@mastra/server 1.48.1-alpha.0 → 1.49.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +37 -0
- package/dist/_types/@internal_voice/dist/_types/@internal_core/dist/request-context/index.d.ts +10 -0
- package/dist/{api-schema-manifest-BWKCYCQ5.cjs → api-schema-manifest-JLJ5HJVI.cjs} +6 -6
- package/dist/{api-schema-manifest-BWKCYCQ5.cjs.map → api-schema-manifest-JLJ5HJVI.cjs.map} +1 -1
- package/dist/{api-schema-manifest-GOPIDVBN.js → api-schema-manifest-OWVACY6K.js} +4 -4
- package/dist/{api-schema-manifest-GOPIDVBN.js.map → api-schema-manifest-OWVACY6K.js.map} +1 -1
- package/dist/{chunk-3YQ7NWF6.cjs → chunk-22EM2GBH.cjs} +220 -133
- package/dist/chunk-22EM2GBH.cjs.map +1 -0
- package/dist/{chunk-XYARXEQO.js → chunk-2B3T4FDQ.js} +5 -5
- package/dist/{chunk-XYARXEQO.js.map → chunk-2B3T4FDQ.js.map} +1 -1
- package/dist/{chunk-GNVPX27J.js → chunk-2D3SDIRD.js} +3 -3
- package/dist/{chunk-GNVPX27J.js.map → chunk-2D3SDIRD.js.map} +1 -1
- package/dist/{chunk-ATZSN4MH.cjs → chunk-2VO3BDE5.cjs} +25 -25
- package/dist/{chunk-ATZSN4MH.cjs.map → chunk-2VO3BDE5.cjs.map} +1 -1
- package/dist/{chunk-2QR65733.js → chunk-344TOMHC.js} +4 -4
- package/dist/{chunk-2QR65733.js.map → chunk-344TOMHC.js.map} +1 -1
- package/dist/{chunk-22YWJT5H.js → chunk-3VNAOZ3S.js} +3 -3
- package/dist/{chunk-22YWJT5H.js.map → chunk-3VNAOZ3S.js.map} +1 -1
- package/dist/{chunk-OVFFGZLA.cjs → chunk-3YFDOQMM.cjs} +17 -17
- package/dist/{chunk-OVFFGZLA.cjs.map → chunk-3YFDOQMM.cjs.map} +1 -1
- package/dist/{chunk-RVD3DGBZ.cjs → chunk-42M6Y2OD.cjs} +3 -3
- package/dist/{chunk-RVD3DGBZ.cjs.map → chunk-42M6Y2OD.cjs.map} +1 -1
- package/dist/{chunk-JFKJJR3U.cjs → chunk-45SRRAK2.cjs} +41 -41
- package/dist/{chunk-JFKJJR3U.cjs.map → chunk-45SRRAK2.cjs.map} +1 -1
- package/dist/{chunk-5GQWTNAY.cjs → chunk-46D4LXPJ.cjs} +101 -101
- package/dist/{chunk-5GQWTNAY.cjs.map → chunk-46D4LXPJ.cjs.map} +1 -1
- package/dist/{chunk-4744QXJ5.cjs → chunk-4ATFZDHI.cjs} +13 -13
- package/dist/{chunk-4744QXJ5.cjs.map → chunk-4ATFZDHI.cjs.map} +1 -1
- package/dist/{chunk-7WWWWHIQ.js → chunk-4DVFBBKV.js} +3 -3
- package/dist/{chunk-7WWWWHIQ.js.map → chunk-4DVFBBKV.js.map} +1 -1
- package/dist/{chunk-LH5CRODT.js → chunk-4HSM2TU2.js} +7 -7
- package/dist/{chunk-LH5CRODT.js.map → chunk-4HSM2TU2.js.map} +1 -1
- package/dist/chunk-4HWBP3K4.cjs +753 -0
- package/dist/{chunk-AXCPENWP.cjs.map → chunk-4HWBP3K4.cjs.map} +1 -1
- package/dist/{chunk-KLV64VVH.js → chunk-4W5AVWZH.js} +2 -2
- package/dist/chunk-4W5AVWZH.js.map +1 -0
- package/dist/{chunk-FPJGLJUZ.cjs → chunk-57BKC4ZW.cjs} +37 -37
- package/dist/{chunk-FPJGLJUZ.cjs.map → chunk-57BKC4ZW.cjs.map} +1 -1
- package/dist/{chunk-ZO7HYQJT.js → chunk-5NBDNR2B.js} +10 -10
- package/dist/{chunk-ZO7HYQJT.js.map → chunk-5NBDNR2B.js.map} +1 -1
- package/dist/{chunk-M3UP3Z3G.cjs → chunk-5SY2ZQ3R.cjs} +2 -2
- package/dist/chunk-5SY2ZQ3R.cjs.map +1 -0
- package/dist/{chunk-6EDRDYGN.cjs → chunk-6KPMWM5N.cjs} +89 -89
- package/dist/{chunk-6EDRDYGN.cjs.map → chunk-6KPMWM5N.cjs.map} +1 -1
- package/dist/{chunk-6QJBHJVD.js → chunk-6ZQIEZFG.js} +5 -5
- package/dist/{chunk-6QJBHJVD.js.map → chunk-6ZQIEZFG.js.map} +1 -1
- package/dist/{chunk-UXYPH6HP.cjs → chunk-76YQAK7Q.cjs} +13 -13
- package/dist/{chunk-UXYPH6HP.cjs.map → chunk-76YQAK7Q.cjs.map} +1 -1
- package/dist/{chunk-GTMBHJLQ.js → chunk-7ICIPSVS.js} +6 -6
- package/dist/{chunk-GTMBHJLQ.js.map → chunk-7ICIPSVS.js.map} +1 -1
- package/dist/{chunk-J6XQWEEV.cjs → chunk-7XZQUQEO.cjs} +8 -8
- package/dist/{chunk-J6XQWEEV.cjs.map → chunk-7XZQUQEO.cjs.map} +1 -1
- package/dist/{chunk-VKCPJYAX.js → chunk-BALLHDVH.js} +5 -5
- package/dist/{chunk-VKCPJYAX.js.map → chunk-BALLHDVH.js.map} +1 -1
- package/dist/{chunk-QPICFOIK.cjs → chunk-BQ2JQTKA.cjs} +11 -11
- package/dist/{chunk-QPICFOIK.cjs.map → chunk-BQ2JQTKA.cjs.map} +1 -1
- package/dist/{chunk-WWPJKPP2.js → chunk-C65RFM5P.js} +12 -6
- package/dist/chunk-C65RFM5P.js.map +1 -0
- package/dist/{chunk-W4ALUSXG.js → chunk-CCT2USYM.js} +6 -6
- package/dist/chunk-CCT2USYM.js.map +1 -0
- package/dist/{chunk-63R2BIAL.cjs → chunk-CU3VFK4E.cjs} +19 -19
- package/dist/{chunk-63R2BIAL.cjs.map → chunk-CU3VFK4E.cjs.map} +1 -1
- package/dist/{chunk-R7D7QQC5.cjs → chunk-D5ANEBEI.cjs} +6 -6
- package/dist/{chunk-R7D7QQC5.cjs.map → chunk-D5ANEBEI.cjs.map} +1 -1
- package/dist/{chunk-NUQ5EITO.cjs → chunk-D6FUPRXX.cjs} +17 -17
- package/dist/{chunk-NUQ5EITO.cjs.map → chunk-D6FUPRXX.cjs.map} +1 -1
- package/dist/{chunk-JZBZ3HZR.js → chunk-DAMJJAHO.js} +10 -10
- package/dist/{chunk-JZBZ3HZR.js.map → chunk-DAMJJAHO.js.map} +1 -1
- package/dist/{chunk-HATXNJ4V.js → chunk-DHAHH4TH.js} +2 -2
- package/dist/chunk-DHAHH4TH.js.map +1 -0
- package/dist/{chunk-GZ4HWZWE.cjs → chunk-DRDVJ35H.cjs} +7 -7
- package/dist/{chunk-GZ4HWZWE.cjs.map → chunk-DRDVJ35H.cjs.map} +1 -1
- package/dist/{chunk-A5GLESMH.js → chunk-DRIJ6W3Z.js} +3 -3
- package/dist/{chunk-A5GLESMH.js.map → chunk-DRIJ6W3Z.js.map} +1 -1
- package/dist/{chunk-WBHJJ3UO.cjs → chunk-EFJCOPJ3.cjs} +129 -129
- package/dist/{chunk-WBHJJ3UO.cjs.map → chunk-EFJCOPJ3.cjs.map} +1 -1
- package/dist/{chunk-OUQGCJQS.js → chunk-ERCBJA5A.js} +6 -6
- package/dist/{chunk-OUQGCJQS.js.map → chunk-ERCBJA5A.js.map} +1 -1
- package/dist/{chunk-WXZBPFQS.js → chunk-ET6QFYJQ.js} +5 -5
- package/dist/{chunk-WXZBPFQS.js.map → chunk-ET6QFYJQ.js.map} +1 -1
- package/dist/{chunk-WRGLWN4J.js → chunk-ETVWGZSU.js} +8 -8
- package/dist/{chunk-WRGLWN4J.js.map → chunk-ETVWGZSU.js.map} +1 -1
- package/dist/{chunk-ERQWC6JO.js → chunk-EZWVRD45.js} +7 -7
- package/dist/{chunk-ERQWC6JO.js.map → chunk-EZWVRD45.js.map} +1 -1
- package/dist/{chunk-3X6LP3LD.js → chunk-GIQJF7ZM.js} +5 -5
- package/dist/{chunk-3X6LP3LD.js.map → chunk-GIQJF7ZM.js.map} +1 -1
- package/dist/{chunk-RS7ZTUH3.cjs → chunk-GJBHQJBK.cjs} +26 -26
- package/dist/{chunk-RS7ZTUH3.cjs.map → chunk-GJBHQJBK.cjs.map} +1 -1
- package/dist/{chunk-EUKL5LNM.cjs → chunk-GK23JHRL.cjs} +57 -57
- package/dist/{chunk-EUKL5LNM.cjs.map → chunk-GK23JHRL.cjs.map} +1 -1
- package/dist/{chunk-ORPTO5F2.js → chunk-H7UZ44VA.js} +6 -6
- package/dist/{chunk-ORPTO5F2.js.map → chunk-H7UZ44VA.js.map} +1 -1
- package/dist/{chunk-KGUHJRHZ.cjs → chunk-HDIYJI2Z.cjs} +3 -3
- package/dist/{chunk-KGUHJRHZ.cjs.map → chunk-HDIYJI2Z.cjs.map} +1 -1
- package/dist/{chunk-PHATOO2U.js → chunk-HK4SJHYT.js} +3 -3
- package/dist/{chunk-PHATOO2U.js.map → chunk-HK4SJHYT.js.map} +1 -1
- package/dist/{chunk-A6IFHAMY.cjs → chunk-HR4F4XZV.cjs} +19 -19
- package/dist/{chunk-A6IFHAMY.cjs.map → chunk-HR4F4XZV.cjs.map} +1 -1
- package/dist/{chunk-ODUTR3YG.cjs → chunk-IEE5MCG5.cjs} +23 -23
- package/dist/{chunk-ODUTR3YG.cjs.map → chunk-IEE5MCG5.cjs.map} +1 -1
- package/dist/{chunk-433NHSTX.cjs → chunk-IRMEODX4.cjs} +12 -12
- package/dist/{chunk-433NHSTX.cjs.map → chunk-IRMEODX4.cjs.map} +1 -1
- package/dist/{chunk-3ENQND57.js → chunk-JBSUT5XF.js} +3 -3
- package/dist/{chunk-3ENQND57.js.map → chunk-JBSUT5XF.js.map} +1 -1
- package/dist/{chunk-SIBBWIG2.cjs → chunk-JJOGTXKN.cjs} +12 -12
- package/dist/{chunk-SIBBWIG2.cjs.map → chunk-JJOGTXKN.cjs.map} +1 -1
- package/dist/{chunk-RIPB4QC6.js → chunk-JXUL45J6.js} +5 -5
- package/dist/{chunk-RIPB4QC6.js.map → chunk-JXUL45J6.js.map} +1 -1
- package/dist/{chunk-YLWKZ3VK.cjs → chunk-KIDHIRVO.cjs} +7 -7
- package/dist/{chunk-YLWKZ3VK.cjs.map → chunk-KIDHIRVO.cjs.map} +1 -1
- package/dist/{chunk-FZGSWPE7.js → chunk-KRZJLGGN.js} +6 -6
- package/dist/{chunk-FZGSWPE7.js.map → chunk-KRZJLGGN.js.map} +1 -1
- package/dist/{chunk-6XNMQBYE.cjs → chunk-KSN5CWZ7.cjs} +8 -8
- package/dist/{chunk-6XNMQBYE.cjs.map → chunk-KSN5CWZ7.cjs.map} +1 -1
- package/dist/{chunk-RY5RETAD.js → chunk-L4DD3HSB.js} +3 -3
- package/dist/{chunk-RY5RETAD.js.map → chunk-L4DD3HSB.js.map} +1 -1
- package/dist/{chunk-SMQKZ2QV.js → chunk-LBY32Z7C.js} +3 -3
- package/dist/{chunk-SMQKZ2QV.js.map → chunk-LBY32Z7C.js.map} +1 -1
- package/dist/{chunk-OR73MMQ3.js → chunk-LLVTDE4P.js} +6 -6
- package/dist/{chunk-OR73MMQ3.js.map → chunk-LLVTDE4P.js.map} +1 -1
- package/dist/{chunk-CDZIWIME.js → chunk-LZJM4JTY.js} +5 -5
- package/dist/{chunk-CDZIWIME.js.map → chunk-LZJM4JTY.js.map} +1 -1
- package/dist/{chunk-NF4PSDGQ.js → chunk-M6GURVJO.js} +4 -4
- package/dist/{chunk-NF4PSDGQ.js.map → chunk-M6GURVJO.js.map} +1 -1
- package/dist/{chunk-SQJ7VNB7.cjs → chunk-MJS4T74S.cjs} +22 -22
- package/dist/{chunk-SQJ7VNB7.cjs.map → chunk-MJS4T74S.cjs.map} +1 -1
- package/dist/{chunk-DN2NUSL2.cjs → chunk-N54Q3AQR.cjs} +5 -5
- package/dist/{chunk-DN2NUSL2.cjs.map → chunk-N54Q3AQR.cjs.map} +1 -1
- package/dist/{chunk-DWLFAZ6X.js → chunk-NUPNOKI2.js} +4 -4
- package/dist/{chunk-DWLFAZ6X.js.map → chunk-NUPNOKI2.js.map} +1 -1
- package/dist/{chunk-QHP2MCPG.js → chunk-P5NXUYGE.js} +7 -7
- package/dist/{chunk-QHP2MCPG.js.map → chunk-P5NXUYGE.js.map} +1 -1
- package/dist/{chunk-Z5MTOVTR.js → chunk-PIKPS6Q6.js} +3 -3
- package/dist/{chunk-Z5MTOVTR.js.map → chunk-PIKPS6Q6.js.map} +1 -1
- package/dist/{chunk-6BV4FKSM.js → chunk-POM4VGLJ.js} +6 -6
- package/dist/{chunk-6BV4FKSM.js.map → chunk-POM4VGLJ.js.map} +1 -1
- package/dist/{chunk-4LAKBLXV.cjs → chunk-Q56NQYUJ.cjs} +72 -72
- package/dist/{chunk-4LAKBLXV.cjs.map → chunk-Q56NQYUJ.cjs.map} +1 -1
- package/dist/{chunk-IBUJJIRW.js → chunk-QIQWHDPH.js} +4 -4
- package/dist/{chunk-IBUJJIRW.js.map → chunk-QIQWHDPH.js.map} +1 -1
- package/dist/{chunk-TQIKCVFQ.cjs → chunk-QOW24SR2.cjs} +4 -4
- package/dist/{chunk-TQIKCVFQ.cjs.map → chunk-QOW24SR2.cjs.map} +1 -1
- package/dist/{chunk-RXSZMJIR.js → chunk-RCXVCPAD.js} +3 -3
- package/dist/{chunk-RXSZMJIR.js.map → chunk-RCXVCPAD.js.map} +1 -1
- package/dist/{chunk-ILGUY62R.cjs → chunk-RDU2H7FF.cjs} +20 -20
- package/dist/{chunk-ILGUY62R.cjs.map → chunk-RDU2H7FF.cjs.map} +1 -1
- package/dist/{chunk-R4C4XFA7.js → chunk-RJCBPQZV.js} +4 -4
- package/dist/{chunk-R4C4XFA7.js.map → chunk-RJCBPQZV.js.map} +1 -1
- package/dist/{chunk-YL22BKI2.cjs → chunk-RJPRSDIS.cjs} +72 -72
- package/dist/{chunk-YL22BKI2.cjs.map → chunk-RJPRSDIS.cjs.map} +1 -1
- package/dist/{chunk-V6Z2DEIO.js → chunk-S2JGT2GI.js} +3 -3
- package/dist/{chunk-V6Z2DEIO.js.map → chunk-S2JGT2GI.js.map} +1 -1
- package/dist/{chunk-Y24N7BKC.cjs → chunk-S4NBNTAN.cjs} +29 -29
- package/dist/{chunk-Y24N7BKC.cjs.map → chunk-S4NBNTAN.cjs.map} +1 -1
- package/dist/{chunk-QFSMY2ZW.cjs → chunk-SEOGVPOT.cjs} +21 -21
- package/dist/{chunk-QFSMY2ZW.cjs.map → chunk-SEOGVPOT.cjs.map} +1 -1
- package/dist/{chunk-56AYHXOU.js → chunk-SXZS6VZ3.js} +3 -3
- package/dist/{chunk-56AYHXOU.js.map → chunk-SXZS6VZ3.js.map} +1 -1
- package/dist/{chunk-4PQR3D5Y.cjs → chunk-SYZ2NTP3.cjs} +2 -2
- package/dist/chunk-SYZ2NTP3.cjs.map +1 -0
- package/dist/{chunk-ZVDH3EUZ.cjs → chunk-TGKPSQB3.cjs} +17 -17
- package/dist/chunk-TGKPSQB3.cjs.map +1 -0
- package/dist/{chunk-CVIBRSHE.js → chunk-TQBIGT3Q.js} +7 -7
- package/dist/{chunk-CVIBRSHE.js.map → chunk-TQBIGT3Q.js.map} +1 -1
- package/dist/{chunk-YSIEX3WZ.cjs → chunk-TZZ2AOOV.cjs} +19 -19
- package/dist/{chunk-YSIEX3WZ.cjs.map → chunk-TZZ2AOOV.cjs.map} +1 -1
- package/dist/{chunk-SVOOYE4P.cjs → chunk-U52CKL4A.cjs} +72 -72
- package/dist/{chunk-SVOOYE4P.cjs.map → chunk-U52CKL4A.cjs.map} +1 -1
- package/dist/{chunk-V224FC6Y.cjs → chunk-UHKWQQBG.cjs} +20 -20
- package/dist/{chunk-V224FC6Y.cjs.map → chunk-UHKWQQBG.cjs.map} +1 -1
- package/dist/{chunk-6QZLGOUC.cjs → chunk-UIAQYIDW.cjs} +6 -6
- package/dist/{chunk-6QZLGOUC.cjs.map → chunk-UIAQYIDW.cjs.map} +1 -1
- package/dist/{chunk-4AOBPAJQ.cjs → chunk-ULYIMS6J.cjs} +6 -6
- package/dist/{chunk-4AOBPAJQ.cjs.map → chunk-ULYIMS6J.cjs.map} +1 -1
- package/dist/{chunk-55QAS25J.js → chunk-UY3PA3YA.js} +6 -6
- package/dist/{chunk-55QAS25J.js.map → chunk-UY3PA3YA.js.map} +1 -1
- package/dist/{chunk-SKYHKW2B.js → chunk-UZQ2ZJUF.js} +9 -9
- package/dist/{chunk-SKYHKW2B.js.map → chunk-UZQ2ZJUF.js.map} +1 -1
- package/dist/{chunk-FLIAPNUU.js → chunk-VB4SJ6UF.js} +4 -4
- package/dist/{chunk-FLIAPNUU.js.map → chunk-VB4SJ6UF.js.map} +1 -1
- package/dist/{chunk-JIK3WXOP.cjs → chunk-VZ7EXKEF.cjs} +19 -19
- package/dist/{chunk-JIK3WXOP.cjs.map → chunk-VZ7EXKEF.cjs.map} +1 -1
- package/dist/{chunk-HDBVD5FJ.js → chunk-W5Q374VQ.js} +7 -7
- package/dist/{chunk-HDBVD5FJ.js.map → chunk-W5Q374VQ.js.map} +1 -1
- package/dist/{chunk-M6RITLE5.cjs → chunk-WGEIHQXI.cjs} +13 -13
- package/dist/{chunk-M6RITLE5.cjs.map → chunk-WGEIHQXI.cjs.map} +1 -1
- package/dist/{chunk-2WUMO4RN.cjs → chunk-XASCEABS.cjs} +15 -9
- package/dist/chunk-XASCEABS.cjs.map +1 -0
- package/dist/{chunk-3NXV3W5N.js → chunk-XE7PBR3Y.js} +42 -42
- package/dist/{chunk-3NXV3W5N.js.map → chunk-XE7PBR3Y.js.map} +1 -1
- package/dist/{chunk-GU6MTXHR.cjs → chunk-XLIDL7QO.cjs} +12 -12
- package/dist/{chunk-GU6MTXHR.cjs.map → chunk-XLIDL7QO.cjs.map} +1 -1
- package/dist/{chunk-55BEULMJ.cjs → chunk-XTB6XXHH.cjs} +11 -11
- package/dist/{chunk-55BEULMJ.cjs.map → chunk-XTB6XXHH.cjs.map} +1 -1
- package/dist/{chunk-JYWPYMQS.cjs → chunk-XXNADDFD.cjs} +5 -5
- package/dist/{chunk-JYWPYMQS.cjs.map → chunk-XXNADDFD.cjs.map} +1 -1
- package/dist/{chunk-RYU755ZB.js → chunk-YAB4SRG2.js} +6 -6
- package/dist/{chunk-RYU755ZB.js.map → chunk-YAB4SRG2.js.map} +1 -1
- package/dist/{chunk-RUOOTVGK.js → chunk-YBVHGMK4.js} +3 -3
- package/dist/{chunk-RUOOTVGK.js.map → chunk-YBVHGMK4.js.map} +1 -1
- package/dist/{chunk-X5UGPWMB.cjs → chunk-YKY2YBJI.cjs} +20 -20
- package/dist/{chunk-X5UGPWMB.cjs.map → chunk-YKY2YBJI.cjs.map} +1 -1
- package/dist/{chunk-XPJZ72ZH.cjs → chunk-YZ6PW23L.cjs} +6 -6
- package/dist/{chunk-XPJZ72ZH.cjs.map → chunk-YZ6PW23L.cjs.map} +1 -1
- package/dist/{chunk-JIL453ER.js → chunk-YZAQOU2I.js} +220 -133
- package/dist/chunk-YZAQOU2I.js.map +1 -0
- package/dist/{chunk-755RJ4WD.cjs → chunk-YZVC4WQD.cjs} +27 -27
- package/dist/{chunk-755RJ4WD.cjs.map → chunk-YZVC4WQD.cjs.map} +1 -1
- package/dist/{chunk-7WVY3KMP.js → chunk-Z354XOPM.js} +4 -4
- package/dist/{chunk-7WVY3KMP.js.map → chunk-Z354XOPM.js.map} +1 -1
- package/dist/{chunk-DECNKSKW.js → chunk-Z5DHV2QW.js} +5 -5
- package/dist/{chunk-DECNKSKW.js.map → chunk-Z5DHV2QW.js.map} +1 -1
- package/dist/{chunk-VUEMRARE.js → chunk-Z5YBWU6K.js} +7 -7
- package/dist/{chunk-VUEMRARE.js.map → chunk-Z5YBWU6K.js.map} +1 -1
- package/dist/{dist-7DYUIL2E.js → dist-JSC2CQVL.js} +4 -4
- package/dist/{dist-7DYUIL2E.js.map → dist-JSC2CQVL.js.map} +1 -1
- package/dist/{dist-6VCCDFCW.cjs → dist-RKXUXSLD.cjs} +6 -6
- package/dist/{dist-6VCCDFCW.cjs.map → dist-RKXUXSLD.cjs.map} +1 -1
- package/dist/docs/SKILL.md +1 -1
- package/dist/docs/assets/SOURCE_MAP.json +1 -1
- package/dist/docs/references/docs-agents-a2a.md +2 -0
- package/dist/docs/references/docs-server-custom-adapters.md +2 -0
- package/dist/docs/references/docs-server-middleware.md +2 -0
- package/dist/docs/references/reference-server-create-route.md +2 -0
- package/dist/docs/references/reference-server-mastra-server.md +2 -0
- package/dist/docs/references/reference-server-routes.md +2 -0
- package/dist/{observational-memory-PBLNZABH-2OUE5VEX.js → observational-memory-QL6BKIQX-2V7T3FLD.js} +3 -3
- package/dist/{observational-memory-PBLNZABH-2OUE5VEX.js.map → observational-memory-QL6BKIQX-2V7T3FLD.js.map} +1 -1
- package/dist/{observational-memory-PBLNZABH-MQEKJOVA.cjs → observational-memory-QL6BKIQX-QGB4L22X.cjs} +28 -28
- package/dist/{observational-memory-PBLNZABH-MQEKJOVA.cjs.map → observational-memory-QL6BKIQX-QGB4L22X.cjs.map} +1 -1
- package/dist/server/auth/helpers.d.ts +2 -2
- package/dist/server/auth/helpers.d.ts.map +1 -1
- package/dist/server/auth/index.cjs +15 -15
- package/dist/server/auth/index.js +1 -1
- package/dist/server/handlers/a2a.cjs +14 -14
- package/dist/server/handlers/a2a.js +1 -1
- package/dist/server/handlers/agent-builder.cjs +17 -17
