npm - @juspay/neurolink - Versions diffs - 9.25.0 → 9.25.1 - Mend

@juspay/neurolink 9.25.0 → 9.25.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/CHANGELOG.md +6 -0
package/dist/core/baseProvider.js +2 -51
package/dist/lib/core/baseProvider.js +2 -51
package/dist/lib/neurolink.js +26 -1
package/dist/lib/observability/exporters/langfuseExporter.js +5 -1
package/dist/lib/observability/metricsAggregator.js +6 -2
package/dist/lib/observability/spanProcessor.js +18 -2
package/dist/lib/observability/utils/safeMetadata.d.ts +10 -0
package/dist/lib/observability/utils/safeMetadata.js +26 -0
package/dist/lib/observability/utils/spanSerializer.js +5 -1
package/dist/lib/providers/googleVertex.js +2 -6
package/dist/neurolink.js +26 -1
package/dist/observability/exporters/langfuseExporter.js +5 -1
package/dist/observability/metricsAggregator.js +6 -2
package/dist/observability/spanProcessor.js +18 -2
package/dist/observability/utils/safeMetadata.d.ts +10 -0
package/dist/observability/utils/safeMetadata.js +25 -0
package/dist/observability/utils/spanSerializer.js +5 -1
package/dist/providers/googleVertex.js +2 -6
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,9 @@
+## [9.25.1](https://github.com/juspay/neurolink/compare/v9.25.0...v9.25.1) (2026-03-15)
+### Bug Fixes
+- **(observability):** address code review findings from PR [#860](https://github.com/juspay/neurolink/issues/860) ([1655c7e](https://github.com/juspay/neurolink/commit/1655c7ef6991eb104834e10fa7d21516539ea16d))
 ## [9.25.0](https://github.com/juspay/neurolink/compare/v9.24.0...v9.25.0) (2026-03-15)
 ### Features

