{"version":3,"sources":["../../_internals/auth/src/types/index.ts","../../_internals/auth/src/provider/index.ts"],"names":["MastraBase","provider"],"mappings":";;;;;AAgBO,SAAS,gBAAA,CAAiB,SAA4B,IAAA,EAA6B;AACxF,EAAA,IAAI,mBAAmB,OAAA,EAAS;AAC9B,IAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA;AACjC,EAAA;AAEA,EAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,IAAK,OAAA,CAAQ,OAAA,EAAS,GAAA,CAAI,IAAI,CAAA,IAAK,OAAA,CAAQ,MAAA,CAAO,IAAI,CAAA,IAAK,IAAA;AACjG;AAEO,SAAS,cAAc,OAAA,EAAiD;AAC7E,EAAA,IAAI,mBAAmB,OAAA,EAAS;AAC9B,IAAA,OAAO,OAAA;AACT,EAAA;AAEA,EAAA,OAAO,OAAA,CAAQ,GAAA,YAAe,OAAA,GAAU,OAAA,CAAQ,GAAA,GAAM,MAAA;AACxD;;;ACoCO,IAAe,kBAAA,GAAf,cAA2DA,4BAAA,CAAiD;AAC1G,EAAA,SAAA;AACA,EAAA,MAAA;AAGP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACvB,IAAA,IAAA,CAAK,sBAAsB,OAAA,EAAS,mBAAA;AACtC,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,mBAAA,EAAqB;AAC7B,MAAA,IAAA,CAAK,sBAAsB,IAAA,CAAK,mBAAA;AAClC,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF;AAKA,SAAS,cAAc,CAAA,EAA+B;AACpD,EAAA,OACE,CAAA,KAAM,IAAA,IACN,OAAO,CAAA,KAAM,QAAA,IACb,OAAQ,CAAA,CAAU,WAAA,KAAgB,UAAA,IAClC,OAAQ,CAAA,CAAU,cAAA,KAAmB,UAAA;AAEzC;AAEA,SAAS,kBAAkB,CAAA,EAAmC;AAC5D,EAAA,OACE,CAAA,KAAM,IAAA,IACN,OAAO,CAAA,KAAM,QAAA,IACb,OAAQ,CAAA,CAAU,eAAA,KAAoB,UAAA,IACtC,OAAQ,CAAA,CAAU,aAAA,KAAkB,UAAA;AAExC;AAEA,SAAS,eAAe,CAAA,EAAgC;AACtD,EAAA,OAAO,MAAM,IAAA,IAAQ,OAAO,MAAM,QAAA,IAAY,OAAQ,EAAU,cAAA,KAAmB,UAAA;AACrF;AACA,SAAS,sBAAsB,CAAA,EAAqB;AAClD,EAAA,OAAO,MAAM,IAAA,IAAQ,OAAO,MAAM,QAAA,IAAY,OAAQ,EAAU,MAAA,KAAW,UAAA;AAC7E;AAEA,SAAS,aAAa,KAAA,EAAiC;AACrD,EAAA,OAAQ,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,IAAS,OAAO,KAAA,KAAU,UAAA;AAC3E;AAEO,IAAM,aAAA,GAAN,cACG,kBAAA,CAEV;AACU,EAAA,SAAA;AACA,EAAA,6BAAA,uBAAoC,OAAA,EAAA;AACpC,EAAA,gCAAA,uBAAuC,GAAA,EAAA;AAE/C,EAAA,WAAA,CAAY,SAAA,EAAkC;AAC5C,IAAA,MAAM,cAAA,GAAiB,UAAU,OAAA,CAAQ,CAAA,aAAY,QAAA,CAAS,MAAA,IAAU,EAAE,CAAA;AAC1E,IAAA,MAAM,iBAAA,GAAoB,UAAU,OAAA,CAAQ,CAAA,aAAY,QAAA,CAAS,SAAA,IAAa,EAAE,CAAA;AAEhF,IAAA,KAAA,CAAM;MACJ,MAAA,EAAQ,cAAA;MACR,SAAA,EAAW;KACZ,CAAA;AAED,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AACjB,IAAA,IAAI,SAAA,CAAU,KAAK,CAAA,QAAA,KAAY,OAAO,QAAA,CAAS,mBAAA,KAAwB,UAAU,CAAA,EAAG;AAClF,MAAA,IAAA,CAAK,mBAAA,GAAsB,CAAA,IAAA,KAAQ,IAAA,CAAK,iCAAiC,IAAI,CAAA;AAC/E,IAAA;AAMA,IAAA,IAAI,CAAC,SAAA,CAAU,IAAA,CAAK,aAAa,CAAA,EAAG;AAClC,MAAA,IAAA,CAAK,WAAA,GAAc,MAAA;AACnB,MAAA,IAAA,CAAK,cAAA,GAAiB,MAAA;AACtB,MAAA,IAAA,CAAK,oBAAA,GAAuB,MAAA;AAC9B,IAAA;AACA,IAAA,IAAI,CAAC,SAAA,CAAU,IAAA,CAAK,iBAAiB,CAAA,EAAG;AACtC,MAAA,IAAA,CAAK,aAAA,GAAgB,MAAA;AACrB,MAAA,IAAA,CAAK,eAAA,GAAkB,MAAA;AACvB,MAAA,IAAA,CAAK,uBAAA,GAA0B,MAAA;AACjC,IAAA;AACA,IAAA,IAAI,CAAC,SAAA,CAAU,IAAA,CAAK,cAAc,CAAA,EAAG;AACnC,MAAA,IAAA,CAAK,cAAA,GAAiB,MAAA;AACtB,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AACf,MAAA,IAAA,CAAK,QAAA,GAAW,MAAA;AAClB,IAAA;AAEA,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,CAAa,qBAAiE,CAAA;AACxG,IAAA,IAAI,YAAA,EAAc;AACf,MAAA,IAAA,CAAa,MAAA,GAAS,YAAA,CAAa,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA;AAC5D,MAAA,IAAI,OAAO,YAAA,CAAa,MAAA,KAAW,UAAA,EAAY;AAC5C,QAAA,IAAA,CAAa,MAAA,GAAS,YAAA,CAAa,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA;AAC9D,MAAA;AACA,MAAA,IAAI,OAAO,YAAA,CAAa,oBAAA,KAAyB,UAAA,EAAY;AAC1D,QAAA,IAAA,CAAa,oBAAA,GAAuB,YAAA,CAAa,oBAAA,CAAqB,IAAA,CAAK,YAAY,CAAA;AAC1F,MAAA;AACA,MAAA,IAAI,OAAO,YAAA,CAAa,aAAA,KAAkB,UAAA,EAAY;AACnD,QAAA,IAAA,CAAa,aAAA,GAAgB,YAAA,CAAa,aAAA,CAAc,IAAA,CAAK,YAAY,CAAA;AAC5E,MAAA;AACC,MAAA,IAAA,CAAa,eAAA,GACZ,OAAO,YAAA,CAAa,eAAA,KAAoB,UAAA,GACpC,aAAa,eAAA,CAAgB,IAAA,CAAK,YAAY,CAAA,GAC9C,MAAM,IAAA;IACd,CAAA,MAAO;AACJ,MAAA,IAAA,CAAa,MAAA,GAAS,MAAA;AACtB,MAAA,IAAA,CAAa,MAAA,GAAS,MAAA;AACtB,MAAA,IAAA,CAAa,oBAAA,GAAuB,MAAA;AACpC,MAAA,IAAA,CAAa,aAAA,GAAgB,MAAA;AAC7B,MAAA,IAAA,CAAa,eAAA,GAAkB,MAAA;AAClC,IAAA;AACF,EAAA;;AAGQ,EAAA,YAAA,CAAgB,KAAA,EAA8C;AACpE,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,KAAK,CAAA;AAClC,EAAA;AAEQ,EAAA,6BAAA,CAA8B,MAAe,QAAA,EAAqC;AACxF,IAAA,IAAI,YAAA,CAAa,IAAI,CAAA,EAAG;AACtB,MAAA,IAAA,CAAK,6BAAA,CAA8B,GAAA,CAAI,IAAA,EAAM,QAAQ,CAAA;AACrD,MAAA;AACF,IAAA;AAEA,IAAA,IAAA,CAAK,gCAAA,CAAiC,GAAA,CAAI,IAAA,EAA2B,QAAQ,CAAA;AAC/E,EAAA;AAEQ,EAAA,yBAAA,CAA0B,IAAA,EAAgD;AAChF,IAAA,IAAI,YAAA,CAAa,IAAI,CAAA,EAAG;AACtB,MAAA,MAAMC,SAAAA,GAAW,IAAA,CAAK,6BAAA,CAA8B,GAAA,CAAI,IAAI,CAAA;AAC5D,MAAA,IAAA,CAAK,6BAAA,CAA8B,OAAO,IAAI,CAAA;AAC9C,MAAA,OAAOA,SAAAA;AACT,IAAA;AAEA,IAAA,MAAM,aAAA,GAAgB,IAAA;AACtB,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,gCAAA,CAAiC,GAAA,CAAI,aAAa,CAAA;AACxE,IAAA,IAAA,CAAK,gCAAA,CAAiC,OAAO,aAAa,CAAA;AAC1D,IAAA,OAAO,QAAA;AACT,EAAA;AAEQ,EAAA,gCAAA,CAAiC,IAAA,EAA0C;AACjF,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