- package/dist/server/handlers/agent-builder.js +1 -1
- package/dist/server/handlers/agent-controller.cjs +35 -35
- package/dist/server/handlers/agent-controller.js +1 -1
- package/dist/server/handlers/agent-versions.cjs +8 -8
- package/dist/server/handlers/agent-versions.js +1 -1
- package/dist/server/handlers/agents.cjs +47 -47
- package/dist/server/handlers/agents.js +1 -1
- package/dist/server/handlers/auth.cjs +13 -13
- package/dist/server/handlers/auth.js +1 -1
- package/dist/server/handlers/author-enrichment.cjs +3 -3
- package/dist/server/handlers/author-enrichment.js +1 -1
- package/dist/server/handlers/authorship.cjs +12 -12
- package/dist/server/handlers/authorship.js +1 -1
- package/dist/server/handlers/background-tasks.cjs +4 -4
- package/dist/server/handlers/background-tasks.js +1 -1
- package/dist/server/handlers/builder-registry.cjs +6 -6
- package/dist/server/handlers/builder-registry.js +1 -1
- package/dist/server/handlers/channels.cjs +5 -5
- package/dist/server/handlers/channels.js +1 -1
- package/dist/server/handlers/conversations.cjs +5 -5
- package/dist/server/handlers/conversations.js +1 -1
- package/dist/server/handlers/datasets.cjs +26 -26
- package/dist/server/handlers/datasets.js +1 -1
- package/dist/server/handlers/editor-builder.cjs +6 -6
- package/dist/server/handlers/editor-builder.js +1 -1
- package/dist/server/handlers/favorites-enrichment.cjs +4 -4
- package/dist/server/handlers/favorites-enrichment.js +1 -1
- package/dist/server/handlers/heartbeats.cjs +9 -9
- package/dist/server/handlers/heartbeats.js +1 -1
- package/dist/server/handlers/logs.cjs +4 -4
- package/dist/server/handlers/logs.js +1 -1
- package/dist/server/handlers/mcp-client-versions.cjs +8 -8
- package/dist/server/handlers/mcp-client-versions.js +1 -1
- package/dist/server/handlers/mcp.cjs +11 -11
- package/dist/server/handlers/mcp.js +1 -1
- package/dist/server/handlers/memory.cjs +27 -27
- package/dist/server/handlers/memory.js +1 -1
- package/dist/server/handlers/observability-new-endpoints.cjs +29 -29
- package/dist/server/handlers/observability-new-endpoints.js +1 -1
- package/dist/server/handlers/observability-shared.cjs +9 -9
- package/dist/server/handlers/observability-shared.js +1 -1
- package/dist/server/handlers/observability.cjs +40 -40
- package/dist/server/handlers/observability.js +2 -2
- package/dist/server/handlers/processor-providers.cjs +3 -3
- package/dist/server/handlers/processor-providers.js +1 -1
- package/dist/server/handlers/processors.cjs +4 -4
- package/dist/server/handlers/processors.js +1 -1
- package/dist/server/handlers/prompt-block-versions.cjs +8 -8
- package/dist/server/handlers/prompt-block-versions.js +1 -1
- package/dist/server/handlers/responses.cjs +4 -4
- package/dist/server/handlers/responses.js +1 -1
- package/dist/server/handlers/responses.storage.cjs +8 -8
- package/dist/server/handlers/responses.storage.js +1 -1
- package/dist/server/handlers/schedules.cjs +6 -6
- package/dist/server/handlers/schedules.js +1 -1
- package/dist/server/handlers/scorer-versions.cjs +8 -8
- package/dist/server/handlers/scorer-versions.js +1 -1
- package/dist/server/handlers/scores.cjs +7 -7
- package/dist/server/handlers/scores.js +1 -1
- package/dist/server/handlers/stored-agent-favorites.cjs +3 -3
- package/dist/server/handlers/stored-agent-favorites.js +1 -1
- package/dist/server/handlers/stored-agents.cjs +10 -10
- package/dist/server/handlers/stored-agents.js +1 -1
- package/dist/server/handlers/stored-mcp-clients.cjs +6 -6
- package/dist/server/handlers/stored-mcp-clients.js +1 -1
- package/dist/server/handlers/stored-prompt-blocks.cjs +6 -6
- package/dist/server/handlers/stored-prompt-blocks.js +1 -1
- package/dist/server/handlers/stored-scorers.cjs +6 -6
- package/dist/server/handlers/stored-scorers.js +1 -1
- package/dist/server/handlers/stored-skill-favorites.cjs +3 -3
- package/dist/server/handlers/stored-skill-favorites.js +1 -1
- package/dist/server/handlers/stored-skills.cjs +7 -7
- package/dist/server/handlers/stored-skills.js +1 -1
- package/dist/server/handlers/stored-workspaces.cjs +6 -6
- package/dist/server/handlers/stored-workspaces.js +1 -1
- package/dist/server/handlers/system.cjs +3 -3
- package/dist/server/handlers/system.js +1 -1
- package/dist/server/handlers/tool-providers.cjs +14 -14
- package/dist/server/handlers/tool-providers.js +1 -1
- package/dist/server/handlers/tools.cjs +6 -6
- package/dist/server/handlers/tools.js +1 -1
- package/dist/server/handlers/utils.cjs +10 -10
- package/dist/server/handlers/utils.js +1 -1
- package/dist/server/handlers/vector.cjs +16 -16
- package/dist/server/handlers/vector.js +1 -1
- package/dist/server/handlers/workflows.cjs +27 -27
- package/dist/server/handlers/workflows.js +1 -1
- package/dist/server/handlers/workspace.cjs +26 -26
- package/dist/server/handlers/workspace.js +1 -1
- package/dist/server/handlers.cjs +39 -39
- package/dist/server/handlers.js +14 -14
- package/dist/server/schemas/index.cjs +605 -605
- package/dist/server/schemas/index.js +9 -9
- package/dist/server/server-adapter/index.cjs +48 -48
- package/dist/server/server-adapter/index.js +9 -9
- package/package.json +6 -6
- package/dist/chunk-2WUMO4RN.cjs.map +0 -1
- package/dist/chunk-3YQ7NWF6.cjs.map +0 -1
- package/dist/chunk-4PQR3D5Y.cjs.map +0 -1
- package/dist/chunk-AXCPENWP.cjs +0 -753
- package/dist/chunk-HATXNJ4V.js.map +0 -1
- package/dist/chunk-JIL453ER.js.map +0 -1
- package/dist/chunk-KLV64VVH.js.map +0 -1
- package/dist/chunk-M3UP3Z3G.cjs.map +0 -1
- package/dist/chunk-W4ALUSXG.js.map +0 -1
- package/dist/chunk-WWPJKPP2.js.map +0 -1
- package/dist/chunk-ZVDH3EUZ.cjs.map +0 -1
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var chunkF3HP5HM6_cjs = require('./chunk-F3HP5HM6.cjs');
|
|
4
|
-
var chunkYLWKZ3VK_cjs = require('./chunk-YLWKZ3VK.cjs');
|
|
5
3
|
var chunkNI2DJ2VW_cjs = require('./chunk-NI2DJ2VW.cjs');
|
|
6
|
-
var
|
|
7
|
-
var
|
|
4
|
+
var chunkF3HP5HM6_cjs = require('./chunk-F3HP5HM6.cjs');
|
|
5
|
+
var chunkKIDHIRVO_cjs = require('./chunk-KIDHIRVO.cjs');
|
|
6
|
+
var chunkEFJCOPJ3_cjs = require('./chunk-EFJCOPJ3.cjs');
|
|
7
|
+
var chunk42M6Y2OD_cjs = require('./chunk-42M6Y2OD.cjs');
|
|
8
8
|
var chunkZ7LCIYK7_cjs = require('./chunk-Z7LCIYK7.cjs');
|
|
9
|
-
var
|
|
9
|
+
var chunkN54Q3AQR_cjs = require('./chunk-N54Q3AQR.cjs');
|
|
10
10
|
var chunk64ITUOXI_cjs = require('./chunk-64ITUOXI.cjs');
|
|
11
11
|
var chunkO7I5CWRX_cjs = require('./chunk-O7I5CWRX.cjs');
|
|
12
12
|
var crypto = require('crypto');
|
|
@@ -42,7 +42,7 @@ function buildConversationDeleted(conversationId) {
|
|
|
42
42
|
deleted: true
|
|
43
43
|
};
|
|
44
44
|
}
|
|
45
|
-
var CREATE_CONVERSATION_ROUTE =
|
|
45
|
+
var CREATE_CONVERSATION_ROUTE = chunkN54Q3AQR_cjs.createRoute({
|
|
46
46
|
method: "POST",
|
|
47
47
|
path: "/v1/conversations",
|
|
48
48
|
responseType: "json",
|
|
@@ -52,22 +52,22 @@ var CREATE_CONVERSATION_ROUTE = chunkDN2NUSL2_cjs.createRoute({
|
|
|
52
52
|
description: "Creates a new thread-backed conversation for agent-backed Responses API requests",
|
|
53
53
|
tags: ["Responses"],
|
|
54
54
|
requiresAuth: true,
|
|
55
|
-
requiresPermission:
|
|
55
|
+
requiresPermission: chunk42M6Y2OD_cjs.MastraFGAPermissions.AGENTS_CREATE,
|
|
56
56
|
handler: async ({ mastra, requestContext, agent_id, conversation_id, resource_id, title, metadata }) => {
|
|
57
57
|
try {
|
|
58
58
|
if (!mastra) {
|
|
59
59
|
throw new chunk64ITUOXI_cjs.HTTPException(500, { message: "Mastra instance is required for conversations" });
|
|
60
60
|
}
|
|
61
|
-
const agent = await
|
|
61
|
+
const agent = await chunkEFJCOPJ3_cjs.getAgentFromSystem({ mastra, agentId: agent_id });
|
|
62
62
|
const memory = await agent.getMemory({ requestContext });
|
|
63
63
|
if (!memory) {
|
|
64
64
|
throw new chunk64ITUOXI_cjs.HTTPException(400, { message: `Agent "${agent.id}" does not have memory configured` });
|
|
65
65
|
}
|
|
66
|
-
if (!await
|
|
66
|
+
if (!await chunkKIDHIRVO_cjs.getAgentMemoryStore({ agent, requestContext })) {
|
|
67
67
|
throw new chunk64ITUOXI_cjs.HTTPException(400, { message: `Memory storage is not configured for agent "${agent.id}"` });
|
|
68
68
|
}
|
|
69
69
|
const threadId = conversation_id ?? crypto.randomUUID();
|
|
70
|
-
const resourceId =
|
|
70
|
+
const resourceId = chunk42M6Y2OD_cjs.getEffectiveResourceId(requestContext, resource_id) ?? threadId;
|
|
71
71
|
const thread = await memory.createThread({
|
|
72
72
|
threadId,
|
|
73
73
|
resourceId,
|
|
@@ -80,7 +80,7 @@ var CREATE_CONVERSATION_ROUTE = chunkDN2NUSL2_cjs.createRoute({
|
|
|
80
80
|
}
|
|
81
81
|
}
|
|
82
82
|
});
|
|
83
|
-
var GET_CONVERSATION_ROUTE =
|
|
83
|
+
var GET_CONVERSATION_ROUTE = chunkN54Q3AQR_cjs.createRoute({
|
|
84
84
|
method: "GET",
|
|
85
85
|
path: "/v1/conversations/:conversationId",
|
|
86
86
|
responseType: "json",
|
|
@@ -90,10 +90,10 @@ var GET_CONVERSATION_ROUTE = chunkDN2NUSL2_cjs.createRoute({
|
|
|
90
90
|
description: "Returns a conversation object backed by a Mastra memory thread",
|
|
91
91
|
tags: ["Responses"],
|
|
92
92
|
requiresAuth: true,
|
|
93
|
-
requiresPermission:
|
|
93
|
+
requiresPermission: chunk42M6Y2OD_cjs.MastraFGAPermissions.AGENTS_READ,
|
|
94
94
|
handler: async ({ mastra, requestContext, conversationId }) => {
|
|
95
95
|
try {
|
|
96
|
-
const match = await
|
|
96
|
+
const match = await chunkKIDHIRVO_cjs.findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });
|
|
97
97
|
if (!match) {
|
|
98
98
|
throw new chunk64ITUOXI_cjs.HTTPException(404, { message: `Conversation ${conversationId} was not found` });
|
|
99
99
|
}
|
|
@@ -103,7 +103,7 @@ var GET_CONVERSATION_ROUTE = chunkDN2NUSL2_cjs.createRoute({
|
|
|
103
103
|
}
|
|
104
104
|
}
|
|
105
105
|
});
|
|
106
|
-
var GET_CONVERSATION_ITEMS_ROUTE =
|
|
106
|
+
var GET_CONVERSATION_ITEMS_ROUTE = chunkN54Q3AQR_cjs.createRoute({
|
|
107
107
|
method: "GET",
|
|
108
108
|
path: "/v1/conversations/:conversationId/items",
|
|
109
109
|
responseType: "json",
|
|
@@ -113,10 +113,10 @@ var GET_CONVERSATION_ITEMS_ROUTE = chunkDN2NUSL2_cjs.createRoute({
|
|
|
113
113
|
description: "Returns OpenAI-style conversation items derived from the stored thread messages",
|
|
114
114
|
tags: ["Responses"],
|
|
115
115
|
requiresAuth: true,
|
|
116
|
-
requiresPermission:
|
|
116
|
+
requiresPermission: chunk42M6Y2OD_cjs.MastraFGAPermissions.AGENTS_READ,
|
|
117
117
|
handler: async ({ mastra, requestContext, conversationId }) => {
|
|
118
118
|
try {
|
|
119
|
-
const match = await
|
|
119
|
+
const match = await chunkKIDHIRVO_cjs.findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });
|
|
120
120
|
if (!match) {
|
|
121
121
|
throw new chunk64ITUOXI_cjs.HTTPException(404, { message: `Conversation ${conversationId} was not found` });
|
|
122
122
|
}
|
|
@@ -131,7 +131,7 @@ var GET_CONVERSATION_ITEMS_ROUTE = chunkDN2NUSL2_cjs.createRoute({
|
|
|
131
131
|
}
|
|
132
132
|
}
|
|
133
133
|
});
|
|
134
|
-
var DELETE_CONVERSATION_ROUTE =
|
|
134
|
+
var DELETE_CONVERSATION_ROUTE = chunkN54Q3AQR_cjs.createRoute({
|
|
135
135
|
method: "DELETE",
|
|
136
136
|
path: "/v1/conversations/:conversationId",
|
|
137
137
|
responseType: "json",
|
|
@@ -141,10 +141,10 @@ var DELETE_CONVERSATION_ROUTE = chunkDN2NUSL2_cjs.createRoute({
|
|
|
141
141
|
description: "Deletes a thread-backed conversation and its stored items",
|
|
142
142
|
tags: ["Responses"],
|
|
143
143
|
requiresAuth: true,
|
|
144
|
-
requiresPermission:
|
|
144
|
+
requiresPermission: chunk42M6Y2OD_cjs.MastraFGAPermissions.AGENTS_DELETE,
|
|
145
145
|
handler: async ({ mastra, requestContext, conversationId }) => {
|
|
146
146
|
try {
|
|
147
|
-
const match = await
|
|
147
|
+
const match = await chunkKIDHIRVO_cjs.findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });
|
|
148
148
|
if (!match) {
|
|
149
149
|
throw new chunk64ITUOXI_cjs.HTTPException(404, { message: `Conversation ${conversationId} was not found` });
|
|
150
150
|
}
|
|
@@ -161,5 +161,5 @@ exports.DELETE_CONVERSATION_ROUTE = DELETE_CONVERSATION_ROUTE;
|
|
|
161
161
|
exports.GET_CONVERSATION_ITEMS_ROUTE = GET_CONVERSATION_ITEMS_ROUTE;
|
|
162
162
|
exports.GET_CONVERSATION_ROUTE = GET_CONVERSATION_ROUTE;
|
|
163
163
|
exports.conversations_exports = conversations_exports;
|
|
164
|
-
//# sourceMappingURL=chunk-
|
|
165
|
-
//# sourceMappingURL=chunk-
|
|
164
|
+
//# sourceMappingURL=chunk-SEOGVPOT.cjs.map
|
|
165
|
+
//# sourceMappingURL=chunk-SEOGVPOT.cjs.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/server/handlers/conversations.ts"],"names":["__export","createRoute","createConversationBodySchema","conversationObjectSchema","MastraFGAPermissions","HTTPException","getAgentFromSystem","getAgentMemoryStore","randomUUID","getEffectiveResourceId","handleError","conversationIdPathParams","findConversationThreadAcrossAgents","conversationItemsListSchema","mapMastraMessagesToConversationItems","conversationDeletedSchema"],"mappings":";;;;;;;;;;;;;;AAAA,IAAA,qBAAA,GAAA;AAAAA,0BAAA,CAAA,qBAAA,EAAA;AAAA,EAAA,yBAAA,EAAA,MAAA,yBAAA;AAAA,EAAA,yBAAA,EAAA,MAAA,yBAAA;AAAA,EAAA,4BAAA,EAAA,MAAA,4BAAA;AAAA,EAAA,sBAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAkBA,SAAS,uBAAA,CAAwB,EAAE,MAAA,EAAO,EAAiE;AACzG,EAAA,OAAO;AAAA,IACL,IAAI,MAAA,CAAO,EAAA;AAAA,IACX,MAAA,EAAQ,cAAA;AAAA,IACR;AAAA,GACF;AACF;AAEA,SAAS,2BAA2B,KAAA,EAA6D;AAC/F,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAA;AAAA,IACN,QAAA,EAAU,KAAA,CAAM,CAAC,CAAA,EAAG,EAAA,IAAM,IAAA;AAAA,IAC1B,OAAA,EAAS,KAAA,CAAM,EAAA,CAAG,EAAE,GAAG,EAAA,IAAM,IAAA;AAAA,IAC7B,QAAA,EAAU;AAAA,GACZ;AACF;AAEA,SAAS,yBAAyB,cAAA,EAA6C;AAC7E,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,cAAA;AAAA,IACJ,MAAA,EAAQ,sBAAA;AAAA,IACR,OAAA,EAAS;AAAA,GACX;AACF;AAEO,IAAM,4BAA4BC,6BAAA,CAAY;AAAA,EACnD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,mBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,UAAA,EAAYC,8CAAA;AAAA,EACZ,cAAA,EAAgBC,0CAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EAAa,kFAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoBC,sCAAA,CAAqB,aAAA;AAAA,EACzC,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,UAAU,eAAA,EAAiB,WAAA,EAAa,KAAA,EAAO,QAAA,EAAS,KAAM;AACtG,IAAA,IAAI;AACF,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,iDAAiD,CAAA;AAAA,MAC3F;AAEA,MAAA,MAAM,QAAQ,MAAMC,oCAAA,CAAmB,EAAE,MAAA,EAAQ,OAAA,EAAS,UAAU,CAAA;AACpE,MAAA,MAAM,SAAS,MAAM,KAAA,CAAM,SAAA,CAAU,EAAE,gBAAgB,CAAA;AACvD,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAID,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,OAAA,EAAU,KAAA,CAAM,EAAE,CAAA,iCAAA,CAAA,EAAqC,CAAA;AAAA,MACjG;AACA,MAAA,IAAI,CAAE,MAAME,qCAAA,CAAoB,EAAE,KAAA,EAAO,cAAA,EAAgB,CAAA,EAAI;AAC3D,QAAA,MAAM,IAAIF,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,4CAAA,EAA+C,KAAA,CAAM,EAAE,CAAA,CAAA,CAAA,EAAK,CAAA;AAAA,MACtG;AAEA,MAAA,MAAM,QAAA,GAAW,mBAAmBG,iBAAA,EAAW;AAC/C,MAAA,MAAM,UAAA,GAAaC,wCAAA,CAAuB,cAAA,EAAgB,WAAW,CAAA,IAAK,QAAA;AAC1E,MAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,YAAA,CAAa;AAAA,QACvC,QAAA;AAAA,QACA,UAAA;AAAA,QACA,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,OAAO,uBAAA,CAAwB,EAAE,MAAA,EAAQ,CAAA;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,6BAA6B,CAAA;AAAA,IACzD;AAAA,EACF;AACF,CAAC;AAEM,IAAM,yBAAyBT,6BAAA,CAAY;AAAA,EAChD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBU,0CAAA;AAAA,EACjB,cAAA,EAAgBR,0CAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,gEAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoBC,sCAAA,CAAqB,WAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAMQ,oDAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIP,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,OAAO,uBAAA,CAAwB,EAAE,MAAA,EAAQ,KAAA,CAAM,QAAQ,CAAA;AAAA,IACzD,SAAS,KAAA,EAAO;AACd,MAAA,OAAOK,6BAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAEM,IAAM,+BAA+BT,6BAAA,CAAY;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,yCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBU,0CAAA;AAAA,EACjB,cAAA,EAAgBE,6CAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,iFAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoBT,sCAAA,CAAqB,WAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAMQ,oDAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIP,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,KAAA,CAAM,YAAY,YAAA,CAAa;AAAA,QACxD,QAAA,EAAU,cAAA;AAAA,QACV,IAAA,EAAM,CAAA;AAAA,QACN,OAAA,EAAS;AAAA,OACV,CAAA;AAED,MAAA,OAAO,0BAAA,CAA2BS,sDAAA,CAAqC,QAAQ,CAAC,CAAA;AAAA,IAClF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOJ,6BAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAEM,IAAM,4BAA4BT,6BAAA,CAAY;AAAA,EACnD,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBU,0CAAA;AAAA,EACjB,cAAA,EAAgBI,2CAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EAAa,2DAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoBX,sCAAA,CAAqB,aAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAMQ,oDAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIP,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,MAAM,WAAA,CAAY,YAAA,CAAa,EAAE,QAAA,EAAU,gBAAgB,CAAA;AAEjE,MAAA,OAAO,yBAAyB,cAAc,CAAA;AAAA,IAChD,SAAS,KAAA,EAAO;AACd,MAAA,OAAOK,6BAAA,CAAY,OAAO,6BAA6B,CAAA;AAAA,IACzD;AAAA,EACF;AACF,CAAC","file":"chunk-QFSMY2ZW.cjs","sourcesContent":["import { randomUUID } from 'node:crypto';\nimport { MastraFGAPermissions } from '../fga-permissions';\nimport { HTTPException } from '../http-exception';\nimport {\n conversationDeletedSchema,\n conversationIdPathParams,\n conversationItemsListSchema,\n conversationObjectSchema,\n createConversationBodySchema,\n} from '../schemas/conversations';\nimport type { ConversationDeleted, ConversationItemsList, ConversationObject } from '../schemas/conversations';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { getAgentFromSystem } from './agents';\nimport { handleError } from './error';\nimport { mapMastraMessagesToConversationItems } from './responses.adapter';\nimport { findConversationThreadAcrossAgents, getAgentMemoryStore } from './responses.storage';\nimport { getEffectiveResourceId } from './utils';\n\nfunction buildConversationObject({ thread }: { thread: ConversationObject['thread'] }): ConversationObject {\n return {\n id: thread.id,\n object: 'conversation',\n thread,\n };\n}\n\nfunction buildConversationItemsList(items: ConversationItemsList['data']): ConversationItemsList {\n return {\n object: 'list',\n data: items,\n first_id: items[0]?.id ?? null,\n last_id: items.at(-1)?.id ?? null,\n has_more: false,\n };\n}\n\nfunction buildConversationDeleted(conversationId: string): ConversationDeleted {\n return {\n id: conversationId,\n object: 'conversation.deleted',\n deleted: true,\n };\n}\n\nexport const CREATE_CONVERSATION_ROUTE = createRoute({\n method: 'POST',\n path: '/v1/conversations',\n responseType: 'json',\n bodySchema: createConversationBodySchema,\n responseSchema: conversationObjectSchema,\n summary: 'Create a conversation',\n description: 'Creates a new thread-backed conversation for agent-backed Responses API requests',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_CREATE,\n handler: async ({ mastra, requestContext, agent_id, conversation_id, resource_id, title, metadata }) => {\n try {\n if (!mastra) {\n throw new HTTPException(500, { message: 'Mastra instance is required for conversations' });\n }\n\n const agent = await getAgentFromSystem({ mastra, agentId: agent_id });\n const memory = await agent.getMemory({ requestContext });\n if (!memory) {\n throw new HTTPException(400, { message: `Agent \"${agent.id}\" does not have memory configured` });\n }\n if (!(await getAgentMemoryStore({ agent, requestContext }))) {\n throw new HTTPException(400, { message: `Memory storage is not configured for agent \"${agent.id}\"` });\n }\n\n const threadId = conversation_id ?? randomUUID();\n const resourceId = getEffectiveResourceId(requestContext, resource_id) ?? threadId;\n const thread = await memory.createThread({\n threadId,\n resourceId,\n title,\n metadata,\n });\n\n return buildConversationObject({ thread });\n } catch (error) {\n return handleError(error, 'Error creating conversation');\n }\n },\n});\n\nexport const GET_CONVERSATION_ROUTE = createRoute({\n method: 'GET',\n path: '/v1/conversations/:conversationId',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationObjectSchema,\n summary: 'Retrieve a conversation',\n description: 'Returns a conversation object backed by a Mastra memory thread',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_READ,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n return buildConversationObject({ thread: match.thread });\n } catch (error) {\n return handleError(error, 'Error retrieving conversation');\n }\n },\n});\n\nexport const GET_CONVERSATION_ITEMS_ROUTE = createRoute({\n method: 'GET',\n path: '/v1/conversations/:conversationId/items',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationItemsListSchema,\n summary: 'List conversation items',\n description: 'Returns OpenAI-style conversation items derived from the stored thread messages',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_READ,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n const { messages } = await match.memoryStore.listMessages({\n threadId: conversationId,\n page: 0,\n perPage: 1000,\n });\n\n return buildConversationItemsList(mapMastraMessagesToConversationItems(messages));\n } catch (error) {\n return handleError(error, 'Error retrieving conversation');\n }\n },\n});\n\nexport const DELETE_CONVERSATION_ROUTE = createRoute({\n method: 'DELETE',\n path: '/v1/conversations/:conversationId',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationDeletedSchema,\n summary: 'Delete a conversation',\n description: 'Deletes a thread-backed conversation and its stored items',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_DELETE,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n await match.memoryStore.deleteThread({ threadId: conversationId });\n\n return buildConversationDeleted(conversationId);\n } catch (error) {\n return handleError(error, 'Error deleting conversation');\n }\n },\n});\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/server/handlers/conversations.ts"],"names":["__export","createRoute","createConversationBodySchema","conversationObjectSchema","MastraFGAPermissions","HTTPException","getAgentFromSystem","getAgentMemoryStore","randomUUID","getEffectiveResourceId","handleError","conversationIdPathParams","findConversationThreadAcrossAgents","conversationItemsListSchema","mapMastraMessagesToConversationItems","conversationDeletedSchema"],"mappings":";;;;;;;;;;;;;;AAAA,IAAA,qBAAA,GAAA;AAAAA,0BAAA,CAAA,qBAAA,EAAA;AAAA,EAAA,yBAAA,EAAA,MAAA,yBAAA;AAAA,EAAA,yBAAA,EAAA,MAAA,yBAAA;AAAA,EAAA,4BAAA,EAAA,MAAA,4BAAA;AAAA,EAAA,sBAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAkBA,SAAS,uBAAA,CAAwB,EAAE,MAAA,EAAO,EAAiE;AACzG,EAAA,OAAO;AAAA,IACL,IAAI,MAAA,CAAO,EAAA;AAAA,IACX,MAAA,EAAQ,cAAA;AAAA,IACR;AAAA,GACF;AACF;AAEA,SAAS,2BAA2B,KAAA,EAA6D;AAC/F,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAA;AAAA,IACN,QAAA,EAAU,KAAA,CAAM,CAAC,CAAA,EAAG,EAAA,IAAM,IAAA;AAAA,IAC1B,OAAA,EAAS,KAAA,CAAM,EAAA,CAAG,EAAE,GAAG,EAAA,IAAM,IAAA;AAAA,IAC7B,QAAA,EAAU;AAAA,GACZ;AACF;AAEA,SAAS,yBAAyB,cAAA,EAA6C;AAC7E,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,cAAA;AAAA,IACJ,MAAA,EAAQ,sBAAA;AAAA,IACR,OAAA,EAAS;AAAA,GACX;AACF;AAEO,IAAM,4BAA4BC,6BAAA,CAAY;AAAA,EACnD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,mBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,UAAA,EAAYC,8CAAA;AAAA,EACZ,cAAA,EAAgBC,0CAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EAAa,kFAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoBC,sCAAA,CAAqB,aAAA;AAAA,EACzC,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,UAAU,eAAA,EAAiB,WAAA,EAAa,KAAA,EAAO,QAAA,EAAS,KAAM;AACtG,IAAA,IAAI;AACF,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,iDAAiD,CAAA;AAAA,MAC3F;AAEA,MAAA,MAAM,QAAQ,MAAMC,oCAAA,CAAmB,EAAE,MAAA,EAAQ,OAAA,EAAS,UAAU,CAAA;AACpE,MAAA,MAAM,SAAS,MAAM,KAAA,CAAM,SAAA,CAAU,EAAE,gBAAgB,CAAA;AACvD,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAID,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,OAAA,EAAU,KAAA,CAAM,EAAE,CAAA,iCAAA,CAAA,EAAqC,CAAA;AAAA,MACjG;AACA,MAAA,IAAI,CAAE,MAAME,qCAAA,CAAoB,EAAE,KAAA,EAAO,cAAA,EAAgB,CAAA,EAAI;AAC3D,QAAA,MAAM,IAAIF,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,4CAAA,EAA+C,KAAA,CAAM,EAAE,CAAA,CAAA,CAAA,EAAK,CAAA;AAAA,MACtG;AAEA,MAAA,MAAM,QAAA,GAAW,mBAAmBG,iBAAA,EAAW;AAC/C,MAAA,MAAM,UAAA,GAAaC,wCAAA,CAAuB,cAAA,EAAgB,WAAW,CAAA,IAAK,QAAA;AAC1E,MAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,YAAA,CAAa;AAAA,QACvC,QAAA;AAAA,QACA,UAAA;AAAA,QACA,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,OAAO,uBAAA,CAAwB,EAAE,MAAA,EAAQ,CAAA;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,6BAA6B,CAAA;AAAA,IACzD;AAAA,EACF;AACF,CAAC;AAEM,IAAM,yBAAyBT,6BAAA,CAAY;AAAA,EAChD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBU,0CAAA;AAAA,EACjB,cAAA,EAAgBR,0CAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,gEAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoBC,sCAAA,CAAqB,WAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAMQ,oDAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIP,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,OAAO,uBAAA,CAAwB,EAAE,MAAA,EAAQ,KAAA,CAAM,QAAQ,CAAA;AAAA,IACzD,SAAS,KAAA,EAAO;AACd,MAAA,OAAOK,6BAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAEM,IAAM,+BAA+BT,6BAAA,CAAY;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,yCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBU,0CAAA;AAAA,EACjB,cAAA,EAAgBE,6CAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,iFAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoBT,sCAAA,CAAqB,WAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAMQ,oDAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIP,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,KAAA,CAAM,YAAY,YAAA,CAAa;AAAA,QACxD,QAAA,EAAU,cAAA;AAAA,QACV,IAAA,EAAM,CAAA;AAAA,QACN,OAAA,EAAS;AAAA,OACV,CAAA;AAED,MAAA,OAAO,0BAAA,CAA2BS,sDAAA,CAAqC,QAAQ,CAAC,CAAA;AAAA,IAClF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOJ,6BAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAEM,IAAM,4BAA4BT,6BAAA,CAAY;AAAA,EACnD,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBU,0CAAA;AAAA,EACjB,cAAA,EAAgBI,2CAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EAAa,2DAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoBX,sCAAA,CAAqB,aAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAMQ,oDAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIP,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,MAAM,WAAA,CAAY,YAAA,CAAa,EAAE,QAAA,EAAU,gBAAgB,CAAA;AAEjE,MAAA,OAAO,yBAAyB,cAAc,CAAA;AAAA,IAChD,SAAS,KAAA,EAAO;AACd,MAAA,OAAOK,6BAAA,CAAY,OAAO,6BAA6B,CAAA;AAAA,IACzD;AAAA,EACF;AACF,CAAC","file":"chunk-SEOGVPOT.cjs","sourcesContent":["import { randomUUID } from 'node:crypto';\nimport { MastraFGAPermissions } from '../fga-permissions';\nimport { HTTPException } from '../http-exception';\nimport {\n conversationDeletedSchema,\n conversationIdPathParams,\n conversationItemsListSchema,\n conversationObjectSchema,\n createConversationBodySchema,\n} from '../schemas/conversations';\nimport type { ConversationDeleted, ConversationItemsList, ConversationObject } from '../schemas/conversations';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { getAgentFromSystem } from './agents';\nimport { handleError } from './error';\nimport { mapMastraMessagesToConversationItems } from './responses.adapter';\nimport { findConversationThreadAcrossAgents, getAgentMemoryStore } from './responses.storage';\nimport { getEffectiveResourceId } from './utils';\n\nfunction buildConversationObject({ thread }: { thread: ConversationObject['thread'] }): ConversationObject {\n return {\n id: thread.id,\n object: 'conversation',\n thread,\n };\n}\n\nfunction buildConversationItemsList(items: ConversationItemsList['data']): ConversationItemsList {\n return {\n object: 'list',\n data: items,\n first_id: items[0]?.id ?? null,\n last_id: items.at(-1)?.id ?? null,\n has_more: false,\n };\n}\n\nfunction buildConversationDeleted(conversationId: string): ConversationDeleted {\n return {\n id: conversationId,\n object: 'conversation.deleted',\n deleted: true,\n };\n}\n\nexport const CREATE_CONVERSATION_ROUTE = createRoute({\n method: 'POST',\n path: '/v1/conversations',\n responseType: 'json',\n bodySchema: createConversationBodySchema,\n responseSchema: conversationObjectSchema,\n summary: 'Create a conversation',\n description: 'Creates a new thread-backed conversation for agent-backed Responses API requests',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_CREATE,\n handler: async ({ mastra, requestContext, agent_id, conversation_id, resource_id, title, metadata }) => {\n try {\n if (!mastra) {\n throw new HTTPException(500, { message: 'Mastra instance is required for conversations' });\n }\n\n const agent = await getAgentFromSystem({ mastra, agentId: agent_id });\n const memory = await agent.getMemory({ requestContext });\n if (!memory) {\n throw new HTTPException(400, { message: `Agent \"${agent.id}\" does not have memory configured` });\n }\n if (!(await getAgentMemoryStore({ agent, requestContext }))) {\n throw new HTTPException(400, { message: `Memory storage is not configured for agent \"${agent.id}\"` });\n }\n\n const threadId = conversation_id ?? randomUUID();\n const resourceId = getEffectiveResourceId(requestContext, resource_id) ?? threadId;\n const thread = await memory.createThread({\n threadId,\n resourceId,\n title,\n metadata,\n });\n\n return buildConversationObject({ thread });\n } catch (error) {\n return handleError(error, 'Error creating conversation');\n }\n },\n});\n\nexport const GET_CONVERSATION_ROUTE = createRoute({\n method: 'GET',\n path: '/v1/conversations/:conversationId',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationObjectSchema,\n summary: 'Retrieve a conversation',\n description: 'Returns a conversation object backed by a Mastra memory thread',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_READ,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n return buildConversationObject({ thread: match.thread });\n } catch (error) {\n return handleError(error, 'Error retrieving conversation');\n }\n },\n});\n\nexport const GET_CONVERSATION_ITEMS_ROUTE = createRoute({\n method: 'GET',\n path: '/v1/conversations/:conversationId/items',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationItemsListSchema,\n summary: 'List conversation items',\n description: 'Returns OpenAI-style conversation items derived from the stored thread messages',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_READ,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n const { messages } = await match.memoryStore.listMessages({\n threadId: conversationId,\n page: 0,\n perPage: 1000,\n });\n\n return buildConversationItemsList(mapMastraMessagesToConversationItems(messages));\n } catch (error) {\n return handleError(error, 'Error retrieving conversation');\n }\n },\n});\n\nexport const DELETE_CONVERSATION_ROUTE = createRoute({\n method: 'DELETE',\n path: '/v1/conversations/:conversationId',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationDeletedSchema,\n summary: 'Delete a conversation',\n description: 'Deletes a thread-backed conversation and its stored items',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_DELETE,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n await match.memoryStore.deleteThread({ threadId: conversationId });\n\n return buildConversationDeleted(conversationId);\n } catch (error) {\n return handleError(error, 'Error deleting conversation');\n }\n },\n});\n"]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { HTTPException } from './chunk-6QWQZI4Q.js';
