Mastra: Observability Primitives (Native Pattern + Read/Write Memory)
TypeScript-first SDK. Observability as a first-class primitive (native event emission, not a wrapper). Explicit read/write memory tiers. The Module 10 reference (5/5) and the Module 4.3 reference (5/5). The only roster harness where the memory-poisoning defense is structural rather than advisory. 34/60 — the observability-and-memory shape.
Observability belongs in the component, not around it. The wrapper pattern (most SDKs, Module 1.4) applies observability externally via withObservability — sees only boundary crossings, can drift out of sync. The native pattern (Mastra) makes emission part of the component contract — component.run(input) returns { result, events[] }, internal decisions visible, contract cannot drift. Converges with DD-21 (Tau) on the same conclusion: events ARE the cross-layer contract.
The explicit read/write memory split makes write-gating interface-level — Module 4.3 reference. Read memory and write memory are separate interfaces (readMemory vs writeMemory). Give an agent the read interface, withhold the write interface. The defense is in the type system, not in a policy layer. Compare to CrewAI (DD-12): crew-scoped shared memory means write-gating unavailable by default.
Mastra's split is structurally identical to NemoClaw's credential isolation. NemoClaw places credentials outside the sandbox's reach — no handle to leak. Mastra withholds the write-memory interface — no handle to poison. Different layers (sandbox credentials vs memory writes), one structural principle: remove the handle, do not write a policy. The strongest defense is architectural, not advisory.
34/60 is the observability-and-memory shape, not the production-readiness shape. Two 5/5 peaks (Module 10 Observability, Module 4.3 Write-gating). Production gaps: Module 5 Sandbox 1/5, Module 9 Verification 1/5, Module 11 Security 2/5. Pair Mastra with a harness that has the security modules (the Agents SDK DD-11 for sandboxing, NemoClaw DD-09 for governance).