build(deps): Bump ai and @mastra/core in /packages/agentmesh-integrations/mastra-agentmesh

[dependabot]

Removes ai. It's no longer used after updating ancestor dependency @mastra/core. These dependencies need to be updated together.

Removes ai

Updates @mastra/core from 0.10.0 to 1.21.0

Release notes

Sourced from @​mastra/core's releases.

Mar 25, 2026

Highlights

Smarter Model Selection for Observational Memory

@mastra/memory now lets you route observer and reflector calls to different models based on input size using ModelByInputTokens. Short inputs can go to a fast, cheap model while longer ones get sent to a more capable one -- all configured declaratively with token thresholds. Tracing shows which model was selected and why.

MongoDB Support for Datasets and Experiments

@mastra/mongodb now stores versioned datasets with full item history and time-travel queries, plus experiment results and CRUD. If you're already using MongoDBStore, this works automatically with no extra setup.

Okta Auth and RBAC

New @mastra/auth-okta package brings SSO authentication and role-based access control via Okta. Map Okta groups to Mastra permissions, verify JWTs against Okta's JWKS endpoint, and manage sessions -- or pair Okta RBAC with a different auth provider like Auth0 or Clerk.

Breaking Changes

• None called out in this changelog.

Changelog

@​mastra/core@​1.16.0

Minor Changes

• Added dataset-agent association and experiment status tracking for the Evaluate workflow. (#14470)

  • Dataset targeting: Added targetType and targetIds fields to datasets, enabling association with agents, scorers, or workflows. Datasets can now be linked to multiple entities.
  • Experiment status: Added status field to experiment results ('needs-review', 'reviewed', 'complete') for review queue workflow.
  • Dataset experiment routes: Added API endpoints for triggering experiments from a dataset with configurable target type and target ID.
  • LLM data generation: Added endpoint for generating dataset items using an LLM with configurable count and prompt.
  • Failure analysis: Added endpoint for clustering experiment failures and proposing tags using LLM analysis.

• Added agent version support for experiments. When triggering an experiment, you can now pass an agentVersion parameter to pin which agent version to use. The agent version is stored with the experiment and returned in experiment responses. (#14562)

  const client = new MastraClient();
  await client.triggerDatasetExperiment({
  datasetId: "my-dataset",
  targetType: "agent",
  targetId: "my-agent",
  version: 3, // pin to dataset version 3
  agentVersion: "ver_abc123" // pin to a specific agent version
  });

• Added tool suspension handling to the Harness. (#14611)

  When a tool calls suspend() during execution, the harness now emits a tool_suspended event, reports agent_end with reason 'suspended', and exposes respondToToolSuspension() to resume execution with user-provided data.

... (truncated)

Commits

• 89dec59 chore: version - exit prerelease mode
• 121c67f chore: version packages (alpha) (#14929)
• 8cf8a67 fix(datadog): set native error tags to fix [object Object] in Datadog Error...
• 7f498d0 fix(core): auto-retry on assistant message prefill error (#14953)
• 9ad6aa6 feat(logger): add component-scoped logging with filter support (#14947)
• 3d16814 fix(core): split observability utils to prevent AsyncLocalStorage in browser ...
• d7827e3 fix(core): add entityName to workflow span creation (#14949)
• 6517789 feat: add contiguous trimming mode to TokenLimiterProcessor (#14801)
• ca4d740 chore: regenerate providers and docs [skip ci]
• ec5c319 fixed race condition and traceId nullability in scoring (#14942)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​mastra/core since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Welcome to the Agent Governance Toolkit! Thanks for your first pull request.
Please ensure tests pass, code follows style (ruff check), and you have signed the CLA.
See our Contributing Guide.

[github-actions]

✅ PR Review Summary

Check	Status	Details
🔍 Code Review	⏳ Pending	Awaiting results
🛡️ Security Scan	⏳ Pending	Awaiting results
🔄 Breaking Changes	⏳ Pending	Awaiting results
📝 Docs Sync	⏳ Pending	Awaiting results
🧪 Test Coverage	⏳ Pending	Awaiting results

Verdict: ⏳ Still running — some checks have not completed yet

💡 Individual agent reports are collapsed below for reference.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 27 packages with OpenSSF Scorecard issues.

View full job summary