|
|
2
1
|
import { MASTRA_RESOURCE_ID_KEY, MASTRA_USER_KEY, MASTRA_USER_PERMISSIONS_KEY } from './chunk-5FOSK5R3.js';
|
|
2
|
+
import { HTTPException } from './chunk-6QWQZI4Q.js';
|
|
3
3
|
import { matchesPermission } from '@mastra/core/auth/ee';
|
|
4
4
|
|
|
5
5
|
function getCallerAuthorId(requestContext) {
|
|
@@ -145,5 +145,5 @@ function assertOwnership(args) {
|
|
|
145
145
|
}
|
|
146
146
|
|
|
147
147
|
export { assertExecuteAccess, assertOwnership, assertReadAccess, assertShareAccess, assertWriteAccess, getCallerAuthorId, getCallerPermissions, hasAdminBypass, hasScopedPermission, matchesAuthorFilter, resolveAuthorFilter };
|
|
148
|
-
//# sourceMappingURL=chunk-
|
|
149
|
-
//# sourceMappingURL=chunk-
|
|
148
|
+
//# sourceMappingURL=chunk-SXZS6VZ3.js.map
|
|
149
|
+
//# sourceMappingURL=chunk-SXZS6VZ3.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/server/handlers/authorship.ts"],"names":["required"],"mappings":";;;;AAsBO,SAAS,kBAAkB,cAAA,EAA+C;AAC/E,EAAA,MAAM,UAAA,GAAa,cAAA,CAAe,GAAA,CAAI,sBAAsB,CAAA;AAC5D,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,IAAY,UAAA,CAAW,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA;AAC/C,EAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,QAAQ,IAAA,EAAM;AACpD,IAAA,MAAM,KAAM,IAAA,CAAyB,EAAA;AACrC,IAAA,IAAI,OAAO,EAAA,KAAO,QAAA,IAAY,EAAA,CAAG,SAAS,CAAA,EAAG;AAC3C,MAAA,OAAO,EAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAMO,SAAS,qBAAqB,cAAA,EAA0C;AAC7E,EAAA,MAAM,GAAA,GAAM,cAAA,CAAe,GAAA,CAAI,2BAA2B,CAAA;AAC1D,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,OAAO,IAAI,MAAA,CAAO,CAAC,CAAA,KAAmB,OAAO,MAAM,QAAQ,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,EAAC;AACV;AAQO,SAAS,cAAA,CAAe,gBAAgC,QAAA,EAA2B;AACxF,EAAA,MAAM,WAAA,GAAc,qBAAqB,cAAc,CAAA;AACvD,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AACrC,EAAA,MAAM,WAAA,GAAc,GAAA;AACpB,EAAA,MAAM,gBAAA,GAAmB,GAAG,QAAQ,CAAA,EAAA,CAAA;AACpC,EAAA,MAAM,aAAA,GAAgB,GAAG,QAAQ,CAAA,MAAA,CAAA;AACjC,EAAA,OAAO,WAAA,CAAY,KAAK,CAAA,CAAA,KAAK,CAAA,KAAM,eAAe,CAAA,KAAM,gBAAA,IAAoB,MAAM,aAAa,CAAA;AACjG;AAeO,SAAS,oBAAoB,IAAA,EAKxB;AACV,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,MAAA,EAAQ,YAAW,GAAI,IAAA;AACzD,EAAA,MAAM,WAAA,GAAc,qBAAqB,cAAc,CAAA;AACvD,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAErC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAMA,SAAAA,GAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACtC,IAAA,OAAO,YAAY,IAAA,CAAK,CAAA,CAAA,KAAK,iBAAA,CAAkB,CAAA,EAAGA,SAAQ,CAAC,CAAA;AAAA,EAC7D;AAEA,EAAA,MAAM,WAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,IAAI,UAAU,CAAA,CAAA;AACpD,EAAA,OAAO,WAAA,CAAY,KAAK,CAAA,CAAA,KAAK;AAI3B,IAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA;AACzB,IAAA,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,OAAO,KAAA;AAC7B,IAAA,OAAO,iBAAA,CAAkB,GAAG,QAAQ,CAAA;AAAA,EACtC,CAAC,CAAA;AACH;AAqBO,SAAS,oBAAoB,IAAA,EAKnB;AACf,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,aAAA,EAAe,iBAAgB,GAAI,IAAA;AACrE,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA;AAEtD,EAAA,IAAI,eAAA,KAAoB,QAAA,IAAY,CAAC,aAAA,EAAe;AAClD,IAAA,OAAO,EAAE,MAAM,YAAA,EAAa;AAAA,EAC9B;AAEA,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,OAAO,aAAA,GAAgB,EAAE,IAAA,EAAM,OAAA,EAAS,UAAU,aAAA,EAAc,GAAI,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,EAC7F;AAIA,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO,aAAA,GAAgB,EAAE,IAAA,EAAM,OAAA,EAAS,UAAU,aAAA,EAAc,GAAI,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,EAC7F;AAEA,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,IAAI,kBAAkB,cAAA,EAAgB;AACpC,MAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,QAAA,EAAU,cAAA,EAAe;AAAA,IACnD;AAEA,IAAA,OAAO,EAAE,IAAA,EAAM,qBAAA,EAAuB,cAAA,EAAgB,aAAA,EAAc;AAAA,EACtE;AAEA,EAAA,OAAO,EAAE,IAAA,EAAM,eAAA,EAAiB,cAAA,EAAe;AACjD;AAQO,SAAS,mBAAA,CAAoB,QAAqB,MAAA,EAA+B;AACtF,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AACjC,EAAA,MAAM,QAAA,GAAW,OAAO,UAAA,KAAe,QAAA;AAEvC,EAAA,QAAQ,OAAO,IAAA;AAAM,IACnB,KAAK,cAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,OAAA;AACH,MAAA,OAAO,UAAU,MAAA,CAAO,QAAA;AAAA,IAC1B,KAAK,eAAA;AACH,MAAA,OAAO,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,CAAO,cAAA,IAAkB,QAAA;AAAA,IAC9D,KAAK,YAAA;AACH,MAAA,OAAO,UAAU,IAAA,IAAQ,QAAA;AAAA,IAC3B,KAAK,qBAAA;AAIH,MAAA,OAAO,KAAA,KAAU,OAAO,aAAA,IAAiB,QAAA;AAAA;AAE/C;AAYO,SAAS,iBAAiB,IAAA,EAKxB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,MAAA,CAAO,eAAe,QAAA,EAAU;AACpC,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AAKvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACjF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAcO,SAAS,oBAAoB,IAAA,EAK3B;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,MAAA,CAAO,eAAe,QAAA,EAAU;AACpC,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,SAAA,EAAW,UAAA,EAAY,CAAA,EAAG;AACpF,IAAA;AAAA,EACF;AACA,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACjF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAcO,SAAS,kBAAkB,IAAA,EAMzB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,MAAA,EAAQ,QAAO,GAAI,IAAA;AACjE,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,oBAAoB,EAAE,cAAA,EAAgB,UAAU,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACzE,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAoBO,SAAS,kBAAkB,IAAA,EAKzB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,OAAA,EAAS,UAAA,EAAY,CAAA,EAAG;AAClF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAMO,SAAS,gBAAgB,IAAA,EAKvB;AACP,EAAA,iBAAA,CAAkB,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,QAAQ,CAAA;AAC/C","file":"chunk-56AYHXOU.js","sourcesContent":["import { matchesPermission } from '@mastra/core/auth/ee';\nimport type { RequestContext } from '@mastra/core/di';\n\nimport { MASTRA_RESOURCE_ID_KEY, MASTRA_USER_KEY, MASTRA_USER_PERMISSIONS_KEY } from '../constants';\nimport { HTTPException } from '../http-exception';\n\n/**\n * Shape of a stored record that carries ownership + visibility metadata.\n * Used by `matchesAuthorFilter` and the access-assertion helpers.\n */\nexport type OwnedRecord = {\n authorId?: string | null;\n visibility?: 'private' | 'public';\n};\n\n/**\n * Returns the author id associated with the authenticated caller, or `null`\n * if auth is not configured / the caller cannot be resolved.\n *\n * Prefers `MASTRA_RESOURCE_ID_KEY` (set by `authConfig.mapUserToResourceId`)\n * and falls back to `user.id` on the authenticated user object.\n */\nexport function getCallerAuthorId(requestContext: RequestContext): string | null {\n const resourceId = requestContext.get(MASTRA_RESOURCE_ID_KEY);\n if (typeof resourceId === 'string' && resourceId.length > 0) {\n return resourceId;\n }\n\n const user = requestContext.get(MASTRA_USER_KEY);\n if (user && typeof user === 'object' && 'id' in user) {\n const id = (user as { id: unknown }).id;\n if (typeof id === 'string' && id.length > 0) {\n return id;\n }\n }\n\n return null;\n}\n\n/**\n * Returns the list of permission strings currently attached to the caller by\n * the RBAC provider. Returns an empty array when RBAC isn't configured.\n */\nexport function getCallerPermissions(requestContext: RequestContext): string[] {\n const raw = requestContext.get(MASTRA_USER_PERMISSIONS_KEY);\n if (Array.isArray(raw)) {\n return raw.filter((p): p is string => typeof p === 'string');\n }\n return [];\n}\n\n/**\n * True if the caller holds a wildcard permission that lets them manage a\n * resource they don't own (e.g. admins listing agents across tenants).\n *\n * Recognizes `*`, `<resource>:*`, and `<resource>:admin`.\n */\nexport function hasAdminBypass(requestContext: RequestContext, resource: string): boolean {\n const permissions = getCallerPermissions(requestContext);\n if (permissions.length === 0) return false;\n const wildcardAll = '*';\n const resourceWildcard = `${resource}:*`;\n const resourceAdmin = `${resource}:admin`;\n return permissions.some(p => p === wildcardAll || p === resourceWildcard || p === resourceAdmin);\n}\n\n/**\n * True if the caller holds a permission explicitly scoped to a specific\n * resource id — e.g. `agents:read:agent-123` or `agents:*:agent-123`.\n *\n * Broad grants without a resource-id segment (e.g. the role-default\n * `agents:execute`) are intentionally NOT treated as satisfying ownership\n * overrides. Those broad grants already gate route access at the\n * `requiresPermission` layer; giving them a second life as per-record\n * overrides would defeat the owner/visibility model.\n *\n * When called without `resourceId` (the legacy shape), falls back to the\n * original \"any matching permission\" behavior.\n */\nexport function hasScopedPermission(args: {\n requestContext: RequestContext;\n resource: string;\n action: string;\n resourceId?: string;\n}): boolean {\n const { requestContext, resource, action, resourceId } = args;\n const permissions = getCallerPermissions(requestContext);\n if (permissions.length === 0) return false;\n\n if (!resourceId) {\n const required = `${resource}:${action}`;\n return permissions.some(p => matchesPermission(p, required));\n }\n\n const required = `${resource}:${action}:${resourceId}`;\n return permissions.some(p => {\n // Only honor grants that explicitly name a resource id. A granted\n // permission with just `<resource>:<action>` (no id segment) is\n // considered a broad role grant, not a per-record override.\n const parts = p.split(':');\n if (parts.length < 3) return false;\n return matchesPermission(p, required);\n });\n}\n\nexport type AuthorFilter =\n | { kind: 'unrestricted' }\n | { kind: 'exact'; authorId: string }\n | { kind: 'ownedOrPublic'; callerAuthorId: string }\n | { kind: 'publicOnly' }\n | { kind: 'ownedOrPublicOthers'; callerAuthorId: string; queryAuthorId: string };\n\n/**\n * Resolves the filter to apply when listing owner-scoped records.\n *\n * Behavior matrix:\n * - Admin bypass + no query overrides → `unrestricted`.\n * - Admin bypass + `authorId=X` → `exact` (all of X's rows).\n * - `visibility=public` (any caller) → `publicOnly` (aggregate public rows across owners).\n * - `authorId=X`, caller === X → `exact` (all of caller's rows).\n * - `authorId=X`, caller !== X (non-admin) → `ownedOrPublicOthers` (only X's public rows).\n * - No caller (auth off) → `unrestricted` (or `exact` if query supplied).\n * - Default → `ownedOrPublic` (caller's rows + legacy unowned + any public rows).\n */\nexport function resolveAuthorFilter(args: {\n requestContext: RequestContext;\n resource: string;\n queryAuthorId?: string;\n queryVisibility?: 'public';\n}): AuthorFilter {\n const { requestContext, resource, queryAuthorId, queryVisibility } = args;\n const callerAuthorId = getCallerAuthorId(requestContext);\n const bypass = hasAdminBypass(requestContext, resource);\n\n if (queryVisibility === 'public' && !queryAuthorId) {\n return { kind: 'publicOnly' };\n }\n\n if (bypass) {\n return queryAuthorId ? { kind: 'exact', authorId: queryAuthorId } : { kind: 'unrestricted' };\n }\n\n // Auth isn't configured (no caller) → treat as unrestricted. The route's\n // `requiresAuth`/`requiresPermission` is what gates access in that mode.\n if (!callerAuthorId) {\n return queryAuthorId ? { kind: 'exact', authorId: queryAuthorId } : { kind: 'unrestricted' };\n }\n\n if (queryAuthorId) {\n if (queryAuthorId === callerAuthorId) {\n return { kind: 'exact', authorId: callerAuthorId };\n }\n // Non-owner asking about another user: only that user's public rows are visible.\n return { kind: 'ownedOrPublicOthers', callerAuthorId, queryAuthorId };\n }\n\n return { kind: 'ownedOrPublic', callerAuthorId };\n}\n\n/**\n * Returns `true` if the record is visible to the caller given the resolved\n * filter. See `resolveAuthorFilter` for the filter semantics.\n *\n * Legacy rows with `authorId == null` are treated as public (visible to all).\n */\nexport function matchesAuthorFilter(record: OwnedRecord, filter: AuthorFilter): boolean {\n const owner = record.authorId ?? null;\n const isPublic = record.visibility === 'public';\n\n switch (filter.kind) {\n case 'unrestricted':\n return true;\n case 'exact':\n return owner === filter.authorId;\n case 'ownedOrPublic':\n return owner === null || owner === filter.callerAuthorId || isPublic;\n case 'publicOnly':\n return owner === null || isPublic;\n case 'ownedOrPublicOthers':\n // Filtering by another author's rows: only expose their public ones.\n // Legacy unowned rows match if the query is for `null`; here the query\n // is always for a concrete id, so unowned rows don't match.\n return owner === filter.queryAuthorId && isPublic;\n }\n}\n\n/**\n * Asserts the caller has read access to the record. Throws 404 if not.\n *\n * Read access is granted when:\n * - The record has no owner (legacy/public), OR\n * - The record is marked `visibility: 'public'`, OR\n * - The caller owns the record, OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:read` or `<resource>:read:<resourceId>`.\n */\nexport function assertReadAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (record.visibility === 'public') return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n // No authenticated user on the request context means auth is not configured\n // (single-user/dev mode). When auth IS configured, coreAuthMiddleware\n // rejects unauthenticated requests with 401 before they reach handlers,\n // so an absent user here genuinely means no auth provider.\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return;\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'read', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has execute access to the record. Throws 404 if not.\n *\n * Execute access is granted when:\n * - The record has no owner (legacy/public), OR\n * - The record is marked `visibility: 'public'`, OR\n * - The caller owns the record, OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:execute` / `<resource>:execute:<resourceId>`, OR\n * - The caller holds `<resource>:read` / `<resource>:read:<resourceId>`\n * (read implies the ability to consume/chat with the resource).\n */\nexport function assertExecuteAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (record.visibility === 'public') return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'execute', resourceId })) {\n return;\n }\n if (hasScopedPermission({ requestContext, resource, action: 'read', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has write access (edit or delete) to the record.\n * Throws 404 if not.\n *\n * Write access is granted when:\n * - The record has no owner (legacy), OR\n * - The caller owns the record, OR\n * - The caller has admin bypass, OR\n * - The caller holds `<resource>:<action>` or `<resource>:<action>:<resourceId>`.\n *\n * `visibility: 'public'` alone does NOT grant write access.\n */\nexport function assertWriteAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n action: 'edit' | 'delete' | 'write';\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, action, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action, resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has share access to the record. Throws 404 if not.