npm - @juspay/neurolink - Versions diffs - 9.41.0 → 9.42.1 - Mend

@juspay/neurolink 9.41.0 → 9.42.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/CHANGELOG.md +8 -0
package/README.md +7 -1
package/dist/auth/anthropicOAuth.d.ts +18 -3
package/dist/auth/anthropicOAuth.js +149 -4
package/dist/auth/providers/firebase.js +5 -1
package/dist/auth/providers/jwt.js +5 -1
package/dist/auth/providers/workos.js +5 -1
package/dist/auth/sessionManager.d.ts +1 -1
package/dist/auth/sessionManager.js +58 -27
package/dist/browser/neurolink.min.js +354 -334
package/dist/cli/commands/mcp.d.ts +6 -0
package/dist/cli/commands/mcp.js +188 -181
package/dist/cli/commands/proxy.d.ts +2 -1
package/dist/cli/commands/proxy.js +713 -431
package/dist/cli/commands/task.js +3 -0
package/dist/cli/factories/commandFactory.d.ts +2 -0
package/dist/cli/factories/commandFactory.js +38 -0
package/dist/cli/parser.js +4 -3
package/dist/client/aiSdkAdapter.js +3 -0
package/dist/client/streamingClient.js +30 -10
package/dist/core/baseProvider.d.ts +6 -1
package/dist/core/baseProvider.js +208 -230
package/dist/core/factory.d.ts +3 -0
package/dist/core/factory.js +138 -188
package/dist/core/modules/GenerationHandler.js +3 -2
package/dist/core/redisConversationMemoryManager.js +7 -3
package/dist/evaluation/BatchEvaluator.js +4 -1
package/dist/evaluation/hooks/observabilityHooks.js +5 -3
package/dist/evaluation/pipeline/evaluationPipeline.d.ts +3 -2
package/dist/evaluation/pipeline/evaluationPipeline.js +24 -9
package/dist/evaluation/pipeline/strategies/batchStrategy.js +6 -3
package/dist/evaluation/pipeline/strategies/samplingStrategy.js +18 -10
package/dist/evaluation/scorers/scorerRegistry.d.ts +3 -0
package/dist/evaluation/scorers/scorerRegistry.js +353 -282
package/dist/lib/auth/anthropicOAuth.d.ts +18 -3
package/dist/lib/auth/anthropicOAuth.js +149 -4
package/dist/lib/auth/providers/firebase.js +5 -1
package/dist/lib/auth/providers/jwt.js +5 -1
package/dist/lib/auth/providers/workos.js +5 -1
package/dist/lib/auth/sessionManager.d.ts +1 -1
package/dist/lib/auth/sessionManager.js +58 -27
package/dist/lib/client/aiSdkAdapter.js +3 -0
package/dist/lib/client/streamingClient.js +30 -10
package/dist/lib/core/baseProvider.d.ts +6 -1
package/dist/lib/core/baseProvider.js +208 -230
package/dist/lib/core/factory.d.ts +3 -0
package/dist/lib/core/factory.js +138 -188
package/dist/lib/core/modules/GenerationHandler.js +3 -2
package/dist/lib/core/redisConversationMemoryManager.js +7 -3
package/dist/lib/evaluation/BatchEvaluator.js +4 -1
package/dist/lib/evaluation/hooks/observabilityHooks.js +5 -3
package/dist/lib/evaluation/pipeline/evaluationPipeline.d.ts +3 -2
package/dist/lib/evaluation/pipeline/evaluationPipeline.js +24 -9
package/dist/lib/evaluation/pipeline/strategies/batchStrategy.js +6 -3
package/dist/lib/evaluation/pipeline/strategies/samplingStrategy.js +18 -10
package/dist/lib/evaluation/scorers/scorerRegistry.d.ts +3 -0
package/dist/lib/evaluation/scorers/scorerRegistry.js +353 -282
package/dist/lib/mcp/toolRegistry.d.ts +2 -0
package/dist/lib/mcp/toolRegistry.js +32 -31
package/dist/lib/neurolink.d.ts +41 -2
package/dist/lib/neurolink.js +1616 -1681
package/dist/lib/observability/otelBridge.d.ts +2 -2
package/dist/lib/observability/otelBridge.js +12 -3
package/dist/lib/providers/amazonBedrock.js +2 -4
package/dist/lib/providers/anthropic.d.ts +9 -5
