@juspay/neurolink 7.29.0 → 7.29.2

package/dist/proxy/proxyFetch.js

@@ -1,123 +1,253 @@
 /**
- * Proxy-aware fetch implementation for AI SDK providers
- * Implements the proven Vercel AI SDK proxy pattern using undici
+ * Enhanced proxy-aware fetch implementation for AI SDK providers
+ * Supports HTTP/HTTPS, SOCKS4/5, authentication, and NO_PROXY bypass
+ * Lightweight implementation extracted from research of major proxy packages
  */
 import { logger } from "../utils/logger.js";
+import { shouldBypassProxy } from "./utils/noProxyUtils.js";
 /**
- * Create a proxy-aware fetch function
- * This implements the community-validated approach for Vercel AI SDK
+ * Mask credentials in proxy URLs for secure logging
+ * Replaces user:password@ with [CREDENTIALS_MASKED]@
+ */
+function maskProxyCredentials(proxyUrl) {
+    if (!proxyUrl || proxyUrl === "NOT_SET") {
+        return proxyUrl || "NOT_SET";
+    }
+    try {
+        // Handle URLs with credentials: http://user:password@proxy:port
+        const credentialPattern = /(:\/\/)([^@:]+):([^@]+)@/;
+        if (credentialPattern.test(proxyUrl)) {
+            return proxyUrl.replace(credentialPattern, "$1[CREDENTIALS_MASKED]@");
+        }
+        // Return original URL if no credentials found
+        return proxyUrl;
+    }
+    catch {
+        // If URL parsing fails, still mask potential credentials pattern
+        return proxyUrl.replace(/(:\/\/)([^@:]+):([^@]+)@/, "$1[CREDENTIALS_MASKED]@");
+    }
+}
+/**
+ * Mask all proxy credentials in an environment variables object
+ */
+function maskProxyEnvVars(envVars) {
+    const masked = {};
+    for (const [key, value] of Object.entries(envVars)) {
+        masked[key] = maskProxyCredentials(value);
+    }
+    return masked;
+}
+/**
+ * Parse proxy URL with authentication support
+ */
+function parseProxyUrl(proxyUrl) {
+    try {
+        const url = new URL(proxyUrl);
+        const config = {
+            protocol: url.protocol,
+            hostname: url.hostname,
+            port: parseInt(url.port) || getDefaultPort(url.protocol),
+            cleanUrl: `${url.protocol}//${url.hostname}:${url.port || getDefaultPort(url.protocol)}`,
+        };
+        // Extract authentication if present
+        if (url.username && url.password) {
+            config.auth = {
+                username: decodeURIComponent(url.username),
+                password: decodeURIComponent(url.password),
+            };
+        }
+        return config;
+    }
+    catch (error) {
+        logger.error("[Proxy] Failed to parse proxy URL", {
+            proxyUrl: maskProxyCredentials(proxyUrl),
+            error,
+        });
+        throw new Error(`Invalid proxy URL: ${maskProxyCredentials(proxyUrl)}`);
+    }
+}
+/**
+ * Get default port for protocol
+ */
+function getDefaultPort(protocol) {
+    switch (protocol) {
+        case "http:":
+            return 8080;
+        case "https:":
+            return 8080;
+        case "socks4:":
+            return 1080;
+        case "socks5:":
+            return 1080;
+        default:
+            return 8080;
+    }
+}
+/**
+ * Select appropriate proxy URL based on target and environment
+ */
+function selectProxyUrl(targetUrl) {
+    // Check NO_PROXY bypass first
+    if (shouldBypassProxy(targetUrl)) {
+        logger.debug("[Proxy] Bypassing proxy due to NO_PROXY", { targetUrl });
+        return null;
+    }
+    try {
+        const url = new URL(targetUrl);
+        const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
+        const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
+        const allProxy = process.env.ALL_PROXY || process.env.all_proxy;
+        const socksProxy = process.env.SOCKS_PROXY || process.env.socks_proxy;
+        // Priority: Protocol-specific > ALL_PROXY > SOCKS_PROXY
+        if (url.protocol === "https:" && httpsProxy) {
+            return httpsProxy;
+        }
+        if (url.protocol === "http:" && httpProxy) {
+            return httpProxy;
+        }
+        if (allProxy) {