\n *\n * Share access controls who can change a record's audience/visibility\n * (e.g. flipping `private` ↔ `public`). It is intentionally separate from\n * `write`: a caller with only `<resource>:write` MUST NOT be able to flip\n * visibility — that would let any editor expose private records.\n *\n * Share access is granted when:\n * - The record has no owner (legacy), OR\n * - The caller owns the record (creators can share their own records), OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:share` / `<resource>:share:<resourceId>`\n * (or any pattern that matches it, e.g. `*:share`).\n *\n * `visibility: 'public'` does NOT grant share access — being readable doesn't\n * imply the right to change who else can read.\n */\nexport function assertShareAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'share', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Alias for `assertWriteAccess` with `action: 'edit'`. Prefer `assertWriteAccess`\n * in new code so the action is explicit.\n */\nexport function assertOwnership(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n assertWriteAccess({ ...args, action: 'edit' });\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/server/handlers/authorship.ts"],"names":["required"],"mappings":";;;;AAsBO,SAAS,kBAAkB,cAAA,EAA+C;AAC/E,EAAA,MAAM,UAAA,GAAa,cAAA,CAAe,GAAA,CAAI,sBAAsB,CAAA;AAC5D,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,IAAY,UAAA,CAAW,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA;AAC/C,EAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,QAAQ,IAAA,EAAM;AACpD,IAAA,MAAM,KAAM,IAAA,CAAyB,EAAA;AACrC,IAAA,IAAI,OAAO,EAAA,KAAO,QAAA,IAAY,EAAA,CAAG,SAAS,CAAA,EAAG;AAC3C,MAAA,OAAO,EAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAMO,SAAS,qBAAqB,cAAA,EAA0C;AAC7E,EAAA,MAAM,GAAA,GAAM,cAAA,CAAe,GAAA,CAAI,2BAA2B,CAAA;AAC1D,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,OAAO,IAAI,MAAA,CAAO,CAAC,CAAA,KAAmB,OAAO,MAAM,QAAQ,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,EAAC;AACV;AAQO,SAAS,cAAA,CAAe,gBAAgC,QAAA,EAA2B;AACxF,EAAA,MAAM,WAAA,GAAc,qBAAqB,cAAc,CAAA;AACvD,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AACrC,EAAA,MAAM,WAAA,GAAc,GAAA;AACpB,EAAA,MAAM,gBAAA,GAAmB,GAAG,QAAQ,CAAA,EAAA,CAAA;AACpC,EAAA,MAAM,aAAA,GAAgB,GAAG,QAAQ,CAAA,MAAA,CAAA;AACjC,EAAA,OAAO,WAAA,CAAY,KAAK,CAAA,CAAA,KAAK,CAAA,KAAM,eAAe,CAAA,KAAM,gBAAA,IAAoB,MAAM,aAAa,CAAA;AACjG;AAeO,SAAS,oBAAoB,IAAA,EAKxB;AACV,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,MAAA,EAAQ,YAAW,GAAI,IAAA;AACzD,EAAA,MAAM,WAAA,GAAc,qBAAqB,cAAc,CAAA;AACvD,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAErC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAMA,SAAAA,GAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACtC,IAAA,OAAO,YAAY,IAAA,CAAK,CAAA,CAAA,KAAK,iBAAA,CAAkB,CAAA,EAAGA,SAAQ,CAAC,CAAA;AAAA,EAC7D;AAEA,EAAA,MAAM,WAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,IAAI,UAAU,CAAA,CAAA;AACpD,EAAA,OAAO,WAAA,CAAY,KAAK,CAAA,CAAA,KAAK;AAI3B,IAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA;AACzB,IAAA,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,OAAO,KAAA;AAC7B,IAAA,OAAO,iBAAA,CAAkB,GAAG,QAAQ,CAAA;AAAA,EACtC,CAAC,CAAA;AACH;AAqBO,SAAS,oBAAoB,IAAA,EAKnB;AACf,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,aAAA,EAAe,iBAAgB,GAAI,IAAA;AACrE,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA;AAEtD,EAAA,IAAI,eAAA,KAAoB,QAAA,IAAY,CAAC,aAAA,EAAe;AAClD,IAAA,OAAO,EAAE,MAAM,YAAA,EAAa;AAAA,EAC9B;AAEA,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,OAAO,aAAA,GAAgB,EAAE,IAAA,EAAM,OAAA,EAAS,UAAU,aAAA,EAAc,GAAI,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,EAC7F;AAIA,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO,aAAA,GAAgB,EAAE,IAAA,EAAM,OAAA,EAAS,UAAU,aAAA,EAAc,GAAI,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,EAC7F;AAEA,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,IAAI,kBAAkB,cAAA,EAAgB;AACpC,MAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,QAAA,EAAU,cAAA,EAAe;AAAA,IACnD;AAEA,IAAA,OAAO,EAAE,IAAA,EAAM,qBAAA,EAAuB,cAAA,EAAgB,aAAA,EAAc;AAAA,EACtE;AAEA,EAAA,OAAO,EAAE,IAAA,EAAM,eAAA,EAAiB,cAAA,EAAe;AACjD;AAQO,SAAS,mBAAA,CAAoB,QAAqB,MAAA,EAA+B;AACtF,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AACjC,EAAA,MAAM,QAAA,GAAW,OAAO,UAAA,KAAe,QAAA;AAEvC,EAAA,QAAQ,OAAO,IAAA;AAAM,IACnB,KAAK,cAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,OAAA;AACH,MAAA,OAAO,UAAU,MAAA,CAAO,QAAA;AAAA,IAC1B,KAAK,eAAA;AACH,MAAA,OAAO,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,CAAO,cAAA,IAAkB,QAAA;AAAA,IAC9D,KAAK,YAAA;AACH,MAAA,OAAO,UAAU,IAAA,IAAQ,QAAA;AAAA,IAC3B,KAAK,qBAAA;AAIH,MAAA,OAAO,KAAA,KAAU,OAAO,aAAA,IAAiB,QAAA;AAAA;AAE/C;AAYO,SAAS,iBAAiB,IAAA,EAKxB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,MAAA,CAAO,eAAe,QAAA,EAAU;AACpC,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AAKvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACjF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAcO,SAAS,oBAAoB,IAAA,EAK3B;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,MAAA,CAAO,eAAe,QAAA,EAAU;AACpC,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,SAAA,EAAW,UAAA,EAAY,CAAA,EAAG;AACpF,IAAA;AAAA,EACF;AACA,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACjF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAcO,SAAS,kBAAkB,IAAA,EAMzB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,MAAA,EAAQ,QAAO,GAAI,IAAA;AACjE,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,oBAAoB,EAAE,cAAA,EAAgB,UAAU,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACzE,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAoBO,SAAS,kBAAkB,IAAA,EAKzB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAI,eAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,OAAA,EAAS,UAAA,EAAY,CAAA,EAAG;AAClF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAMO,SAAS,gBAAgB,IAAA,EAKvB;AACP,EAAA,iBAAA,CAAkB,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,QAAQ,CAAA;AAC/C","file":"chunk-SXZS6VZ3.js","sourcesContent":["import { matchesPermission } from '@mastra/core/auth/ee';\nimport type { RequestContext } from '@mastra/core/di';\n\nimport { MASTRA_RESOURCE_ID_KEY, MASTRA_USER_KEY, MASTRA_USER_PERMISSIONS_KEY } from '../constants';\nimport { HTTPException } from '../http-exception';\n\n/**\n * Shape of a stored record that carries ownership + visibility metadata.\n * Used by `matchesAuthorFilter` and the access-assertion helpers.\n */\nexport type OwnedRecord = {\n authorId?: string | null;\n visibility?: 'private' | 'public';\n};\n\n/**\n * Returns the author id associated with the authenticated caller, or `null`\n * if auth is not configured / the caller cannot be resolved.\n *\n * Prefers `MASTRA_RESOURCE_ID_KEY` (set by `authConfig.mapUserToResourceId`)\n * and falls back to `user.id` on the authenticated user object.\n */\nexport function getCallerAuthorId(requestContext: RequestContext): string | null {\n const resourceId = requestContext.get(MASTRA_RESOURCE_ID_KEY);\n if (typeof resourceId === 'string' && resourceId.length > 0) {\n return resourceId;\n }\n\n const user = requestContext.get(MASTRA_USER_KEY);\n if (user && typeof user === 'object' && 'id' in user) {\n const id = (user as { id: unknown }).id;\n if (typeof id === 'string' && id.length > 0) {\n return id;\n }\n }\n\n return null;\n}\n\n/**\n * Returns the list of permission strings currently attached to the caller by\n * the RBAC provider. Returns an empty array when RBAC isn't configured.\n */\nexport function getCallerPermissions(requestContext: RequestContext): string[] {\n const raw = requestContext.get(MASTRA_USER_PERMISSIONS_KEY);\n if (Array.isArray(raw)) {\n return raw.filter((p): p is string => typeof p === 'string');\n }\n return [];\n}\n\n/**\n * True if the caller holds a wildcard permission that lets them manage a\n * resource they don't own (e.g. admins listing agents across tenants).\n *\n * Recognizes `*`, `<resource>:*`, and `<resource>:admin`.\n */\nexport function hasAdminBypass(requestContext: RequestContext, resource: string): boolean {\n const permissions = getCallerPermissions(requestContext);\n if (permissions.length === 0) return false;\n const wildcardAll = '*';\n const resourceWildcard = `${resource}:*`;\n const resourceAdmin = `${resource}:admin`;\n return permissions.some(p => p === wildcardAll || p === resourceWildcard || p === resourceAdmin);\n}\n\n/**\n * True if the caller holds a permission explicitly scoped to a specific\n * resource id — e.g. `agents:read:agent-123` or `agents:*:agent-123`.\n *\n * Broad grants without a resource-id segment (e.g. the role-default\n * `agents:execute`) are intentionally NOT treated as satisfying ownership\n * overrides. Those broad grants already gate route access at the\n * `requiresPermission` layer; giving them a second life as per-record\n * overrides would defeat the owner/visibility model.\n *\n * When called without `resourceId` (the legacy shape), falls back to the\n * original \"any matching permission\" behavior.\n */\nexport function hasScopedPermission(args: {\n requestContext: RequestContext;\n resource: string;\n action: string;\n resourceId?: string;\n}): boolean {\n const { requestContext, resource, action, resourceId } = args;\n const permissions = getCallerPermissions(requestContext);\n if (permissions.length === 0) return false;\n\n if (!resourceId) {\n const required = `${resource}:${action}`;\n return permissions.some(p => matchesPermission(p, required));\n }\n\n const required = `${resource}:${action}:${resourceId}`;\n return permissions.some(p => {\n // Only honor grants that explicitly name a resource id. A granted\n // permission with just `<resource>:<action>` (no id segment) is\n // considered a broad role grant, not a per-record override.\n const parts = p.split(':');\n if (parts.length < 3) return false;\n return matchesPermission(p, required);\n });\n}\n\nexport type AuthorFilter =\n | { kind: 'unrestricted' }\n | { kind: 'exact'; authorId: string }\n | { kind: 'ownedOrPublic'; callerAuthorId: string }\n | { kind: 'publicOnly' }\n | { kind: 'ownedOrPublicOthers'; callerAuthorId: string; queryAuthorId: string };\n\n/**\n * Resolves the filter to apply when listing owner-scoped records.\n *\n * Behavior matrix:\n * - Admin bypass + no query overrides → `unrestricted`.\n * - Admin bypass + `authorId=X` → `exact` (all of X's rows).\n * - `visibility=public` (any caller) → `publicOnly` (aggregate public rows across owners).\n * - `authorId=X`, caller === X → `exact` (all of caller's rows).\n * - `authorId=X`, caller !== X (non-admin) → `ownedOrPublicOthers` (only X's public rows).\n * - No caller (auth off) → `unrestricted` (or `exact` if query supplied).\n * - Default → `ownedOrPublic` (caller's rows + legacy unowned + any public rows).\n */\nexport function resolveAuthorFilter(args: {\n requestContext: RequestContext;\n resource: string;\n queryAuthorId?: string;\n queryVisibility?: 'public';\n}): AuthorFilter {\n const { requestContext, resource, queryAuthorId, queryVisibility } = args;\n const callerAuthorId = getCallerAuthorId(requestContext);\n const bypass = hasAdminBypass(requestContext, resource);\n\n if (queryVisibility === 'public' && !queryAuthorId) {\n return { kind: 'publicOnly' };\n }\n\n if (bypass) {\n return queryAuthorId ? { kind: 'exact', authorId: queryAuthorId } : { kind: 'unrestricted' };\n }\n\n // Auth isn't configured (no caller) → treat as unrestricted. The route's\n // `requiresAuth`/`requiresPermission` is what gates access in that mode.\n if (!callerAuthorId) {\n return queryAuthorId ? { kind: 'exact', authorId: queryAuthorId } : { kind: 'unrestricted' };\n }\n\n if (queryAuthorId) {\n if (queryAuthorId === callerAuthorId) {\n return { kind: 'exact', authorId: callerAuthorId };\n }\n // Non-owner asking about another user: only that user's public rows are visible.\n return { kind: 'ownedOrPublicOthers', callerAuthorId, queryAuthorId };\n }\n\n return { kind: 'ownedOrPublic', callerAuthorId };\n}\n\n/**\n * Returns `true` if the record is visible to the caller given the resolved\n * filter. See `resolveAuthorFilter` for the filter semantics.\n *\n * Legacy rows with `authorId == null` are treated as public (visible to all).\n */\nexport function matchesAuthorFilter(record: OwnedRecord, filter: AuthorFilter): boolean {\n const owner = record.authorId ?? null;\n const isPublic = record.visibility === 'public';\n\n switch (filter.kind) {\n case 'unrestricted':\n return true;\n case 'exact':\n return owner === filter.authorId;\n case 'ownedOrPublic':\n return owner === null || owner === filter.callerAuthorId || isPublic;\n case 'publicOnly':\n return owner === null || isPublic;\n case 'ownedOrPublicOthers':\n // Filtering by another author's rows: only expose their public ones.\n // Legacy unowned rows match if the query is for `null`; here the query\n // is always for a concrete id, so unowned rows don't match.\n return owner === filter.queryAuthorId && isPublic;\n }\n}\n\n/**\n * Asserts the caller has read access to the record. Throws 404 if not.\n *\n * Read access is granted when:\n * - The record has no owner (legacy/public), OR\n * - The record is marked `visibility: 'public'`, OR\n * - The caller owns the record, OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:read` or `<resource>:read:<resourceId>`.\n */\nexport function assertReadAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (record.visibility === 'public') return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n // No authenticated user on the request context means auth is not configured\n // (single-user/dev mode). When auth IS configured, coreAuthMiddleware\n // rejects unauthenticated requests with 401 before they reach handlers,\n // so an absent user here genuinely means no auth provider.\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return;\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'read', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has execute access to the record. Throws 404 if not.\n *\n * Execute access is granted when:\n * - The record has no owner (legacy/public), OR\n * - The record is marked `visibility: 'public'`, OR\n * - The caller owns the record, OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:execute` / `<resource>:execute:<resourceId>`, OR\n * - The caller holds `<resource>:read` / `<resource>:read:<resourceId>`\n * (read implies the ability to consume/chat with the resource).\n */\nexport function assertExecuteAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (record.visibility === 'public') return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'execute', resourceId })) {\n return;\n }\n if (hasScopedPermission({ requestContext, resource, action: 'read', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has write access (edit or delete) to the record.\n * Throws 404 if not.\n *\n * Write access is granted when:\n * - The record has no owner (legacy), OR\n * - The caller owns the record, OR\n * - The caller has admin bypass, OR\n * - The caller holds `<resource>:<action>` or `<resource>:<action>:<resourceId>`.\n *\n * `visibility: 'public'` alone does NOT grant write access.\n */\nexport function assertWriteAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n action: 'edit' | 'delete' | 'write';\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, action, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action, resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has share access to the record. Throws 404 if not.\n *\n * Share access controls who can change a record's audience/visibility\n * (e.g. flipping `private` ↔ `public`). It is intentionally separate from\n * `write`: a caller with only `<resource>:write` MUST NOT be able to flip\n * visibility — that would let any editor expose private records.\n *\n * Share access is granted when:\n * - The record has no owner (legacy), OR\n * - The caller owns the record (creators can share their own records), OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:share` / `<resource>:share:<resourceId>`\n * (or any pattern that matches it, e.g. `*:share`).\n *\n * `visibility: 'public'` does NOT grant share access — being readable doesn't\n * imply the right to change who else can read.\n */\nexport function assertShareAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'share', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Alias for `assertWriteAccess` with `action: 'edit'`. Prefer `assertWriteAccess`\n * in new code so the action is explicit.\n */\nexport function assertOwnership(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n assertWriteAccess({ ...args, action: 'edit' });\n}\n"]}