package/dist/lib/providers/anthropic.js +19 -14
package/dist/lib/providers/anthropicBaseProvider.d.ts +3 -3
package/dist/lib/providers/anthropicBaseProvider.js +5 -4
package/dist/lib/providers/azureOpenai.d.ts +1 -1
package/dist/lib/providers/azureOpenai.js +5 -4
package/dist/lib/providers/googleAiStudio.js +30 -6
package/dist/lib/providers/googleVertex.d.ts +10 -0
package/dist/lib/providers/googleVertex.js +437 -423
package/dist/lib/providers/huggingFace.d.ts +3 -3
package/dist/lib/providers/huggingFace.js +6 -8
package/dist/lib/providers/litellm.d.ts +1 -0
package/dist/lib/providers/litellm.js +76 -55
package/dist/lib/providers/mistral.js +2 -1
package/dist/lib/providers/ollama.js +93 -23
package/dist/lib/providers/openAI.d.ts +2 -0
package/dist/lib/providers/openAI.js +141 -141
package/dist/lib/providers/openRouter.js +2 -1
package/dist/lib/providers/openaiCompatible.d.ts +4 -4
package/dist/lib/providers/openaiCompatible.js +4 -4
package/dist/lib/proxy/claudeFormat.d.ts +3 -2
package/dist/lib/proxy/claudeFormat.js +27 -14
package/dist/lib/proxy/cloaking/plugins/sessionIdentity.d.ts +2 -6
package/dist/lib/proxy/cloaking/plugins/sessionIdentity.js +9 -33
package/dist/lib/proxy/modelRouter.js +3 -0
package/dist/lib/proxy/oauthFetch.d.ts +1 -1
package/dist/lib/proxy/oauthFetch.js +289 -316
package/dist/lib/proxy/proxyConfig.js +46 -24
package/dist/lib/proxy/proxyEnv.d.ts +19 -0
package/dist/lib/proxy/proxyEnv.js +73 -0
package/dist/lib/proxy/proxyFetch.js +291 -217
package/dist/lib/proxy/proxyTracer.d.ts +133 -0
package/dist/lib/proxy/proxyTracer.js +645 -0
package/dist/lib/proxy/rawStreamCapture.d.ts +10 -0
package/dist/lib/proxy/rawStreamCapture.js +83 -0
package/dist/lib/proxy/requestLogger.d.ts +32 -5
package/dist/lib/proxy/requestLogger.js +503 -47
package/dist/lib/proxy/sseInterceptor.d.ts +97 -0
package/dist/lib/proxy/sseInterceptor.js +427 -0
package/dist/lib/proxy/usageStats.d.ts +4 -3
package/dist/lib/proxy/usageStats.js +25 -12
package/dist/lib/rag/chunkers/MarkdownChunker.js +13 -5
package/dist/lib/rag/chunking/markdownChunker.js +15 -6
package/dist/lib/server/routes/claudeProxyRoutes.d.ts +17 -3
package/dist/lib/server/routes/claudeProxyRoutes.js +3032 -1349
package/dist/lib/services/server/ai/observability/instrumentation.d.ts +7 -1
package/dist/lib/services/server/ai/observability/instrumentation.js +337 -161
package/dist/lib/tasks/backends/bullmqBackend.d.ts +1 -0
package/dist/lib/tasks/backends/bullmqBackend.js +35 -22
package/dist/lib/tasks/store/redisTaskStore.d.ts +1 -0
package/dist/lib/tasks/store/redisTaskStore.js +54 -39
package/dist/lib/tasks/taskManager.d.ts +5 -0
package/dist/lib/tasks/taskManager.js +158 -30
package/dist/lib/telemetry/index.d.ts +2 -1
package/dist/lib/telemetry/index.js +2 -1
package/dist/lib/telemetry/telemetryService.d.ts +3 -0
package/dist/lib/telemetry/telemetryService.js +69 -5
package/dist/lib/types/cli.d.ts +10 -0
package/dist/lib/types/proxyTypes.d.ts +160 -5
package/dist/lib/types/streamTypes.d.ts +25 -3
package/dist/lib/utils/messageBuilder.js +3 -2
package/dist/lib/utils/providerHealth.d.ts +19 -0
package/dist/lib/utils/providerHealth.js +279 -33
package/dist/lib/utils/providerUtils.js +17 -22
package/dist/lib/utils/toolChoice.d.ts +4 -0
package/dist/lib/utils/toolChoice.js +7 -0
package/dist/mcp/toolRegistry.d.ts +2 -0
package/dist/mcp/toolRegistry.js +32 -31