,yBAAA,CAA0B,IAAI,CAAA;AACpD,IAAA,OAAO,QAAA,EAAU,sBAAsB,IAAI,CAAA;AAC7C,EAAA;;;;;;;;AAUA,EAAA,IAAI,iBAAA,GAA6B;AAC/B,IAAA,OAAO,KAAK,SAAA,CAAU,IAAA;AACpB,MAAA,CAAA,CAAA,KAAK,mBAAA,IAAuB,CAAA,IAAM,CAAA,CAAqC,iBAAA,KAAsB;AAAA,KAAA;AAEjG,EAAA;;;;AAKA,EAAA,IAAI,YAAA,GAAwB;AAC1B,IAAA,OAAO,IAAA,CAAK,UAAU,IAAA,CAAK,CAAA,MAAK,cAAA,IAAkB,CAAA,IAAM,CAAA,CAAgC,YAAA,KAAiB,IAAI,CAAA;AAC/G,EAAA;;;;EAMA,MAAM,iBAAA,CAAkB,OAAe,OAAA,EAAqD;AAC1F,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAC5D,QAAA,IAAI,IAAA,EAAM;AACR,UAAA,IAAA,CAAK,6BAAA,CAA8B,MAAM,QAAQ,CAAA;AACjD,UAAA,OAAO,IAAA;AACT,QAAA;MACF,CAAA,CAAA,MAAQ;AAER,MAAA;AACF,IAAA;AACA,IAAA,OAAO,IAAA;AACT,EAAA;EAEA,MAAM,aAAA,CAAc,MAAe,OAAA,EAA8C;AAC/E,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,MAAM,UAAA,GAAa,MAAM,QAAA,CAAS,aAAA,CAAc,MAAM,OAAO,CAAA;AAC7D,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,OAAO,IAAA;AACT,MAAA;AACF,IAAA;AACA,IAAA,OAAO,KAAA;AACT,EAAA;;;;;;;;AAUA,EAAA,uBAAA,CAAwB,YAAA,EAAmC;AACzD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,IAAI,GAAA,IAAO,OAAQ,GAAA,CAAY,uBAAA,KAA4B,UAAA,EAAY;AACpE,MAAA,GAAA,CAAY,wBAAwB,YAAY,CAAA;AACnD,IAAA;AACF,EAAA;AAEA,EAAA,WAAA,CAAY,aAAqB,KAAA,EAAyC;AACxE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,IAAI,CAAC,GAAA,EAAK,MAAM,IAAI,MAAM,6CAA6C,CAAA;AACvE,IAAA,OAAO,GAAA,CAAI,WAAA,CAAY,WAAA,EAAa,KAAK,CAAA;AAC3C,EAAA;AAEA,EAAA,eAAA,CAAgB,aAAqB,KAAA,EAAqC;AACxE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,OAAO,GAAA,EAAK,eAAA,GAAkB,WAAA,EAAa,KAAK,CAAA;AAClD,EAAA;EAEA,MAAM,cAAA,CAAe,MAAc,KAAA,EAAiD;AAClF,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,IAAI,CAAC,GAAA,EAAK,MAAM,IAAI,MAAM,6CAA6C,CAAA;AACvE,IAAA,OAAO,GAAA,CAAI,cAAA,CAAe,IAAA,EAAM,KAAK,CAAA;AACvC,EAAA;EAEA,oBAAA,GAAuC;AACrC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,YAAA,CAAa,aAAa,CAAA;AAC3C,IAAA,IAAI,CAAC,GAAA,EAAK,OAAO,EAAE,QAAA,EAAU,SAAA,EAAW,MAAM,SAAA,EAAA;AAC9C,IAAA,OAAO,IAAI,oBAAA,EAAA;AACb,EAAA;EAEA,MAAM,YAAA,CAAa,aAAqB,OAAA,EAA2C;AAEjF,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,aAAA,CAAc,QAAQ,CAAA,IAAK,QAAA,CAAS,YAAA,EAAc;AACpD,QAAA,IAAI;AACF,UAAA,MAAM,GAAA,GAAM,MAAM,QAAA,CAAS,YAAA,CAAa,aAAa,OAAO,CAAA;AAC5D,UAAA,IAAI,KAAK,OAAO,GAAA;QAClB,CAAA,CAAA,MAAQ;AAER,QAAA;AACF,MAAA;AACF,IAAA;AACA,IAAA,OAAO,IAAA;AACT,EAAA;;;;EAMA,MAAM,aAAA,CAAc,QAAgB,QAAA,EAAsD;AACxF,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,YAAA,CAAa,iBAAiB,CAAA;AACnD,IAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,iDAAiD,CAAA;AAC/E,IAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,MAAA,EAAQ,QAAQ,CAAA;AAC/C,EAAA;AAEA,EAAA,MAAM,gBAAgB,SAAA,EAA4C;AAEhE,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,IAAI;AACF,UAAA,MAAM,OAAA,GAAU,MAAM,QAAA,CAAS,eAAA,CAAgB,SAAS,CAAA;AACxD,UAAA,IAAI,SAAS,OAAO,OAAA;QACtB,CAAA,CAAA,MAAQ;AAER,QAAA;AACF,MAAA;AACF,IAAA;AACA,IAAA,OAAO,IAAA;AACT,EAAA;AAEA,EAAA,MAAM,eAAe,SAAA,EAAkC;AAErD,IAAA,MAAM,kBAAmC,EAAA;AACzC,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,eAAA,CAAgB,IAAA;AACd,UAAA,QAAA,CAAS,cAAA,CAAe,SAAS,CAAA,CAAE,KAAA,CAAM,MAAM;UAE/C,CAAC;AAAA,SAAA;AAEL,MAAA;AACF,IAAA;AACA,IAAA,MAAM,OAAA,CAAQ,IAAI,eAAe,CAAA;AACnC,EAAA;AAEA,EAAA,MAAM,eAAe,SAAA,EAA4C;AAE/D,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,IAAI;AACF,UAAA,MAAM,OAAA,GAAU,MAAM,QAAA,CAAS,cAAA,CAAe,SAAS,CAAA;AACvD,UAAA,IAAI,SAAS,OAAO,OAAA;QACtB,CAAA,CAAA,MAAQ;AAER,QAAA;AACF,MAAA;AACF,IAAA;AACA,IAAA,OAAO,IAAA;AACT,EAAA;AAEA,EAAA,uBAAA,CAAwB,OAAA,EAAiC;AAEvD,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAY,QAAA,CAAS,uBAAA,CAAwB,OAAO,CAAA;AAC1D,UAAA,IAAI,WAAW,OAAO,SAAA;QACxB,CAAA,CAAA,MAAQ;AAER,QAAA;AACF,MAAA;AACF,IAAA;AACA,IAAA,OAAO,IAAA;AACT,EAAA;AAEA,EAAA,iBAAA,CAAkB,OAAA,EAA0C;AAI1D,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,YAAA,CAAa,iBAAiB,CAAA;AAC3D,IAAA,OAAO,eAAA,EAAiB,iBAAA,CAAkB,OAAO,CAAA,IAAK,EAAA;AACxD,EAAA;EAEA,sBAAA,GAAiD;AAE/C,IAAA,MAAM,UAAkC,EAAA;AACxC,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC/B,QAAA,IAAI;AACF,UAAA,MAAM,eAAA,GAAkB,SAAS,sBAAA,EAAA;AACjC,UAAA,MAAA,CAAO,MAAA,CAAO,SAAS,eAAe,CAAA;QACxC,CAAA,CAAA,MAAQ;AAER,QAAA;AACF,MAAA;AACF,IAAA;AACA,IAAA,OAAO,OAAA;AACT,EAAA;;;;;AAOA,EAAA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,cAAA,CAAe,QAAQ,CAAA,EAAG;AAC5B,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,cAAA,CAAe,OAAO,CAAA;AAClD,UAAA,IAAI,MAAM,OAAO,IAAA;QACnB,CAAA,CAAA,MAAQ;AAER,QAAA;AACF,MAAA;AACF,IAAA;AACA,IAAA,OAAO,IAAA;AACT,EAAA;AAEA,EAAA,MAAM,QAAQ,MAAA,EAAsC;AAClD,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,IAAI,cAAA,CAAe,QAAQ,CAAA,EAAG;AAC5B,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,OAAA,CAAQ,MAAM,CAAA;AAC1C,UAAA,IAAI,MAAM,OAAO,IAAA;QACnB,CAAA,CAAA,MAAQ;AAER,QAAA;AACF,MAAA;AACF,IAAA;AACA,IAAA,OAAO,IAAA;AACT,EAAA;AAEA,EAAA,MAAM,SAAS,OAAA,EAAgD;AAC7D,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,CAAA,WAAU,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAC,CAAC,CAAA;AAChE,EAAA;AACF;AAEA,IAAM,eAAA,GAAkB,CAAC,eAAA,EAAiB,qBAAqB,CAAA;AAgBxD,IAAM,UAAA,GAAN,cAAgC,kBAAA,CAA0B;;;;;EAKtD,YAAA,GAAe,IAAA;AAEhB,EAAA,MAAA;AACA,EAAA,OAAA;AACA,EAAA,KAAA;AACA,EAAA,QAAA;AAER,EAAA,WAAA,CAAY,OAAA,EAAmC;AAC7C,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,MAAA;AACtB,IAAA,IAAA,CAAK,KAAA,GAAQ,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA;AACtC,IAAA,IAAA,CAAK,OAAA,GAAU,CAAC,GAAG,eAAe,EAAE,MAAA,CAAO,OAAA,CAAQ,OAAA,IAAW,EAAE,CAAA;AAChE,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,GAAA,CAAI,IAAA,CAAK,MAAM,GAAA,CAAI,CAAA,CAAA,KAAK,CAAC,OAAQ,CAAA,EAAW,EAAE,CAAA,EAAG,CAAC,CAAC,CAAC,CAAA;AAC1E,EAAA;EAEA,MAAM,iBAAA,CAAkB,OAAe,OAAA,EAAmD;AACxF,IAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,oBAAA,CAAqB,KAAA,EAAO,OAAO,CAAA;AAE9D,IAAA,KAAA,MAAW,gBAAgB,aAAA,EAAe;AACxC,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,MAAA,CAAO,YAAY,CAAA;AAC5C,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,OAAO,WAAA;AACT,MAAA;AACF,IAAA;AAEA,IAAA,OAAO,IAAA,CAAK,iBAAA,CAAkB,gBAAA,CAAiB,OAAA,EAAS,QAAQ,CAAC,CAAA;AACnE,EAAA;EAEA,MAAM,aAAA,CAAc,MAAa,QAAA,EAA+C;AAC9E,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,IAAI,CAAA;AACjC,EAAA;;AAGA,EAAA,MAAM,eAAe,OAAA,EAAyC;AAE5D,IAAA,KAAA,MAAW,UAAA,IAAc,KAAK,OAAA,EAAS;AACrC,MAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAClD,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,iBAAA,CAAkB,WAAW,CAAA;AAChD,QAAA,MAAM,IAAA,GAAO,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AAC9B,QAAA,IAAI,IAAA,EAAM;AACR,UAAA,OAAO,IAAA;AACT,QAAA;AACF,MAAA;AACF,IAAA;AAEA,IAAA,OAAO,KAAK,iBAAA,CAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAC,CAAA;AAC7D,EAAA;AAEQ,EAAA,iBAAA,CAAkB,YAAA,EAAuD;AAC/E,IAAA,IAAI,CAAC,cAAc,OAAO,IAAA;AAE1B,IAAA,MAAM,OAAA,GAAU,YAAA,CAAa,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,IAAA,EAAM,CAAA;AACzD,IAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,MAAA,IAAI,MAAA,CAAO,UAAA,CAAW,eAAe,CAAA,EAAG;AACtC,QAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,eAAA,CAAgB,MAAM,CAAA;AACjD,QAAA,MAAM,IAAA,GAAO,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AAC9B,QAAA,IAAI,IAAA,EAAM;AACR,UAAA,OAAO,IAAA;AACT,QAAA;AACF,MAAA;AACF,IAAA;AACA,IAAA,OAAO,IAAA;AACT,EAAA;;AAGA,EAAA,MAAM,QAAQ,MAAA,EAAuC;AACnD,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,GAAA,CAAI,MAAM,CAAA,IAAK,IAAA;AACtC,EAAA;AAEA,EAAA,MAAM,SAAS,OAAA,EAAiD;AAC9D,IAAA,OAAO,OAAA,CAAQ,IAAI,CAAA,MAAA,KAAU,KAAK,QAAA,CAAS,GAAA,CAAI,MAAM,CAAA,IAAK,IAAI,CAAA;AAChE,EAAA;;;;;EAMA,MAAM,MAAA,CAAO,MAAA,EAAgB,QAAA,EAAkB,QAAA,EAAsD;AACnG,IAAA,MAAM,KAAA,GAAQ,QAAA;AACd,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AAE9B,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AACjC,IAAA;AAGA,IAAA,MAAM,MAAA,GAAS,gBAAgB,KAAK,CAAA,+CAAA,CAAA;AAEpC,IAAA,OAAO;AACL,MAAA,IAAA;AACA,MAAA,KAAA;AACA,MAAA,OAAA,EAAS,CAAC,MAAM;AAAA,KAAA;AAEpB,EAAA;AAEA,EAAA,MAAM,MAAA,GAA4C;AAChD,IAAA,MAAM,IAAI,MAAM,sEAAsE,CAAA;AACxF,EAAA;EAEA,eAAA,GAA2B;AACzB,IAAA,OAAO,KAAA;AACT,EAAA;;;;;EAMA,sBAAA,GAAiD;AAC/C,IAAA,OAAO;MACL,YAAA,EAAc;AAAA,KAAA;AAElB,EAAA;AAEQ,EAAA,iBAAA,CAAkB,KAAA,EAAuB;AAC/C,IAAA,OAAO,MAAM,UAAA,CAAW,SAAS,IAAI,KAAA,CAAM,KAAA,CAAM,CAAC,CAAA,GAAI,KAAA;AACxD,EAAA;AAEQ,EAAA,oBAAA,CAAqB,OAAe,OAAA,EAAsC;AAChF,IAAA,MAAM,MAAA,GAAS,CAAC,KAAK,CAAA;AACrB,IAAA,KAAA,MAAW,UAAA,IAAc,KAAK,OAAA,EAAS;AACrC,MAAA,MAAM,WAAA,GAAc,gBAAA,CAAiB,OAAA,EAAS,UAAU,CAAA;AACxD,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,iBAAA,CAAkB,WAAW,CAAC,CAAA;AACjD,MAAA;AACF,IAAA;AACA,IAAA,OAAO,MAAA;AACT,EAAA;AACF","file":"chunk-QPLN2BVV.cjs","sourcesContent":["export interface HonoRequestLike {\n  raw?: Request;\n  headers?: Headers;\n  header(name: string): string | undefined;\n}\n\nexport type MastraAuthRequest = Request | HonoRequestLike;\n\nexport type AuthenticateTokenFn<TUser, TResult = Promise<TUser | null>> = {\n  bivarianceHack(token: string, request: MastraAuthRequest): TResult;\n}['bivarianceHack'];\n\nexport type AuthorizeUserFn<TUser, TResult = Promise<boolean> | boolean> = {\n  bivarianceHack(user: TUser, request: MastraAuthRequest): TResult;\n}['bivarianceHack'];\n\nexport function getRequestHeader(request: MastraAuthRequest, name: string): string | null {\n  if (request instanceof Request) {\n    return request.headers.get(name);\n  }\n\n  return request.raw?.headers.get(name) ?? request.headers?.get(name) ?? request.header(name) ?? null;\n}\n\nexport function getWebRequest(request: MastraAuthRequest): Request | undefined {\n  if (request instanceof Request) {\n    return request;\n  }\n\n  return request.raw instanceof Request ? request.raw : undefined;\n}\n\nexport type Methods = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'ALL';\n\nexport type MastraAuthConfig<TUser = unknown, TContext = unknown> = {\n  /**\n   * Protected paths for the server.