@juspay/neurolink 7.29.1 → 7.29.3

package/dist/providers/aws/credentialTester.js

@@ -0,0 +1,394 @@
+/**
+ * AWS Credential Testing Utilities for NeuroLink
+ *
+ * Provides comprehensive validation and debugging capabilities for AWS credentials
+ * to ensure compatibility with Bedrock-MCP-Connector authentication patterns.
+ */
+import { BedrockClient, ListFoundationModelsCommand, } from "@aws-sdk/client-bedrock";
+import { logger } from "../../utils/logger.js";
+/**
+ * Helper function to safely extract comprehensive error information from AWS errors
+ * This centralizes error extraction and captures AWS SDK v3 name, statusCode, and requestId
+ * Enhanced to handle multiple AWS SDK error formats and edge cases
+ */
+function extractAwsErrorInfo(error) {
+    const result = {};
+    if (typeof error === "object" && error !== null) {
+        const awsError = error; // Use AWSError interface to handle various error shapes
+        // Extract error code with comprehensive fallbacks
+        // AWS SDK v2: error.code, error.Code
+        // AWS SDK v3: error.name, error.Code, error.code
+        // Some services: error.errorCode, error.ErrorCode
+        result.code =
+            awsError.Code ||
+                awsError.code ||
+                awsError.errorCode ||
+                awsError.ErrorCode ||
+                awsError.name; // AWS SDK v3 often uses name as error code
+        // Extract error name with fallbacks
+        // AWS SDK v3: error.name is primary
+        // Some errors: error.errorType, error.ErrorType
+        // Fallback to constructor name
+        result.name =
+            awsError.name ||
+                awsError.errorType ||
+                awsError.ErrorType ||
+                awsError.constructor?.name;
+        // Extract error message with fallbacks
+        // Standard: error.message
+        // Some services: error.Message, error.errorMessage
+        result.message =
+            awsError.message ||
+                awsError.Message ||
+                awsError.errorMessage ||
+                String(error); // Last resort stringification
+        // Extract metadata with multiple patterns
+        // AWS SDK v3: error.$metadata
+        // Some services: error.metadata, error.$response
+        const metadata = awsError.$metadata || awsError.metadata || awsError.$response;
+        if (metadata && typeof metadata === "object") {
+            const metadataObj = metadata;
+            result.statusCode =
+                metadataObj.httpStatusCode ||
+                    metadataObj.statusCode ||
+                    metadataObj.status;
+            result.requestId =
+                metadataObj.requestId ||
+                    metadataObj.RequestId ||
+                    metadataObj.request_id ||
+                    metadataObj["x-amzn-requestid"]; // Common response header
+        }
+        // Handle wrapped errors (common in AWS SDK v3)
+        // Sometimes the actual error is nested in error.cause or error.$fault
+        if (!result.code && (awsError.cause || awsError.$fault)) {
+            const nestedError = awsError.cause || awsError.$fault;
+            const nestedInfo = extractAwsErrorInfo(nestedError);
+            // Merge nested error info, preferring current level
+            result.code = result.code || nestedInfo.code;
+            result.name = result.name || nestedInfo.name;
+            result.message = result.message || nestedInfo.message;
+            result.statusCode = result.statusCode || nestedInfo.statusCode;
+            result.requestId = result.requestId || nestedInfo.requestId;
+        }
+    }
+    // Handle primitive error types (strings, etc.)
+    if (!result.message && error) {
+        result.message = String(error);
+    }
+    return result;
+}
+/**
+ * Credential testing and validation utility class
+ */
+export class CredentialTester {
+    /**
+     * Validate AWS credentials and detect their source
+     */
+    static async validateCredentials(provider) {
+        const startTime = Date.now();
+        try {
+            // Get credentials from provider
+            const credentials = await provider.getCredentials();
+            const config = provider.getConfig();
+            // Detect credential source based on available information
+            const credentialSource = await this.detectCredentialSource(credentials, config);
+            const result = {
+                isValid: true,
+                credentialSource,
+                region: config.region,
+                hasExpiration: !!credentials.expiration,
+                expirationTime: credentials.expiration,
+                debugInfo: {
+                    accessKeyId: credentials.accessKeyId.substring(0, 8) + "***",
+                    hasSessionToken: !!credentials.sessionToken,
+                    providerConfig: config,
+                },
+            };
+            logger.debug("Credential validation successful", {
+                source: credentialSource,
+                region: config.region,
+                validationTimeMs: Date.now() - startTime,
+            });
+            return result;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            logger.error("Credential validation failed", {
+                error: errorMessage,
+                validationTimeMs: Date.now() - startTime,
+            });
+            return {
+                isValid: false,
+                credentialSource: "unknown",
+                region: provider.getConfig().region,
+                hasExpiration: false,
+                error: errorMessage,