package/dist/core/baseProvider.js CHANGED Viewed

@@ -3,13 +3,9 @@ import { generateText } from "ai";
 import { directAgentTools } from "../agent/directTools.js";
 import { IMAGE_GENERATION_MODELS } from "../core/constants.js";
 import { MiddlewareFactory } from "../middleware/factory.js";
-import { getMetricsAggregator } from "../observability/metricsAggregator.js";
-import { SpanStatus, SpanType } from "../observability/types/spanTypes.js";
-import { SpanSerializer } from "../observability/utils/spanSerializer.js";
 import { ATTR, tracers } from "../telemetry/index.js";
 import { isAbortError } from "../utils/errorHandling.js";
 import { logger } from "../utils/logger.js";
-import { calculateCost } from "../utils/pricing.js";
 import { composeAbortSignals, createTimeoutController, TimeoutError, } from "../utils/timeout.js";
 import { shouldDisableBuiltinTools } from "../utils/toolUtils.js";
 import { getKeyCount, getKeysAsString } from "../utils/transformationUtils.js";
@@ -85,14 +81,6 @@ export class BaseProvider {
      */
     async stream(optionsOrPrompt, analysisSchema) {
         let options = this.normalizeStreamOptions(optionsOrPrompt);
-        // Observability: create metrics span for provider.stream
-        const metricsSpan = SpanSerializer.createSpan(SpanType.MODEL_GENERATION, "provider.stream", {
-            "ai.provider": this.providerName || "unknown",
-            "ai.model": this.modelName || options.model || "unknown",
-            "ai.temperature": options.temperature,
-            "ai.max_tokens": options.maxTokens,
-        }, this._traceContext?.parentSpanId, this._traceContext?.traceId);
-        let metricsSpanRecorded = false;
         // OTEL span for provider-level stream tracing
         const otelStreamSpan = tracers.provider.startSpan("neurolink.provider.stream", {
             kind: SpanKind.CLIENT,
@@ -185,10 +173,6 @@ export class BaseProvider {
             }
         }
         catch (error) {
-            // Observability: record failed stream span
-            metricsSpanRecorded = true;
-            const endedStreamSpan = SpanSerializer.endSpan(metricsSpan, SpanStatus.ERROR, error instanceof Error ? error.message : String(error));
-            getMetricsAggregator().recordSpan(endedStreamSpan);
             otelStreamSpan.setStatus({
                 code: SpanStatusCode.ERROR,
                 message: error instanceof Error ? error.message : String(error),
@@ -197,10 +181,8 @@ export class BaseProvider {
             throw error;
         }
         finally {
-            // Observability: record successful stream span (only if not already ended via error path)
-            if (!metricsSpanRecorded) {
-                const endedStreamSpan = SpanSerializer.endSpan(metricsSpan, SpanStatus.OK);
-                getMetricsAggregator().recordSpan(endedStreamSpan);
+            // End OTEL span on success (only if not already ended via error path)
+            if (otelStreamSpan.isRecording()) {
                 otelStreamSpan.setStatus({ code: SpanStatusCode.OK });
                 otelStreamSpan.end();
             }
@@ -495,13 +477,6 @@ export class BaseProvider {
         const options = this.normalizeTextOptions(optionsOrPrompt);
         this.validateOptions(options);
         const startTime = Date.now();
-        // Observability: create metrics span for provider.generate
-        const metricsSpan = SpanSerializer.createSpan(SpanType.MODEL_GENERATION, "provider.generate", {
-            "ai.provider": this.providerName || "unknown",
-            "ai.model": this.modelName || options.model || "unknown",
-            "ai.temperature": options.temperature,
-            "ai.max_tokens": options.maxTokens,
-        }, this._traceContext?.parentSpanId, this._traceContext?.traceId);
         // OTEL span for provider-level generate tracing
         // Use startActiveSpan pattern via context.with() so child spans become descendants
         const otelSpan = tracers.provider.startSpan("neurolink.provider.generate", {
@@ -690,33 +665,9 @@ export class BaseProvider {
                         });
                     }
                 }
-                // Observability: record successful generate span with token/cost data
-                let enrichedGenerateSpan = { ...metricsSpan };
-                if (enhancedResult?.usage) {
-                    enrichedGenerateSpan = SpanSerializer.enrichWithTokenUsage(enrichedGenerateSpan, {
-                        promptTokens: enhancedResult.usage.input || 0,
-                        completionTokens: enhancedResult.usage.output || 0,
-                        totalTokens: enhancedResult.usage.total || 0,
-                    });
-                    const cost = calculateCost(this.providerName, this.modelName, {
-                        input: enhancedResult.usage.input || 0,
-                        output: enhancedResult.usage.output || 0,
-                        total: enhancedResult.usage.total || 0,
-                    });
-                    if (cost && cost > 0) {
-                        enrichedGenerateSpan = SpanSerializer.enrichWithCost(enrichedGenerateSpan, {
-                            totalCost: cost,
-                        });
-                    }
-                }
-                const endedGenerateSpan = SpanSerializer.endSpan(enrichedGenerateSpan, SpanStatus.OK);
-                getMetricsAggregator().recordSpan(endedGenerateSpan);
                 return await this.enhanceResult(enhancedResult, options, startTime);
             }
             catch (error) {
-                // Observability: record failed generate span
-                const endedGenerateSpan = SpanSerializer.endSpan(metricsSpan, SpanStatus.ERROR, error instanceof Error ? error.message : String(error));
-                getMetricsAggregator().recordSpan(endedGenerateSpan);
                 otelSpan.setStatus({
                     code: SpanStatusCode.ERROR,
                     message: error instanceof Error ? error.message : String(error),