\n   */\n  protected?: (RegExp | string | [string, Methods | Methods[]])[];\n\n  /**\n   * Public paths for the server.\n   */\n  public?: (RegExp | string | [string, Methods | Methods[]])[];\n\n  /**\n   * Authenticate a token and return the user.\n   */\n  authenticateToken?: AuthenticateTokenFn<TUser, Promise<TUser>>;\n\n  /**\n   * Maps the authenticated user to a resource ID for memory/thread scoping.\n   */\n  mapUserToResourceId?(user: TUser): string | undefined | null;\n\n  /**\n   * Authorization function for the server.\n   */\n  authorize?: (path: string, method: string, user: TUser, context: TContext) => Promise<boolean>;\n\n  /**\n   * Rules for the server.\n   */\n  rules?: {\n    /** Path for the rule. */\n    path?: RegExp | string | string[];\n    /** Method for the rule. */\n    methods?: Methods | Methods[];\n    /** Condition for the rule. */\n    condition?: (user: TUser) => Promise<boolean> | boolean;\n    /** Allow the rule. */\n    allow?: boolean;\n  }[];\n};\n\nexport type { MastraAuthProviderOptions } from '../provider';\n","import { MastraBase } from '@internal/core/base';\nimport type {\n  CredentialsResult,\n  ISSOProvider,\n  ISessionProvider,\n  IUserProvider,\n  Session,\n  SSOCallbackResult,\n  SSOLoginConfig,\n  User,\n} from '..';\nimport type { AuthorizeUserFn, MastraAuthConfig, MastraAuthRequest } from '../types';\nimport { getRequestHeader } from '../types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n  name?: string;\n  authorizeUser?: AuthorizeUserFn<TUser>;\n  mapUserToResourceId?(user: TUser): string | undefined | null;\n  /**\n   * Protected paths for the auth provider\n   */\n  protected?: MastraAuthConfig['protected'];\n  /**\n   * Public paths for the auth provider\n   */\n  public?: MastraAuthConfig['public'];\n}\n\n/**\n * Structural description of the public surface of a `MastraAuthProvider`.\n *\n * Auth provider packages bundle their own copy of the `MastraAuthProvider`\n * declaration, so provider class types cannot be compared nominally across\n * package boundaries — `#private`/`protected` members would make otherwise\n * identical copies mutually unassignable. Positions that accept user-supplied\n * providers (e.g. `server.auth`, `CompositeAuth`) accept this interface\n * instead of the class.\n *\n * Note: methods intentionally use method syntax (not property syntax) so they\n * are checked bivariantly — providers with a narrower `TUser` must remain\n * assignable to `IMastraAuthProvider<unknown>`.\n */\nexport interface IMastraAuthProvider<TUser = unknown> {\n  name?: string;\n  /**\n   * Protected paths for the auth provider\n   */\n  protected?: MastraAuthConfig['protected'];\n  /**\n   * Public paths for the auth provider\n   */\n  public?: MastraAuthConfig['public'];\n  /**\n   * Authenticate a token and return the payload\n   */\n  authenticateToken(token: string, request: MastraAuthRequest): Promise<TUser | null>;\n  /**\n   * Authorize a user for a path and method\n   */\n  authorizeUser(user: TUser, request: MastraAuthRequest): Promise<boolean> | boolean;\n  /**\n   * Map an authenticated user to a memory resource id\n   */\n  mapUserToResourceId?(user: TUser): string | undefined | null;\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase implements IMastraAuthProvider<TUser> {\n  public protected?: MastraAuthConfig['protected'];\n  public public?: MastraAuthConfig['public'];\n  public mapUserToResourceId?(user: TUser): string | undefined | null;\n\n  constructor(options?: MastraAuthProviderOptions<TUser>) {\n    super({ component: 'AUTH', name: options?.name });\n\n    if (options?.authorizeUser) {\n      this.authorizeUser = options.authorizeUser.bind(this);\n    }\n\n    this.protected = options?.protected;\n    this.public = options?.public;\n    this.mapUserToResourceId = options?.mapUserToResourceId;\n  }\n\n  /**\n   * Authenticate a token and return the payload\n   * @param token - The token to authenticate\n   * @param request - The request\n   * @returns The payload\n   */\n  abstract authenticateToken(token: string, request: MastraAuthRequest): Promise<TUser | null>;\n\n  /**\n   * Authorize a user for a path and method\n   * @param user - The user to authorize\n   * @param request - The request\n   * @returns The authorization result\n   */\n  abstract authorizeUser(user: TUser, request: MastraAuthRequest): Promise<boolean> | boolean;\n\n  protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n    if (opts?.authorizeUser) {\n      this.authorizeUser = opts.authorizeUser.bind(this);\n    }\n    if (opts?.mapUserToResourceId) {\n      this.mapUserToResourceId = opts.mapUserToResourceId;\n    }\n    if (opts?.protected) {\n      this.protected = opts.protected;\n    }\n    if (opts?.public) {\n      this.public = opts.public;\n    }\n  }\n}\n\ntype PrimitiveAuthUser = string | number | boolean | bigint | symbol | null | undefined;\n\n// Type guards for interface detection\nfunction isSSOProvider(p: unknown): p is ISSOProvider {\n  return (\n    p !