+            return allProxy;
+        }
+        if (socksProxy) {
+            return socksProxy;
+        }
+        return null;
+    }
+    catch (error) {
+        logger.warn("[Proxy] Error selecting proxy URL", { targetUrl, error });
+        return null;
+    }
+}
+/**
+ * Create appropriate proxy agent based on protocol
+ */
+async function createProxyAgent(proxyUrl) {
+    const parsed = parseProxyUrl(proxyUrl);
+    logger.debug("[Proxy] Creating proxy agent", {
+        protocol: parsed.protocol,
+        hostname: parsed.hostname,
+        port: parsed.port,
+        hasAuth: !!parsed.auth,
+    });
+    switch (parsed.protocol) {
+        case "http:":
+        case "https:": {
+            // Use existing undici ProxyAgent for HTTP/HTTPS
+            const { ProxyAgent } = await import("undici");
+            return new ProxyAgent(proxyUrl);
+        }
+        case "socks4:":
+        case "socks5:": {
+            // SOCKS proxy support is not included in the build to avoid optional dependencies
+            throw new Error(`SOCKS proxy support requires 'proxy-agent' package. ` +
+                `Install it with: npm install proxy-agent`);
+        }
+        default:
+            throw new Error(`Unsupported proxy protocol: ${parsed.protocol}`);
+    }
+}
+// ==================== ENHANCED PROXY FETCH FUNCTION ====================
+/**
+ * Create a proxy-aware fetch function with enhanced capabilities
+ * Supports HTTP/HTTPS, SOCKS4/5, authentication, and NO_PROXY bypass
  */
 export function createProxyFetch() {
+    // Detect ALL proxy-related environment variables
     const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
     const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
-    // EXHAUSTIVE LOGGING: Capture ALL proxy-related environment variables BEFORE configuration
-    logger.debug("[Proxy Fetch] 🔍 EXHAUSTIVE_PROXY_ENV_BEFORE", {
-        // Original proxy config function calls
-        proxyHostFunction: "getProxyHost equivalent",
-        proxyPortFunction: "getProxyPort equivalent",
-        // Raw environment variables BEFORE any changes
-        originalHttpProxy: process.env.HTTP_PROXY || "NOT_SET",
-        originalHttpsProxy: process.env.HTTPS_PROXY || "NOT_SET",
-        originalAllProxy: process.env.ALL_PROXY || "NOT_SET",
-        originalNoProxy: process.env.NO_PROXY || "NOT_SET",
-        // Node.js specific proxy variables
-        originalNodejsHttpProxy: process.env.nodejs_http_proxy || "NOT_SET",
-        originalNodejsHttpsProxy: process.env.nodejs_https_proxy || "NOT_SET",
-        // All potential proxy-related environment variables
-        allProxyRelatedEnvVars: Object.keys(process.env)
+    const allProxy = process.env.ALL_PROXY || process.env.all_proxy;
+    const socksProxy = process.env.SOCKS_PROXY || process.env.socks_proxy;
+    const noProxy = process.env.NO_PROXY || process.env.no_proxy;
+    // ENHANCED LOGGING: Capture ALL enhanced proxy-related environment variables with credential masking
+    logger.debug("[Proxy Fetch] 🔍 ENHANCED_PROXY_ENV_DETECTION", {
+        // Enhanced proxy environment variables (credentials masked)
+        httpProxy: maskProxyCredentials(httpProxy || "NOT_SET"),
+        httpsProxy: maskProxyCredentials(httpsProxy || "NOT_SET"),
+        allProxy: maskProxyCredentials(allProxy || "NOT_SET"),
+        socksProxy: maskProxyCredentials(socksProxy || "NOT_SET"),
+        noProxy: noProxy || "NOT_SET", // NO_PROXY doesn't contain credentials
+        // Legacy variables for compatibility (credentials masked)
+        originalNodejsHttpProxy: maskProxyCredentials(process.env.nodejs_http_proxy || "NOT_SET"),
+        originalNodejsHttpsProxy: maskProxyCredentials(process.env.nodejs_https_proxy || "NOT_SET"),
+        // All potential proxy-related environment variables (credentials masked)
+        allProxyRelatedEnvVars: maskProxyEnvVars(Object.keys(process.env)
             .filter((key) => key.toLowerCase().includes("proxy"))
             .reduce((acc, key) => {
