Skip to content

feat: add playground auth UI, permission gating, and E2E role tests#13173

Open
rphansen91 wants to merge 8 commits intoauth-rbac-core-serverfrom
auth-playground-ui
Open

feat: add playground auth UI, permission gating, and E2E role tests#13173
rphansen91 wants to merge 8 commits intoauth-rbac-core-serverfrom
auth-playground-ui

Conversation

@rphansen91
Copy link
Contributor

@rphansen91 rphansen91 commented Feb 18, 2026

Summary

  • New auth UI domain in playground-ui: login/signup pages, AuthRequired wrapper, user menu, auth status
  • Permission gating via usePermissions() hook across all table views and tool panels
  • PermissionDenied component and 403 error handling for unauthorized access
  • E2E tests for admin, member, and viewer roles with login flow coverage
  • Example auth configurations in examples/agent/

When no auth is configured, usePermissions() returns permissive defaults — fully backward compatible.

Context

PR 3 of 3 in the auth/RBAC split. Depends on #13163 (auth core + server RBAC). Independent of PR 2 (auth providers).

PR 1 (Core + Server + Adapters) ──┬──> PR 2 (Auth Providers)
                                   └──> PR 3 (UI + E2E) ← this PR

Verification

  • pnpm build:packages — playground-ui and playground build
  • Start playground without auth — all pages work identically to before
  • Start playground with SimpleAuth — login page appears, permission gating works
  • usePermissions() returns permissive defaults when no auth configured
  • E2E: cd packages/playground && pnpm exec playwright test e2e/tests/auth/

🤖 Generated with Claude Code

@rphansen91 @claude
feat: add playground auth UI, permission gating, and E2E role tests
c4c7435 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vercel
Copy link

vercel bot commented Feb 18, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
mastra-docs Ready Ready Preview, Comment Feb 19, 2026 5:20am
mastra-docs-1.x Building Building Preview, Comment Feb 19, 2026 5:20am

Request Review

@changeset-bot
Copy link

changeset-bot bot commented Feb 18, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 27c6a3a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages
Name Type
@mastra/playground-ui Minor
@internal/playground Patch
mastra Patch
create-mastra Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 18, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch auth-playground-ui

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot added the Documentation Improvements or additions to documentation label Feb 18, 2026
rphansen91 and others added 4 commits February 18, 2026 14:16
@rphansen91 @claude
Remove EEUser type constraint from SimpleAuth for backward compatibility
8c52a58 
SimpleAuth no longer requires TUser to extend EEUser, allowing any user
type (bare strings, numeric ids, etc.). EE features (getCurrentUser,
getUser) still work via duck typing at call sites. Also documents the
intentional isProtectedPath default-allow behavior since all routes are
already auth-checked via registerRoute/checkRouteAuth.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rphansen91 @claude
docs: add auth system architecture diagram
50d47f0 
Mermaid diagram covering the full auth/RBAC flow from PR #13163:
request lifecycle, core middleware, permission enforcement,
provider composition, interfaces, and license gating.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rphansen91 @claude
docs: add server package CLAUDE.md with auth flow diagram
47ff7a8 
Documents the three route categories (built-in, custom API, non-API),
default auth config, the full request auth flow as a mermaid diagram,
isProtectedPath behavior, and permission derivation conventions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rphansen91
Merge branch 'auth-rbac-core-server' into auth-playground-ui
8b8400f
@rphansen91 @claude
fix: add role to service token user for RBAC permission mapping
7be27e3 
Service tokens need a role property so MastraRBACCloud can resolve
permissions via roleMapping. Use role: 'api' to map to the existing
api role which grants read/write/execute access.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rphansen91 @claude
fix: remove invalid @mastra/playground from changeset
27c6a3a 
The playground package is named @internal/playground, not @mastra/playground.
Remove it from the changeset since it's not published to npm.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rphansen91

Comments