== null &&\n    typeof p === 'object' &&\n    typeof (p as any).getLoginUrl === 'function' &&\n    typeof (p as any).handleCallback === 'function'\n  );\n}\n\nfunction isSessionProvider(p: unknown): p is ISessionProvider {\n  return (\n    p !== null &&\n    typeof p === 'object' &&\n    typeof (p as any).validateSession === 'function' &&\n    typeof (p as any).createSession === 'function'\n  );\n}\n\nfunction isUserProvider(p: unknown): p is IUserProvider {\n  return p !== null && typeof p === 'object' && typeof (p as any).getCurrentUser === 'function';\n}\nfunction isCredentialsProvider(p: unknown): boolean {\n  return p !== null && typeof p === 'object' && typeof (p as any).signIn === 'function';\n}\n\nfunction isObjectLike(value: unknown): value is object {\n  return (typeof value === 'object' && value !== null) || typeof value === 'function';\n}\n\nexport class CompositeAuth\n  extends MastraAuthProvider\n  implements ISSOProvider<User>, ISessionProvider<Session>, IUserProvider<User>\n{\n  private providers: IMastraAuthProvider[];\n  private authenticatedProviderByObject = new WeakMap<object, IMastraAuthProvider>();\n  private authenticatedProviderByPrimitive = new Map<PrimitiveAuthUser, IMastraAuthProvider>();\n\n  constructor(providers: IMastraAuthProvider[]) {\n    const combinedPublic = providers.flatMap(provider => provider.public ?? []);\n    const combinedProtected = providers.flatMap(provider => provider.protected ?? []);\n\n    super({\n      public: combinedPublic,\n      protected: combinedProtected,\n    });\n\n    this.providers = providers;\n    if (providers.some(provider => typeof provider.mapUserToResourceId === 'function')) {\n      this.mapUserToResourceId = user => this.mapAuthenticatedUserToResourceId(user);\n    }\n\n    // Null out interface methods when no inner provider supports them.\n    // This ensures duck-typing checks (typeof auth.method === 'function')\n    // accurately reflect the composite's actual capabilities — preventing\n    // Studio from showing login options that no provider can handle.\n    if (!providers.some(isSSOProvider)) {\n      this.getLoginUrl = undefined as any;\n      this.handleCallback = undefined as any;\n      this.getLoginButtonConfig = undefined as any;\n    }\n    if (!providers.some(isSessionProvider)) {\n      this.createSession = undefined as any;\n      this.validateSession = undefined as any;\n      this.getSessionIdFromRequest = undefined as any;\n    }\n    if (!providers.some(isUserProvider)) {\n      this.getCurrentUser = undefined as any;\n      this.getUser = undefined as any;\n      this.getUsers = undefined as any;\n    }\n    // Proxy credentials provider methods if any inner provider supports them.\n    const credProvider = this.findProvider(isCredentialsProvider as (p: unknown) => p is IMastraAuthProvider) as any;\n    if (credProvider) {\n      (this as any).signIn = credProvider.signIn.bind(credProvider);\n      if (typeof credProvider.signUp === 'function') {\n        (this as any).signUp = credProvider.signUp.bind(credProvider);\n      }\n      if (typeof credProvider.requestPasswordReset === 'function') {\n        (this as any).requestPasswordReset = credProvider.requestPasswordReset.bind(credProvider);\n      }\n      if (typeof credProvider.resetPassword === 'function') {\n        (this as any).resetPassword = credProvider.resetPassword.bind(credProvider);\n      }\n      (this as any).isSignUpEnabled =\n        typeof credProvider.isSignUpEnabled === 'function'\n          ? credProvider.isSignUpEnabled.bind(credProvider)\n          : () => true;\n    } else {\n      (this as any).signIn = undefined;\n      (this as any).signUp = undefined;\n      (this as any).requestPasswordReset = undefined;\n      (this as any).resetPassword = undefined;\n      (this as any).isSignUpEnabled = undefined;\n    }\n  }\n\n  // Find first provider implementing an interface\n  private findProvider<T>(check: (p: unknown) => p