UNPKG

@mastra/core

Version:

Mastra is a framework for building AI-powered applications and agents with a modern TypeScript stack.

mastra.ai

mastra-ai/mastra

1 lines 39.5 kB
1
{"version":3,"sources":["../../src/server/auth.ts","../../src/server/composite-auth.ts","../../src/server/base.ts","../../src/server/simple-auth.ts","../../src/server/index.ts"],"names":["MastraBase","provider","RegisteredLogger","MastraError"],"mappings":";;;;;;;AAkBO,IAAe,kBAAA,GAAf,cAA2DA,4BAAA,CAAW;AAAA,EACpE,SAAA;AAAA,EACA,MAAA;AAAA,EAGP,YAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AAAA,IACtD;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACvB,IAAA,IAAA,CAAK,sBAAsB,OAAA,EAAS,mBAAA;AAAA,EACtC;AAAA,EAkBU,gBAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AAAA,IACnD;AACA,IAAA,IAAI,MAAM,mBAAA,EAAqB;AAC7B,MAAA,IAAA,CAAK,sBAAsB,IAAA,CAAK,mBAAA;AAAA,IAClC;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AAAA,IACxB;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AAAA,IACrB;AAAA,EACF;AACF;;;AClDA,SAAS,cAAc,CAAA,EAA+B;AACpD,EAAA,OACE,CAAA,KAAM,IAAA,IACN,OAAO,CAAA,KAAM,QAAA,IACb,OAAQ,CAAA,CAAU,WAAA,KAAgB,UAAA,IAClC,OAAQ,CAAA,CAAU,cAAA,KAAmB,UAAA;AAEzC;AAEA,SAAS,kBAAkB,CAAA,EAAmC;AAC5D,EAAA,OACE,CAAA,KAAM,IAAA,IACN,OAAO,CAAA,KAAM,QAAA,IACb,OAAQ,CAAA,CAAU,eAAA,KAAoB,UAAA,IACtC,OAAQ,CAAA,CAAU,aAAA,KAAkB,UAAA;AAExC;AAEA,SAAS,eAAe,CAAA,EAAgC;AACtD,EAAA,OAAO,MAAM,IAAA,IAAQ,OAAO,MAAM,QAAA,IAAY,OAAQ,EAAU,cAAA,KAAmB,UAAA;AACrF;AAEA,SAAS,aAAa,KAAA,EAAiC;AACrD,EAAA,OAAQ,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,IAAS,OAAO,KAAA,KAAU,UAAA;AAC3E;AAEO,IAAM,aAAA,GAAN,cACG,kBAAA,CAEV;AAAA,EACU,SAAA;AAAA,EACA,6BAAA,uBAAoC,OAAA,EAAoC;AAAA,EACxE,gCAAA,uBAAuC,GAAA,EAA2C;AAAA,EAE1F,YAAY,SAAA,EAAiC;AAC3C,IAAA,MAAM,iBAAiB,SAAA,CAAU,OAAA,CAAQ,cAAY,QAAA,CAAS,MAAA,IAAU,EAAE,CAAA;AAC1E,IAAA,MAAM,oBAAoB,SAAA,CAAU,OAAA,CAAQ,cAAY,QAAA,CAAS,SAAA,IAAa,EAAE,CAAA;AAEhF,IAAA,KAAA,CAAM;AAAA,MACJ,MAAA,EAAQ,cAAA;AAAA,MACR,SAAA,EAAW;AAAA,KACZ,CAAA;AAED,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AACjB,IAAA,IAAI,UAAU,IAAA,CAAK,CAAA,QAAA,KAAY,OAAO,QAAA,CAAS,mBAAA,KAAwB,UAAU,CAAA,EAAG;AAClF,MAAA,IAAA,CAAK,mBAAA,GAAsB,CAAA,IAAA,KAAQ,IAAA,CAAK,gCAAA,CAAiC,IAAI,CAAA;AAAA,IAC/E;AAMA,IAAA,IAAI,CAAC,SAAA,CAAU,IAAA,CAAK,aAAa,CAAA,EAAG;AAClC,MAAA,IAAA,CAAK,WAAA,GAAc,MAAA;AACnB,MAAA,IAAA,CAAK,cAAA,GAAiB,MAAA;AACtB,MAAA,IAAA,CAAK,oBAAA,GAAuB,MAAA;AAAA,IAC9B;AACA,IAAA,IAAI,CAAC,SAAA,CAAU,IAAA,CAAK,iBAAiB,CAAA,EAAG;AACtC,MAAA,IAAA,CAAK,aAAA,GAAgB,MAAA;AACrB,MAAA,IAAA,CAAK,eAAA,GAAkB,MAAA;AACvB,MAAA,IAAA,CAAK,uBAAA,GAA0B,MAAA;AAAA,IACjC;AACA,IAAA,IAAI,CAAC,SAAA,CAAU,IAAA,CAAK,cAAc,CAAA,EAAG;AACnC,MAAA,IAAA,CAAK,cAAA,GAAiB,MAAA;AACtB,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,IACjB;AAAA,EACF;AAAA;AAAA,EAGQ,aAAgB,KAAA,EAA8C;AACpE,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,KAAK,CAAA;AAAA,EAClC;AAAA,EAEQ,6BAAA,CAA8B,MAAe,QAAA,EAAoC;AACvF,IAAA,IAAI,YAAA,CAAa,IAAI,CAAA,EAAG;AACtB,MAAA,IAAA,CAAK,6BAAA,CAA8B,GAAA,CAAI,IAAA,EAAM,QAAQ,CAAA;AACrD,MAAA;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,gCAAA,CAAiC,GAAA,CAAI,IAAA,EAA2B,QAAQ,CAAA;AAAA,EAC/E;AAAA,EAEQ,0BAA0B,IAAA,EAA+C;AAC/E,IAAA,IAAI,YAAA,CAAa,IAAI,CAAA,EAAG;AACtB,MAAA,MAAMC,SAAAA,GAAW,IAAA,CAAK,6BAAA,CAA8B,GAAA,CAAI,IAAI,CAAA;AAC5D,MAAA,IAAA,CAAK,6BAAA,CAA8B,OAAO,IAAI,CAAA;AAC9C,MAAA,OAAOA,SAAAA;AAAA,IACT;AAEA,IAAA,MAAM,aAAA,GAAgB,IAAA;AACtB,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,gCAAA,CAAiC,GAAA,CAAI,aAAa,CAAA;AACxE,IAAA,IAAA,CAAK,gCAAA,CAAiC,OAAO,aAAa,CAAA;AAC1D,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEQ,iCAAiC,IAAA,EAA0C;AACjF,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,yBAAA,CAA0B,IAAI,CAAA;AACpD,IAAA,OAAO,QAAA,EAAU,sBAAsB,IAAI,CAAA;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,IAAI,iBAAA,GAA6B;AAC/B,IAAA,OAAO,KAAK,SAAA,CAAU,IAAA;AAAA,MACpB,CAAA,CAAA,KAAK,mBAAA,IAAuB,CAAA,IAAM,CAAA,CAAqC,iBAAA,KAAsB;AAAA,KAC/F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,YAAA,GAAwB;AAC1B,IAAA,OAAO,IAAA,CAAK,UAAU,IAAA,CAAK,CAAA,CAAA,KAAK,kBAAkB,CAAA,IAAM,CAAA,CAAgC,iBAAiB,IAAI,CAAA;AAAA,EAC/G;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iBAAA,CAAkB,KAAA,EAAe,OAAA,EAA+C;AACpF,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAC5D,QAAA,IAAI,IAAA,EAAM;AACR,UAAA,IAAA,CAAK,6BAAA,CAA8B,MAAM,QAAQ,CAAA;AACjD,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,aAAA,CAAc,IAAA,EAAe,OAAA,EAAwC;AACzE,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,MAAM,UAAA,GAAa,MAAM,QAAA,CAAS,aAAA,CAAc,MAAM,OAAO,CAAA;AAC7D,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