Developed per-route API authentication control for the mastra-ai/mastra repository, enabling each custom API endpoint to specify whether authentication is required through a configurable requiresAuth flag. This work involved wiring the authentication logic through deployer and helper modules, supporting secure bootstrapping of routes prior to Clerk token availability. Automated tests were implemented to verify the new authentication behavior, and documentation was updated to clarify usage and policy configuration. Utilizing TypeScript and focusing on API development, authentication, and testing, this feature enhanced the security posture and flexibility of Mastra’s API surface, allowing for more granular and adaptable security policies across endpoints.