             acc[key] = process.env[key] || "NOT_SET";
             return acc;
-        }, {}),
-        message: "EXHAUSTIVE proxy environment capture BEFORE configuration",
+        }, {})),
+        message: "Enhanced proxy environment detection with SOCKS, authentication, and NO_PROXY support (credentials masked for security)",
     });
     // If no proxy configured, return standard fetch
-    if (!httpsProxy && !httpProxy) {
+    if (!httpsProxy && !httpProxy && !allProxy && !socksProxy) {
         logger.debug("[Proxy Fetch] No proxy environment variables found - using standard fetch");
         return fetch;
     }
-    logger.debug(`[Proxy Fetch] Configuring proxy with undici ProxyAgent`);
-    logger.debug(`[Proxy Fetch] HTTP_PROXY: ${httpProxy || "not set"}`);
-    logger.debug(`[Proxy Fetch] HTTPS_PROXY: ${httpsProxy || "not set"}`);
-    // Return proxy-aware fetch function
+    logger.debug(`[Proxy Fetch] Configuring enhanced proxy with multiple protocol support`);
+    logger.debug(`[Proxy Fetch] HTTP_PROXY: ${maskProxyCredentials(httpProxy || "not set")}`);
+    logger.debug(`[Proxy Fetch] HTTPS_PROXY: ${maskProxyCredentials(httpsProxy || "not set")}`);
+    logger.debug(`[Proxy Fetch] ALL_PROXY: ${maskProxyCredentials(allProxy || "not set")}`);
+    logger.debug(`[Proxy Fetch] SOCKS_PROXY: ${maskProxyCredentials(socksProxy || "not set")}`);
+    logger.debug(`[Proxy Fetch] NO_PROXY: ${noProxy || "not set"}`);
+    // Return enhanced proxy-aware fetch function
     return async (input, init) => {
-        const requestId = `req-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
-        logger.debug(`[Proxy Fetch] 🚀 EXHAUSTIVE REQUEST START`, {
+        const requestId = `req-${Date.now()}-${Math.random().toString(36).substring(2, 11)}`;
+        // Determine target URL
+        const targetUrl = typeof input === "string"
+            ? input
+            : input instanceof URL
+                ? input.href
+                : input.url;
+        logger.debug(`[Proxy Fetch] 🚀 ENHANCED REQUEST START`, {
             requestId,
-            input: typeof input === "string"
-                ? input
-                : input instanceof URL
-                    ? input.href
-                    : input.url,
+            targetUrl,
             timestamp: new Date().toISOString(),
             httpProxy: httpProxy || "NOT_SET",
             httpsProxy: httpsProxy || "NOT_SET",
+            allProxy: allProxy || "NOT_SET",
+            socksProxy: socksProxy || "NOT_SET",
             initHeaders: init?.headers || "NO_HEADERS",
             initMethod: init?.method || "GET",
         });
         try {
-            // Dynamic import undici to avoid build issues
-            const undici = await import("undici");
-            const { ProxyAgent } = undici;
-            logger.debug(`[Proxy Fetch] 🔧 EXHAUSTIVE UNDICI IMPORT SUCCESS`, {
-                requestId,
-                hasUndici: !!undici,
-                hasProxyAgent: !!ProxyAgent,
-                undiciType: typeof undici,
-                proxyAgentType: typeof ProxyAgent,
-                timestamp: new Date().toISOString(),
-            });
-            const url = typeof input === "string"
-                ? new URL(input)
-                : input instanceof URL
-                    ? input
-                    : new URL(input.url);
-            const proxyUrl = url.protocol === "https:" ? httpsProxy : httpProxy;
-            logger.debug(`[Proxy Fetch] 🔗 EXHAUSTIVE URL ANALYSIS`, {
-                requestId,
-                urlString: url.href,
-                urlHostname: url.hostname,
-                urlProtocol: url.protocol,
-                urlPort: url.port,
-                urlPathname: url.pathname,
-                selectedProxyUrl: proxyUrl,
-                timestamp: new Date().toISOString(),
-            });
+            // Enhanced proxy selection with NO_PROXY bypass and multiple protocols
+            const proxyUrl = selectProxyUrl(targetUrl);