package/dist/lib/core/baseProvider.js CHANGED Viewed

@@ -3,13 +3,9 @@ import { generateText } from "ai";
 import { directAgentTools } from "../agent/directTools.js";
 import { IMAGE_GENERATION_MODELS } from "../core/constants.js";
 import { MiddlewareFactory } from "../middleware/factory.js";
-import { getMetricsAggregator } from "../observability/metricsAggregator.js";
-import { SpanStatus, SpanType } from "../observability/types/spanTypes.js";
-import { SpanSerializer } from "../observability/utils/spanSerializer.js";
 import { ATTR, tracers } from "../telemetry/index.js";
 import { isAbortError } from "../utils/errorHandling.js";
 import { logger } from "../utils/logger.js";
-import { calculateCost } from "../utils/pricing.js";
 import { composeAbortSignals, createTimeoutController, TimeoutError, } from "../utils/timeout.js";
 import { shouldDisableBuiltinTools } from "../utils/toolUtils.js";
 import { getKeyCount, getKeysAsString } from "../utils/transformationUtils.js";
@@ -85,14 +81,6 @@ export class BaseProvider {
      */
     async stream(optionsOrPrompt, analysisSchema) {
         let options = this.normalizeStreamOptions(optionsOrPrompt);
-        // Observability: create metrics span for provider.stream
-        const metricsSpan = SpanSerializer.createSpan(SpanType.MODEL_GENERATION, "provider.stream", {
-            "ai.provider": this.providerName || "unknown",
-            "ai.model": this.modelName || options.model || "unknown",
-            "ai.temperature": options.temperature,
-            "ai.max_tokens": options.maxTokens,
-        }, this._traceContext?.parentSpanId, this._traceContext?.traceId);
-        let metricsSpanRecorded = false;
         // OTEL span for provider-level stream tracing
         const otelStreamSpan = tracers.provider.startSpan("neurolink.provider.stream", {
             kind: SpanKind.CLIENT,
@@ -185,10 +173,6 @@ export class BaseProvider {
             }
         }
         catch (error) {
-            // Observability: record failed stream span
-            metricsSpanRecorded = true;
-            const endedStreamSpan = SpanSerializer.endSpan(metricsSpan, SpanStatus.ERROR, error instanceof Error ? error.message : String(error));
-            getMetricsAggregator().recordSpan(endedStreamSpan);
             otelStreamSpan.setStatus({
                 code: SpanStatusCode.ERROR,
                 message: error instanceof Error ? error.message : String(error),
@@ -197,10 +181,8 @@ export class BaseProvider {
             throw error;
         }
         finally {
-            // Observability: record successful stream span (only if not already ended via error path)
-            if (!metricsSpanRecorded) {
-                const endedStreamSpan = SpanSerializer.endSpan(metricsSpan, SpanStatus.OK);
-                getMetricsAggregator().recordSpan(endedStreamSpan);
+            // End OTEL span on success (only if not already ended via error path)
+            if (otelStreamSpan.isRecording()) {
                 otelStreamSpan.setStatus({ code: SpanStatusCode.OK });
                 otelStreamSpan.end();
             }
@@ -495,13 +477,6 @@ export class BaseProvider {
         const options = this.normalizeTextOptions(optionsOrPrompt);
         this.validateOptions(options);
         const startTime = Date.now();
-        // Observability: create metrics span for provider.generate
-        const metricsSpan = SpanSerializer.createSpan(SpanType.MODEL_GENERATION, "provider.generate", {
-            "ai.provider": this.providerName || "unknown",
-            "ai.model": this.modelName || options.model || "unknown",
-            "ai.temperature": options.temperature,
-            "ai.max_tokens": options.maxTokens,
-        }, this._traceContext?.parentSpanId, this._traceContext?.traceId);
         // OTEL span for provider-level generate tracing
         // Use startActiveSpan pattern via context.with() so child spans become descendants
         const otelSpan = tracers.provider.startSpan("neurolink.provider.generate", {
@@ -690,33 +665,9 @@ export class BaseProvider {
                         });
                     }
                 }
-                // Observability: record successful generate span with token/cost data
-                let enrichedGenerateSpan = { ...metricsSpan };
-                if (enhancedResult?.usage) {
-                    enrichedGenerateSpan = SpanSerializer.enrichWithTokenUsage(enrichedGenerateSpan, {
-                        promptTokens: enhancedResult.usage.input || 0,
-                        completionTokens: enhancedResult.usage.output || 0,
-                        totalTokens: enhancedResult.usage.total || 0,
-                    });
-                    const cost = calculateCost(this.providerName, this.modelName, {
-                        input: enhancedResult.usage.input || 0,
-                        output: enhancedResult.usage.output || 0,
-                        total: enhancedResult.usage.total || 0,
-                    });
-                    if (cost && cost > 0) {
-                        enrichedGenerateSpan = SpanSerializer.enrichWithCost(enrichedGenerateSpan, {
-                            totalCost: cost,
-                        });
-                    }
-                }
-                const endedGenerateSpan = SpanSerializer.endSpan(enrichedGenerateSpan, SpanStatus.OK);
-                getMetricsAggregator().recordSpan(endedGenerateSpan);
                 return await this.enhanceResult(enhancedResult, options, startTime);
             }
             catch (error) {
-                // Observability: record failed generate span
-                const endedGenerateSpan = SpanSerializer.endSpan(metricsSpan, SpanStatus.ERROR, error instanceof Error ? error.message : String(error));
-                getMetricsAggregator().recordSpan(endedGenerateSpan);
                 otelSpan.setStatus({
                     code: SpanStatusCode.ERROR,
                     message: error instanceof Error ? error.message : String(error),

