UNPKG

@mastra/core

Version:

Mastra is a framework for building AI-powered applications and agents with a modern TypeScript stack.

mastra.ai

mastra-ai/mastra

1 lines • 17.5 kB
1
{"version":3,"sources":["../src/telemetry/posthog.ts","../src/auth/ee/license.ts","../src/auth/ee/fga-check.ts"],"names":["createHash","os","PostHog"],"mappings":";;;;;;;;;;;AAIA,IAAM,eAAA,GAAkB,iDAAA;AACxB,IAAM,YAAA,GAAe,wBAAA;AAErB,IAAI,MAAA,GAAyB,IAAA;AAItB,SAAS,oBAAA,GAAgC;AAC9C,EAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,2BAA2B,CAAA,KAAM,GAAA;AACtD;AAEO,SAAS,mBAAmB,KAAA,EAAuB;AACxD,EAAA,OAAOA,kBAAW,QAAQ,CAAA,CAAE,OAAO,KAAK,CAAA,CAAE,OAAO,KAAK,CAAA;AACxD;AAEA,SAAS,iBAAA,GAA4B;AACnC,EAAA,OAAO,kBAAA,CAAmBC,oBAAG,QAAA,EAAS,IAAK,cAAc,CAAA,CAAE,KAAA,CAAM,GAAG,EAAE,CAAA;AACxE;AAEO,SAAS,gCAAA,GAA2C;AACzD,EAAA,OAAO,CAAA,OAAA,EAAU,mBAAmB,CAAA,CAAA;AACtC;AAEA,SAAS,SAAA,GAA4B;AACnC,EAAA,IAAI,CAAC,sBAAqB,EAAG;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAA,GAAS,IAAIC,oBAAQ,eAAA,EAAiB;AAAA,MACpC,IAAA,EAAM,YAAA;AAAA,MACN,OAAA,EAAS,CAAA;AAAA,MACT,aAAA,EAAe,CAAA;AAAA,MACf,YAAA,EAAc;AAAA,KACf,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,mBAAA,GAA+C;AACtD,EAAA,OAAO;AAAA,IACL,IAAI,OAAA,CAAQ,QAAA;AAAA,IACZ,UAAA,EAAYD,oBAAG,OAAA,EAAQ;AAAA,IACvB,cAAc,OAAA,CAAQ,OAAA;AAAA,IACtB,UAAU,OAAA,CAAQ,IAAA;AAAA,IAClB,YAAY,iBAAA,EAAkB;AAAA,IAC9B,cAAA,EAAgB,OAAA,CAAQ,GAAA,CAAI,qBAAqB,CAAA,IAAK;AAAA,GACxD;AACF;AAEO,SAAS,cAAA,CACd,KAAA,EACA,UAAA,EACA,UAAA,EACM;AACN,EAAA,IAAI;AACF,IAAA,MAAM,UAAU,SAAA,EAAU;AAC1B,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA;AAAA,IACF;AAEA,IAAA,OAAA,CAAQ,OAAA,CAAQ;AAAA,MACd,UAAA,EAAY,cAAc,gCAAA,EAAiC;AAAA,MAC3D,KAAA;AAAA,MACA,UAAA,EAAY;AAAA,QACV,GAAG,mBAAA,EAAoB;AAAA,QACvB,GAAG;AAAA;AACL,KACD,CAAA;AAAA,EACH,CAAA,CAAA,MAAQ;AAAA,EAER;AACF;;;AC7CA,IAAI,aAAA,GAAoC,IAAA;AACxC,IAAI,cAAA,GAAiB,CAAA;AACrB,IAAM,YAAY,EAAA,GAAK,GAAA;AAWhB,SAAS,gBAAgB,UAAA,EAAkC;AAChE,EAAA,MAAM,GAAA,GAAM,UAAA,IAAc,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAA;AAEzD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AAUA,EAAA,IAAI,GAAA,CAAI,SAAS,EAAA,EAAI;AACnB,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,IAAA;AAAA,IACP,QAAA,EAAU,CAAC,MAAA,EAAQ,SAAA,EAAW,OAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,eAAe,CAAA;AAAA,IAC1E,IAAA,EAAM;AAAA,GACR;AACF;AAOO,SAAS,cAAA,GAA0B;AACxC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,EAAA,IAAI,aAAA,IAAiB,GAAA,GAAM,cAAA,GAAiB,SAAA,EAAW;AACrD,IAAA,OAAO,aAAA,CAAc,KAAA;AAAA,EACvB;AAGA,EAAA,aAAA,GAAgB,eAAA,EAAgB;AAChC,EAAA,cAAA,GAAiB,GAAA;AAEjB,EAAA,IAAI,CAAC,aAAA,CAAc,KAAA,IAAS,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAA,EAAG;AAC5D,IAAA,OAAA,CAAQ,KAAK,2EAA2E,CAAA;AAAA,EAC1F;AAEA,EAAA,OAAO,aAAA,CAAc,KAAA;AACvB;AAKO,IAAM,gBAAA,GAAmB;AAQzB,SAAS,iBAAiB,OAAA,EAA0B;AACzD,EAAA,IAAI,CAAC,gBAAe,EAAG;AACrB,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,CAAC,eAAe,QAAA,EAAU;AAC5B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