UNPKG

@mastra/core

Version:

Mastra is a framework for building AI-powered applications and agents with a modern TypeScript stack.

mastra.ai

mastra-ai/mastra

106 lines 3.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/** * Static RBAC provider with config-based roles. */ import type { RoleDefinition, RoleMapping, IRBACProvider } from '../../interfaces/index.js'; /** * Options for StaticRBACProvider. * * Use ONE of the following approaches: * - `roles`: Define role structures with permissions (Mastra's native role system) * - `roleMapping`: Map provider roles directly to permissions (simpler for external providers) */ export type StaticRBACProviderOptions<TUser = unknown> = { /** Role definitions (Mastra's native role system) */ roles: RoleDefinition[]; /** Function to get user's role IDs */ getUserRoles: (user: TUser) => string[] | Promise<string[]>; roleMapping?: never; } | { /** * Role mapping for translating provider roles to permissions. * Use this when your identity provider has roles that need to be * mapped to Mastra permissions. */ roleMapping: RoleMapping; /** Function to get user's role IDs from the provider */ getUserRoles: (user: TUser) => string[] | Promise<string[]>; roles?: never; }; /** * Static RBAC provider. * * Supports two modes: * 1. **Role definitions**: Use Mastra's native role system with structured roles * 2. **Role mapping**: Directly map provider roles to permissions * * @example Using role definitions (Mastra's native system) * ```typescript * const rbac = new StaticRBACProvider({ * roles: DEFAULT_ROLES, * getUserRoles: (user) => [user.role], * }); * ``` * * @example Using role mapping (for external providers) * ```typescript * const rbac = new StaticRBACProvider({ * roleMapping: { * "Engineering": ["agents:*", "workflows:*"], * "Product": ["agents:read", "workflows:read"], * "_default": [], * }, * getUserRoles: (user) => user.providerRoles, * }); * ``` * * @example Async role lookup * ```typescript * const rbac = new StaticRBACProvider({ * roles: DEFAULT_ROLES, * getUserRoles: async (user) => { * return db.getUserRoles(user.id); * }, * }); * ``` */ export declare class StaticRBACProvider<TUser = unknown> implements IRBACProvider<TUser> { private roles?; private _roleMapping?; private getUserRolesFn; private permissionCache; /** Expose roleMapping for middleware access */ get roleMapping(): RoleMapping | undefined; constructor(options: StaticRBACProviderOptions<TUser>); getRoles(user: TUser): Promise<string[]>; hasRole(user: TUser, role: string): Promise<boolean>; getPermissions(user: TUser): Promise<string[]>; hasPermission(user: TUser, permission: string): Promise<boolean>; hasAllPermissions(user: TUser, permissions: string[]): Promise<boolean>; hasAnyPermission(user: TUser, permissions: string[]): Promise<boolean>; /** * Clear the permission cache. */ clearCache(): void; /** * Get all role definitions. * Only available when using role definitions mode (not role mapping). */ getRoleDefinitions(): RoleDefinition[]; /** * Get a specific role definition. * Only available when using role definitions mode (not role mapping). */ getRoleDefinition(roleId: string): RoleDefinition | undefined; /** * Get all available roles in the system. */ getAvailableRoles(): Promise<{ id: string; name: string; }[]>; /** * Get the resolved permissions for a specific role. */ getPermissionsForRole(roleId: string): Promise<string[]>; } //# sourceMappingURL=static.d.ts.map