is T): T | undefined {\n    return this.providers.find(check) as T | undefined;\n  }\n\n  private rememberAuthenticatedProvider(user: unknown, provider: IMastraAuthProvider): void {\n    if (isObjectLike(user)) {\n      this.authenticatedProviderByObject.set(user, provider);\n      return;\n    }\n\n    this.authenticatedProviderByPrimitive.set(user as PrimitiveAuthUser, provider);\n  }\n\n  private takeAuthenticatedProvider(user: unknown): IMastraAuthProvider | undefined {\n    if (isObjectLike(user)) {\n      const provider = this.authenticatedProviderByObject.get(user);\n      this.authenticatedProviderByObject.delete(user);\n      return provider;\n    }\n\n    const primitiveUser = user as PrimitiveAuthUser;\n    const provider = this.authenticatedProviderByPrimitive.get(primitiveUser);\n    this.authenticatedProviderByPrimitive.delete(primitiveUser);\n    return provider;\n  }\n\n  private mapAuthenticatedUserToResourceId(user: unknown): string | undefined | null {\n    const provider = this.takeAuthenticatedProvider(user);\n    return provider?.mapUserToResourceId?.(user);\n  }\n\n  // ============================================================================\n  // License Exemption Markers\n  // Expose these if any underlying provider has them\n  // ============================================================================\n\n  /**\n   * True if any provider is MastraCloudAuth (exempt from license requirement).\n   */\n  get isMastraCloudAuth(): boolean {\n    return this.providers.some(\n      p => 'isMastraCloudAuth' in p && (p as { isMastraCloudAuth: boolean }).isMastraCloudAuth === true,\n    );\n  }\n\n  /**\n   * True if any provider is SimpleAuth (exempt from license requirement).\n   */\n  get isSimpleAuth(): boolean {\n    return this.providers.some(p => 'isSimpleAuth' in p && (p as { isSimpleAuth: boolean }).isSimpleAuth === true);\n  }\n\n  // ============================================================================\n  // MastraAuthProvider Implementation\n  // ============================================================================\n\n  async authenticateToken(token: string, request: MastraAuthRequest): Promise<unknown | null> {\n    for (const provider of this.providers) {\n      try {\n        const user = await provider.authenticateToken(token, request);\n        if (user) {\n          this.rememberAuthenticatedProvider(user, provider);\n          return user;\n        }\n      } catch {\n        // ignore error, try next provider\n      }\n    }\n    return null;\n  }\n\n  async authorizeUser(user: unknown, request: MastraAuthRequest): Promise<boolean> {\n    for (const provider of this.providers) {\n      const authorized = await provider.authorizeUser(user, request);\n      if (authorized) {\n        return true;\n      }\n    }\n    return false;\n  }\n\n  // ============================================================================\n  // ISSOProvider Implementation\n  // ============================================================================\n\n  /**\n   * Forward cookie header to SSO provider for PKCE validation.\n   * Called by auth handler before handleCallback().\n   */\n  setCallbackCookieHeader(cookieHeader: string | null): void {\n    const sso = this.findProvider(isSSOProvider);\n    if (sso && typeof (sso as any).setCallbackCookieHeader === 'function') {\n      (sso as any).setCallbackCookieHeader(cookieHeader);\n    }\n  }\n\n  getLoginUrl(redirectUri: string, state: string): string | Promise<string> {\n    const sso = this.findProvider(isSSOProvider);\n    if (!sso) throw new Error('No SSO provider configured in CompositeAuth');\n    return sso.getLoginUrl(redirectUri, state);\n  }\n\n  getLoginCookies(redirectUri: string, state: string): string[] | undefined {\n    const sso = this.findProvider(isSSOProvider);\n    return sso?.getLoginCookies?.(redirectUri, state);\n  }\n\n  async handleCallback(code: string, state: string): Promise<SSOCallbackResult<User>> {\n    const sso = this.findProvider(isSSOProvider);\n    if (!sso) throw new Error('No SSO provider configured in CompositeAuth');\n    return sso.handleCallback(code, state) as Promise<SSOCallbackResult<User>>;\n  }\n\n  getLoginButtonConfig(): SSOLoginConfig {\n    const sso = this.findProvider(isSSOProvider);\n    if (!sso) return { provider: 'unknown', text: 'Sign in' };\n    return sso.getLoginButtonConfig();\n  }\n\n  async getLogoutUrl(redirectUri: string, request?: Request): Promise<string | null> {\n    // Try each SSO provider until one returns a logout URL\n    for (const provider of this.providers) {\n      if (isSSOProvider(provider) && provider.getLogoutUrl) {\n        