions(permissions);\n }\n\n const auditMode = fgaProvider.auditProtectedRoutes ?? (fgaProvider.requireForProtectedRoutes ? 'warn' : false);\n if (!auditMode || fgaProvider.resolveRouteFGA) return;\n\n const missingRoutes = routes.filter(\n route => isProtectedFGARoute(route) && !route.fga && !getBuiltInRouteFGAConfig(route),\n );\n\n if (missingRoutes.length === 0) return;\n\n const routeList = missingRoutes.map(route => formatRoute(route as ServerRoute));\n const message =\n `[mastra/auth-ee] FGA is configured but ${missingRoutes.length} protected route` +\n `${missingRoutes.length === 1 ? ' is' : 's are'} missing FGA metadata: ${routeList.join(', ')}`;\n\n if (auditMode === 'error') {\n throw new Error(message);\n }\n\n this.mastra.getLogger()?.warn(message, {\n routes: routeList,\n count: missingRoutes.length,\n });\n }\n\n /**\n * Override in adapters to register custom API routes defined via registerApiRoute().\n * Called by init() between registerAuthMiddleware() and registerRoutes().\n */\n async registerCustomApiRoutes(): Promise<void> {\n // Default no-op. Adapters override this to register custom routes\n // using their framework-specific middleware.\n }\n\n /**\n * Validates that no custom route path collides with the built-in route prefix.\n * Throws if any route path starts with the server's `apiPrefix`.\n */\n protected validateCustomRoutePaths(routes: ApiRoute[]): void {\n const prefix = this.prefix ?? '';\n if (!prefix) return;\n for (const route of routes) {\n if (route._mastraInternal) continue;\n if (route.path.startsWith(`${prefix}/`) || route.path === prefix) {\n throw new Error(\n `Custom API route \"${route.path}\" must not start with \"${prefix}\" — ` +\n `that path is reserved for built-in Mastra routes. ` +\n `Choose a different path (e.g. \"${route.path.replace(prefix, '/custom')}\").`,\n );\n }\n }\n }\n\n /**\n * Creates an internal Hono sub-app with all custom API routes registered.\n * Stores the handler on this instance for use by handleCustomRouteRequest().\n * Returns true if custom routes were found and registered.\n */\n protected async buildCustomRouteHandler(): Promise<boolean> {\n const routes = this.customApiRoutes ?? this.mastra.getServer()?.apiRoutes;\n if (!routes || routes.length === 0) return false;\n\n const NOT_FOUND_HEADER = 'x-mastra-custom-route-not-found';\n const mastra = this.mastra;\n\n const app = new Hono<{\n Bindings: { requestContext?: RequestContext };\n Variables: { mastra: Mastra; requestContext: RequestContext };\n }>();\n\n // Internal context middleware — sets variables that custom route handlers expect\n app.use('*', async (c, next) => {\n c.set('mastra', mastra);\n c.set('requestContext', c.env?.requestContext ?? new RequestContext());\n await next();\n });\n\n // Propagate the server's onError handler so errors from custom route handlers\n // are caught here (not swallowed by Hono's default plain-text 500).\n const serverOnError = this.mastra.getServer()?.onError;\n app.onError((err, c) => {\n if (serverOnError) {\n return serverOnError(err, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n });\n\n this.validateCustomRoutePaths(routes);\n\n // Register each custom route\n for (const route of routes) {\n const handler =\n 'handler' in route && route.handler\n ? route.handler\n : 'createHandler' in route\n ? await route.createHandler({ mastra })\n : undefined;\n if (!handler) continue;\n\n const middlewares: any[] = [];\n if (route.middleware) {\n middlewares.push(...(Array.isArray(route.middleware) ? route.middleware : [route.middleware]));\n }\n\n const allHandlers = [...middlewares, handler];\n if (route.method === 'ALL') {\n app.all(route.path, allHandlers[0]!, ...allHandlers.slice(1));\n } else {\n app.on(route.method, route.path, allHandlers[0]!, ...allHandlers.slice(1));\n }\n }\n\n // Mark unmatched requests so the adapter bridge can fall through to next()\n app.notFound(() => new Response(null, { status: 404, headers: { [NOT_FOUND_HEADER]: 'true' } }));\n\n this.customRouteHandler = async (request, env) => app.fetch(request, env);\n return true;\n }\n\n /**\n * Forwards a request to the internal custom route handler.\n * Returns the Response if a custom route matched, or null to fall through.