|
|
@@ -431,5 +431,5 @@ exports.matchesOrIncludes = matchesOrIncludes;
|
|
|
431
431
|
exports.pathMatchesPattern = pathMatchesPattern;
|
|
432
432
|
exports.pathMatchesRule = pathMatchesRule;
|
|
433
433
|
exports.supportsSessionRefresh = supportsSessionRefresh;
|
|
434
|
-
//# sourceMappingURL=chunk-
|
|
435
|
-
//# sourceMappingURL=chunk-
|
|
434
|
+
//# sourceMappingURL=chunk-SYZ2NTP3.cjs.map
|
|
435
|
+
//# sourceMappingURL=chunk-SYZ2NTP3.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/server/auth/defaults.ts","../src/server/auth/path-pattern.ts","../src/server/auth/helpers.ts"],"names":["MASTRA_USER_KEY","MASTRA_AUTH_TOKEN_KEY","MASTRA_RESOURCE_ID_KEY","MASTRA_AUTH_MODE_KEY","MASTRA_USER_PERMISSIONS_KEY","MASTRA_USER_ROLES_KEY"],"mappings":";;;;;AAGO,IAAM,iBAAA,GAAsC;AAAA,EACjD,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,EACpB,MAAA,EAAQ,CAAC,MAAA,EAAQ,aAAa,CAAA;AAAA;AAAA,EAE9B,KAAA,EAAO;AAAA;AAAA,IAEL;AAAA,MACE,WAAW,CAAA,IAAA,KAAQ;AACjB,QAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,EAAM;AAC7C,UAAA,IAAI,aAAa,IAAA,EAAM;AACrB,YAAA,OAAO,CAAC,CAAC,IAAA,CAAK,OAAA;AAAA,UAChB;AAEA,UAAA,IAAI,UAAU,IAAA,EAAM;AAClB,YAAA,OAAO,KAAK,IAAA,KAAS,OAAA;AAAA,UACvB;AAAA,QACF;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MACA,KAAA,EAAO;AAAA;AACT;AAEJ;;;ACcO,SAAS,KAAA,CAAM,OAAwB,KAAA,EAAgC;AAC5E,EAAA,IAAI,iBAAiB,MAAA,EAAQ,OAAO,EAAE,IAAA,EAAM,KAAA,EAAO,SAAS,KAAA,EAAM;AAElE,EAAA,IAAI,CAAA;AACJ,EAAA,IAAI,CAAA;AACJ,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI,GAAA;AACJ,EAAA,MAAM,OAAiB,EAAC;AACxB,EAAA,IAAI,OAAA,GAAU,EAAA;AACd,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAE3B,EAAA,GAAA,CAAI,CAAC,CAAA,IAAK,GAAA,CAAI,KAAA,EAAM;AAEpB,EAAA,OAAQ,GAAA,GAAM,GAAA,CAAI,KAAA,EAAM,EAAI;AAC1B,IAAA,CAAA,GAAI,IAAI,CAAC,CAAA;AACT,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AACX,MAAA,OAAA,IAAW,GAAA,CAAI,CAAC,CAAA,KAAM,GAAA,GAAM,YAAA,GAAe,OAAA;AAAA,IAC7C,CAAA,MAAA,IAAW,MAAM,GAAA,EAAK;AACpB,MAAA,CAAA,GAAI,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,CAAC,CAAA;AACtB,MAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,CAAC,CAAA;AACxB,MAAA,IAAA,CAAK,KAAK,GAAA,CAAI,SAAA,CAAU,CAAA,EAAG,CAAC,CAAC,CAAC,CAAA,GAAI,CAAA,GAAI,CAAC,CAAC,CAAC,GAAA,GAAM,GAAA,GAAM,GAAA,CAAI,MAAM,CAAC,CAAA;AAChE,MAAA,OAAA,IAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,gBAAA,GAAmB,WAAA;AAC9C,MAAA,IAAI,CAAC,CAAC,CAAC,GAAA,cAAiB,CAAC,CAAC,CAAC,CAAA,GAAI,GAAA,GAAM,EAAA,IAAM,IAAA,GAAO,GAAA,CAAI,UAAU,GAAG,CAAA;AAAA,IACrE,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,GAAA,GAAM,GAAA;AAAA,IACnB;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,OAAA,EAAS,IAAI,MAAA,CAAO,GAAA,GAAM,WAA+B,QAAQ,GAAG;AAAA,GACtE;AACF;;;AC/CO,IAAM,sBAAA,GAAyB,CACpC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,aAAA,GAAgB,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AACvC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,EAAG;AAC5C,IAAA,OAAO,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,KAAM,IAAA;AAAA,EACtD;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,KAAM,IAAA;AAAA,EACpD;AAGA,EAAA,KAAA,MAAW,CAAC,QAAA,EAAU,YAAY,CAAA,IAAK,qBAAA,CAAsB,SAAQ,EAAG;AACtE,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AACvC,IAAA,IAAI,eAAe,EAAA,EAAI;AACrB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,WAAA,GAAc,QAAA,CAAS,SAAA,CAAU,CAAA,EAAG,UAAU,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,QAAA,CAAS,SAAA,CAAU,UAAA,GAAa,CAAC,CAAA;AAGtD,IAAA,IAAI,WAAA,KAAgB,MAAA,IAAU,WAAA,KAAgB,KAAA,EAAO;AACnD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,kBAAA,CAAmB,IAAA,EAAM,YAAY,CAAA,EAAG;AAC1C,MAAA,OAAO,YAAA,KAAiB,IAAA;AAAA,IAC1B;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAMO,IAAM,uBAAA,GAA0B,CACrC,IAAA,EACA,MAAA,EACA,SAAA,KACoE;AACpE,EAAA,IAAI,CAAC,WAAW,OAAO,MAAA;AAEvB,EAAA,KAAA,MAAW,SAAS,SAAA,EAAW;AAC7B,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,MAAA,IAAU,KAAA,CAAM,WAAW,KAAA,EAAO;AAEvD,IAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,OAAM,GAAI,KAAA,CAAM,MAAM,IAAI,CAAA;AACjD,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAC7B,IAAA,IAAI,CAAC,KAAA,EAAO;AAEZ,IAAA,MAAM,SAAiC,EAAC;AACxC,IAAA,IAAI,IAAA,IAAQ,IAAA,CAAK,MAAA,GAAS,CAAA,EAAG;AAC3B,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,QAAQ,CAAA,EAAA,EAAK;AACpC,QAAA,IAAI,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA,KAAM,MAAA,EAAW;AAC9B,UAAA,MAAA,CAAO,KAAK,CAAC,CAAE,CAAA,GAAI,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,OAAO,MAAA,EAAO;AAAA,EACzB;AAEA,EAAA,OAAO,MAAA;AACT;AAOO,IAAM,yBAAyB,CACpC,IAAA,EACA,MAAA,EACA,SAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OACE,OAAA,CAAQ,IAAI,UAAA,KAAe,MAAA;AAAA,GAEzB,CAAC,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,eAAe,KAAK,CAAC,sBAAA,CAAuB,IAAA,EAAM,MAAA,EAAQ,qBAAqB,CAAA;AAAA,EAEzG,SAAA,CAAU,yBAAyB,CAAA,KAAM,MAAA,CAAA;AAE/C;AAEO,IAAM,mBAAA,GAAsB,CACjC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,aAAA,GAAgB,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AACvC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA,EAAG;AAC5C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,aAAa,CAAA;AAAA,EACjD;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA;AAAA,EAC/C;AAGA,EAAA,KAAA,MAAW,CAAC,QAAA,EAAU,YAAY,CAAA,IAAK,qBAAA,CAAsB,SAAQ,EAAG;AACtE,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AACvC,IAAA,IAAI,eAAe,EAAA,EAAI;AACrB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,WAAA,GAAc,QAAA,CAAS,SAAA,CAAU,CAAA,EAAG,UAAU,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,QAAA,CAAS,SAAA,CAAU,UAAA,GAAa,CAAC,CAAA;AAGtD,IAAA,IAAI,WAAA,KAAgB,MAAA,IAAU,WAAA,KAAgB,KAAA,EAAO;AACnD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,kBAAA,CAAmB,IAAA,EAAM,YAAY,CAAA,EAAG;AAC1C,MAAA,OAAO,CAAC,YAAA;AAAA,IACV;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAQO,IAAM,eAAA,GAAkB,CAC7B,IAAA,EACA,MAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OAAO,UAAA,CAAW,MAAM,MAAA,EAAQ,eAAe,KAAK,sBAAA,CAAuB,IAAA,EAAM,QAAQ,qBAAqB,CAAA;AAChH;AAEO,IAAM,iBAAA,GAAoB,CAAC,IAAA,EAAc,MAAA,EAAgB,UAAA,KAA0C;AAExG,EAAA,MAAM,YAAA,GAAe,CAAC,GAAI,iBAAA,CAAkB,MAAA,IAAU,EAAC,EAAI,GAAI,UAAA,CAAW,MAAA,IAAU,EAAG,CAAA;AAEvF,EAAA,OAAO,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,YAAY,CAAA;AAC9C;AAEA,IAAM,UAAA,GAAa,CACjB,IAAA,EACA,MAAA,EACA,QAAA,KACY;AACZ,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,uBAAuB,QAAA,EAAU;AAC1C,IAAA,IAAI,+BAA+B,MAAA,EAAQ;AACzC,MAAA,IAAI,mBAAA,CAAoB,IAAA,CAAK,IAAI,CAAA,EAAG;AAClC,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAA,KAAwB,QAAA,IAAY,kBAAA,CAAmB,IAAA,EAAM,mBAAmB,CAAA,EAAG;AAC5F,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAM,OAAA,CAAQ,mBAAmB,CAAA,IAAK,mBAAA,CAAoB,WAAW,CAAA,EAAG;AAC1E,MAAA,MAAM,CAAC,OAAA,EAAS,eAAe,CAAA,GAAI,mBAAA;AACnC,MAAA,IAAI,mBAAmB,IAAA,EAAM,OAAO,KAAK,iBAAA,CAAkB,eAAA,EAAiB,MAAM,CAAA,EAAG;AACnF,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT,CAAA;AAEO,IAAM,kBAAA,GAAqB,CAAC,IAAA,EAAc,OAAA,KAA6B;AAQ5E,EAAA,MAAM,EAAE,OAAA,EAAS,KAAA,EAAM,GAAI,MAAM,OAAO,CAAA;AACxC,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAEO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAc,QAAA,KAA8D;AAC1G,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,OAAO,kBAAA,CAAmB,MAAM,QAAQ,CAAA;AAAA,EAC1C;AAEA,EAAA,IAAI,oBAAoB,MAAA,EAAQ;AAC9B,IAAA,OAAO,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC3B,IAAA,OAAO,SAAS,IAAA,CAAK,CAAA,CAAA,KAAK,kBAAA,CAAmB,IAAA,EAAM,CAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,iBAAA,GAAoB,CAAC,MAAA,EAA2B,KAAA,KAA2B;AACtF,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA,KAAW,KAAA;AAAA,EACpB;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,IAAA,OAAO,MAAA,CAAO,SAAS,KAAK,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAyBA,IAAM,IAAA,GAAmB,EAAE,MAAA,EAAQ,MAAA,EAAO;AAE1C,IAAM,wBAAA,GAA2B,CAAC,OAAA,KAAkD;AAClF,EAAA,IAAI,EAAE,mBAAmB,OAAA,CAAA,EAAU;AACjC,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,GAAA,EAAK,OAAA;AAAA,IACL,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,QAAQ,CAAA,IAAA,KAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,IAAK;AAAA,GAC/C;AACF,CAAA;AAQO,IAAM,uBAAuB,OAAwB;AAAA,EAC1D,MAAA;AAAA,EACA,KAAA;AAAA,EACA;AACF,CAAA,KAA0D;AACxD,EAAA,MAAM,kBAAkB,KAAA,CAAM,OAAA,CAAQ,aAAA,EAAe,EAAE,EAAE,IAAA,EAAK;AAC9D,EAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AACvC,EAAA,IAAI,CAAC,UAAA,IAAc,OAAO,UAAA,CAAW,sBAAsB,UAAA,EAAY;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAQ,MAAM,UAAA,CAAW,iBAAA,CAAkB,eAAA,EAAiB,OAAO,CAAA;AACrE;AAMO,SAAS,uBACd,UAAA,EAE2F;AAC3F,EAAA,OACE,OAAQ,UAAA,CAAmB,uBAAA,KAA4B,UAAA,IACvD,OAAQ,WAAmB,cAAA,KAAmB,UAAA,IAC9C,OAAQ,UAAA,CAAmB,iBAAA,KAAsB,UAAA;AAErD;AAMO,IAAM,kBAAA,GAAqB,OAAO,GAAA,KAAoD;AAC3F,EAAA,MAAM;AAAA,IACJ,IAAA;AAAA,IACA,MAAA;AAAA,IACA,SAAA;AAAA,IACA,MAAA;AAAA,IACA,UAAA;AAAA,IACA,qBAAA;AAAA,IACA,cAAA;AAAA,IACA,UAAA;AAAA,IACA,KAAA;AAAA,IACA;AAAA,GACF,GAAI,GAAA;AAOJ,EAAA,MAAM,eAAA,GAAkB,OAAO,UAAA,CAAW,iBAAA,KAAsB,UAAA;AAChE,EAAA,IAAI,CAAC,mBAAmB,sBAAA,CAAuB,IAAA,EAAM,QAAQ,SAAA,EAAW,UAAA,EAAY,qBAAqB,CAAA,EAAG;AAC1G,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,MAAA,EAAQ,UAAA,EAAY,qBAAqB,CAAA,EAAG;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AAKA,EAAA,IAAI,CAAC,YAAA,IAAgB,iBAAA,CAAkB,IAAA,EAAM,MAAA,EAAQ,UAAU,CAAA,EAAG;AAChE,IAAA,OAAO,IAAA;AAAA,EACT;AAIA,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI,cAAA;AACJ,EAAA,MAAM,WAAA,GAAc,yBAAyB,UAAU,CAAA;AAEvD,EAAA,IAAI;AACF,IAAA,IAAI,OAAO,UAAA,CAAW,iBAAA,KAAsB,UAAA,EAAY;AACtD,MAAA,IAAA,GAAO,MAAM,UAAA,CAAW,iBAAA,CAAkB,KAAA,IAAS,IAAI,WAAW,CAAA;AAAA,IACpE,CAAA,MAAO;AACL,MAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,IAC3D;AAIA,IAAA,IAAI,CAAC,IAAA,IAAQ,sBAAA,CAAuB,UAAU,CAAA,IAAK,sBAAsB,OAAA,EAAS;AAChF,MAAA,IAAI;AACF,QAAA,MAAM,SAAA,GAAY,UAAA,CAAW,uBAAA,CAAwB,UAAU,CAAA;AAC/D,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,MAAM,UAAA,GAAa,MAAM,UAAA,CAAW,cAAA,CAAe,SAAS,CAAA;AAC5D,UAAA,IAAI,UAAA,EAAY;AAKd,YAAA,cAAA,GAAiB,UAAA,CAAW,kBAAkB,UAAU,CAAA;AACxD,YAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,CAClD,MAAA,CAAO,CAAC,CAAC,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,EAAY,KAAM,YAAY,CAAA,CAChD,GAAA,CAAI,CAAC,GAAG,CAAC,CAAA,KAAM,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAC,CAAA,CAC9B,KAAK,IAAI,CAAA;AACZ,YAAA,IAAI,eAAA,EAAiB;AACnB,cAAA,MAAM,gBAAA,GAAmB,IAAI,OAAA,CAAQ,UAAA,CAAW,GAAA,EAAK;AAAA,gBACnD,QAAQ,UAAA,CAAW,MAAA;AAAA,gBACnB,OAAA,EAAS,IAAI,OAAA,CAAQ,UAAA,CAAW,OAAO;AAAA,eACxC,CAAA;AACD,cAAA,gBAAA,CAAiB,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,eAAe,CAAA;AAKtD,cAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,QAAA,CAAS,GAAG,IAC5C,eAAA,CAAgB,KAAA,CAAM,GAAG,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA,GAC5C,eAAA;AACJ,cAAA,IAAA,GAAO,MAAM,UAAA,CAAW,iBAAA,CAAkB,WAAA,EAAa,wBAAA,CAAyB,gBAAgB,CAAC,CAAA;AAAA,YACnG;AACA,YAAA,IAAI,CAAC,IAAA,EAAM;AACT,cAAA,cAAA,GAAiB,MAAA;AAAA,YACnB;AAAA,UACF;AAAA,QACF;AAAA,MACF,SAAS,UAAA,EAAY;AACnB,QAAA,cAAA,GAAiB,MAAA;AACjB,QAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,6CAAA,EAA+C;AAAA,UACvE,OAAO,UAAA,YAAsB,KAAA,GAAQ,EAAE,OAAA,EAAS,UAAA,CAAW,SAAQ,GAAI;AAAA,SACxE,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,0BAAA,EAA2B,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,IAC9G;AAEA,IAAA,cAAA,CAAe,GAAA,CAAIA,mCAAiB,IAAI,CAAA;AAMxC,IAAA,cAAA,CAAe,GAAA,CAAI,QAAQ,IAAI,CAAA;AAO/B,IAAA,IAAI,cAAA,GAAiB,KAAA;AACrB,IAAA,IAAI,CAAC,cAAA,IAAkB,UAAA,YAAsB,OAAA,EAAS;AACpD,MAAA,MAAM,YAAA,GAAe,UAAA,CAAW,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,KAAA,CAAM,sBAAsB,CAAA;AACvD,QAAA,IAAI,KAAA,GAAQ,CAAC,CAAA,EAAG,cAAA,GAAiB,MAAM,CAAC,CAAA;AAAA,MAC1C;AAAA,IACF;AACA,IAAA,IAAI,cAAA,EAAgB;AAClB,MAAA,cAAA,CAAe,GAAA,CAAIC,yCAAuB,cAAc,CAAA;AAAA,IAC1D;AAEA,IAAA,IAAI,OAAO,UAAA,CAAW,mBAAA,KAAwB,UAAA,EAAY;AACxD,MAAA,IAAI;AACF,QAAA,MAAM,UAAA,GAAa,UAAA,CAAW,mBAAA,CAAoB,IAAI,CAAA;AACtD,QAAA,IAAI,UAAA,EAAY;AACd,UAAA,cAAA,CAAe,GAAA,CAAIC,0CAAwB,UAAU,CAAA;AAAA,QACvD;AAAA,MACF,SAAS,QAAA,EAAU;AACjB,QAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,4BAAA,EAA8B;AAAA,UACtD,KAAA,EAAO,QAAA,YAAoB,KAAA,GAAQ,EAAE,OAAA,EAAS,SAAS,OAAA,EAAS,KAAA,EAAO,QAAA,CAAS,KAAA,EAAM,GAAI;AAAA,SAC3F,CAAA;AACD,QAAA,OAAO;AAAA,UACL,MAAA,EAAQ,OAAA;AAAA,UACR,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM,EAAE,KAAA,EAAO,mDAAA,EAAoD;AAAA,UACnE,OAAA,EAAS;AAAA,SACX;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,cAAA,CAAe,GAAA,CAAIC,sCAAoB,CAAA;AACxD,MAAA,MAAM,YAAA,GAAe,OAAO,SAAA,EAAU;AACtC,MAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AAExC,MAAA,MAAM,eAAgB,QAAA,KAAa,QAAA,GAAY,cAAc,IAAA,IAAQ,YAAA,EAAc,OAAQ,YAAA,EAAc,IAAA;AAIzG,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,SAAS,QAAA,IAAY,EAAE,QAAQ,IAAA,CAAA,EAAO;AACxD,UAAA,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA,CAAK,mFAAmF,CAAA;AAAA,QAC9G,CAAA,MAAO;AACL,UAAA,MAAM,WAAA,GAAc,MAAM,YAAA,CAAa,cAAA,CAAe,IAAc,CAAA;AACpE,UAAA,cAAA,CAAe,GAAA,CAAIC,+CAA6B,WAAW,CAAA;AAE3D,UAAA,cAAA,CAAe,GAAA,CAAI,mBAAmB,WAAW,CAAA;AAEjD,UAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,CAAa,QAAA,CAAS,IAAc,CAAA;AACxD,UAAA,cAAA,CAAe,GAAA,CAAIC,yCAAuB,KAAK,CAAA;AAE/C,UAAA,cAAA,CAAe,GAAA,CAAI,aAAa,KAAK,CAAA;AAAA,QACvC;AAAA,MACF;AAAA,IACF,SAAS,SAAA,EAAW;AAClB,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,6CAAA,EAA+C;AAAA,QACvE,KAAA,EAAO,SAAA,YAAqB,KAAA,GAAQ,EAAE,OAAA,EAAS,UAAU,OAAA,EAAS,KAAA,EAAO,SAAA,CAAU,KAAA,EAAM,GAAI;AAAA,OAC9F,CAAA;AAAA,IACH;AAAA,EACF,SAAS,GAAA,EAAK;AACZ,IAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,sBAAA,EAAwB;AAAA,MAChD,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI;AAAA,KAC5E,CAAA;AACD,IAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,0BAAA,EAA2B,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,EAC9G;AAIA,EAAA,IAAI,eAAA,IAAmB,UAAA,IAAc,OAAO,UAAA,CAAW,kBAAkB,UAAA,EAAY;AACnF,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,MAAM,UAAA,CAAW,aAAA,CAAc,MAAM,WAAW,CAAA;AAErE,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,MACnG;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,sCAAA,EAAwC;AAAA,QAChE,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI;AAAA,OAC5E,CAAA;AACD,MAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,qBAAA,EAAsB,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,IACzG;AAAA,EACF,WAAW,WAAA,IAAe,UAAA,IAAc,OAAO,UAAA,CAAW,cAAc,UAAA,EAAY;AAClF,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,IAAI,qBAAA,EAAsB;AAC/C,MAAA,MAAM,eAAe,MAAM,UAAA,CAAW,UAAU,IAAA,EAAM,MAAA,EAAQ,MAAM,YAAmB,CAAA;AAEvF,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,MACnG;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,MAAA,CAAO,SAAA,EAAU,EAAG,KAAA,CAAM,kCAAA,EAAoC;AAAA,QAC5D,KAAA,EAAO,GAAA,YAAe,KAAA,GAAQ,EAAE,OAAA,EAAS,IAAI,OAAA,EAAS,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI,GAAA;AAAA,QAC3E,IAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,qBAAA,EAAsB,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,IACzG;AAAA,EACF,CAAA,MAAA,IAAW,WAAW,UAAA,IAAc,UAAA,CAAW,SAAS,UAAA,CAAW,KAAA,CAAM,SAAS,CAAA,EAAG;AACnF,IAAA,MAAM,eAAe,MAAM,UAAA,CAAW,WAAW,KAAA,EAAO,IAAA,EAAM,QAAQ,IAAI,CAAA;AAE1E,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,IACnG;AAAA,EACF,CAAA,MAAO;AAIL,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AACzC,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,IAAI,iBAAA,CAAkB,KAAA,IAAS,iBAAA,CAAkB,KAAA,CAAM,SAAS,CAAA,EAAG;AACjE,QAAA,MAAM,eAAe,MAAM,UAAA,CAAW,kBAAkB,KAAA,EAAO,IAAA,EAAM,QAAQ,IAAI,CAAA;AAEjF,QAAA,IAAI,CAAC,YAAA,EAAc;AACjB,UAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,QACnG;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA,EAAgB,EAAG,OAAA,EAAS,cAAA,EAAe;AAAA,MACnG;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,iBAAiB,EAAE,MAAA,EAAQ,MAAA,EAAQ,OAAA,EAAS,gBAAe,GAAI,IAAA;AACxE;AAGO,IAAM,UAAA,GAAa,OACxB,KAAA,EACA,IAAA,EACA,QACA,IAAA,KACqB;AAErB,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,IAAS,EAAC,EAAG;AAC3B,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AAEtB,IAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,IAAA,CAAK,IAAI,CAAA,EAAG;AACrC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,OAAA,IAAW,CAAC,kBAAkB,IAAA,CAAK,OAAA,EAAS,MAAM,CAAA,EAAG;AAC5D,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,IAAA,CAAK,SAAA;AACvB,IAAA,IAAI,OAAO,cAAc,UAAA,EAAY;AACnC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,OAAA,EAAQ,CACnC,IAAA,CAAK,MAAM,SAAA,CAAU,IAAI,CAAC,CAAA,CAC1B,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,KAAK,KAAA,EAAO;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAGA,EAAA,OAAO,KAAA;AACT","file":"chunk-SYZ2NTP3.cjs","sourcesContent":["import type { MastraAuthConfig } from '@mastra/core/server';\n\n// Default configuration that can be extended by clients\nexport const defaultAuthConfig: MastraAuthConfig = {\n protected: ['/api/*'],\n public: ['/api', '/api/auth/*'],\n // Simple rule system\n rules: [\n // Admin users can do anything\n {\n condition: user => {\n if (typeof user === 'object' && user !