,wBAAwB,YAAA,EAAmC;AACzD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,IAAI,GAAA,IAAO,OAAQ,GAAA,CAAY,uBAAA,KAA4B,UAAA,EAAY;AACrE,MAAC,GAAA,CAAY,wBAAwB,YAAY,CAAA;AAAA,IACnD;AAAA,EACF;AAAA,EAEA,WAAA,CAAY,aAAqB,KAAA,EAAuB;AACtD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,IAAI,CAAC,GAAA,EAAK,MAAM,IAAI,MAAM,6CAA6C,CAAA;AACvE,IAAA,OAAO,GAAA,CAAI,WAAA,CAAY,WAAA,EAAa,KAAK,CAAA;AAAA,EAC3C;AAAA,EAEA,eAAA,CAAgB,aAAqB,KAAA,EAAqC;AACxE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,OAAO,GAAA,EAAK,eAAA,GAAkB,WAAA,EAAa,KAAK,CAAA;AAAA,EAClD;AAAA,EAEA,MAAM,cAAA,CAAe,IAAA,EAAc,KAAA,EAAiD;AAClF,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,IAAI,CAAC,GAAA,EAAK,MAAM,IAAI,MAAM,6CAA6C,CAAA;AACvE,IAAA,OAAO,GAAA,CAAI,cAAA,CAAe,IAAA,EAAM,KAAK,CAAA;AAAA,EACvC;AAAA,EAEA,oBAAA,GAAuC;AACrC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,IAAI,CAAC,GAAA,EAAK,OAAO,EAAE,QAAA,EAAU,SAAA,EAAW,MAAM,SAAA,EAAU;AACxD,IAAA,OAAO,IAAI,oBAAA,EAAqB;AAAA,EAClC;AAAA,EAEA,MAAM,YAAA,CAAa,WAAA,EAAqB,OAAA,EAA2C;AAEjF,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,aAAA,CAAc,QAAQ,CAAA,IAAK,QAAA,CAAS,YAAA,EAAc;AACpD,QAAA,IAAI;AACF,UAAA,MAAM,GAAA,GAAM,MAAM,QAAA,CAAS,YAAA,CAAa,aAAa,OAAO,CAAA;AAC5D,UAAA,IAAI,KAAK,OAAO,GAAA;AAAA,QAClB,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,aAAA,CAAc,MAAA,EAAgB,QAAA,EAAsD;AACxF,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,YAAA,CAAa,iBAAiB,CAAA;AACnD,IAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,iDAAiD,CAAA;AAC/E,IAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,MAAA,EAAQ,QAAQ,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,gBAAgB,SAAA,EAA4C;AAEhE,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,IAAI;AACF,UAAA,MAAM,OAAA,GAAU,MAAM,QAAA,CAAS,eAAA,CAAgB,SAAS,CAAA;AACxD,UAAA,IAAI,SAAS,OAAO,OAAA;AAAA,QACtB,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,SAAA,EAAkC;AAErD,IAAA,MAAM,kBAAmC,EAAC;AAC1C,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,eAAA,CAAgB,IAAA;AAAA,UACd,QAAA,CAAS,cAAA,CAAe,SAAS,CAAA,CAAE,MAAM,MAAM;AAAA,UAE/C,CAAC;AAAA,SACH;AAAA,MACF;AAAA,IACF;AACA,IAAA,MAAM,OAAA,CAAQ,IAAI,eAAe,CAAA;AAAA,EACnC;AAAA,EAEA,MAAM,eAAe,SAAA,EAA4C;AAE/D,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,IAAI;AACF,UAAA,MAAM,OAAA,GAAU,MAAM,QAAA,CAAS,cAAA,CAAe,SAAS,CAAA;AACvD,UAAA,IAAI,SAAS,OAAO,OAAA;AAAA,QACtB,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,wBAAwB,OAAA,EAAiC;AAEvD,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAY,QAAA,CAAS,uBAAA,CAAwB,OAAO,CAAA;AAC1D,UAAA,IAAI,WAAW,OAAO,SAAA;AAAA,QACxB,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,kBAAkB,OAAA,EAA0C;AAI1D,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,YAAA,CAAa,iBAAiB,CAAA;AAC3D,IAAA,OAAO,eAAA,EAAiB,iBAAA,CAAkB,OAAO,CAAA,IAAK,EAAC;AAAA,EACzD;AAAA,EAEA,sBAAA,GAAiD;AAE/C,IAAA,MAAM,UAAkC,EAAC;AACzC,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,IAAI;AACF,UAAA,MAAM,eAAA,GAAkB,SAAS,sBAAA,EAAuB;AACxD,UAAA,MAAA,CAAO,MAAA,CAAO,SAAS,eAAe,CAAA;AAAA,QACxC,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,cAAA,CAAe,QAAQ,CAAA,EAAG;AAC5B,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,cAAA,CAAe,OAAO,CAAA;AAClD,UAAA,IAAI,MAAM,OAAO,IAAA;AAAA,QACnB,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,QAAQ,MAAA,EAAsC;AAClD,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,cAAA,CAAe,QAAQ,CAAA,EAAG;AAC5B,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,OAAA,CAAQ,MAAM,CAAA;AAC1C,UAAA,IAAI,MAAM,OAAO,IAAA;AAAA,QACnB,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;ACjUO,IAAe,gBAAA,GAAf,cAAwDD,4BAAA,CAAW;AAAA,EACxE,IAAA;AAAA,EAEA,WAAA,CAAY,EAAE,GAAA,EAAK,IAAA,EAAK,EAAiC;AACvD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAWE,kCAAA,CAAiB,QAAQ,IAAA,EAAM,IAAA,IAAQ,UAAU,CAAA;AACpE,IAAA,IAAA,CAAK,IAAA,GAAO,GAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAA,GAAsB;AACpB,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAc,GAAA,GAAY;AACxB,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AACF;;;ACrDA,IAAM,eAAA,GAAkB,CAAC,eAAA,EAAiB,qBAAqB,CAAA;AAgBxD,IAAM,UAAA,GAAN,cAAgC,kBAAA,CAA0B;AAAA;AAAA;AAAA;AAAA;AAAA,EAKtD,YAAA,GAAe,IAAA;AAAA,EAEhB,MAAA;AAAA,EACA,OAAA;AAAA,EACA,KAAA;AAAA,EACA,QAAA;AAAA,EAER,YAAY,OAAA,EAAmC;AAC7C,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,MAAA;AACtB,IAAA,IAAA,CAAK,KAAA,GAAQ,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA;AACtC,IAAA,IAAA,CAAK,OAAA,GAAU,CAAC,GAAG,eAAe,EAAE,MAAA,CAAO,OAAA,CAAQ,OAAA,IAAW,EAAE,CAAA;AAChE,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,GAAA,CAAI,IAAA,CAAK,MAAM,GAAA,CAAI,CAAA,CAAA,KAAK,CAAC,MAAA,CAAQ,CAAA,EAAW,EAAE,CAAA,EAAG,CAAC,CAAC,CAAC,CAAA;AAAA,EAC1E;AAAA,EAEA,MAAM,iBAAA,CAAkB,KAAA,EAAe,OAAA,EAA6C;AAClF,IAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,oBAAA,CAAqB,KAAA,EAAO,OAAO,CAAA;AAE9D,IAAA,KAAA,MAAW,gBAAgB,aAAA,EAAe;AACxC,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,MAAA,CAAO,YAAY,CAAA;AAC5C,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,OAAO,WAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAK,iBAAA,CAAkB,IAAA,CAAK,gBAAA,CAAiB,OAAA,EAAS,QAAQ,CAAC,CAAA;AAAA,EACxE;AAAA,EAEA,MAAM,aAAA,CAAc,IAAA,EAAa,QAAA,EAAyC;AACxE,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,IAAI,CAAA;AAAA,EACjC;AAAA;AAAA,EAGA,MAAM,eAAe,OAAA,EAAyC;AAE5D,IAAA,KAAA,MAAW,UAAA,IAAc,KAAK,OAAA,EAAS;AACrC,MAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAClD,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,iBAAA,CAAkB,WAAW,CAAA;AAChD,QAAA,MAAM,IAAA,GAAO,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AAC9B,QAAA,IAAI,IAAA,EAAM;AACR,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,KAAK,iBAAA,CAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAC,CAAA;AAAA,EAC7D;AAAA,EAEQ,kBAAkB,YAAA,EAAuD;AAC/E,IAAA,IAAI,CAAC,cAAc,OAAO,IAAA;AAE1B,IAAA,MAAM,OAAA,GAAU,aAAa,KAAA,CAAM,GAAG,EAAE,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,IAAA,EAAM,CAAA;AACzD,IAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,MAAA,IAAI,MAAA,CAAO,UAAA,CAAW,eAAe,CAAA,EAAG;AACtC,QAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,eAAA,CAAgB,MAAM,CAAA;AACjD,QAAA,MAAM,IAAA,GAAO,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AAC9B,QAAA,IAAI,IAAA,EAAM;AACR,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,QAAQ,MAAA,EAAuC;AACnD,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,GAAA,CAAI,MAAM,CAAA,IAAK,IAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,MAAA,CAAO,MAAA,EAAgB,QAAA,EAAkB,QAAA,EAAsD;AACnG,IAAA,MAAM,KAAA,GAAQ,QAAA;AACd,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AAE9B,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,IACjC;AAGA,IAAA,MAAM,MAAA,GAAS,gBAAgB,KAAK,CAAA,+CAAA,CAAA;AAEpC,IAAA,OAAO;AAAA,MACL,IAAA;AAAA,MACA,KAAA;AAAA,MACA,OAAA,EAAS,CAAC,MAAM;AAAA,KAClB;AAAA,EACF;AAAA,EAEA,MAAM,MAAA,GAA4C;AAChD,IAAA,MAAM,IAAI,MAAM,sEAAsE,CAAA;AAAA,EACxF;AAAA,EAEA,eAAA,GAA2B;AACzB,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBAAA,GAAiD;AAC/C,IAAA,OAAO;AAAA,MACL,YAAA,EAAc;AAAA,KAChB;AAAA,EACF;AAAA,EAEQ,kBAAkB,KAAA,EAAuB;AAC/C,IAAA,OAAO,MAAM,UAAA,CAAW,SAAS,IAAI,KAAA,CAAM,KAAA,CAAM,CAAC,CAAA,GAAI,KAAA;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,gBAAA,CAAiB,SAAgC,IAAA,EAAkC;AACzF,IAAA,IAAI,OAAQ,OAAA,CAAgB,MAAA,KAAW,UAAA,EAAY;AACjD,MAAA,OAAQ,OAAA,CAAwB,OAAO,IAAI,CAAA;AAAA,IAC7C;AACA,IAAA,OAAQ,OAAA,CAAoB,OAAA,EAAS,GAAA,CAAI,IAAI,CAAA,IAAK,MAAA;AAAA,EACpD;AAAA,EAEQ,oBAAA,CAAqB,OAAe,OAAA,EAAgC;AAC1E,IAAA,MAAM,MAAA,GAAS,CAAC,KAAK,CAAA;AACrB,IAAA,KAAA,MAAW,UAAA,IAAc,KAAK,OAAA,EAAS;AACrC,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,gBAAA,CAAiB,OAAA,EAAS,UAAU,CAAA;AAC7D,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,iBAAA,CAAkB,WAAW,CAAC,CAAA;AAAA,MACjD;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;;;ACpFA,SAAS,eAAA,CAAkC,MAAS,OAAA,EAA2C;AAC7F,EAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAW;AAChC,IAAA,MAAM,IAAIC,6BAAA,CAAY;AAAA,MACpB,EAAA,EAAI,yCAAA;AAAA,MACJ,IAAA,EAAM,8BAA8B,IAAI,CAAA,4BAAA,CAAA;AAAA,MACxC,MAAA,EAAA,eAAA;AAAA,MACA,QAAA,EAAA,MAAA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,OAAA,CAAQ,OAAA,KAAY,MAAA,IAAa,OAAA,CAAQ,kBAAkB,MAAA,EAAW;AACxE,IAAA,MAAM,IAAIA,6BAAA,CAAY;AAAA,MACpB,EAAA,EAAI,yCAAA;AAAA,MACJ,IAAA,EAAM,8BAA8B,IAAI,CAAA,0DAAA,CAAA;AAAA,MACxC,MAAA,EAAA,eAAA;AAAA,MACA,QAAA,EAAA,MAAA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,OAAA,CAAQ,OAAA,KAAY,MAAA,IAAa,OAAA,CAAQ,kBAAkB,MAAA,EAAW;AACxE,IAAA,MAAM,IAAIA,6BAAA,CAAY;AAAA,MACpB,EAAA,EAAI,yCAAA;AAAA,MACJ,IAAA,EAAM,8BAA8B,IAAI,CAAA,oFAAA,CAAA;AAAA,MACxC,MAAA,EAAA,eAAA;AAAA,MACA,QAAA,EAAA,MAAA;AAAA,KACD,CAAA;AAAA,EACH;AACF;AAEO,SAAS,gBAAA,CAAmC,MAAS,OAAA,EAA+C;AACzG,EAAA,eAAA,CAAgB,MAAM,OAAO,CAAA;AAE7B,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,eAAe,OAAA,CAAQ,aAAA;AAAA,IACvB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,YAAY,OAAA,CAAQ,UAAA;AAAA,IACpB,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,oBAAoB,OAAA,CAAQ,kBAAA;AAAA,IAC5B,KAAK,OAAA,CAAQ;AAAA,GACf;AACF;AAEO,SAAS,WAAkB,MAAA,EAA0D;AAC1F,EAAA,OAAO,MAAA;AACT","file":"index.cjs","sourcesContent":["import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n mapUserToResourceId?