package/dist/lib/neurolink.js CHANGED Viewed

@@ -1693,7 +1693,11 @@ Current user's request: ${currentInput}`;
                     span.spanId = traceCtx.parentSpanId;
                     span.parentSpanId = undefined;
                 }
-                span = SpanSerializer.endSpan(span, SpanStatus.OK);
+                // Mark failed generations with ERROR status so metrics count them correctly
+                const spanStatus = data.success === false || data.error
+                    ? SpanStatus.ERROR
+                    : SpanStatus.OK;
+                span = SpanSerializer.endSpan(span, spanStatus, data.error ? String(data.error) : undefined);
                 span.durationMs = responseTime;
                 if (usage) {
                     span = SpanSerializer.enrichWithTokenUsage(span, {
@@ -2304,6 +2308,27 @@ Current user's request: ${currentInput}`;
                         code: SpanStatusCode.ERROR,
                         message: error instanceof Error ? error.message : String(error),
                     });
+                    // Emit generation:end on error so metrics listeners still record the failure.
+                    // Note: variables declared inside try blocks are not accessible in error
+                    // handlers, so we extract what we can from the original input.
+                    const errProvider = typeof optionsOrPrompt === "object"
+                        ? optionsOrPrompt.provider || "unknown"
+                        : "unknown";
+                    const errModel = typeof optionsOrPrompt === "object"
+                        ? optionsOrPrompt.model || "unknown"
+                        : "unknown";
+                    try {
+                        this.emitter.emit("generation:end", {
+                            provider: errProvider,
+                            model: errModel,
+                            responseTime: 0,
+                            error: error instanceof Error ? error.message : String(error),
+                            success: false,
+                        });
+                    }
+                    catch (emitError) {
+                        void emitError; // non-blocking — error event emission is best-effort
+                    }
                     throw error;
                 }
                 finally {

package/dist/lib/observability/exporters/langfuseExporter.js CHANGED Viewed

@@ -118,7 +118,9 @@ export class LangfuseExporter extends BaseExporter {
             name: span.name,
             userId: span.attributes["user.id"],
             sessionId: span.attributes["session.id"],
-            metadata: span.attributes,
+            // Only pick safe, non-PII attributes for metadata — intentionally excludes
+            // input, output, error.stack, and other user content to match Braintrust exporter
+            metadata: filterSafeMetadata(span.attributes),
             release: this.release,
             tags: this.extractTags(span),
         };
@@ -197,4 +199,6 @@ export class LangfuseExporter extends BaseExporter {
         return tags;
     }
 }
+// Safe metadata filtering imported from shared module to avoid duplication
+import { filterSafeMetadata } from "../utils/safeMetadata.js";
 //# sourceMappingURL=langfuseExporter.js.map

package/dist/lib/observability/metricsAggregator.js CHANGED Viewed

@@ -35,8 +35,12 @@ export class MetricsAggregator {
     recordSpan(span) {
         // Enforce maximum spans limit
         if (this.spans.length >= this.config.maxSpansRetained) {
-            this.spans.shift(); // Remove oldest span
-            // Note: We keep aggregated metrics, only raw spans are trimmed
+            const evicted = this.spans.shift(); // Remove oldest span
+            // Only trim latencyValues when the evicted span had a duration recorded
+            if (evicted?.durationMs !== undefined) {
+                this.latencyValues.shift();
+            }
+            // Note: We keep aggregated metrics, only raw spans and latency values are trimmed
         }
         this.spans.push(span);
         // Update timestamps