,aAAA,CAAc,QAAA,CAAS,QAAA,CAAS,OAAO,CAAA;AAChD;AAWO,SAAS,qBAAA,GAA4C;AAC1D,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAA;AAC3C,EAAA,MAAM,IAAA,GAAO,aAAA,IAAiB,eAAA,CAAgB,GAAG,CAAA;AACjD,EAAA,MAAM,WAAA,GAAc,GAAA,GAAM,kBAAA,CAAmB,GAAG,CAAA,GAAI,MAAA;AAEpD,EAAA,OAAO;AAAA,IACL,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,kBAAkB,gBAAA,EAAiB;AAAA,IACnC,aAAa,WAAA,GAAc,WAAA,CAAY,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,MAAA;AAAA,IACtD,WAAA,EAAa,cAAc,CAAA,EAAG,WAAA,CAAY,MAAM,CAAA,EAAG,EAAE,CAAC,CAAA,UAAA,CAAA,GAAe,MAAA;AAAA,IACrE,UAAU,IAAA,CAAK,QAAA;AAAA,IACf,MAAM,IAAA,CAAK;AAAA,GACb;AACF;AAcO,SAAS,gBAAA,GAA4B;AAC1C,EAAA,OACE,QAAQ,GAAA,CAAI,YAAY,MAAM,MAAA,IAC9B,OAAA,CAAQ,IAAI,YAAY,CAAA,KAAM,GAAA,IAC7B,OAAA,CAAQ,IAAI,UAAU,CAAA,KAAM,gBAAgB,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,KAAM,MAAA;AAE7E;AAMO,SAAS,WAAA,GAAuB;AACrC,EAAA,IAAI,kBAAiB,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,cAAA,EAAe;AACxB;;;ACpJA,SAAS,eAAA,CAAgB;AAAA,EACvB,OAAA;AAAA,EACA,cAAA;AAAA,EACA;AACF,CAAA,EAAoG;AAClG,EAAA,MAAM,aAAA,GAAiC;AAAA,IACrC,GAAG;AAAA,GACL;AAEA,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,aAAA,CAAc,cAAA,GAAiB,cAAA;AAAA,EACjC;AAEA,EAAA,IAAI,QAAA,IAAY,SAAS,QAAA,EAAU;AACjC,IAAA,aAAA,CAAc,QAAA,GAAW;AAAA,MACvB,GAAI,OAAA,EAAS,QAAA,IAAY,EAAC;AAAA,MAC1B,GAAI,YAAY;AAAC,KACnB;AAAA,EACF;AAEA,EAAA,OAAO,OAAO,IAAA,CAAK,aAAa,CAAA,CAAE,MAAA,GAAS,IAAI,aAAA,GAAgB,MAAA;AACjE;AAEO,SAAS,sBAAsB,OAAA,EAAyB;AAC7D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,yBAAyB,UAAA,EAA4B;AACnE,EAAA,OAAO,UAAA;AACT;AAEO,SAAS,+BAA+B,QAAA,EAA0B;AACvE,EAAA,OAAO,QAAA;AACT;AAEO,SAAS,yBAAA,CAA0B,SAAiB,QAAA,EAA0B;AACnF,EAAA,OAAO,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AAC/B;AAEO,SAAS,uBAAA,CAAwB,YAAoB,QAAA,EAA0B;AACpF,EAAA,OAAO,IAAA,CAAK,SAAA,CAAU,CAAC,UAAA,EAAY,QAAQ,CAAC,CAAA;AAC9C;AAQA,eAAsB,SAAS,OAAA,EAAyC;AACtE,EAAA,MAAM,WAAW,OAAO,CAAA;AAC1B;AAQA,eAAsB,WAAW,OAAA,EAA2C;AAC1E,EAAA,MAAM,EAAE,aAAa,IAAA,EAAM,QAAA,EAAU,YAAY,OAAA,EAAS,cAAA,EAAgB,UAAS,GAAI,OAAA;AAEvF,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,aAAa,eAAA,CAAgB,EAAE,OAAA,EAAS,cAAA,EAAgB,UAAU,CAAA;AAExE,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,MAAM,IAAI,cAAA,CAAe,IAAA,EAAM,QAAA,EAAU,YAAY,gCAAgC,CAAA;AAAA,EACvF;AAEA,EAAA,MAAM,WAAA,CAAY,OAAA;AAAA,IAChB,IAAA;AAAA,IACA,UAAA,GAAa,EAAE,QAAA,EAAU,UAAA,EAAY,SAAS,UAAA,EAAW,GAAI,EAAE,QAAA,EAAU,UAAA;AAAW,GACtF;AAEA,EAAA,MAAM,UAAU,qBAAA,EAAsB;AACtC,EAAA,IAAI;AACF,IAAA,cAAA,CAAe,mBAAmB,IAAA,EAAM,EAAA,IAAM,OAAA,CAAQ,WAAA,IAAe,kCAAiC,EAAG;AAAA,MACvG,OAAA,EAAS,KAAA;AAAA,MACT,eAAe,QAAA,CAAS,IAAA;AAAA,MACxB,aAAa,QAAA,CAAS,EAAA;AAAA,MACtB,UAAA;AAAA,MACA,SAAS,IAAA,EAAM,EAAA;AAAA,MACf,4BAA4B,IAAA,EAAM,wBAAA;AAAA,MAClC,eAAe,OAAA,CAAQ,KAAA;AAAA,MACvB,cAAc,OAAA,CAAQ,WAAA;AAAA,MACtB,oBAAoB,OAAA,CAAQ;AAAA,KAC7B,CAAA;AAAA,EACH,CAAA,CAAA,MAAQ;AAAA,EAER;AACF;AAKO,IAAM,cAAA,GAAN,cAA6B,KAAA,CAAM;AAAA,EACxB,IAAA;AAAA,EACA,QAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EAEhB,WAAA,CACE,IAAA,EACA,QAAA,EACA,UAAA,EACA,MAAA,EACA;AACA,IAAA,MAAM,MAAA,GAAS,IAAA,EAAM,EAAA,IAAM,IAAA,EAAM,QAAA,IAAY,SAAA;AAC7C,IAAA,MAAM,eAAA,GAAkB,KAAA,CAAM,OAAA,CAAQ,UAAU,CAAA,GAAI,WAAW,UAAA,CAAW,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA,CAAA,GAAM,UAAA;AAC1F,IAAA,KAAA;AAAA,MACE,MAAA,GACI,CAAA,0BAAA,EAA6B,MAAM,CAAA,CAAA,GACnC,CAAA,+BAAA,EAAkC,MAAM,CAAA,QAAA,EAAW,eAAe,CAAA,IAAA,EAAO,QAAA,CAAS,IAAI,CAAA,CAAA,EAAI,SAAS,EAAE,CAAA;AAAA,KAC3G;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,QAAA,GAAW,QAAA;AAChB,IAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,GAAA;AAAA,EAChB;AACF","file":"chunk-5TPXY57Z.cjs","sourcesContent":["import { createHash } from 'node:crypto';\nimport os from 'node:os';\nimport { PostHog } from 'posthog-node';\n\nconst POSTHOG_API_KEY = 'phc_SBLpZVAB6jmHOct9CABq3PF0Yn5FU3G2FgT4xUr2XrT';\nconst POSTHOG_HOST = 'https://us.posthog.com';\n\nlet client: PostHog | null = null;\n\nexport type EEEventName = 'ee_license_check' | 'ee_feature_used';\n\nexport function isEETelemetryEnabled(): boolean {\n return process.env['MASTRA_TELEMETRY_DISABLED'] !== '1';\n}\n\nexport function hashTelemetryValue(value: string): string {\n return createHash('sha256').update(value).digest('hex');\n}\n\nfunction getHashedHostname(): string {\n return hashTelemetryValue(os.hostname() || 'unknown-host').slice(0, 16);\n}\n\nexport function getEETelemetryFallbackDistinctId(): string {\n return `mastra-${getHashedHostname()}`;\n}\n\nfunction getClient(): PostHog | null {\n if (!isEETelemetryEnabled()) {\n return null;\n }\n\n if (!client) {\n client = new PostHog(POSTHOG_API_KEY, {\n host: POSTHOG_HOST,\n flushAt: 1,\n flushInterval: 0,\n disableGeoip: false,\n });\n }\n\n return client;\n}\n\nfunction getSystemProperties(): Record<string, unknown> {\n return {\n os: process.platform,\n os_version: os.release(),\n node_version: process.version,\n platform: process.arch,\n machine_id: getHashedHostname(),\n mastra_version: process.env['npm_package_version'] || 'unknown',\n };\n}\n\nexport function captureEEEvent(\n event: EEEventName,\n distinctId: string | undefined,\n properties?: Record<string, unknown>,\n): void {\n try {\n const posthog = getClient();\n if (!posthog) {\n return;\n }\n\n posthog.capture({\n distinctId: distinctId || getEETelemetryFallbackDistinctId(),\n event,\n properties: {\n ...getSystemProperties(),\n ...properties,\n },\n });\n } catch {\n // Telemetry must never affect auth or EE feature behavior.\n }\n}\n\nexport function resetEETelemetryForTests(): void {\n client = null;\n}\n","/**\n * License validation for EE features.\n */\n\n/**\n * License information.