(user: TUser): string | undefined | null;\n /**\n * Protected paths for the auth provider\n */\n protected?: MastraAuthConfig['protected'];\n /**\n * Public paths for the auth provider\n */\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n public mapUserToResourceId?(user: TUser): string | undefined | null;\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n this.mapUserToResourceId = options?.mapUserToResourceId;\n }\n\n /**\n * Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n */\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n /**\n * Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.mapUserToResourceId) {\n this.mapUserToResourceId = opts.mapUserToResourceId;\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { HonoRequest } from 'hono';\nimport type {\n ISSOProvider,\n ISessionProvider,\n IUserProvider,\n User,\n Session,\n SSOCallbackResult,\n SSOLoginConfig,\n} from '../auth';\nimport { MastraAuthProvider } from './auth';\n\ntype PrimitiveAuthUser = string | number | boolean | bigint | symbol | null | undefined;\n\n// Type guards for interface detection\nfunction isSSOProvider(p: unknown): p is ISSOProvider {\n return (\n p !== null &&\n typeof p === 'object' &&\n typeof (p as any).getLoginUrl === 'function' &&\n typeof (p as any).handleCallback === 'function'\n );\n}\n\nfunction isSessionProvider(p: unknown): p is ISessionProvider {\n return (\n p !== null &&\n typeof p === 'object' &&\n typeof (p as any).validateSession === 'function' &&\n typeof (p as any).createSession === 'function'\n );\n}\n\nfunction isUserProvider(p: unknown): p is IUserProvider {\n return p !== null && typeof p === 'object' && typeof (p as any).getCurrentUser === 'function';\n}\n\nfunction isObjectLike(value: unknown): value is object {\n return (typeof value === 'object' && value !== null) || typeof value === 'function';\n}\n\nexport class CompositeAuth\n extends MastraAuthProvider\n implements ISSOProvider<User>, ISessionProvider<Session>, IUserProvider<User>\n{\n private providers: MastraAuthProvider[];\n private authenticatedProviderByObject = new WeakMap<object, MastraAuthProvider>();\n private authenticatedProviderByPrimitive = new Map<PrimitiveAuthUser, MastraAuthProvider>();\n\n constructor(providers: MastraAuthProvider[]) {\n const combinedPublic = providers.flatMap(provider => provider.public ?? []);\n const combinedProtected = providers.flatMap(provider => provider.protected ?? []);\n\n super({\n public: combinedPublic,\n protected: combinedProtected,\n });\n\n this.providers = providers;\n if (providers.some(provider => typeof provider.mapUserToResourceId === 'function')) {\n this.mapUserToResourceId = user => this.mapAuthenticatedUserToResourceId(user);\n }\n\n // Null out interface methods when no inner provider supports them.\n // This ensures duck-typing checks (typeof auth.method === 'function')\n // accurately reflect the composite's actual capabilities — preventing\n // Studio from showing login options that no provider can handle.\n if (!providers.some(isSSOProvider)) {\n this.getLoginUrl = undefined as any;\n this.handleCallback = undefined as any;\n this.getLoginButtonConfig = undefined as any;\n }\n if (!providers.some(isSessionProvider)) {\n this.createSession = undefined as any;\n this.validateSession = undefined as any;\n this.getSessionIdFromRequest = undefined as any;\n }\n if (!providers.some(isUserProvider)) {\n this.getCurrentUser = undefined as any;\n this.getUser = undefined as any;\n }\n }\n\n // Find first provider implementing an interface\n private findProvider<T>(check: (p: unknown) => p is T): T | undefined {\n return this.providers.find(check) as T | undefined;\n }\n\n private rememberAuthenticatedProvider(user: unknown, provider: MastraAuthProvider): void {\n if (isObjectLike(user)) {\n this.authenticatedProviderByObject.set(user, provider);\n return;\n }\n\n this.authenticatedProviderByPrimitive.set(user as PrimitiveAuthUser, provider);\n }\n\n private takeAuthenticatedProvider(user: unknown): MastraAuthProvider | undefined {\n if (isObjectLike(user)) {\n const provider = this.authenticatedProviderByObject.get(user);\n this.authenticatedProviderByObject.delete(user);\n return provider;\n }\n\n const primitiveUser = user as PrimitiveAuthUser;\n const provider = this.authenticatedProviderByPrimitive.get(primitiveUser);\n this.authenticatedProviderByPrimitive.delete(primitiveUser);\n return provider;\n }\n\n private mapAuthenticatedUserToResourceId(user: unknown): string | undefined | null {\n const provider = this.takeAuthenticatedProvider(user);\n return provider?.mapUserToResourceId?.