\n */\n protected async handleCustomRouteRequest(\n url: string,\n method: string,\n headers: Record<string, string | string[] | undefined>,\n body: unknown,\n requestContext?: RequestContext,\n ): Promise<Response | null> {\n if (!this.customRouteHandler) return null;\n\n const fetchHeaders = new Headers();\n for (const [key, value] of Object.entries(headers)) {\n if (typeof value === 'string') fetchHeaders.set(key, value);\n else if (Array.isArray(value))\n value.forEach(v => {\n fetchHeaders.append(key, v);\n });\n }\n\n const init: RequestInit = { method, headers: fetchHeaders };\n if (['POST', 'PUT', 'PATCH'].includes(method) && body !== undefined) {\n if (body instanceof ArrayBuffer || body instanceof Uint8Array || body instanceof ReadableStream) {\n init.body = body as any;\n if (body instanceof ReadableStream) {\n (init as any).duplex = 'half';\n }\n } else {\n const contentType = (typeof headers['content-type'] === 'string' ? headers['content-type'] : '') || '';\n if (contentType.includes('application/json')) {\n init.body = JSON.stringify(body);\n } else if (typeof body === 'string') {\n init.body = body;\n }\n }\n }\n\n const request = new globalThis.Request(url, init);\n const response = await this.customRouteHandler(request, { requestContext });\n\n if (response.headers.get('x-mastra-custom-route-not-found') === 'true') return null;\n return response;\n }\n\n /**\n * Pipes a custom route Response to a Node.js ServerResponse (http.ServerResponse).\n * Works with Koa (ctx.res), Express (res), and Fastify (reply.raw).\n */\n protected async writeCustomRouteResponse(\n response: Response,\n nodeRes: {\n writeHead(status: number, headers: Record<string, string | string[]>): void;\n write(chunk: unknown): void;\n end(data?: string): void;\n },\n ): Promise<void> {\n const headers: Record<string, string | string[]> = {};\n response.headers.forEach((value, key) => {\n if (key.toLowerCase() !== 'set-cookie') {\n headers[key] = value;\n }\n });\n const setCookies = response.headers.getSetCookie?.();\n if (setCookies && setCookies.length > 0) {\n headers['set-cookie'] = setCookies;\n }\n nodeRes.writeHead(response.status, headers);\n\n if (response.body) {\n const reader = response.body.getReader();\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n nodeRes.write(value);\n }\n } finally {\n nodeRes.end();\n }\n } else {\n nodeRes.end(await response.text());\n }\n }\n\n /**\n * Builds the OpenAPI spec object with servers field and custom route paths.\n */\n private buildOpenAPISpec(config: { title: string; version: string; description: string }, prefix?: string): any {\n const openApiSpec = generateOpenAPIDocument(SERVER_ROUTES, config);\n\n if (prefix) {\n openApiSpec.servers = [{ url: prefix }];\n }\n\n // Custom routes are served at root (/), not under the API prefix — add per-path servers override.\n const allCustomRoutes = this.customApiRoutes ?? this.mastra.getServer()?.apiRoutes;\n if (allCustomRoutes && allCustomRoutes.length > 0) {\n const customPaths = convertCustomRoutesToOpenAPIPaths(allCustomRoutes);\n if (prefix) {\n for (const pathKey of Object.keys(customPaths)) {\n if (!customPaths[pathKey].servers) {\n customPaths[pathKey].servers = [{ url: '/' }];\n }\n }\n }\n openApiSpec.paths = { ...openApiSpec.paths, ...customPaths };\n }\n\n return openApiSpec;\n }\n\n async registerOpenAPIRoute(app: TApp, config: OpenAPIConfig = {}, { prefix }: { prefix?: string }): Promise<void> {\n const {\n title = 'Mastra API',\n version = '1.0.0',\n description = 'Mastra Server API',\n path = '/openapi.json',\n } = config;\n\n const openApiSpec = this.buildOpenAPISpec({ title, version, description }, prefix);\n\n const openApiRoute: ServerRoute = {\n method: 'GET',\n path,\n responseType: 'json',\n handler: async () => openApiSpec,\n };\n\n await this.registerRoute(app, openApiRoute, { prefix });\n }\n\n async registerRoutes(): Promise<void> {\n // Register routes sequentially to maintain order - important for routers where\n // more specific routes (e.g., /versions/compare) must be registered before\n // parameterized routes (e.g., /versions/:versionId)\n for (const route of SERVER_ROUTES) {\n await this.registerRoute(this.app, route, { prefix: this.prefix });\n }\n\n if (this.openapiPath) {\n const specConfig = {\n title: 'Mastra API',\n version: '1.0.0',\n description: 'Mastra Server API',\n };\n\n await