try {\n          const url = await provider.getLogoutUrl(redirectUri, request);\n          if (url) return url;\n        } catch {\n          // Try next provider\n        }\n      }\n    }\n    return null;\n  }\n\n  // ============================================================================\n  // ISessionProvider Implementation\n  // ============================================================================\n\n  async createSession(userId: string, metadata?: Record<string, unknown>): Promise<Session> {\n    const session = this.findProvider(isSessionProvider);\n    if (!session) throw new Error('No session provider configured in CompositeAuth');\n    return session.createSession(userId, metadata);\n  }\n\n  async validateSession(sessionId: string): Promise<Session | null> {\n    // Try each session provider until one validates\n    for (const provider of this.providers) {\n      if (isSessionProvider(provider)) {\n        try {\n          const session = await provider.validateSession(sessionId);\n          if (session) return session;\n        } catch {\n          // Try next provider\n        }\n      }\n    }\n    return null;\n  }\n\n  async destroySession(sessionId: string): Promise<void> {\n    // Destroy session on ALL providers (user may have sessions in multiple stores)\n    const destroyPromises: Promise<void>[] = [];\n    for (const provider of this.providers) {\n      if (isSessionProvider(provider)) {\n        destroyPromises.push(\n          provider.destroySession(sessionId).catch(() => {\n            // Ignore errors, session may not exist in this provider\n          }),\n        );\n      }\n    }\n    await Promise.all(destroyPromises);\n  }\n\n  async refreshSession(sessionId: string): Promise<Session | null> {\n    // Try each session provider until one refreshes\n    for (const provider of this.providers) {\n      if (isSessionProvider(provider)) {\n        try {\n          const session = await provider.refreshSession(sessionId);\n          if (session) return session;\n        } catch {\n          // Try next provider\n        }\n      }\n    }\n    return null;\n  }\n\n  getSessionIdFromRequest(request: Request): string | null {\n    // Try each session provider until one finds a session ID\n    for (const provider of this.providers) {\n      if (isSessionProvider(provider)) {\n        try {\n          const sessionId = provider.getSessionIdFromRequest(request);\n          if (sessionId) return sessionId;\n        } catch {\n          // Try next provider\n        }\n      }\n    }\n    return null;\n  }\n\n  getSessionHeaders(session: Session): Record<string, string> {\n    // Intentionally uses only the first session provider: a session is created by one\n    // provider, so we only set its cookie. clearSession clears ALL providers to ensure\n    // no stale cookies remain.\n    const sessionProvider = this.findProvider(isSessionProvider);\n    return sessionProvider?.getSessionHeaders(session) ?? {};\n  }\n\n  getClearSessionHeaders(): Record<string, string> {\n    // Merge clear headers from ALL providers to ensure no stale session cookies remain\n    const headers: Record<string, string> = {};\n    for (const provider of this.providers) {\n      if (isSessionProvider(provider)) {\n        try {\n          const providerHeaders = provider.getClearSessionHeaders();\n          Object.assign(headers, providerHeaders);\n        } catch {\n          // Ignore errors\n        }\n      }\n    }\n    return headers;\n  }\n\n  // ============================================================================\n  // IUserProvider Implementation\n  // Try each provider until one returns a user (like authenticateToken)\n  // ============================================================================\n\n  async getCurrentUser(request: Request): Promise<User | null> {\n    for (const provider of this.providers) {\n      if (isUserProvider(provider)) {\n        try {\n          const user = await provider.getCurrentUser(request);\n          if (user) return user;\n        } catch {\n          // Try next provider\n        }\n      }\n    }\n    return null;\n  }\n\n  async getUser(userId: string): Promise<User | null> {\n    for (const provider of this.providers) {\n      if (isUserProvider(provider)) {\n        try {\n          const user = await provider.getUser(userId);\n          if (user) return user;\n        } catch {\n          // Try next provider\n        }\n      }\n    }\n    return null;\n  }\n\n  async getUsers(userIds: string[]): Promise<Array<User | null>> {\n    return Promise.all(userIds.map(userId => this.getUser(userId)));\n  }\n}\n\nconst DEFAULT_HEADERS = ['Authorization', 'X-Playground-Access'];\n\ntype TokenToUser<TUser> = Record<string, TUser>;\n\nexport interface SimpleAuthOptions<TUser> extends MastraAuthProviderOptions<TUser> {\n  /**\n   * Valid tokens to authenticate against\n   */\n  tokens: TokenToUser<TUser>;\n  /**\n   * Headers to check for authentication\n   * @default ['Authorization', 'X-Playground-Access']\n   */\n  headers?: string | string[];\n}\n\nexport class SimpleAuth<TUser> extends MastraAuthProvider<TUser> {\n  /**\n   * Marker to exempt SimpleAuth from EE license requirement.