package/dist/neurolink.d.ts +41 -2
package/dist/neurolink.js +1616 -1681
package/dist/observability/otelBridge.d.ts +2 -2
package/dist/observability/otelBridge.js +12 -3
package/dist/providers/amazonBedrock.js +2 -4
package/dist/providers/anthropic.d.ts +9 -5
package/dist/providers/anthropic.js +19 -14
package/dist/providers/anthropicBaseProvider.d.ts +3 -3
package/dist/providers/anthropicBaseProvider.js +5 -4
package/dist/providers/azureOpenai.d.ts +1 -1
package/dist/providers/azureOpenai.js +5 -4
package/dist/providers/googleAiStudio.js +30 -6
package/dist/providers/googleVertex.d.ts +10 -0
package/dist/providers/googleVertex.js +437 -423
package/dist/providers/huggingFace.d.ts +3 -3
package/dist/providers/huggingFace.js +6 -7
package/dist/providers/litellm.d.ts +1 -0
package/dist/providers/litellm.js +76 -55
package/dist/providers/mistral.js +2 -1
package/dist/providers/ollama.js +93 -23
package/dist/providers/openAI.d.ts +2 -0
package/dist/providers/openAI.js +141 -141
package/dist/providers/openRouter.js +2 -1
package/dist/providers/openaiCompatible.d.ts +4 -4
package/dist/providers/openaiCompatible.js +4 -3
package/dist/proxy/claudeFormat.d.ts +3 -2
package/dist/proxy/claudeFormat.js +27 -14
package/dist/proxy/cloaking/plugins/sessionIdentity.d.ts +2 -6
package/dist/proxy/cloaking/plugins/sessionIdentity.js +9 -33
package/dist/proxy/modelRouter.js +3 -0
package/dist/proxy/oauthFetch.d.ts +1 -1
package/dist/proxy/oauthFetch.js +289 -316
package/dist/proxy/proxyConfig.js +46 -24
package/dist/proxy/proxyEnv.d.ts +19 -0
package/dist/proxy/proxyEnv.js +72 -0
package/dist/proxy/proxyFetch.js +291 -217
package/dist/proxy/proxyTracer.d.ts +133 -0
package/dist/proxy/proxyTracer.js +644 -0
package/dist/proxy/rawStreamCapture.d.ts +10 -0
package/dist/proxy/rawStreamCapture.js +82 -0
package/dist/proxy/requestLogger.d.ts +32 -5
package/dist/proxy/requestLogger.js +503 -47
package/dist/proxy/sseInterceptor.d.ts +97 -0
package/dist/proxy/sseInterceptor.js +426 -0
package/dist/proxy/usageStats.d.ts +4 -3
package/dist/proxy/usageStats.js +25 -12
package/dist/rag/chunkers/MarkdownChunker.js +13 -5
package/dist/rag/chunking/markdownChunker.js +15 -6
package/dist/server/routes/claudeProxyRoutes.d.ts +17 -3
package/dist/server/routes/claudeProxyRoutes.js +3032 -1349
package/dist/services/server/ai/observability/instrumentation.d.ts +7 -1
package/dist/services/server/ai/observability/instrumentation.js +337 -161
package/dist/tasks/backends/bullmqBackend.d.ts +1 -0
package/dist/tasks/backends/bullmqBackend.js +35 -22
package/dist/tasks/store/redisTaskStore.d.ts +1 -0
package/dist/tasks/store/redisTaskStore.js +54 -39
package/dist/tasks/taskManager.d.ts +5 -0
package/dist/tasks/taskManager.js +158 -30
package/dist/telemetry/index.d.ts +2 -1
package/dist/telemetry/index.js +2 -1
package/dist/telemetry/telemetryService.d.ts +3 -0
package/dist/telemetry/telemetryService.js +69 -5
package/dist/types/cli.d.ts +10 -0
package/dist/types/proxyTypes.d.ts +160 -5
package/dist/types/streamTypes.d.ts +25 -3
package/dist/utils/messageBuilder.js +3 -2
package/dist/utils/providerHealth.d.ts +19 -0
package/dist/utils/providerHealth.js +279 -33
package/dist/utils/providerUtils.js +18 -22
package/dist/utils/toolChoice.d.ts +4 -0
package/dist/utils/toolChoice.js +6 -0
package/docs/assets/dashboards/neurolink-proxy-observability-dashboard.json +6609 -0
package/docs/changelog.md +252 -0