             if (proxyUrl) {
-                logger.debug(`[Proxy Fetch] Creating ProxyAgent for ${url.hostname} via ${proxyUrl}`);
-                logger.debug(`[Proxy Fetch] 🎯 EXHAUSTIVE PROXY AGENT CREATION`, {
+                const url = new URL(targetUrl);
+                logger.debug(`[Proxy Fetch] 🔗 ENHANCED URL ANALYSIS`, {
                     requestId,
-                    proxyUrl,
+                    targetUrl,
+                    urlHostname: url.hostname,
+                    urlProtocol: url.protocol,
+                    urlPort: url.port,
+                    selectedProxyUrl: maskProxyCredentials(proxyUrl), // Hide credentials in logs
+                    timestamp: new Date().toISOString(),
+                });
+                logger.debug(`[Proxy Fetch] 🎯 ENHANCED PROXY AGENT CREATION`, {
+                    requestId,
+                    proxyUrl: maskProxyCredentials(proxyUrl), // Hide credentials
                     targetHostname: url.hostname,
                     targetProtocol: url.protocol,
                     aboutToCreateProxyAgent: true,
                     timestamp: new Date().toISOString(),
                 });
-                // Create ProxyAgent
-                const dispatcher = new ProxyAgent(proxyUrl);
-                logger.debug(`[Proxy Fetch] ✅ EXHAUSTIVE PROXY AGENT CREATED`, {
+                // Create/reuse proxy agent (HTTP/HTTPS/SOCKS)
+                const agentCache = globalThis.__NL_PROXY_AGENT_CACHE__ ??
+                    (globalThis.__NL_PROXY_AGENT_CACHE__ = new Map());
+                const dispatcher = agentCache.get(proxyUrl) || (await createProxyAgent(proxyUrl));
+                agentCache.set(proxyUrl, dispatcher);
+                logger.debug(`[Proxy Fetch] ✅ ENHANCED PROXY AGENT CREATED`, {
                     requestId,
                     hasDispatcher: !!dispatcher,
                     dispatcherType: typeof dispatcher,
                     dispatcherConstructor: dispatcher?.constructor?.name || "unknown",
                     timestamp: new Date().toISOString(),
                 });
-                logger.debug(`[Proxy Fetch] 🌐 EXHAUSTIVE UNDICI FETCH CALL`, {
-                    requestId,
-                    aboutToCallUndici: true,
-                    inputType: typeof input,
-                    hasInit: !!init,
-                    hasDispatcher: !!dispatcher,
-                    timestamp: new Date().toISOString(),
-                });
-                // Use undici fetch with dispatcher
                 // Handle Request objects by extracting URL and merging properties
                 let fetchInput;
                 let fetchInit = { ...init };
                 if (input instanceof Request) {
                     fetchInput = input.url;
-                    // Merge Request properties into init
                     fetchInit = {
                         method: input.method,
                         headers: input.headers,
@@ -128,63 +258,67 @@ export function createProxyFetch() {
                 else {
                     fetchInput = input;
                 }
+                // Use undici fetch with enhanced dispatcher (supports HTTP/HTTPS/SOCKS)
+                const undici = await import("undici");
                 const response = await undici.fetch(fetchInput, {
                     ...fetchInit,
                     dispatcher: dispatcher,
                 });
-                logger.debug(`[Proxy Fetch] 🎉 EXHAUSTIVE UNDICI FETCH SUCCESS`, {
+                logger.debug(`[Proxy Fetch] 🎉 ENHANCED PROXY SUCCESS`, {
                     requestId,
-                    hasResponse: !!response,
                     responseStatus: response?.status,
-                    responseStatusText: response?.statusText,
-                    responseHeaders: response?.headers
-                        ? Object.fromEntries(response.headers.entries())
-                        : "NO_HEADERS",
                     responseOk: response?.ok,
-                    responseType: response?.type,