\n */\nimport { hashTelemetryValue } from '../../telemetry/posthog';\n\nexport interface LicenseInfo {\n /** Whether the license is valid */\n valid: boolean;\n /** License expiration date */\n expiresAt?: Date;\n /** Features enabled by this license */\n features?: string[];\n /** Organization name */\n organization?: string;\n /** License tier */\n tier?: 'standard' | 'enterprise';\n}\n\nexport interface SafeLicenseSummary {\n valid: boolean;\n isDevEnvironment: boolean;\n licenseHash?: string;\n anonymousId?: string;\n features?: string[];\n tier?: 'standard' | 'enterprise';\n}\n\n// Cached license validation result\nlet cachedLicense: LicenseInfo | null = null;\nlet cacheTimestamp = 0;\nconst CACHE_TTL = 60 * 1000; // 1 minute\n\n/**\n * Validate a license key and return license information.\n *\n * Currently implements a simple check for the presence of the license key.\n * In production, this would validate against a license server.\n *\n * @param licenseKey - License key to validate\n * @returns License information\n */\nexport function validateLicense(licenseKey?: string): LicenseInfo {\n const key = licenseKey ?? process.env['MASTRA_EE_LICENSE'];\n\n if (!key) {\n return { valid: false };\n }\n\n // TODO: Implement actual license validation\n // For now, any non-empty key is considered valid\n // In production, this would:\n // 1. Verify signature of the license key\n // 2. Check expiration date embedded in key\n // 3. Optionally validate against license server\n\n // Simple validation: key should be at least 32 characters\n if (key.length < 32) {\n return { valid: false };\n }\n\n return {\n valid: true,\n features: ['user', 'session', 'sso', 'rbac', 'acl', 'fga', 'agent-builder'],\n tier: 'enterprise',\n };\n}\n\n/**\n * Check if EE features are enabled (valid license or cache).\n *\n * @returns True if EE features should be enabled\n */\nexport function isLicenseValid(): boolean {\n const now = Date.now();\n\n // Return cached result if still valid\n if (cachedLicense && now - cacheTimestamp < CACHE_TTL) {\n return cachedLicense.valid;\n }\n\n // Validate and cache\n cachedLicense = validateLicense();\n cacheTimestamp = now;\n\n if (!cachedLicense.valid && process.env['MASTRA_EE_LICENSE']) {\n console.warn('[mastra/auth-ee] Invalid or expired EE license. EE features are disabled.');\n }\n\n return cachedLicense.valid;\n}\n\n/**\n * @deprecated Use `isLicenseValid()` instead. This alias is provided for backward compatibility.\n */\nexport const isEELicenseValid = isLicenseValid;\n\n/**\n * Check if a specific EE feature is enabled.\n *\n * @param feature - Feature name to check\n * @returns True if the feature is enabled\n */\nexport function isFeatureEnabled(feature: string): boolean {\n if (!isLicenseValid()) {\n return false;\n }\n\n // If license is valid but no features array, all features are enabled\n if (!cachedLicense?.features) {\n return true;\n }\n\n return cachedLicense.features.includes(feature);\n}\n\n/**\n * Get the current license information.