== null) {\n if ('isAdmin' in user) {\n return !!user.isAdmin;\n }\n\n if ('role' in user) {\n return user.role === 'admin';\n }\n }\n return false;\n },\n allow: true,\n },\n ],\n};\n","/**\n * Path pattern matching utility\n * Inlined from regexparam v3.0.0 (MIT License)\n * https://github.com/lukeed/regexparam\n *\n * Copyright (c) Luke Edwards <luke.edwards05@gmail.com> (lukeed.com)\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to deal\n * in the Software without restriction, including without limitation the rights\n * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n * copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in all\n * copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n * SOFTWARE.\n */\n\nexport interface ParsedPattern {\n keys: string[] | false;\n pattern: RegExp;\n}\n\n/**\n * Parse a route pattern into a RegExp\n * Supports:\n * - Named parameters: /users/:id\n * - Optional parameters: /users/:id?\n * - Wildcards: /files/*\n * - Mixed patterns: /api/:version/users/:id\n */\nexport function parse(input: string | RegExp, loose?: boolean): ParsedPattern {\n if (input instanceof RegExp) return { keys: false, pattern: input };\n\n let c: string;\n let o: number;\n let tmp: string | undefined;\n let ext: number;\n const keys: string[] = [];\n let pattern = '';\n const arr = input.split('/');\n\n arr[0] || arr.shift();\n\n while ((tmp = arr.shift())) {\n c = tmp[0]!;\n if (c === '*') {\n keys.push(c);\n pattern += tmp[1] === '?' ? '(?:/(.*))?' : '/(.*)';\n } else if (c === ':') {\n o = tmp.indexOf('?', 1);\n ext = tmp.indexOf('.', 1);\n keys.push(tmp.substring(1, !!~o ? o : !!~ext ? ext : tmp.length));\n pattern += !!~o && !~ext ? '(?:/([^/]+?))?' : '/([^/]+?)';\n if (!!~ext) pattern += (!!~o ? '?' : '') + '\\\\' + tmp.substring(ext);\n } else {\n pattern += '/' + tmp;\n }\n }\n\n return {\n keys: keys,\n pattern: new RegExp('^' + pattern + (loose ? '(?=$|/)' : '/?$'), 'i'),\n };\n}\n\n/**\n * Test if a path matches a pattern\n */\nexport function matchPath(path: string, pattern: string | RegExp): boolean {\n const { pattern: regex } = parse(pattern);\n return regex.test(path);\n}\n","import type { ISessionProvider } from '@mastra/core/auth';\nimport type { IRBACProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { Mastra } from '@mastra/core/mastra';\nimport type { ApiRoute, IMastraAuthProvider, MastraAuthConfig, MastraAuthRequest } from '@mastra/core/server';\n\nimport {\n MASTRA_RESOURCE_ID_KEY,\n MASTRA_USER_KEY,\n MASTRA_USER_PERMISSIONS_KEY,\n MASTRA_USER_ROLES_KEY,\n MASTRA_AUTH_TOKEN_KEY,\n MASTRA_AUTH_MODE_KEY,\n} from '../constants';\nimport { defaultAuthConfig } from './defaults';\nimport { parse } from './path-pattern';\n\n// Re-export request-context key constants so custom middleware can read namespaced\n// auth state without importing internal paths.\nexport { MASTRA_USER_KEY, MASTRA_USER_PERMISSIONS_KEY, MASTRA_USER_ROLES_KEY } from '../constants';\n\n/**\n * Check if a route is a registered custom route that requires authentication.\n * Returns true only if the route is explicitly registered with requiresAuth: true.\n * Returns false if the route is not in the config or has requiresAuth: false.\n */\nexport const isProtectedCustomRoute = (\n path: string,\n method: string,\n customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n if (!customRouteAuthConfig) {\n return false;\n }\n\n // Check exact match first (fast path for static routes)\n const exactRouteKey = `${method}:${path}`;\n if (customRouteAuthConfig.has(exactRouteKey)) {\n return customRouteAuthConfig.get(exactRouteKey) === true;\n }\n\n // Check exact match for ALL method\n const allRouteKey = `ALL:${path}`;\n if (customRouteAuthConfig.has(allRouteKey)) {\n return customRouteAuthConfig.get(allRouteKey) === true;\n }\n\n // Check pattern matches for dynamic routes (e.g., '/users/:id')\n for (const [routeKey, requiresAuth] of customRouteAuthConfig.entries()) {\n const colonIndex = routeKey.indexOf(':');\n if (colonIndex === -1) {\n continue; // Skip malformed keys\n }\n\n const routeMethod = routeKey.substring(0, colonIndex);\n const routePattern = routeKey.substring(colonIndex + 1);\n\n // Check if method matches (exact match or ALL)\n if (routeMethod !== method && routeMethod !== 'ALL') {\n continue;\n }\n\n // Check if path matches the pattern\n if (pathMatchesPattern(path, routePattern)) {\n return requiresAuth === true;\n }\n }\n\n return false; // Not in config = not a protected custom route\n};\n\n/**\n * Find a matching custom API route for the given path and method.\n * Returns the matched route and any extracted path parameters.\n */\nexport const findMatchingCustomRoute = (\n path: string,\n method: string,\n apiRoutes?: ApiRoute[],\n): { route: ApiRoute; params: Record<string, string> } | undefined => {\n if (!apiRoutes) return undefined;\n\n for (const route of apiRoutes) {\n if (route.method !== method && route.method !== 'ALL') continue;\n\n const { keys, pattern: regex } = parse(route.path);\n const match = regex.exec(path);\n if (!match) continue;\n\n const params: Record<string, string> = {};\n if (keys && keys.length > 0) {\n for (let i = 0; i < keys.length; i++) {\n if (match[i + 1] !== undefined) {\n params[keys[i]!] = match[i + 1]!;\n }\n }\n }\n\n return { route, params };\n }\n\n return undefined;\n};\n\n/**\n * Check if request is from dev playground\n * @param getHeader - Function to get header value from request\n * @param customRouteAuthConfig - Map of custom route auth configurations\n */\nexport const isDevPlaygroundRequest = (\n path: string,\n method: string,\n getHeader: (name: string) => string | undefined,\n authConfig: MastraAuthConfig,\n customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n return (\n process.env.MASTRA_DEV === 'true' &&\n // Allow if path doesn't match protected patterns AND is not a protected custom route\n ((!isAnyMatch(path, method, protectedAccess) && !isProtectedCustomRoute(path, method, customRouteAuthConfig)) ||\n // Or if has playground header\n getHeader('x-mastra-dev-playground') === 'true')\n );\n};\n\nexport const isCustomRoutePublic = (\n path: string,\n method: string,\n customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n if (!customRouteAuthConfig) {\n return false;\n }\n\n // Check exact match first (fast path for static routes)\n const exactRouteKey = `${method}:${path}`;\n if (customRouteAuthConfig.has(exactRouteKey)) {\n return !customRouteAuthConfig.get(exactRouteKey); // True when route opts out of auth\n }\n\n // Check exact match for ALL method\n const allRouteKey = `ALL:${path}`;\n if (customRouteAuthConfig.has(allRouteKey)) {\n return !customRouteAuthConfig.get(allRouteKey);\n }\n\n // Check pattern matches for dynamic routes (e.g., '/users/:id')\n for (const [routeKey, requiresAuth] of customRouteAuthConfig.entries()) {\n const colonIndex = routeKey.indexOf(':');\n if (colonIndex === -1) {\n continue; // Skip malformed keys\n }\n\n const routeMethod = routeKey.substring(0, colonIndex);\n const routePattern = routeKey.substring(colonIndex + 1);\n\n // Check if method matches (exact match or ALL)\n if (routeMethod !== method && routeMethod !== 'ALL') {\n continue;\n }\n\n // Check if path matches the pattern\n if (pathMatchesPattern(path, routePattern)) {\n return !requiresAuth; // True when route opts out of auth\n }\n }\n\n return false;\n};\n\n// NOTE: This uses isProtectedCustomRoute (default-allow for unknown paths) rather than\n// !isCustomRoutePublic (default-deny). This is intentional — all registered server and\n// custom routes are auth-checked via registerRoute/checkRouteAuth regardless of this\n// function. The '/api/*' protected pattern exists as a user-facing override mechanism.\n// The old default-deny logic incorrectly blocked non-API paths (e.g. '/', '/agents')\n// which prevented the studio login page from loading in production.\nexport const isProtectedPath = (\n path: string,\n method: string,\n authConfig: MastraAuthConfig,\n customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n return isAnyMatch(path, method, protectedAccess) || isProtectedCustomRoute(path, method, customRouteAuthConfig);\n};\n\nexport const canAccessPublicly = (path: string, method: string, authConfig: MastraAuthConfig): boolean => {\n // Check if this path+method combination is publicly accessible\n const publicAccess = [...(defaultAuthConfig.public || []), ...(authConfig.public || [])];\n\n return isAnyMatch(path, method, publicAccess);\n};\n\nconst isAnyMatch = (\n path: string,\n method: string,\n patterns: MastraAuthConfig['protected'] | MastraAuthConfig['public'],\n): boolean => {\n if (!patterns) {\n return false;\n }\n\n for (const patternPathOrMethod of patterns) {\n if (patternPathOrMethod instanceof RegExp) {\n if (patternPathOrMethod.test(path)) {\n return true;\n }\n }\n\n if (typeof patternPathOrMethod === 'string' && pathMatchesPattern(path, patternPathOrMethod)) {\n return true;\n }\n\n if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {\n const [pattern, methodOrMethods] = patternPathOrMethod;\n if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {\n return true;\n }\n }\n }\n\n return false;\n};\n\nexport const pathMatchesPattern = (path: string, pattern: string): boolean => {\n // Use regexparam for battle-tested path matching\n // Supports:\n // - Exact paths: '/api/users'\n // - Wildcards: '/api/agents/*' matches '/api/agents/123'\n // - Path parameters: '/users/:id' matches '/users/123'\n // - Optional parameters: '/users/:id?' matches '/users' and '/users/123'\n // - Mixed patterns: '/api/:version/users/:id/profile'\n const { pattern: regex } = parse(pattern);\n return regex.test(path);\n};\n\nexport const pathMatchesRule = (path: string, rulePath: string | RegExp | string[] | undefined): boolean => {\n if (!rulePath) return true; // No path specified means all paths\n\n if (typeof rulePath === 'string') {\n return pathMatchesPattern(path, rulePath);\n }\n\n if (rulePath instanceof RegExp) {\n return rulePath.test(path);\n }\n\n if (Array.isArray(rulePath)) {\n return rulePath.some(p => pathMatchesPattern(path, p));\n }\n\n return false;\n};\n\nexport const matchesOrIncludes = (values: string | string[], value: string): boolean => {\n if (typeof values === 'string') {\n return values === value;\n }\n\n if (Array.isArray(values)) {\n return values.includes(value);\n }\n\n return false;\n};\n\n// ── Core auth middleware ──\n// Framework-agnostic auth logic extracted from adapter middlewares.\n// Each adapter builds an AuthMiddlewareContext and delegates to coreAuthMiddleware.\n\nexport interface AuthMiddlewareContext {\n path: string;\n method: string;\n getHeader: (name: string) => string | undefined;\n mastra: Mastra;\n authConfig: MastraAuthConfig;\n customRouteAuthConfig?: Map<string, boolean>;\n requestContext: { get: (key: string) => unknown; set: (key: string, value: unknown) => void };\n rawRequest: MastraAuthRequest;\n token: string | null;\n buildAuthorizeContext: () => unknown;\n /** When true, force authentication even if the path matches a public pattern. */\n requiresAuth?: boolean;\n}\n\nexport type AuthResult =\n | { action: 'next'; headers?: Record<string, string> }\n | { action: 'error'; status: number; body: Record<string, unknown>; headers?: Record<string, string> };\n\nconst pass: AuthResult = { action: 'next' };\n\nconst adaptToMastraAuthRequest = (request: MastraAuthRequest): MastraAuthRequest => {\n if (!(request instanceof Request)) {\n return request;\n }\n\n return {\n raw: request,\n headers: request.headers,\n header: name => request.headers.get(name) ?? undefined,\n };\n};\n\nexport interface GetAuthenticatedUserOptions {\n mastra: Mastra;\n token: string;\n request: MastraAuthRequest;\n}\n\nexport const getAuthenticatedUser = async <TUser = unknown>({\n mastra,\n token,\n request,\n}: GetAuthenticatedUserOptions): Promise<TUser | null> => {\n const normalizedToken = token.replace(/^Bearer\\s+/i, '').trim();\n if (!normalizedToken) {\n return null;\n }\n\n const authConfig = mastra.getServer()?.auth;\n if (!authConfig || typeof authConfig.authenticateToken !== 'function') {\n return null;\n }\n\n return (await authConfig.authenticateToken(normalizedToken, request)) as TUser | null;\n};\n\n/**\n * Check if an auth config object supports transparent session refresh.\n * Returns true if the auth provider implements the necessary ISessionProvider methods.\n */\nexport function supportsSessionRefresh(\n authConfig: MastraAuthConfig | IMastraAuthProvider,\n): authConfig is (MastraAuthConfig | IMastraAuthProvider) &\n Pick<ISessionProvider, 'refreshSession' | 'getSessionIdFromRequest' | 'getSessionHeaders'> {\n return (\n typeof (authConfig as any).getSessionIdFromRequest === 'function' &&\n typeof (authConfig as any).refreshSession === 'function' &&\n typeof (authConfig as any).getSessionHeaders === 'function'\n );\n}\n\n/**\n * Single auth middleware: authenticate → authorize.\n * Skip checks (dev playground, unprotected path, public path) are evaluated once.\n */\nexport const coreAuthMiddleware = async (ctx: AuthMiddlewareContext): Promise<AuthResult> => {\n const {\n path,\n method,\n getHeader,\n mastra,\n authConfig,\n customRouteAuthConfig,\n requestContext,\n rawRequest,\n token,\n requiresAuth,\n } = ctx;\n\n // ── Skip checks (evaluated once) ──\n\n // Only bypass auth for dev playground when no real auth provider is configured.\n // When auth IS configured (has authenticateToken), we need the full auth flow\n // so user/roles/permissions are set in requestContext.