this.registerOpenAPIRoute(this.app, { ...specConfig, path: this.openapiPath }, { prefix: this.prefix });\n }\n }\n\n async parsePathParams(route: ServerRoute, params: Record<string, string>): Promise<Record<string, any>> {\n const pathParamSchema = route.pathParamSchema;\n if (!pathParamSchema) {\n return params;\n }\n\n return pathParamSchema.parseAsync(params) as Promise<Record<string, any>>;\n }\n\n async parseQueryParams(route: ServerRoute, params: Record<string, QueryParamValue>): Promise<Record<string, any>> {\n const queryParamSchema = route.queryParamSchema;\n if (!queryParamSchema) {\n return params;\n }\n\n const normalizedParams = parseComplexQueryParams(queryParamSchema as z.ZodTypeAny, params);\n return queryParamSchema.parseAsync(normalizedParams) as Promise<Record<string, any>>;\n }\n\n async parseBody(route: ServerRoute, body: unknown): Promise<unknown> {\n const bodySchema = route.bodySchema;\n if (!bodySchema) {\n return body;\n }\n\n return bodySchema.parseAsync(body);\n }\n\n private static readonly CONTEXT_LABELS: Record<ValidationErrorContext, string> = {\n query: 'query parameters',\n body: 'request body',\n path: 'path parameters',\n };\n\n protected resolveValidationError(\n route: ServerRoute,\n error: ZodError,\n context: ValidationErrorContext,\n ): ValidationErrorResponse {\n const hook = route.onValidationError ?? this.mastra.getServer()?.onValidationError;\n\n if (hook) {\n try {\n const result = hook(error, context);\n if (result) {\n return result;\n }\n } catch (hookError) {\n this.mastra.getLogger()?.error('Error in custom onValidationError hook', {\n error: hookError instanceof Error ? { message: hookError.message, stack: hookError.stack } : hookError,\n });\n }\n }\n\n return {\n status: 400,\n body: formatZodError(error, MastraServer.CONTEXT_LABELS[context]),\n };\n }\n}\n\n/**\n * Check FGA authorization for an HTTP route.\n * Returns null if authorized or FGA not configured, or an error object if denied.\n */\nexport async function checkRouteFGA(\n mastra: any,\n route: ServerRoute,\n requestContext: RequestContext,\n params: Record<string, unknown>,\n): Promise<{ status: number; error: string; message: string } | null> {\n const fgaProvider = getFGAProvider(mastra);\n if (!fgaProvider) return null;\n\n const fgaConfig = await resolveRouteFGAConfig(fgaProvider, route, requestContext, params);\n if (!fgaConfig) {\n if (fgaProvider.requireForProtectedRoutes && isProtectedFGARoute(route)) {\n return {\n status: 403,\n error: 'Forbidden',\n message: 'FGA authorization denied: route FGA metadata is required',\n };\n }\n return null;\n }\n\n const user = requestContext?.get('user');\n if (!user) {\n return {\n status: 403,\n error: 'Forbidden',\n message: 'FGA authorization denied: authenticated user is required',\n };\n }\n\n const resourceId =\n typeof fgaConfig.resourceId === 'function'\n ? fgaConfig.resourceId(params, { requestContext })\n : fgaConfig.resourceId || (fgaConfig.resourceIdParam ? (params[fgaConfig.resourceIdParam] as string) : undefined);\n if (!fgaConfig.resourceType || !resourceId) {\n return {\n status: 403,\n error: 'Forbidden',\n message: 'FGA authorization denied: route FGA metadata is incomplete',\n };\n }\n const permission =\n fgaConfig.permission ||\n (route.path ? getEffectivePermission(route) : null) ||\n `${getFGAResourcePermissionSlug(fgaConfig.resourceType)}:${deriveFGAAction(route.method)}`;\n\n const authorized = await fgaProvider.check(user, {\n resource: { type: fgaConfig.resourceType, id: resourceId },\n permission,\n context: { resourceId, requestContext },\n });\n\n if (!authorized) {\n return {\n status: 403,\n error: 'Forbidden',\n message: `FGA authorization denied: cannot ${permission} on ${fgaConfig.resourceType}:${resourceId}`,\n };\n }\n\n return null;\n}\n\nfunction deriveFGAAction(method: string): string {\n switch (method.toUpperCase()) {\n case 'GET':\n return 'read';\n case 'DELETE':\n return 'delete';\n case 'POST':\n case 'PUT':\n case 'PATCH':\n return 'write';\n default:\n return 'read';\n }\n}\n\nfunction getFGAResourcePermissionSlug(resourceType: string): string {\n const resourcePermissionSlugs: Record<string, string> = {\n agent: 'agents',\n workflow: 'workflows',\n tool: 'tools',\n thread: 'memory',\n };\n\n return resourcePermissionSlugs[resourceType] ?? resourceType;\n}\n"]}