\n   * SimpleAuth is for development/testing and should work without a license.\n   */\n  readonly isSimpleAuth = true;\n\n  private tokens: TokenToUser<TUser>;\n  private headers: string[];\n  private users: TUser[];\n  private userById: Map<string, TUser>;\n\n  constructor(options: SimpleAuthOptions<TUser>) {\n    super(options);\n    this.tokens = options.tokens;\n    this.users = Object.values(this.tokens);\n    this.headers = [...DEFAULT_HEADERS].concat(options.headers || []);\n    this.userById = new Map(this.users.map(u => [String((u as any)?.id), u]));\n  }\n\n  async authenticateToken(token: string, request: MastraAuthRequest): Promise<TUser | null> {\n    const requestTokens = this.getTokensFromHeaders(token, request);\n\n    for (const requestToken of requestTokens) {\n      const tokenToUser = this.tokens[requestToken];\n      if (tokenToUser) {\n        return tokenToUser;\n      }\n    }\n\n    return this.getUserFromCookie(getRequestHeader(request, 'Cookie'));\n  }\n\n  async authorizeUser(user: TUser, _request: MastraAuthRequest): Promise<boolean> {\n    return this.users.includes(user);\n  }\n\n  /** Get current user from request headers or cookie. */\n  async getCurrentUser(request: Request): Promise<TUser | null> {\n    // Check headers first\n    for (const headerName of this.headers) {\n      const headerValue = request.headers.get(headerName);\n      if (headerValue) {\n        const token = this.stripBearerPrefix(headerValue);\n        const user = this.tokens[token];\n        if (user) {\n          return user;\n        }\n      }\n    }\n\n    return this.getUserFromCookie(request.headers.get('Cookie'));\n  }\n\n  private getUserFromCookie(cookieHeader: string | null | undefined): TUser | null {\n    if (!cookieHeader) return null;\n\n    const cookies = cookieHeader.split(';').map(c => c.trim());\n    for (const cookie of cookies) {\n      if (cookie.startsWith('mastra-token=')) {\n        const token = cookie.slice('mastra-token='.length);\n        const user = this.tokens[token];\n        if (user) {\n          return user;\n        }\n      }\n    }\n    return null;\n  }\n\n  /** Get user by ID. */\n  async getUser(userId: string): Promise<TUser | null> {\n    return this.userById.get(userId) ?? null;\n  }\n\n  async getUsers(userIds: string[]): Promise<Array<TUser | null>> {\n    return userIds.map(userId => this.userById.get(userId) ?? null);\n  }\n\n  /**\n   * Sign in with token (passed as password field).\n   * The email field is ignored - only the token matters.\n   */\n  async signIn(_email: string, password: string, _request: Request): Promise<CredentialsResult<TUser>> {\n    const token = password;\n    const user = this.tokens[token];\n\n    if (!user) {\n      throw new Error('Invalid token');\n    }\n\n    // Set cookie so the token persists across requests\n    const cookie = `mastra-token=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400`;\n\n    return {\n      user,\n      token,\n      cookies: [cookie],\n    };\n  }\n\n  async signUp(): Promise<CredentialsResult<TUser>> {\n    throw new Error('Sign up is not supported with SimpleAuth. Use pre-configured tokens.');\n  }\n\n  isSignUpEnabled(): boolean {\n    return false;\n  }\n\n  /**\n   * Get headers to clear the session cookie on logout.\n   * Partial ISessionProvider implementation for logout support.\n   */\n  getClearSessionHeaders(): Record<string, string> {\n    return {\n      'Set-Cookie': 'mastra-token=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0',\n    };\n  }\n\n  private stripBearerPrefix(token: string): string {\n    return token.startsWith('Bearer ') ? token.slice(7) : token;\n  }\n\n  private getTokensFromHeaders(token: string, request: MastraAuthRequest): string[] {\n    const tokens = [token];\n    for (const headerName of this.headers) {\n      const headerValue = getRequestHeader(request, headerName);\n      if (headerValue) {\n        tokens.push(this.stripBearerPrefix(headerValue));\n      }\n    }\n    return tokens;\n  }\n}\n"]}