+                debugInfo: {
+                    accessKeyId: "unavailable",
+                    hasSessionToken: false,
+                    providerConfig: provider.getConfig(),
+                },
+            };
+        }
+    }
+    /**
+     * Test AWS Bedrock service connectivity
+     */
+    static async testBedrockConnectivity(provider, region) {
+        const startTime = Date.now();
+        const testRegion = region || provider.getConfig().region;
+        logger.debug("Starting Bedrock connectivity test", {
+            region: testRegion,
+            providerConfig: provider.getConfig(),
+        });
+        try {
+            // First, get credentials to see what we're working with
+            const credentials = await provider.getCredentials();
+            logger.debug("Got credentials for Bedrock test", {
+                accessKeyId: credentials.accessKeyId.substring(0, 8) + "***",
+                hasSessionToken: !!credentials.sessionToken,
+                hasExpiration: !!credentials.expiration,
+                expiration: credentials.expiration?.toISOString(),
+                credentialType: credentials.accessKeyId?.startsWith("ASIA")
+                    ? "temporary"
+                    : "long-term",
+            });
+            // Create Bedrock client with credential provider (use BedrockClient for listing models)
+            logger.debug("Creating BedrockClient", {
+                region: testRegion,
+                credentialProviderType: typeof provider.getCredentialProvider(),
+            });
+            const bedrockClient = new BedrockClient({
+                region: testRegion,
+                credentials: provider.getCredentialProvider(),
+                maxAttempts: provider.getConfig().maxAttempts || 3,
+            });
+            logger.debug("BedrockClient created, sending ListFoundationModelsCommand");
+            // Test connectivity by listing foundation models
+            const command = new ListFoundationModelsCommand({});
+            const ctrl = new AbortController();
+            const timeoutId = setTimeout(() => ctrl.abort(), provider.getConfig().timeout || 15000);
+            let response;
+            try {
+                response = await bedrockClient.send(command, {
+                    abortSignal: ctrl.signal,
+                });
+            }
+            finally {
+                clearTimeout(timeoutId);
+            }
+            logger.debug("ListFoundationModelsCommand response received", {
+                hasModelSummaries: !!response.modelSummaries,
+                modelCount: response.modelSummaries?.length || 0,
+                responseMetadata: response.$metadata,
+            });
+            const models = response.modelSummaries || [];
+            const responseTime = Date.now() - startTime;
+            const result = {
+                bedrockAccessible: true,
+                availableModels: models.length,
+                responseTimeMs: responseTime,
+                sampleModels: models
+                    .slice(0, 5)
+                    .map((model) => model.modelId || "unknown"),
+            };
+            logger.debug("Bedrock connectivity test successful", {
+                region: testRegion,
+                modelsFound: models.length,
+                responseTimeMs: responseTime,
+                sampleModels: result.sampleModels,
+            });
+            return result;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            const responseTime = Date.now() - startTime;
+            const { code, statusCode, requestId } = extractAwsErrorInfo(error);
+            logger.error("Bedrock connectivity test failed", {
+                region: testRegion,
+                error: errorMessage,
+                errorType: error instanceof Error ? error.constructor.name : "unknown",
+                errorCode: code,
+                statusCode,
+                requestId,
+                stack: error instanceof Error ? error.stack : "no stack trace",
+                responseTimeMs: responseTime,
+            });
+            return {
+                bedrockAccessible: false,
+                availableModels: 0,
+                responseTimeMs: responseTime,
+                error: errorMessage,
+                sampleModels: [],
+            };
+        }
+    }
+    /**
+     * Perform comprehensive credential and service testing
+     */
+    static async runComprehensiveTest(provider, testRegions = ["us-east-1", "us-west-2"]) {
+        logger.debug("Starting comprehensive AWS credential and connectivity test");
+        // Test credential validation
+        const credentialValidation = await this.validateCredentials(provider);
+        // Test connectivity across multiple regions (in parallel)
+        const connectivityTests = await Promise.all(testRegions.map(async (region) => {
+            try {
+                const result = await this.testBedrockConnectivity(provider, region);
+                return { region, result };
+            }
+            catch (error) {
+                const errorMessage = error instanceof Error ? error.message : String(error);
+                return {
+                    region,
+                    result: {
+                        bedrockAccessible: false,
+                        availableModels: 0,
+                        responseTimeMs: 0,
+                        error: errorMessage,
+                        sampleModels: [],
+                    },
+                };
+            }
+        }));
+        // Determine overall status
+        let overallStatus;