\n *\n * @returns License info or null if not validated yet\n */\nexport function getLicenseInfo(): LicenseInfo | null {\n return cachedLicense;\n}\n\nexport function getSafeLicenseSummary(): SafeLicenseSummary {\n const key = process.env['MASTRA_EE_LICENSE'];\n const info = cachedLicense ?? validateLicense(key);\n const licenseHash = key ? hashTelemetryValue(key) : undefined;\n\n return {\n valid: info.valid,\n isDevEnvironment: isDevEnvironment(),\n licenseHash: licenseHash ? licenseHash.slice(0, 16) : undefined,\n anonymousId: licenseHash ? `${licenseHash.slice(0, 16)}-anonymous` : undefined,\n features: info.features,\n tier: info.tier,\n };\n}\n\n/**\n * Clear the license cache (useful for testing).\n */\nexport function clearLicenseCache(): void {\n cachedLicense = null;\n cacheTimestamp = 0;\n}\n\n/**\n * Check if running in a development/testing environment.\n * In dev, EE features work without a license per the ee/LICENSE terms.\n */\nexport function isDevEnvironment(): boolean {\n return (\n process.env['MASTRA_DEV'] === 'true' ||\n process.env['MASTRA_DEV'] === '1' ||\n (process.env['NODE_ENV'] !== 'production' && process.env['NODE_ENV'] !== 'prod')\n );\n}\n\n/**\n * Check if EE features should be active.\n * Returns true if running in dev/test environment (always allowed) or if a valid license is present.\n */\nexport function isEEEnabled(): boolean {\n if (isDevEnvironment()) {\n return true;\n }\n return isLicenseValid();\n}\n","/**\n * FGA enforcement utility for checking fine-grained authorization.\n *\n * @license Mastra Enterprise License - see ee/LICENSE\n */\n\nimport { captureEEEvent, getEETelemetryFallbackDistinctId } from '../../telemetry/posthog';\nimport type { FGACheckContext, IFGAProvider } from './interfaces/fga';\nimport type { MastraFGAPermissionInput } from './interfaces/permissions.generated';\nimport { getSafeLicenseSummary } from './license';\n\nexport interface CheckFGAOptions {\n fgaProvider: IFGAProvider | undefined;\n user: any;\n resource: { type: string; id: string };\n permission: MastraFGAPermissionInput | MastraFGAPermissionInput[];\n context?: FGACheckContext;\n}\n\nexport interface RequireFGAOptions extends CheckFGAOptions {\n requestContext?: FGACheckContext['requestContext'];\n metadata?: Record<string, unknown>;\n}\n\nfunction mergeFGAContext({\n context,\n requestContext,\n metadata,\n}: Pick<RequireFGAOptions, 'context' | 'requestContext' | 'metadata'>): FGACheckContext | undefined {\n const mergedContext: FGACheckContext = {\n ...context,\n };\n\n if (requestContext) {\n mergedContext.requestContext = requestContext;\n }\n\n if (metadata || context?.metadata) {\n mergedContext.metadata = {\n ...(context?.metadata ?? {}),\n ...