-                    responseUrl: response?.url,
+                    proxyUsed: true,
                     timestamp: new Date().toISOString(),
                 });
-                logger.debug(`[Proxy Fetch] ✅ Request proxied successfully to ${url.hostname}`);
-                return response; // undici.fetch returns compatible Response type
+                logger.debug(`[Proxy Fetch] ✅ Request proxied successfully via enhanced proxy`);
+                return response;
             }
         }
         catch (error) {
             const errorMessage = error instanceof Error ? error.message : String(error);
-            logger.debug(`[Proxy Fetch] 💥 EXHAUSTIVE ERROR ANALYSIS`, {
+            logger.debug(`[Proxy Fetch] 💥 ENHANCED ERROR ANALYSIS`, {
                 requestId,
                 error: errorMessage,
                 errorType: error instanceof Error ? error.constructor.name : typeof error,
-                errorStack: error instanceof Error ? error.stack : undefined,
-                errorCode: error?.code || "NO_CODE",
-                errorSyscall: error?.syscall || "NO_SYSCALL",
-                errorAddress: error?.address || "NO_ADDRESS",
-                errorPort: error?.port || "NO_PORT",
+                willFallback: true,
                 timestamp: new Date().toISOString(),
             });
-            logger.warn(`[Proxy Fetch] Proxy failed (${errorMessage}), falling back to direct connection`);
+            logger.warn(`[Proxy Fetch] Enhanced proxy failed (${errorMessage}), falling back to direct connection`);
         }
         // Fallback to standard fetch
-        logger.debug(`[Proxy Fetch] 🔄 EXHAUSTIVE FALLBACK TO STANDARD FETCH`, {
+        logger.debug(`[Proxy Fetch] 🔄 ENHANCED FALLBACK TO STANDARD FETCH`, {
             requestId,
-            fallbackReason: "Either no proxy URL or error occurred",
+            fallbackReason: "No proxy configured or proxy failed",
             timestamp: new Date().toISOString(),
         });
         return fetch(input, init);
     };
 }
 /**
- * Get proxy status information
+ * Get enhanced proxy status information
  */
 export function getProxyStatus() {
     const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
     const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
+    const allProxy = process.env.ALL_PROXY || process.env.all_proxy;
+    const socksProxy = process.env.SOCKS_PROXY || process.env.socks_proxy;
     const noProxy = process.env.NO_PROXY || process.env.no_proxy;
     return {
-        enabled: !!(httpsProxy || httpProxy),
+        enabled: !!(httpsProxy || httpProxy || allProxy || socksProxy),
         httpProxy: httpProxy || null,
         httpsProxy: httpsProxy || null,
+        allProxy: allProxy || null,
+        socksProxy: socksProxy || null,
         noProxy: noProxy || null,
-        method: "undici-proxy-agent",
+        method: "enhanced-proxy-agent",
+        capabilities: [
+            "HTTP/HTTPS Proxy",
+            "SOCKS4/SOCKS5 Proxy",
+            "Proxy Authentication",
+            "NO_PROXY Bypass",
+            "CIDR Range Matching",
+            "Wildcard Domain Matching",
+        ],
     };
 }

package/dist/proxy/utils/noProxyUtils.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Shared NO_PROXY utility functions
+ * Extracted from awsProxyIntegration.ts and proxyFetch.ts to eliminate duplication
+ * Supports comprehensive NO_PROXY pattern matching including wildcards, domains, ports, and CIDR
+ */
+/**
+ * Comprehensive NO_PROXY bypass check supporting multiple pattern types
+ *
+ * Supported patterns:
+ * - "*" - bypass all requests
+ * - "example.com" - exact hostname match
+ * - ".example.com" - domain suffix match (matches example.com and subdomains)
+ * - "localhost:8080" - hostname with specific port
+ * - "192.168.1.0/24" - CIDR notation for IP ranges
+ *
+ * @param targetUrl - The URL to check for proxy bypass
+ * @param noProxyEnv - Optional NO_PROXY environment variable value (if not provided, reads from process.env)