+        let summary;
+        if (!credentialValidation.isValid) {
+            overallStatus = "failed";
+            summary = `Credential validation failed: ${credentialValidation.error}`;
+        }
+        else {
+            const successfulConnections = connectivityTests.filter((test) => test.result.bedrockAccessible).length;
+            if (successfulConnections === testRegions.length) {
+                overallStatus = "success";
+                summary = `All tests passed. Credentials valid, Bedrock accessible in ${successfulConnections}/${testRegions.length} regions.`;
+            }
+            else if (successfulConnections > 0) {
+                overallStatus = "partial";
+                summary = `Partial success. Credentials valid, Bedrock accessible in ${successfulConnections}/${testRegions.length} regions.`;
+            }
+            else {
+                overallStatus = "failed";
+                summary = `Credentials valid but Bedrock inaccessible in all tested regions.`;
+            }
+        }
+        logger.info("Comprehensive test completed", {
+            overallStatus,
+            credentialSource: credentialValidation.credentialSource,
+            successfulConnections: connectivityTests.filter((test) => test.result.bedrockAccessible).length,
+            totalRegionsTested: testRegions.length,
+        });
+        return {
+            credentialValidation,
+            connectivityTests,
+            overallStatus,
+            summary,
+        };
+    }
+    /**
+     * Detect the source of AWS credentials based on credential properties and environment
+     */
+    static async detectCredentialSource(credentials, config) {
+        // Check for environment variables (static creds)
+        if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {
+            return credentials.sessionToken
+                ? "Environment Variables (with session token)"
+                : "Environment Variables";
+        }
+        // Explicit env‐based sources first
+        if (process.env.AWS_WEB_IDENTITY_TOKEN_FILE) {
+            return "Web Identity Token";
+        }
+        if (process.env.AWS_CREDENTIAL_PROCESS) {
+            return "Credential Process";
+        }
+        // Check for role‐based credentials (temporary credentials with session token)
+        if (credentials.sessionToken && credentials.expiration) {
+            // Prefer explicit hints first
+            if (config.roleArn) {
+                return "STS Assume Role";
+            }
+            // Enhanced container detection
+            if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ||
+                process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI) {
+                // Detect specific container environments
+                if (process.env.AWS_EXECUTION_ENV === "AWS_ECS_FARGATE") {
+                    return "Container Credentials (ECS Fargate)";
+                }
+                if (process.env.AWS_EXECUTION_ENV === "AWS_ECS_EC2") {
+                    return "Container Credentials (ECS)";
+                }
+                return "Container Credentials (ECS)";
+            }
+            // Enhanced Lambda detection
+            if (process.env.AWS_LAMBDA_FUNCTION_NAME) {
+                return "Lambda Execution Role";
+            }
+            // Enhanced EC2 detection
+            if (process.env.AWS_EXECUTION_ENV?.includes("EC2")) {
+                return "Instance Metadata (EC2)";
+            }
+            // Enhanced EKS detection
+            if (process.env.KUBERNETES_SERVICE_HOST) {
+                return "Service Account (EKS)";
+            }
+            return "Temporary Credentials (IAM Role)";
+        }
+        // SSO (env‐configured)
+        if (process.env.AWS_SSO_START_URL || process.env.AWS_SSO_REGION) {
+            return "AWS SSO";
+        }
+        // Check for profile‐based credentials
+        if (config.profile !== "default") {
+            return `AWS Profile (${config.profile})`;
+        }
+        if (process.env.AWS_PROFILE) {
+            return `AWS Profile (${process.env.AWS_PROFILE})`;
+        }
+        // Default fallback
+        return "AWS Credentials File";
+    }
+    /**
+     * Get credential source name for debugging
+     */
+    static async getCredentialSource(provider) {
+        try {
+            const credentials = await provider.getCredentials();
+            const config = provider.getConfig();
+            return await this.detectCredentialSource(credentials, config);
+        }
+        catch {
+            return "Unable to determine credential source";
+        }
+    }
+    /**
+     * Test credential refresh functionality
+     */
+    static async testCredentialRefresh(provider) {
+        const startTime = Date.now();
+        try {
+            await provider.refreshCredentials();
+            const refreshTime = Date.now() - startTime;
+            logger.debug("Credential refresh test successful", {
+                refreshTimeMs: refreshTime,
+            });
+            return {
+                refreshSuccessful: true,
+                refreshTimeMs: refreshTime,
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            const refreshTime = Date.now() - startTime;
+            logger.error("Credential refresh test failed", {
+                error: errorMessage,
+                refreshTimeMs: refreshTime,
+            });
+            return {
+                refreshSuccessful: false,
+                refreshTimeMs: refreshTime,
+                error: errorMessage,
+            };
+        }
+    }
+}