(user);\n }\n\n // ============================================================================\n // License Exemption Markers\n // Expose these if any underlying provider has them\n // ============================================================================\n\n /**\n * True if any provider is MastraCloudAuth (exempt from license requirement).\n */\n get isMastraCloudAuth(): boolean {\n return this.providers.some(\n p => 'isMastraCloudAuth' in p && (p as { isMastraCloudAuth: boolean }).isMastraCloudAuth === true,\n );\n }\n\n /**\n * True if any provider is SimpleAuth (exempt from license requirement).\n */\n get isSimpleAuth(): boolean {\n return this.providers.some(p => 'isSimpleAuth' in p && (p as { isSimpleAuth: boolean }).isSimpleAuth === true);\n }\n\n // ============================================================================\n // MastraAuthProvider Implementation\n // ============================================================================\n\n async authenticateToken(token: string, request: HonoRequest): Promise<unknown | null> {\n for (const provider of this.providers) {\n try {\n const user = await provider.authenticateToken(token, request);\n if (user) {\n this.rememberAuthenticatedProvider(user, provider);\n return user;\n }\n } catch {\n // ignore error, try next provider\n }\n }\n return null;\n }\n\n async authorizeUser(user: unknown, request: HonoRequest): Promise<boolean> {\n for (const provider of this.providers) {\n const authorized = await provider.authorizeUser(user, request);\n if (authorized) {\n return true;\n }\n }\n return false;\n }\n\n // ============================================================================\n // ISSOProvider Implementation\n // ============================================================================\n\n /**\n * Forward cookie header to SSO provider for PKCE validation.\n * Called by auth handler before handleCallback().\n */\n setCallbackCookieHeader(cookieHeader: string | null): void {\n const sso = this.findProvider(isSSOProvider);\n if (sso && typeof (sso as any).setCallbackCookieHeader === 'function') {\n (sso as any).setCallbackCookieHeader(cookieHeader);\n }\n }\n\n getLoginUrl(redirectUri: string, state: string): string {\n const sso = this.findProvider(isSSOProvider);\n if (!sso) throw new Error('No SSO provider configured in CompositeAuth');\n return sso.getLoginUrl(redirectUri, state);\n }\n\n getLoginCookies(redirectUri: string, state: string): string[] | undefined {\n const sso = this.findProvider(isSSOProvider);\n return sso?.getLoginCookies?.(redirectUri, state);\n }\n\n async handleCallback(code: string, state: string): Promise<SSOCallbackResult<User>> {\n const sso = this.findProvider(isSSOProvider);\n if (!sso) throw new Error('No SSO provider configured in CompositeAuth');\n return sso.handleCallback(code, state) as Promise<SSOCallbackResult<User>>;\n }\n\n getLoginButtonConfig(): SSOLoginConfig {\n const sso = this.findProvider(isSSOProvider);\n if (!sso) return { provider: 'unknown', text: 'Sign in' };\n return sso.getLoginButtonConfig();\n }\n\n async getLogoutUrl(redirectUri: string, request?: Request): Promise<string | null> {\n // Try each SSO provider until one returns a logout URL\n for (const provider of this.providers) {\n if (isSSOProvider(provider) && provider.getLogoutUrl) {\n try {\n const url = await provider.getLogoutUrl(redirectUri, request);\n if (url) return url;\n } catch {\n // Try next provider\n }\n }\n }\n return null;\n }\n\n // ============================================================================\n // ISessionProvider Implementation\n // ============================================================================\n\n async createSession(userId: string, metadata?: Record<string, unknown>): Promise<Session> {\n const session = this.findProvider(isSessionProvider);\n if (!session) throw new Error('No session provider configured in CompositeAuth');\n return session.createSession(userId, metadata);\n }\n\n async validateSession(sessionId: string): Promise<Session | null> {\n // Try each session provider until one validates\n for (const provider of this.providers) {\n if (isSessionProvider(provider)) {\n try {\n const session = await provider.validateSession(sessionId);\n if (session) return session;\n } catch {\n // Try next provider\n }\n }\n }\n return null;\n }\n\n