+ * @returns true if the URL should bypass proxy, false otherwise
+ */
+export declare function shouldBypassProxy(targetUrl: string, noProxyEnv?: string): boolean;
+/**
+ * Get the current NO_PROXY environment variable value
+ * Checks both uppercase and lowercase variants
+ */
+export declare function getNoProxyEnv(): string | undefined;
+/**
+ * Simple NO_PROXY bypass check with basic pattern support
+ * Legacy function for backward compatibility with simpler use cases
+ *
+ * Supports:
+ * - "*" - bypass all
+ * - "example.com" - exact match
+ * - ".example.com" - domain suffix match
+ *
+ * @param targetUrl - The URL to check
+ * @param noProxyValue - The NO_PROXY value to check against
+ * @returns true if should bypass proxy
+ */
+export declare function shouldBypassProxySimple(targetUrl: string, noProxyValue: string): boolean;

package/dist/proxy/utils/noProxyUtils.js

@@ -0,0 +1,149 @@
+/**
+ * Shared NO_PROXY utility functions
+ * Extracted from awsProxyIntegration.ts and proxyFetch.ts to eliminate duplication
+ * Supports comprehensive NO_PROXY pattern matching including wildcards, domains, ports, and CIDR
+ */
+import { logger } from "../../utils/logger.js";
+/**
+ * Check if an IP address is within a CIDR range
+ */
+function isIpInCIDR(ip, cidr) {
+    try {
+        const [cidrIp, prefixLength] = cidr.split("/");
+        const prefix = parseInt(prefixLength, 10);
+        if (isNaN(prefix) || prefix < 0 || prefix > 32) {
+            return false;
+        }
+        const ipToNumber = (ipStr) => {
+            const parts = ipStr.split(".").map(Number);
+            return (parts[0] << 24) + (parts[1] << 16) + (parts[2] << 8) + parts[3];
+        };
+        const ipNum = ipToNumber(ip);
+        const cidrIpNum = ipToNumber(cidrIp);
+        const mask = (-1 << (32 - prefix)) >>> 0;
+        return (ipNum & mask) === (cidrIpNum & mask);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Comprehensive NO_PROXY bypass check supporting multiple pattern types
+ *
+ * Supported patterns:
+ * - "*" - bypass all requests
+ * - "example.com" - exact hostname match
+ * - ".example.com" - domain suffix match (matches example.com and subdomains)
+ * - "localhost:8080" - hostname with specific port
+ * - "192.168.1.0/24" - CIDR notation for IP ranges
+ *
+ * @param targetUrl - The URL to check for proxy bypass
+ * @param noProxyEnv - Optional NO_PROXY environment variable value (if not provided, reads from process.env)
+ * @returns true if the URL should bypass proxy, false otherwise
+ */
+export function shouldBypassProxy(targetUrl, noProxyEnv) {
+    const noProxy = noProxyEnv || process.env.NO_PROXY || process.env.no_proxy;
+    if (!noProxy) {
+        return false;
+    }
+    try {
+        const url = new URL(targetUrl);
+        const hostname = url.hostname.toLowerCase();
+        const port = url.port || (url.protocol === "https:" ? "443" : "80");
+        const patterns = noProxy
+            .split(",")
+            .map((p) => p.trim())
+            .filter(Boolean);
+        for (const pattern of patterns) {
+            const lowerPattern = pattern.toLowerCase();
+            // Wildcard match - bypass all
+            if (lowerPattern === "*") {
+                return true;
+            }
+            // Domain suffix match (.example.com)
+            if (lowerPattern.startsWith(".")) {
+                const suffix = lowerPattern.slice(1);
+                if (hostname.endsWith(suffix) || hostname === suffix) {
+                    return true;
+                }
+            }
+            // Port-specific match (hostname:port)
+            else if (lowerPattern.includes(":")) {
+                const [patternHost, patternPort] = lowerPattern.split(":");
+                if (hostname === patternHost && port === patternPort) {
+                    return true;
+                }
+            }
+            // CIDR notation (192.168.1.0/24) - only for IP addresses
+            else if (lowerPattern.includes("/")) {