package/dist/providers/azureOpenai.d.ts

@@ -16,6 +16,6 @@ export declare class AzureOpenAIProvider extends BaseProvider {
      */
     protected getAISDKModel(): LanguageModelV1;
     protected handleProviderError(error: unknown): Error;
-    protected executeStream(options: StreamOptions, analysisSchema?: unknown): Promise<StreamResult>;
+    protected executeStream(options: StreamOptions, _analysisSchema?: unknown): Promise<StreamResult>;
 }
 export default AzureOpenAIProvider;

package/dist/providers/azureOpenai.js

@@ -70,7 +70,7 @@ export class AzureOpenAIProvider extends BaseProvider {
         return new Error(`Azure OpenAI error: ${message}`);
     }
     // executeGenerate removed - BaseProvider handles all generation with tools
-    async executeStream(options, analysisSchema) {
+    async executeStream(options, _analysisSchema) {
         try {
             // Build message array from options
             const messages = buildMessagesArray(options);

package/dist/providers/googleAiStudio.d.ts

@@ -16,7 +16,7 @@ export declare class GoogleAIStudioProvider extends BaseProvider {
      */
     protected getAISDKModel(): LanguageModelV1;
     protected handleProviderError(error: unknown): Error;
-    protected executeStream(options: StreamOptions, analysisSchema?: ZodUnknownSchema | Schema<unknown>): Promise<StreamResult>;
+    protected executeStream(options: StreamOptions, _analysisSchema?: ZodUnknownSchema | Schema<unknown>): Promise<StreamResult>;
     private getApiKey;
 }
 export default GoogleAIStudioProvider;

package/dist/providers/googleAiStudio.js

@@ -3,7 +3,7 @@ import { streamText } from "ai";
 import { GoogleAIModels } from "../core/types.js";
 import { BaseProvider } from "../core/baseProvider.js";
 import { logger } from "../utils/logger.js";
-import { createTimeoutController, TimeoutError, } from "../utils/timeout.js";
+import { createTimeoutController, TimeoutError } from "../utils/timeout.js";
 import { AuthenticationError, NetworkError, ProviderError, RateLimitError, } from "../types/errors.js";
 import { DEFAULT_MAX_TOKENS, DEFAULT_MAX_STEPS } from "../core/constants.js";
 import { streamAnalyticsCollector } from "../core/streamAnalytics.js";
@@ -60,7 +60,7 @@ export class GoogleAIStudioProvider extends BaseProvider {
         throw new ProviderError(`Google AI error: ${message}`, this.providerName);
     }
     // executeGenerate removed - BaseProvider handles all generation with tools
-    async executeStream(options, analysisSchema) {
+    async executeStream(options, _analysisSchema) {
         this.validateStreamOptions(options);
         const startTime = Date.now();
         const apiKey = this.getApiKey();

package/dist/providers/googleVertex.d.ts

@@ -33,12 +33,52 @@ export declare class GoogleVertexProvider extends BaseProvider {
      * Creates fresh model instances for each request
      */
     protected getAISDKModel(): Promise<LanguageModel>;
+    /**
+     * Initialize model creation logging and tracking
+     */
+    private initializeModelCreationLogging;
+    /**
+     * Check if model is Anthropic-based and attempt creation
+     */
+    private attemptAnthropicModelCreation;
+    /**
+     * Create Google Vertex model with comprehensive logging and error handling
+     */
+    private createGoogleVertexModel;
+    /**
+     * Create Vertex AI instance and model with comprehensive logging
+     */
+    private createVertexInstance;
     /**
      * Gets the appropriate model instance (Google or Anthropic)
      * Uses dual provider architecture for proper model routing
      * Creates fresh instances for each request to ensure proper authentication
      */
     private getModel;
+    /**
+     * Log stream execution start with comprehensive analysis
+     */
+    private logStreamExecutionStart;
+    /**
+     * Log timeout setup process
+     */
+    private logTimeoutSetup;
+    /**
+     * Log successful timeout setup
+     */
+    private logTimeoutSetupSuccess;
+    /**
+     * Log and perform stream options validation
+     */
+    private logAndValidateStreamOptions;
+    /**
+     * Log start of message building process
+     */
+    private logMessageBuildStart;
+    /**
+     * Log successful message building
+     */
+    private logMessageBuildSuccess;
     protected executeStream(options: StreamOptions, analysisSchema?: ZodType<unknown, ZodTypeDef, unknown> | Schema<unknown>): Promise<StreamResult>;
     protected handleProviderError(error: unknown): Error;
     /**