package/dist/lib/observability/spanProcessor.js CHANGED Viewed

@@ -66,6 +66,8 @@ export class RedactionProcessor {
             "credentials",
             "private_key",
             "privateKey",
+            "stack",
+            "error.stack",
         ]);
         this.redactedValue = config?.redactedValue ?? "[REDACTED]";
     }
@@ -228,11 +230,25 @@ export class BatchProcessor {
             this.flush();
         }, this.flushIntervalMs);
     }
+    // Note: flush() is intentionally synchronous. The onBatchReady callback is
+    // typed as `(spans: SpanData[]) => void` — callers must not pass async
+    // exporters. If async export is needed, the callback should handle its own
+    // error reporting (e.g. fire-and-forget with promise error handlers).
     flush() {
         if (this.batch.length > 0 && this.onBatchReady) {
             const spans = [...this.batch];
-            this.batch = [];
-            this.onBatchReady(spans);
+            try {
+                this.onBatchReady(spans);
+                this.batch = [];
+            }
+            catch (flushError) {
+                // Keep spans for next flush attempt, but cap backlog growth
+                void flushError; // acknowledged — error is expected during exporter outages
+                const maxBacklog = this.batchSize * 20;
+                if (this.batch.length > maxBacklog) {
+                    this.batch = this.batch.slice(this.batch.length - maxBacklog);
+                }
+            }
         }
     }
     async shutdown() {

package/dist/lib/observability/utils/safeMetadata.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Safe metadata filtering for observability exporters.
+ *
+ * Only these attribute keys are forwarded to third-party backends as trace
+ * metadata. User prompts (input), LLM responses (output), error stacks, and
+ * any other potentially sensitive data are excluded to prevent PII leaks.
+ */
+import type { SpanAttributes } from "../types/spanTypes.js";
+export declare const SAFE_METADATA_KEYS: Set<string>;
+export declare function filterSafeMetadata(attributes: SpanAttributes): Record<string, unknown>;

package/dist/lib/observability/utils/safeMetadata.js ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Safe metadata filtering for observability exporters.
+ *
+ * Only these attribute keys are forwarded to third-party backends as trace
+ * metadata. User prompts (input), LLM responses (output), error stacks, and
+ * any other potentially sensitive data are excluded to prevent PII leaks.
+ */
+// Only ai.* keys are forwarded as metadata. Stream metrics (chunk_count,
+// content_length) should be accessed via span attributes directly, not via
+// metadata sent to third-party backends.
+export const SAFE_METADATA_KEYS = new Set([
+    "ai.provider",
+    "ai.model",
+    "ai.temperature",
+    "ai.max_tokens",
+]);
+export function filterSafeMetadata(attributes) {
+    const filtered = {};
+    for (const key of SAFE_METADATA_KEYS) {
+        if (attributes[key] !== undefined) {
+            filtered[key] = attributes[key];
+        }
+    }
+    return filtered;
+}
+//# sourceMappingURL=safeMetadata.js.map

package/dist/lib/observability/utils/spanSerializer.js CHANGED Viewed

@@ -104,7 +104,9 @@ export class SpanSerializer {
             name: span.name,
             startTime: span.startTime,
             endTime: span.endTime,
-            metadata: { ...span.attributes },
+            // Only pick safe, non-PII attributes for metadata — intentionally excludes
+            // input, output, error.stack, and other user content for PII safety
+            metadata: filterSafeMetadata(span.attributes),
             level: span.status === SpanStatus.ERROR ? "ERROR" : "DEFAULT",
             statusMessage: span.statusMessage,
             input: span.attributes["input"],
@@ -284,4 +286,6 @@ export class SpanSerializer {
         });
     }
 }
+// Safe metadata filtering imported from shared module to avoid duplication
+import { filterSafeMetadata } from "./safeMetadata.js";
 //# sourceMappingURL=spanSerializer.js.map

package/dist/lib/providers/googleVertex.js CHANGED Viewed

@@ -1259,9 +1259,7 @@ export class GoogleVertexProvider extends BaseProvider {
                     },
                     {
                         role: "model",
-                        parts: [
-                            { text: "Understood. I will follow these instructions." },
-                        ],
+                        parts: [{ text: "OK" }],
                     },
                     ...currentContents,
                 ];
@@ -1435,9 +1433,7 @@ export class GoogleVertexProvider extends BaseProvider {
                     },
                     {
                         role: "model",
-                        parts: [
-                            { text: "Understood. I will follow these instructions." },
-                        ],
+                        parts: [{ text: "OK" }],
                     },
                     ...currentContents,
                 ];