async destroySession(sessionId: string): Promise<void> {\n // Destroy session on ALL providers (user may have sessions in multiple stores)\n const destroyPromises: Promise<void>[] = [];\n for (const provider of this.providers) {\n if (isSessionProvider(provider)) {\n destroyPromises.push(\n provider.destroySession(sessionId).catch(() => {\n // Ignore errors, session may not exist in this provider\n }),\n );\n }\n }\n await Promise.all(destroyPromises);\n }\n\n async refreshSession(sessionId: string): Promise<Session | null> {\n // Try each session provider until one refreshes\n for (const provider of this.providers) {\n if (isSessionProvider(provider)) {\n try {\n const session = await provider.refreshSession(sessionId);\n if (session) return session;\n } catch {\n // Try next provider\n }\n }\n }\n return null;\n }\n\n getSessionIdFromRequest(request: Request): string | null {\n // Try each session provider until one finds a session ID\n for (const provider of this.providers) {\n if (isSessionProvider(provider)) {\n try {\n const sessionId = provider.getSessionIdFromRequest(request);\n if (sessionId) return sessionId;\n } catch {\n // Try next provider\n }\n }\n }\n return null;\n }\n\n getSessionHeaders(session: Session): Record<string, string> {\n // Intentionally uses only the first session provider: a session is created by one\n // provider, so we only set its cookie. clearSession clears ALL providers to ensure\n // no stale cookies remain.\n const sessionProvider = this.findProvider(isSessionProvider);\n return sessionProvider?.getSessionHeaders(session) ?? {};\n }\n\n getClearSessionHeaders(): Record<string, string> {\n // Merge clear headers from ALL providers to ensure no stale session cookies remain\n const headers: Record<string, string> = {};\n for (const provider of this.providers) {\n if (isSessionProvider(provider)) {\n try {\n const providerHeaders = provider.getClearSessionHeaders();\n Object.assign(headers, providerHeaders);\n } catch {\n // Ignore errors\n }\n }\n }\n return headers;\n }\n\n // ============================================================================\n // IUserProvider Implementation\n // Try each provider until one returns a user (like authenticateToken)\n // ============================================================================\n\n async getCurrentUser(request: Request): Promise<User | null> {\n for (const provider of this.providers) {\n if (isUserProvider(provider)) {\n try {\n const user = await provider.getCurrentUser(request);\n if (user) return user;\n } catch {\n // Try next provider\n }\n }\n }\n return null;\n }\n\n async getUser(userId: string): Promise<User | null> {\n for (const provider of this.providers) {\n if (isUserProvider(provider)) {\n try {\n const user = await provider.getUser(userId);\n if (user) return user;\n } catch {\n // Try next provider\n }\n }\n }\n return null;\n }\n}\n","import { MastraBase } from '../base';\nimport { RegisteredLogger } from '../logger/constants';\n\n/**\n * Base class for server adapters that provides app storage and retrieval.\n *\n * This class extends MastraBase to get logging capabilities and provides\n * a framework-agnostic way to store and retrieve the server app instance\n * (e.g., Hono, Express).\n *\n * Server adapters (like MastraServer from @mastra/hono or @mastra/express) extend this\n * base class to inherit the app storage functionality while adding their\n * framework-specific route registration and middleware handling.\n *\n * @template TApp - The type of the server app (e.g., Hono, Express Application)\n *\n * @example\n * ```typescript\n * // After server creation, the app is accessible via Mastra\n * const app = mastra.getServerApp<Hono>();\n * const response = await app.fetch(new Request('http://localhost/health'));\n * ```\n */\nexport abstract class MastraServerBase<TApp = unknown> extends MastraBase {\n #app: TApp;\n\n constructor({ app, name }: { app: TApp; name?: string }) {\n super({ component: RegisteredLogger.SERVER, name: name ?? 'Server' });\n this.#app = app;\n }\n\n /**\n * Get the app instance.\n *\n * Returns the server app that was passed to the constructor. This allows users\n * to access the underlying server framework's app for direct operations\n * like calling routes via app.fetch() (Hono) or using the app for testing.\n *\n * @template T - The expected type of the app (defaults to TApp)\n * @returns The app instance cast to T. Callers are responsible for ensuring T matches the actual app type.