+                // Only apply CIDR when target is an IP literal
+                if (/^\d{1,3}(\.\d{1,3}){3}$/.test(hostname) &&
+                    isIpInCIDR(hostname, lowerPattern)) {
+                    return true;
+                }
+            }
+            // Exact hostname match
+            else if (hostname === lowerPattern) {
+                return true;
+            }
+        }
+        return false;
+    }
+    catch (error) {
+        logger.warn("[Proxy] Error in NO_PROXY bypass logic", { targetUrl, error });
+        return false;
+    }
+}
+/**
+ * Get the current NO_PROXY environment variable value
+ * Checks both uppercase and lowercase variants
+ */
+export function getNoProxyEnv() {
+    return process.env.NO_PROXY || process.env.no_proxy;
+}
+/**
+ * Simple NO_PROXY bypass check with basic pattern support
+ * Legacy function for backward compatibility with simpler use cases
+ *
+ * Supports:
+ * - "*" - bypass all
+ * - "example.com" - exact match
+ * - ".example.com" - domain suffix match
+ *
+ * @param targetUrl - The URL to check
+ * @param noProxyValue - The NO_PROXY value to check against
+ * @returns true if should bypass proxy
+ */
+export function shouldBypassProxySimple(targetUrl, noProxyValue) {
+    try {
+        const url = new URL(targetUrl);
+        const hostname = url.hostname.toLowerCase();
+        // Split NO_PROXY by comma and check each pattern
+        const patterns = noProxyValue.split(",").map((p) => p.trim().toLowerCase());
+        for (const pattern of patterns) {
+            if (!pattern) {
+                continue;
+            }
+            // Exact match
+            if (hostname === pattern) {
+                return true;
+            }
+            // Wildcard match (starts with .)
+            if (pattern.startsWith(".") && hostname.endsWith(pattern)) {
+                return true;
+            }
+            // Simple wildcard
+            if (pattern === "*") {
+                return true;
+            }
+        }
+        return false;
+    }
+    catch (error) {
+        logger.warn("[Proxy] Error in simple NO_PROXY bypass logic", {
+            targetUrl,
+            error,
+        });
+        return false;
+    }
+}

package/dist/types/providers.d.ts

@@ -41,6 +41,49 @@ export interface AnalyticsData {
     context?: JsonValue;
     [key: string]: JsonValue | undefined;
 }
+/**
+ * AWS Credential Configuration for Bedrock provider
+ */
+export interface AWSCredentialConfig {
+    region?: string;
+    profile?: string;
+    roleArn?: string;
+    roleSessionName?: string;
+    timeout?: number;
+    /** @deprecated Prefer maxAttempts to match AWS SDK v3 config */
+    maxRetries?: number;
+    /** Number of attempts as per AWS SDK v3 ("retry-mode") */
+    maxAttempts?: number;
+    enableDebugLogging?: boolean;
+    /** Optional service endpoint override (e.g., VPC/Gov endpoints) */
+    endpoint?: string;
+}
+/**
+ * AWS Credential Validation Result
+ */
+export interface CredentialValidationResult {
+    isValid: boolean;
+    credentialSource: string;
+    region: string;
+    hasExpiration: boolean;
+    expirationTime?: Date;
+    error?: string;
+    debugInfo: {
+        accessKeyId: string;
+        hasSessionToken: boolean;
+        providerConfig: Readonly<Required<AWSCredentialConfig>>;
+    };
+}
+/**
+ * Service Connectivity Test Result
+ */
+export interface ServiceConnectivityResult {
+    bedrockAccessible: boolean;
+    availableModels: number;
+    responseTimeMs: number;
+    error?: string;
+    sampleModels: string[];
+}
 /**
  * Model Capabilities - Maximally Reusable
  */

package/dist/utils/providerConfig.d.ts

@@ -109,6 +109,7 @@ export declare function createGoogleAuthConfig(): ProviderConfigOptions;
 export declare function createAnthropicBaseConfig(): ProviderConfigOptions;
 /**
  * Gets AWS Region with default fallback
+ * Supports both AWS_REGION and AWS_DEFAULT_REGION for broader compatibility
  */
 export declare function getAWSRegion(): string;
 /**