package/dist/neurolink.js CHANGED Viewed

@@ -1693,7 +1693,11 @@ Current user's request: ${currentInput}`;
                     span.spanId = traceCtx.parentSpanId;
                     span.parentSpanId = undefined;
                 }
-                span = SpanSerializer.endSpan(span, SpanStatus.OK);
+                // Mark failed generations with ERROR status so metrics count them correctly
+                const spanStatus = data.success === false || data.error
+                    ? SpanStatus.ERROR
+                    : SpanStatus.OK;
+                span = SpanSerializer.endSpan(span, spanStatus, data.error ? String(data.error) : undefined);
                 span.durationMs = responseTime;
                 if (usage) {
                     span = SpanSerializer.enrichWithTokenUsage(span, {
@@ -2304,6 +2308,27 @@ Current user's request: ${currentInput}`;
                         code: SpanStatusCode.ERROR,
                         message: error instanceof Error ? error.message : String(error),
                     });
+                    // Emit generation:end on error so metrics listeners still record the failure.
+                    // Note: variables declared inside try blocks are not accessible in error
+                    // handlers, so we extract what we can from the original input.
+                    const errProvider = typeof optionsOrPrompt === "object"
+                        ? optionsOrPrompt.provider || "unknown"
+                        : "unknown";
+                    const errModel = typeof optionsOrPrompt === "object"
+                        ? optionsOrPrompt.model || "unknown"
+                        : "unknown";
+                    try {
+                        this.emitter.emit("generation:end", {
+                            provider: errProvider,
+                            model: errModel,
+                            responseTime: 0,
+                            error: error instanceof Error ? error.message : String(error),
+                            success: false,
+                        });
+                    }
+                    catch (emitError) {
+                        void emitError; // non-blocking — error event emission is best-effort
+                    }
                     throw error;
                 }
                 finally {

package/dist/observability/exporters/langfuseExporter.js CHANGED Viewed

@@ -118,7 +118,9 @@ export class LangfuseExporter extends BaseExporter {
             name: span.name,
             userId: span.attributes["user.id"],
             sessionId: span.attributes["session.id"],
-            metadata: span.attributes,
+            // Only pick safe, non-PII attributes for metadata — intentionally excludes
+            // input, output, error.stack, and other user content to match Braintrust exporter
+            metadata: filterSafeMetadata(span.attributes),
             release: this.release,
             tags: this.extractTags(span),
         };
@@ -197,3 +199,5 @@ export class LangfuseExporter extends BaseExporter {
         return tags;
     }
 }
+// Safe metadata filtering imported from shared module to avoid duplication
+import { filterSafeMetadata } from "../utils/safeMetadata.js";

package/dist/observability/metricsAggregator.js CHANGED Viewed

@@ -35,8 +35,12 @@ export class MetricsAggregator {
     recordSpan(span) {
         // Enforce maximum spans limit
         if (this.spans.length >= this.config.maxSpansRetained) {
-            this.spans.shift(); // Remove oldest span
-            // Note: We keep aggregated metrics, only raw spans are trimmed
+            const evicted = this.spans.shift(); // Remove oldest span
+            // Only trim latencyValues when the evicted span had a duration recorded
+            if (evicted?.durationMs !== undefined) {
+                this.latencyValues.shift();
+            }
+            // Note: We keep aggregated metrics, only raw spans and latency values are trimmed
         }
         this.spans.push(span);
         // Update timestamps