\n *\n * @example\n * ```typescript\n * const app = adapter.getApp<Hono>();\n * const response = await app.fetch(new Request('http://localhost/api/agents'));\n * ```\n */\n getApp<T = TApp>(): T {\n return this.#app as unknown as T;\n }\n\n /**\n * Protected getter for subclasses to access the app.\n * This allows subclasses to use `this.app` naturally.\n */\n protected get app(): TApp {\n return this.#app;\n }\n}\n","import type { HonoRequest } from 'hono';\nimport type { CredentialsResult } from '../auth';\nimport type { MastraAuthProviderOptions } from './auth';\nimport { MastraAuthProvider } from './auth';\n\nconst DEFAULT_HEADERS = ['Authorization', 'X-Playground-Access'];\n\ntype TokenToUser<TUser> = Record<string, TUser>;\n\nexport interface SimpleAuthOptions<TUser> extends MastraAuthProviderOptions<TUser> {\n /**\n * Valid tokens to authenticate against\n */\n tokens: TokenToUser<TUser>;\n /**\n * Headers to check for authentication\n * @default ['Authorization', 'X-Playground-Access']\n */\n headers?: string | string[];\n}\n\nexport class SimpleAuth<TUser> extends MastraAuthProvider<TUser> {\n /**\n * Marker to exempt SimpleAuth from EE license requirement.\n * SimpleAuth is for development/testing and should work without a license.\n */\n readonly isSimpleAuth = true;\n\n private tokens: TokenToUser<TUser>;\n private headers: string[];\n private users: TUser[];\n private userById: Map<string, TUser>;\n\n constructor(options: SimpleAuthOptions<TUser>) {\n super(options);\n this.tokens = options.tokens;\n this.users = Object.values(this.tokens);\n this.headers = [...DEFAULT_HEADERS].concat(options.headers || []);\n this.userById = new Map(this.users.map(u => [String((u as any)?.id), u]));\n }\n\n async authenticateToken(token: string, request: HonoRequest): Promise<TUser | null> {\n const requestTokens = this.getTokensFromHeaders(token, request);\n\n for (const requestToken of requestTokens) {\n const tokenToUser = this.tokens[requestToken];\n if (tokenToUser) {\n return tokenToUser;\n }\n }\n\n return this.getUserFromCookie(this.getRequestHeader(request, 'Cookie'));\n }\n\n async authorizeUser(user: TUser, _request: HonoRequest): Promise<boolean> {\n return this.users.includes(user);\n }\n\n /** Get current user from request headers or cookie. */\n async getCurrentUser(request: Request): Promise<TUser | null> {\n // Check headers first\n for (const headerName of this.headers) {\n const headerValue = request.headers.get(headerName);\n if (headerValue) {\n const token = this.stripBearerPrefix(headerValue);\n const user = this.tokens[token];\n if (user) {\n return user;\n }\n }\n }\n\n return this.getUserFromCookie(request.headers.get('Cookie'));\n }\n\n private getUserFromCookie(cookieHeader: string | null | undefined): TUser | null {\n if (!cookieHeader) return null;\n\n const cookies = cookieHeader.split(';').map(c => c.trim());\n for (const cookie of cookies) {\n if (cookie.startsWith('mastra-token=')) {\n const token = cookie.slice('mastra-token='.length);\n const user = this.tokens[token];\n if (user) {\n return user;\n }\n }\n }\n return null;\n }\n\n /** Get user by ID. */\n async getUser(userId: string): Promise<TUser | null> {\n return this.userById.get(userId) ?? null;\n }\n\n /**\n * Sign in with token (passed as password field).\n * The email field is ignored - only the token matters.\n */\n async signIn(_email: string, password: string, _request: Request): Promise<CredentialsResult<TUser>> {\n const token = password;\n const user = this.tokens[token];\n\n if (!user) {\n throw new Error('Invalid token');\n }\n\n // Set cookie so the token persists across requests\n const cookie = `mastra-token=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400`;\n\n return {\n user,\n token,\n cookies: [cookie],\n };\n }\n\n async signUp(): Promise<CredentialsResult<TUser>> {\n throw new Error('Sign up is not supported with SimpleAuth. Use pre-configured tokens.');\n }\n\n isSignUpEnabled(): boolean {\n return false;\n }\n\n /**\n * Get headers to clear the session cookie on logout.\n * Partial ISessionProvider implementation for logout support.\n */\n getClearSessionHeaders(): Record<string, string> {\n return {\n 'Set-Cookie': 'mastra-token=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0',\n };\n }\n\n private stripBearerPrefix(token: string): string {\n return token.startsWith('Bearer ') ? token.slice(7) : token;\n }\n\n /**\n * Get a header value from either a HonoRequest or standard Request.