AI agent frameworks in TypeScript: what changes for builders?

TL;DR: AI agent frameworks are moving into production, with TypeScript, tool calling, memory, structured workflows, and integrations becoming the core primitives for autonomous workflows according to WorkOS. Mastra’s discussion with WorkOS at HumanX 2026 highlights how the governance challenge is no longer just building agents, but deciding how their identities, access, and runtime actions are controlled once they reach production.

NHIMG editorial — based on content published by WorkOS: Abhi Aiyer on building Mastra and the future of AI agent frameworks

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.

Questions worth separating out

Q: How should security teams govern AI agents built into application frameworks?

A: They should treat the framework layer as part of the identity architecture, not just the app stack.

Q: Why do agent frameworks create new access-risk problems for IAM teams?

A: Because they let runtime decisions, tool calls, and stateful workflows happen inside familiar development stacks, which can hide where authorisation actually occurs.

Q: What breaks when AI agent permissions are inherited from the host application?

A: The boundary between application access and agent access disappears.

Practitioner guidance

• Map agent framework trust boundaries Document where the framework creates, stores, and reuses credentials, tool permissions, and memory state so identity review can happen at the same layer as runtime execution.
• Assign ownership to every production agent path Tie each autonomous workflow to a named system owner, a review cadence, and an offboarding trigger so non-human identity does not persist after the business use case changes.
• Separate remembered context from authorised action Review whether stored memory can influence access to tools or data, and require explicit authorisation points when prior state changes the agent’s decision path.

What's in the full article

WorkOS's full article covers the operational detail this post intentionally leaves for the source:

• The full discussion of how Mastra handles tool calling, memory, and workflow composition in a production TypeScript stack.
• The interview context from HumanX 2026, including how the team thinks about framework adoption and developer feedback loops.
• The deeper explanation of why the ecosystem feels early, including the evolving patterns for multi-agent coordination and evaluation.
• The development perspective on how open-source feedback shapes roadmap decisions for agent tooling.

👉 Read WorkOS's interview on Mastra, AI agent frameworks, and the future of agentic tooling →

AI agent frameworks in TypeScript: what changes for builders?

Explore further

View Full Forum →  |  NHI Foundation Course →