package/dist/observability/spanProcessor.js CHANGED Viewed

@@ -66,6 +66,8 @@ export class RedactionProcessor {
             "credentials",
             "private_key",
             "privateKey",
+            "stack",
+            "error.stack",
         ]);
         this.redactedValue = config?.redactedValue ?? "[REDACTED]";
     }
@@ -228,11 +230,25 @@ export class BatchProcessor {
             this.flush();
         }, this.flushIntervalMs);
     }
+    // Note: flush() is intentionally synchronous. The onBatchReady callback is
+    // typed as `(spans: SpanData[]) => void` — callers must not pass async
+    // exporters. If async export is needed, the callback should handle its own
+    // error reporting (e.g. fire-and-forget with promise error handlers).
     flush() {
         if (this.batch.length > 0 && this.onBatchReady) {
             const spans = [...this.batch];
-            this.batch = [];
-            this.onBatchReady(spans);
+            try {
+                this.onBatchReady(spans);
+                this.batch = [];
+            }
+            catch (flushError) {
+                // Keep spans for next flush attempt, but cap backlog growth
+                void flushError; // acknowledged — error is expected during exporter outages
+                const maxBacklog = this.batchSize * 20;
+                if (this.batch.length > maxBacklog) {
+                    this.batch = this.batch.slice(this.batch.length - maxBacklog);
+                }
+            }
         }
     }
     async shutdown() {

package/dist/observability/utils/safeMetadata.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Safe metadata filtering for observability exporters.
+ *
+ * Only these attribute keys are forwarded to third-party backends as trace
+ * metadata. User prompts (input), LLM responses (output), error stacks, and
+ * any other potentially sensitive data are excluded to prevent PII leaks.
+ */
+import type { SpanAttributes } from "../types/spanTypes.js";
+export declare const SAFE_METADATA_KEYS: Set<string>;
+export declare function filterSafeMetadata(attributes: SpanAttributes): Record<string, unknown>;

package/dist/observability/utils/safeMetadata.js ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Safe metadata filtering for observability exporters.
+ *
+ * Only these attribute keys are forwarded to third-party backends as trace
+ * metadata. User prompts (input), LLM responses (output), error stacks, and
+ * any other potentially sensitive data are excluded to prevent PII leaks.
+ */
+// Only ai.* keys are forwarded as metadata. Stream metrics (chunk_count,
+// content_length) should be accessed via span attributes directly, not via
+// metadata sent to third-party backends.
+export const SAFE_METADATA_KEYS = new Set([
+    "ai.provider",
+    "ai.model",
+    "ai.temperature",
+    "ai.max_tokens",
+]);
+export function filterSafeMetadata(attributes) {
+    const filtered = {};
+    for (const key of SAFE_METADATA_KEYS) {
+        if (attributes[key] !== undefined) {
+            filtered[key] = attributes[key];
+        }
+    }
+    return filtered;
+}

package/dist/observability/utils/spanSerializer.js CHANGED Viewed

@@ -104,7 +104,9 @@ export class SpanSerializer {
             name: span.name,
             startTime: span.startTime,
             endTime: span.endTime,
-            metadata: { ...span.attributes },
+            // Only pick safe, non-PII attributes for metadata — intentionally excludes
+            // input, output, error.stack, and other user content for PII safety
+            metadata: filterSafeMetadata(span.attributes),
             level: span.status === SpanStatus.ERROR ? "ERROR" : "DEFAULT",
             statusMessage: span.statusMessage,
             input: span.attributes["input"],
@@ -284,3 +286,5 @@ export class SpanSerializer {
         });
     }
 }
+// Safe metadata filtering imported from shared module to avoid duplication
+import { filterSafeMetadata } from "./safeMetadata.js";

package/dist/providers/googleVertex.js CHANGED Viewed

@@ -1259,9 +1259,7 @@ export class GoogleVertexProvider extends BaseProvider {
                     },
                     {
                         role: "model",
-                        parts: [
-                            { text: "Understood. I will follow these instructions." },
-                        ],
+                        parts: [{ text: "OK" }],
                     },
                     ...currentContents,
                 ];
@@ -1435,9 +1433,7 @@ export class GoogleVertexProvider extends BaseProvider {
                     },
                     {
                         role: "model",
-                        parts: [
-                            { text: "Understood. I will follow these instructions." },
-                        ],
+                        parts: [{ text: "OK" }],
                     },
                     ...currentContents,
                 ];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@juspay/neurolink",
-  "version": "9.25.0",
+  "version": "9.25.1",
   "description": "Universal AI Development Platform with working MCP integration, multi-provider support, and professional CLI. Built-in tools operational, 58+ external MCP servers discoverable. Connect to filesystem, GitHub, database operations, and more. Build, test, and deploy AI applications with 13 providers: OpenAI, Anthropic, Google AI, AWS Bedrock, Azure, Hugging Face, Ollama, and Mistral AI.",
   "author": {
     "name": "Juspay Technologies",