Delv
Task AutomationActive· 5dby Mastra4.1

Mastra

TypeScript framework for AI agents from the Gatsby team with workflows, RAG, evals and human-in-the-loop primitives.

Try it Source
B
Safety & Trust

Delv Safety Grade: B

Score 72/100 · assessed 2026-04-18

Maintainer75
Permissions55
Supply chain80
Transparency85
Incidents100

Mastra is a TypeScript framework for building AI agents, developed by the team behind Gatsby. The project shows professional development practices with active GitHub presence, comprehensive documentation, and standard npm distribution. The maintainer score reflects a credible team with proven track record, though the project itself is relatively new (launched 2024). Permission scope is moderate: as an agent framework, it enables filesystem access, network calls, and external LLM integration depending on how developers configure their agents. Supply chain is solid via npm with TypeScript typing. Transparency is strong with open source code, detailed docs, and active issue tracking. No security incidents recorded. The framework's flexibility means actual risk depends heavily on how developers implement their agents and what integrations they enable.

Green flags

  • Developed by experienced Gatsby team with strong engineering reputation
  • Fully open source with comprehensive documentation and examples
  • Standard npm distribution with TypeScript support and type safety
  • Active GitHub with regular commits and responsive issue management
  • Includes evaluation and safety primitives (evals, human-in-the-loop)

Red flags

  • Agent framework enables arbitrary code execution based on developer config
  • Relatively new project (2024) with limited production track record
  • Broad permission surface area when fully configured with integrations
  • Human-in-the-loop primitives suggest potential for sensitive data handling

Permissions requested

Read filesWrite filesOutbound networkExternal LLM callRead envDB readDB write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Pricing

FREEMIUMFree OSS, paid cloud

Platforms

apicli

Review

Mastra is a TypeScript framework for building AI agents, not a pre-built agent you deploy. It comes from the Gatsby team, which shows in the developer experience: clean APIs, good docs, and a Next.js integration that actually works. The core idea is sensible: workflows as first-class primitives, built-in RAG for context retrieval, and human-in-the-loop hooks so you can gate risky actions. I built a customer support triage agent with it that routes tickets, fetches context from our knowledge base, and drafts replies. The workflow system let me chain LLM calls, database lookups, and approval steps without wrestling with state machines or callback hell. The evals framework is genuinely useful: you write test cases, Mastra runs them against your agent, and you get pass/fail metrics. This catches regressions when you tweak prompts. The RAG primitives handle chunking and embedding without forcing you into a specific vector store, which is rare. You bring your own Pinecone or Postgres with pgvector. Where it stumbles: the orchestration is single-threaded, so long-running workflows block. No built-in retry logic for flaky APIs, you wire that yourself. The cloud offering is new and light on features compared to running it yourself. Documentation assumes you know TypeScript well; if you are coming from Python, the learning curve is real. Compared to LangGraph, Mastra is less mature but far easier to reason about. LangGraph gives you more control over execution graphs, Mastra gives you faster iteration. If you are already in the Next.js ecosystem and want agents that feel like application code rather than research prototypes, Mastra is the best option I have found. The human-in-the-loop primitives are particularly good: you can pause a workflow, send a Slack message, wait for approval, then resume. That alone justifies it for production use cases where full autonomy is too risky.
Verdict

Best for TypeScript teams building agents into existing Next.js apps, especially when you need human approval gates. Skip it if you need battle-tested orchestration or prefer Python tooling.

Good at

  • Workflows as code with clean TypeScript APIs, no YAML or visual builders
  • Human-in-the-loop primitives that actually pause and resume execution
  • Built-in evals framework catches regressions when you change prompts
  • RAG primitives that do not lock you into a specific vector database
  • Next.js integration works out of the box, feels native

Watch out

  • Single-threaded orchestration, long workflows block other tasks
  • No built-in retry logic for API failures, you implement it yourself
  • Cloud offering is underbaked compared to self-hosted
  • Steep learning curve if you are not fluent in TypeScript
  • Smaller ecosystem than Python alternatives like LangGraph

Use cases

  • TypeScript agents
  • Next.js integration
  • workflows