(metadata ?? {}),\n };\n }\n\n return Object.keys(mergedContext).length > 0 ? mergedContext : undefined;\n}\n\nexport function getAgentFGAResourceId(agentId: string): string {\n return agentId;\n}\n\nexport function getWorkflowFGAResourceId(workflowId: string): string {\n return workflowId;\n}\n\nexport function getStandaloneToolFGAResourceId(toolName: string): string {\n return toolName;\n}\n\nexport function getAgentToolFGAResourceId(agentId: string, toolName: string): string {\n return `${agentId}:${toolName}`;\n}\n\nexport function getMCPToolFGAResourceId(serverName: string, toolName: string): string {\n return JSON.stringify([serverName, toolName]);\n}\n\n/**\n * Check fine-grained authorization for a resource.\n *\n * No-op if no FGA provider is configured (backward compatibility).\n * Delegates to fgaProvider.require() which throws FGADeniedError if denied.\n */\nexport async function checkFGA(options: CheckFGAOptions): Promise<void> {\n await requireFGA(options);\n}\n\n/**\n * Require fine-grained authorization for a resource.\n *\n * No-op if no FGA provider is configured. When FGA is configured, a missing\n * user fails closed.\n */\nexport async function requireFGA(options: RequireFGAOptions): Promise<void> {\n const { fgaProvider, user, resource, permission, context, requestContext, metadata } = options;\n\n if (!fgaProvider) {\n return;\n }\n\n const fgaContext = mergeFGAContext({ context, requestContext, metadata });\n\n if (!user) {\n throw new FGADeniedError(user, resource, permission, 'authenticated user is required');\n }\n\n await fgaProvider.require(\n user,\n fgaContext ? { resource, permission, context: fgaContext } : { resource, permission },\n );\n\n const license = getSafeLicenseSummary();\n try {\n captureEEEvent('ee_feature_used', user?.id || license.anonymousId || getEETelemetryFallbackDistinctId(), {\n feature: 'fga',\n resource_type: resource.type,\n resource_id: resource.id,\n permission,\n user_id: user?.id,\n organization_membership_id: user?.organizationMembershipId,\n license_valid: license.valid,\n license_hash: license.licenseHash,\n is_dev_environment: license.isDevEnvironment,\n });\n } catch {\n // Telemetry must never affect auth or EE feature behavior.\n }\n}\n\n/**\n * Error thrown when an FGA authorization check is denied.\n */\nexport class FGADeniedError extends Error {\n public readonly user: any;\n public readonly resource: { type: string; id: string };\n public readonly permission: MastraFGAPermissionInput | MastraFGAPermissionInput[];\n public readonly status: number;\n\n constructor(\n user: any,\n resource: { type: string; id: string },\n permission: MastraFGAPermissionInput | MastraFGAPermissionInput[],\n reason?: string,\n ) {\n const userId = user?.id || user?.workosId || 'unknown';\n const permissionLabel = Array.isArray(permission) ? `any of [${permission.join(', ')}]` : permission;\n super(\n reason\n ? `FGA authorization denied: ${reason}`\n : `FGA authorization denied: user ${userId} cannot ${permissionLabel} on ${resource.type}:${resource.id}`,\n );\n this.name = 'FGADeniedError';\n this.user = user;\n this.resource = resource;\n this.permission = permission;\n this.status = 403;\n }\n}\n"]}