# QA: Authentication — Mastra ## Test Steps - [ ] Navigate to `/demos/auth` - [ ] Verify the page loads with banner showing "✓ Signed in as demo user" (green) - [ ] Verify `` renders and accepts input - [ ] Send any message — verify the agent responds - [ ] Click "Sign out" — banner flips to amber "Signed out — the agent will reject your messages…" - [ ] Try to send a new message — verify the error banner at bottom shows "401 Unauthorized" - [ ] Click "Sign in" — banner turns green again, error banner clears - [ ] Verify sending messages works again ## Expected Results - `Authorization: Bearer demo-token-123` header injected via `` when signed in - `/api/copilotkit-auth` route uses V2 runtime `onRequest` hook to throw a 401 Response when header missing - `ChatErrorBoundary` auto-resets on sign-in so the chat remounts cleanly - Page starts authenticated to avoid the initial `/info` 401 crash ## Implementation - Route: `src/app/api/copilotkit-auth/route.ts` (V2 `createCopilotRuntimeHandler` with `hooks.onRequest`) - Token constant: `src/app/demos/auth/demo-token.ts` - Auth state: `src/app/demos/auth/use-demo-auth.ts` (default `authenticated: true`) - Banner: `src/app/demos/auth/auth-banner.tsx`