\n const hasAuthProvider = typeof authConfig.authenticateToken === 'function';\n if (!hasAuthProvider && isDevPlaygroundRequest(path, method, getHeader, authConfig, customRouteAuthConfig)) {\n return pass;\n }\n\n if (!isProtectedPath(path, method, authConfig, customRouteAuthConfig)) {\n return pass;\n }\n\n // When a route explicitly requires auth (requiresAuth: true), skip the\n // public-path bypass so the user is still authenticated and permissions\n // are injected into the request context.\n if (!requiresAuth && canAccessPublicly(path, method, authConfig)) {\n return pass;\n }\n\n // ── Authentication ──\n\n let user: unknown;\n let refreshHeaders: Record<string, string> | undefined;\n const authRequest = adaptToMastraAuthRequest(rawRequest);\n\n try {\n if (typeof authConfig.authenticateToken === 'function') {\n user = await authConfig.authenticateToken(token ?? '', authRequest);\n } else {\n throw new Error('No token verification method configured');\n }\n\n // If authentication failed, attempt transparent session refresh before returning 401.\n // This handles expired access tokens without requiring client-side refresh logic.\n if (!user && supportsSessionRefresh(authConfig) && rawRequest instanceof Request) {\n try {\n const sessionId = authConfig.getSessionIdFromRequest(rawRequest);\n if (sessionId) {\n const newSession = await authConfig.refreshSession(sessionId);\n if (newSession) {\n // Refresh succeeded — build updated session headers and re-authenticate.\n // We create a synthetic request with the new session cookie so\n // authenticateToken (which reads cookies from the request) picks up\n // the refreshed session instead of the expired one.\n refreshHeaders = authConfig.getSessionHeaders(newSession);\n const refreshedCookie = Object.entries(refreshHeaders)\n .filter(([k]) => k.toLowerCase() === 'set-cookie')\n .map(([, v]) => v.split(';')[0]) // Extract name=value before attributes\n .join('; ');\n if (refreshedCookie) {\n const refreshedRequest = new Request(rawRequest.url, {\n method: rawRequest.method,\n headers: new Headers(rawRequest.headers),\n });\n refreshedRequest.headers.set('Cookie', refreshedCookie);\n // Pass the refreshed cookie value as the token so authenticateToken\n // picks up the new session instead of the stale original.\n // Auth providers typically read cookies from the request object, but\n // some may also inspect the token parameter directly.\n const cookieValue = refreshedCookie.includes('=')\n ? refreshedCookie.split('=').slice(1).join('=')\n : refreshedCookie;\n user = await authConfig.authenticateToken(cookieValue, adaptToMastraAuthRequest(refreshedRequest));\n }\n if (!user) {\n refreshHeaders = undefined;\n }\n }\n }\n } catch (refreshErr) {\n refreshHeaders = undefined;\n mastra.getLogger()?.debug('Session refresh failed, falling back to 401', {\n error: refreshErr instanceof Error ? { message: refreshErr.message } : refreshErr,\n });\n }\n }\n\n if (!user) {\n return { action: 'error', status: 401, body: { error: 'Invalid or expired token' }, headers: refreshHeaders };\n }\n\n requestContext.set(MASTRA_USER_KEY, user);\n // Backward-compat: also write the legacy `'user'` key so existing\n // middleware and integrations that read `requestContext.get('user')`\n // (including built-in FGA route enforcement, memory handlers, and the\n // documented public surface) keep working. New code should prefer\n // `MASTRA_USER_KEY` to avoid collisions with caller-supplied keys.\n requestContext.set('user', user);\n\n // Store the raw auth token so downstream code (e.g., editor MCP client\n // resolution) can forward it when connecting to auth-protected MCP servers.\n // The token may arrive via Authorization header, apiKey query param, or\n // cookie (SimpleAuth sets `mastra-token`). Check all sources so the\n // forwarded value is available regardless of how the user authenticated.\n let effectiveToken = token;\n if (!effectiveToken && rawRequest instanceof Request) {\n const cookieHeader = rawRequest.headers.get('cookie');\n if (cookieHeader) {\n const match = cookieHeader.match(/mastra-token=([^;]+)/);\n if (match?.[1]) effectiveToken = match[1];\n }\n }\n if (effectiveToken) {\n requestContext.set(MASTRA_AUTH_TOKEN_KEY, effectiveToken);\n }\n\n if (typeof authConfig.mapUserToResourceId === 'function') {\n try {\n const resourceId = authConfig.mapUserToResourceId(user);\n if (resourceId) {\n requestContext.set(MASTRA_RESOURCE_ID_KEY, resourceId);\n }\n } catch (mapError) {\n mastra.getLogger()?.error('mapUserToResourceId failed', {\n error: mapError instanceof Error ? { message: mapError.message, stack: mapError.stack } : mapError,\n });\n return {\n action: 'error',\n status: 500,\n body: { error: 'Failed to map authenticated user to a resource ID' },\n headers: refreshHeaders,\n };\n }\n }\n\n try {\n // Determine which RBAC provider to use based on auth mode\n const authMode = requestContext.get(MASTRA_AUTH_MODE_KEY);\n const serverConfig = mastra.getServer();\n const studioConfig = mastra.getStudio?.();\n // Use studio RBAC if this is a studio request, otherwise use server RBAC\n const rbacProvider = (authMode === 'studio' ? (studioConfig?.rbac ?? serverConfig?.rbac) : serverConfig?.rbac) as\n | IRBACProvider<EEUser>\n | undefined;\n\n if (rbacProvider) {\n if (!user || typeof user !== 'object' || !('id' in user)) {\n mastra.getLogger()?.warn('RBAC: authenticated user missing required \"id\" field, skipping permission loading');\n } else {\n const permissions = await rbacProvider.getPermissions(user as EEUser);\n requestContext.set(MASTRA_USER_PERMISSIONS_KEY, permissions);\n // Backward-compat alias for callers reading the legacy key.\n requestContext.set('userPermissions', permissions);\n\n const roles = await rbacProvider.getRoles(user as EEUser);\n requestContext.set(MASTRA_USER_ROLES_KEY, roles);\n // Backward-compat alias for callers reading the legacy key.\n requestContext.set('userRoles', roles);\n }\n }\n } catch (rbacError) {\n mastra.getLogger()?.error('RBAC: failed to load user permissions/roles', {\n error: rbacError instanceof Error ? { message: rbacError.message, stack: rbacError.stack } : rbacError,\n });\n }\n } catch (err) {\n mastra.getLogger()?.error('Authentication error', {\n error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n });\n return { action: 'error', status: 401, body: { error: 'Invalid or expired token' }, headers: refreshHeaders };\n }\n\n // ── Authorization ──\n\n if ('authorizeUser' in authConfig && typeof authConfig.authorizeUser === 'function') {\n try {\n const isAuthorized = await authConfig.authorizeUser(user, authRequest);\n\n if (!isAuthorized) {\n return { action: 'error', status: 403, body: { error: 'Access denied' }, headers: refreshHeaders };\n }\n } catch (err) {\n mastra.getLogger()?.error('Authorization error in authorizeUser', {\n error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n });\n return { action: 'error', status: 500, body: { error: 'Authorization error' }, headers: refreshHeaders };\n }\n } else if ('authorize' in authConfig && typeof authConfig.authorize === 'function') {\n try {\n const authorizeCtx = ctx.buildAuthorizeContext();\n const isAuthorized = await authConfig.authorize(path, method, user, authorizeCtx as any);\n\n if (!isAuthorized) {\n return { action: 'error', status: 403, body: { error: 'Access denied' }, headers: refreshHeaders };\n }\n } catch (err) {\n mastra.getLogger()?.error('Authorization error in authorize', {\n error: err instanceof Error ? { message: err.message, stack: err.stack } : err,\n path,\n method,\n });\n return { action: 'error', status: 500, body: { error: 'Authorization error' }, headers: refreshHeaders };\n }\n } else if ('rules' in authConfig && authConfig.rules && authConfig.rules.length > 0) {\n const isAuthorized = await checkRules(authConfig.rules, path, method, user);\n\n if (!isAuthorized) {\n return { action: 'error', status: 403, body: { error: 'Access denied' }, headers: refreshHeaders };\n }\n } else {\n // No explicit authorization configured (authorizeUser, authorize, or rules)\n // Check if RBAC is configured - if not, allow authenticated users through\n // (auth-only mode = authenticated users get full access)\n const rbacProvider = mastra.getServer()?.rbac;\n if (rbacProvider) {\n if (defaultAuthConfig.rules && defaultAuthConfig.rules.length > 0) {\n const isAuthorized = await checkRules(defaultAuthConfig.rules, path, method, user);\n\n if (!isAuthorized) {\n return { action: 'error', status: 403, body: { error: 'Access denied' }, headers: refreshHeaders };\n }\n } else {\n return { action: 'error', status: 403, body: { error: 'Access denied' }, headers: refreshHeaders };\n }\n }\n }\n\n return refreshHeaders ? { action: 'next', headers: refreshHeaders } : pass;\n};\n\n// Check authorization rules\nexport const checkRules = async (\n rules: MastraAuthConfig['rules'],\n path: string,\n method: string,\n user: unknown,\n): Promise<boolean> => {\n // Go through rules in order (first match wins)\n for (const i in rules || []) {\n const rule = rules?.[i]!;\n // Check if rule applies to this path\n if (!pathMatchesRule(path, rule.path)) {\n continue;\n }\n\n // Check if rule applies to this method\n if (rule.methods && !matchesOrIncludes(rule.methods, method)) {\n continue;\n }\n\n // Rule matches, check conditions\n const condition = rule.condition;\n if (typeof condition === 'function') {\n const allowed = await Promise.resolve()\n .then(() => condition(user))\n .catch(() => false);\n\n if (allowed) {\n return true;\n }\n } else if (rule.allow) {\n return true;\n }\n }\n\n // No matching rules, deny by default\n return false;\n};\n"]}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var chunkRR5IB5A2_cjs = require('./chunk-RR5IB5A2.cjs');
|
|
4
|
+
var chunkSYZ2NTP3_cjs = require('./chunk-SYZ2NTP3.cjs');
|
|
5
|
+
var chunkSXKQ7CSX_cjs = require('./chunk-SXKQ7CSX.cjs');
|
|
3
6
|
var chunkZ7LCIYK7_cjs = require('./chunk-Z7LCIYK7.cjs');
|
|
4
|
-
var
|
|
7
|
+
var chunkN54Q3AQR_cjs = require('./chunk-N54Q3AQR.cjs');
|
|
5
8
|
var chunk64ITUOXI_cjs = require('./chunk-64ITUOXI.cjs');
|
|
6
|
-
var chunk4PQR3D5Y_cjs = require('./chunk-4PQR3D5Y.cjs');
|
|
7
|
-
var chunkSXKQ7CSX_cjs = require('./chunk-SXKQ7CSX.cjs');
|
|
8
|
-
var chunkRR5IB5A2_cjs = require('./chunk-RR5IB5A2.cjs');
|
|
9
9
|
var v4 = require('zod/v4');
|
|
10
10
|
|
|
11
11
|
var _buildCapabilitiesPromise;
|
|
@@ -84,7 +84,7 @@ function getFGAProvider(mastra, isStudio) {
|
|
|
84
84
|
function implementsInterface(auth, method) {
|
|
85
85
|
return auth !== null && typeof auth === "object" && typeof auth[method] === "function";
|
|
86
86
|
}
|
|
87
|
-
var GET_AUTH_CAPABILITIES_ROUTE =
|
|
87
|
+
var GET_AUTH_CAPABILITIES_ROUTE = chunkN54Q3AQR_cjs.createPublicRoute({
|
|
88
88
|
method: "GET",
|
|
89
89
|
path: "/auth/capabilities",
|
|
90
90
|
responseType: "json",
|
|
@@ -107,7 +107,7 @@ var GET_AUTH_CAPABILITIES_ROUTE = chunkDN2NUSL2_cjs.createPublicRoute({
|
|
|
107
107
|
return { enabled: false, login: null };
|
|
108
108
|
}
|
|
109
109
|
const capabilities = await buildCapabilities(auth, request, { rbac, fga, apiPrefix: routePrefix });
|
|
110
|
-
if (!("user" in capabilities) &&
|
|
110
|
+
if (!("user" in capabilities) && chunkSYZ2NTP3_cjs.supportsSessionRefresh(auth)) {
|
|
111
111
|
try {
|
|
112
112
|
const sessionId = await auth.getSessionIdFromRequest(request);
|
|
113
113
|
if (sessionId) {
|
|
@@ -147,7 +147,7 @@ function extractCookieFromHeaders(headers) {
|
|
|
147
147
|
const match = setCookie.match(/^([^;]+)/);
|
|
148
148
|
return match ? match[1] ?? null : null;
|
|
149
149
|
}
|
|
150
|
-
var GET_CURRENT_USER_ROUTE =
|
|
150
|
+
var GET_CURRENT_USER_ROUTE = chunkN54Q3AQR_cjs.createPublicRoute({
|
|
151
151
|
method: "GET",
|
|
152
152
|
path: "/auth/me",
|
|
153
153
|
responseType: "json",
|
|
@@ -188,7 +188,7 @@ var GET_CURRENT_USER_ROUTE = chunkDN2NUSL2_cjs.createPublicRoute({
|
|
|
188
188
|
}
|
|
189
189
|
}
|
|
190
190
|
});
|
|
191
|
-
var GET_SSO_LOGIN_ROUTE =
|
|
191
|
+
var GET_SSO_LOGIN_ROUTE = chunkN54Q3AQR_cjs.createPublicRoute({
|
|
192
192
|
method: "GET",
|
|
193
193
|
path: "/auth/sso/login",
|
|
194
194
|
responseType: "datastream-response",
|
|
@@ -245,7 +245,7 @@ var GET_SSO_LOGIN_ROUTE = chunkDN2NUSL2_cjs.createPublicRoute({
|
|
|
245
245
|
}
|
|
246
246
|
}
|
|
247
247
|
});
|
|
248
|
-
var GET_SSO_CALLBACK_ROUTE =
|
|
248
|
+
var GET_SSO_CALLBACK_ROUTE = chunkN54Q3AQR_cjs.createPublicRoute({
|
|
249
249
|
method: "GET",
|
|
250
250
|
path: "/auth/sso/callback",
|
|
251
251
|
responseType: "datastream-response",
|
|
@@ -325,7 +325,7 @@ var GET_SSO_CALLBACK_ROUTE = chunkDN2NUSL2_cjs.createPublicRoute({
|
|
|
325
325
|
}
|
|
326
326
|
}
|
|
327
327
|
});
|
|
328
|
-
var POST_LOGOUT_ROUTE =
|
|
328
|
+
var POST_LOGOUT_ROUTE = chunkN54Q3AQR_cjs.createPublicRoute({
|
|
329
329
|
method: "POST",
|
|
330
330
|
path: "/auth/logout",
|
|
331
331
|
responseType: "datastream-response",
|
|
@@ -371,7 +371,7 @@ var POST_LOGOUT_ROUTE = chunkDN2NUSL2_cjs.createPublicRoute({
|
|
|
371
371
|
}
|
|
372
372
|
}
|
|
373
373
|
});
|
|
374
|
-
var POST_REFRESH_ROUTE =
|
|
374
|
+
var POST_REFRESH_ROUTE = chunkN54Q3AQR_cjs.createPublicRoute({
|
|
375
375
|
method: "POST",
|
|
376
376
|
path: "/auth/refresh",
|
|
377
377
|
responseType: "datastream-response",
|
|
@@ -412,7 +412,7 @@ var POST_REFRESH_ROUTE = chunkDN2NUSL2_cjs.createPublicRoute({
|
|
|
412
412
|
}
|
|
413
413
|
}
|
|
414
414
|
});
|
|
415
|
-
var POST_CREDENTIALS_SIGN_IN_ROUTE =
|
|
415
|
+
var POST_CREDENTIALS_SIGN_IN_ROUTE = chunkN54Q3AQR_cjs.createPublicRoute({
|
|
416
416
|
method: "POST",
|
|
417
417
|
path: "/auth/credentials/sign-in",
|
|
418
418
|
responseType: "datastream-response",
|
|
@@ -454,7 +454,7 @@ var POST_CREDENTIALS_SIGN_IN_ROUTE = chunkDN2NUSL2_cjs.createPublicRoute({
|
|
|
454
454
|
}
|
|
455
455
|
}
|
|
456
456
|
});
|
|
457
|
-
var POST_CREDENTIALS_SIGN_UP_ROUTE =
|
|
457
|
+
var POST_CREDENTIALS_SIGN_UP_ROUTE = chunkN54Q3AQR_cjs.createPublicRoute({
|
|
458
458
|
method: "POST",
|
|
459
459
|
path: "/auth/credentials/sign-up",
|
|
460
460
|
responseType: "datastream-response",
|
|
@@ -502,7 +502,7 @@ var POST_CREDENTIALS_SIGN_UP_ROUTE = chunkDN2NUSL2_cjs.createPublicRoute({
|
|
|
502
502
|
});
|
|
503
503
|
var rolePermissionsPathSchema = v4.z.object({ roleId: v4.z.string() });
|
|
504
504
|
var rolePermissionsResponseSchema = v4.z.object({ roleId: v4.z.string(), permissions: v4.z.array(v4.z.string()) });
|
|
505
|
-
var GET_ROLE_PERMISSIONS_ROUTE =
|
|
505
|
+
var GET_ROLE_PERMISSIONS_ROUTE = chunkN54Q3AQR_cjs.createRoute({
|
|
506
506
|
method: "GET",
|
|
507
507
|
path: "/auth/roles/:roleId/permissions",
|
|
508
508
|
requiresAuth: true,
|
|
@@ -532,7 +532,7 @@ var GET_ROLE_PERMISSIONS_ROUTE = chunkDN2NUSL2_cjs.createRoute({
|
|
|
532
532
|
}
|
|
533
533
|
}
|
|
534
534
|
});
|
|
535
|
-
var GET_PERMISSION_PATTERNS_ROUTE =
|
|
535
|
+
var GET_PERMISSION_PATTERNS_ROUTE = chunkN54Q3AQR_cjs.createRoute({
|
|
536
536
|
method: "GET",
|
|
537
537
|
path: "/auth/permission-patterns",
|
|
538
538
|
requiresAuth: true,
|
|
@@ -571,5 +571,5 @@ exports.POST_CREDENTIALS_SIGN_UP_ROUTE = POST_CREDENTIALS_SIGN_UP_ROUTE;
|
|
|
571
571
|
exports.POST_LOGOUT_ROUTE = POST_LOGOUT_ROUTE;
|
|
572
572
|
exports.POST_REFRESH_ROUTE = POST_REFRESH_ROUTE;
|
|
573
573
|
exports.getPublicOrigin = getPublicOrigin;
|
|
574
|
-
//# sourceMappingURL=chunk-
|
|
575
|
-
//# sourceMappingURL=chunk-
|
|
574
|
+
//# sourceMappingURL=chunk-TGKPSQB3.cjs.map
|
|
575
|
+
//# sourceMappingURL=chunk-TGKPSQB3.cjs.map
|