\n * The auth middleware passes a raw Request (c.req.raw), not a HonoRequest,\n * so we need to handle both APIs.\n */\n private getRequestHeader(request: HonoRequest | Request, name: string): string | undefined {\n if (typeof (request as any).header === 'function') {\n return (request as HonoRequest).header(name);\n }\n return (request as Request).headers?.get(name) ?? undefined;\n }\n\n private getTokensFromHeaders(token: string, request: HonoRequest): string[] {\n const tokens = [token];\n for (const headerName of this.headers) {\n const headerValue = this.getRequestHeader(request, headerName);\n if (headerValue) {\n tokens.push(this.stripBearerPrefix(headerValue));\n }\n }\n return tokens;\n }\n}\n","import type { Context, Handler, MiddlewareHandler } from 'hono';\nimport type { DescribeRouteOptions } from 'hono-openapi';\nimport { MastraError, ErrorDomain, ErrorCategory } from '../error';\nimport type { Mastra } from '../mastra';\nimport type { RequestContext } from '../request-context';\nimport type { ApiRoute, MastraAuthConfig, Methods } from './types';\n\nexport type {\n MastraAuthConfig,\n A2AAgentCardSigningConfig,\n A2AConfig,\n ContextWithMastra,\n CorsOptions,\n ApiRoute,\n HttpLoggingConfig,\n ValidationErrorContext,\n ValidationErrorResponse,\n ValidationErrorHook,\n} from './types';\nexport { MastraAuthProvider } from './auth';\nexport type { MastraAuthProviderOptions } from './auth';\nexport { CompositeAuth } from './composite-auth';\nexport { MastraServerBase } from './base';\nexport { SimpleAuth } from './simple-auth';\nexport type { SimpleAuthOptions } from './simple-auth';\n\n// Helper type for inferring parameters from a path\ntype ParamsFromPath<P extends string> = {\n [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;\n};\n\n/**\n * Variables available in the Hono context for custom API route handlers.\n * These are set by the server middleware and available via c.get().\n */\ntype CustomRouteVariables = {\n mastra: Mastra;\n requestContext: RequestContext;\n};\n\ntype RegisterApiRouteOptions<P extends string> = {\n method: Methods;\n openapi?: DescribeRouteOptions;\n handler?: Handler<\n {\n Variables: CustomRouteVariables;\n },\n P,\n ParamsFromPath<P>\n >;\n createHandler?: (c: Context) => Promise<\n Handler<\n {\n Variables: CustomRouteVariables;\n },\n P,\n ParamsFromPath<P>\n >\n >;\n middleware?: MiddlewareHandler | MiddlewareHandler[];\n /**\n * Route-specific CORS configuration.\n */\n cors?: ApiRoute['cors'];\n /**\n * When false, skips Mastra auth for this route (defaults to true)\n */\n requiresAuth?: boolean;\n /**\n * Explicit RBAC permission for the route.\n */\n requiresPermission?: ApiRoute['requiresPermission'];\n /**\n * Optional FGA configuration for resource-level authorization.\n */\n fga?: ApiRoute['fga'];\n};\n\nfunction validateOptions<P extends string>(path: P, options: RegisterApiRouteOptions<P>): void {\n if (options.method === undefined) {\n throw new MastraError({\n id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n text: `Invalid options for route \"${path}\", missing \"method\" property`,\n domain: ErrorDomain.MASTRA_SERVER,\n category: ErrorCategory.USER,\n });\n }\n\n if (options.handler === undefined && options.createHandler === undefined) {\n throw new MastraError({\n id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n text: `Invalid options for route \"${path}\", you must define a \"handler\" or \"createHandler\" property`,\n domain: ErrorDomain.MASTRA_SERVER,\n category: ErrorCategory.USER,\n });\n }\n\n if (options.handler !== undefined && options.createHandler !== undefined) {\n throw new MastraError({\n id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n text: `Invalid options for route \"${path}\", you can only define one of the following properties: \"handler\" or \"createHandler\"`,\n domain: ErrorDomain.MASTRA_SERVER,\n category: ErrorCategory.USER,\n });\n }\n}\n\nexport function registerApiRoute<P extends string>(path: P, options: RegisterApiRouteOptions<P>): ApiRoute {\n validateOptions(path, options);\n\n return {\n path,\n method: options.method,\n handler: options.handler,\n createHandler: options.createHandler,\n openapi: options.openapi,\n middleware: options.middleware,\n cors: options.cors,\n requiresAuth: options.requiresAuth,\n requiresPermission: options.requiresPermission,\n fga: options.fga,\n } as ApiRoute;\n}\n\nexport function defineAuth<TUser>(config: MastraAuthConfig<TUser>): MastraAuthConfig<TUser> {\n return config;\n}\n"]}