package/package.json +19 -2
package/scripts/observability/check-proxy-telemetry.mjs +235 -0
package/scripts/observability/docker-compose.proxy-observability.yaml +55 -0
package/scripts/observability/import-openobserve-dashboard.mjs +240 -0
package/scripts/observability/manage-local-openobserve.sh +215 -0
package/scripts/observability/otel-collector.proxy-observability.yaml +78 -0
package/scripts/observability/proxy-observability.env.example +23 -0

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,11 @@
+## [9.42.1](https://github.com/juspay/neurolink/compare/v9.42.0...v9.42.1) (2026-04-02)
+## [9.42.0](https://github.com/juspay/neurolink/compare/v9.41.0...v9.42.0) (2026-04-01)
+### Features
+- **(proxy):** add OTLP observability, passthrough mode, and env-file support ([59ae70b](https://github.com/juspay/neurolink/commit/59ae70b9a33089f04addce63eb9e6151dcc97a0f))
 ## [9.41.0](https://github.com/juspay/neurolink/compare/v9.40.0...v9.41.0) (2026-03-30)
 ### Features

package/README.md CHANGED Viewed

@@ -57,6 +57,7 @@ Extracted from production systems at Juspay and battle-tested at enterprise scal
 - **Memory** – Per-user condensed memory that persists across all conversations. Automatically retrieves and stores memory on each `generate()`/`stream()` call. Supports S3, Redis, and SQLite storage with LLM-powered condensation. → [Memory Guide](docs/features/memory.md)
 - **External TracerProvider Support** – Integrate NeuroLink with applications that already have OpenTelemetry instrumentation. Supports auto-detection and manual configuration. → [Observability Guide](docs/features/observability.md)
+- **Claude Proxy Telemetry** – Bootstrap a local OpenObserve + OTEL collector stack with `neurolink proxy telemetry setup`, import the maintained NeuroLink Proxy Observability dashboard, and inspect proxy logs, traces, metrics, cache reuse, and routing behavior. → [Claude Proxy Guide](docs/features/claude-proxy.md) | [Proxy Observability Guide](docs/features/claude-proxy-observability.md)
 - **Server Adapters** – Deploy NeuroLink as an HTTP API server with your framework of choice (Hono, Express, Fastify, Koa). Full CLI support with `serve` and `server` commands for foreground/background modes, route management, and OpenAPI generation. → [Server Adapters Guide](docs/guides/server-adapters/index.md)
 - **Title Generation Events** – Emit real-time events when conversation titles are auto-generated. Listen to `conversation:titleGenerated` for session tracking. → [Conversation Memory Guide](docs/conversation-memory.md#title-generation-events)
 - **Custom Title Prompts** – Customize conversation title generation with `NEUROLINK_TITLE_PROMPT` environment variable. Use `${userMessage}` placeholder for dynamic prompts. → [Conversation Memory Guide](docs/conversation-memory.md#customizing-the-title-prompt)
@@ -599,6 +600,11 @@ npx @juspay/neurolink generate "Draft release notes" \
 # RAG: Ask questions about your docs (auto-chunks, embeds, searches)
 npx @juspay/neurolink generate "What are the key features?" \
   --rag-files ./docs/guide.md ./docs/api.md --rag-strategy markdown
+# Claude proxy + local OpenObserve dashboard
+npx @juspay/neurolink proxy setup
+npx @juspay/neurolink proxy telemetry setup
+npx @juspay/neurolink proxy status --format json
 ```
 ```typescript
@@ -677,7 +683,7 @@ Full command and API breakdown lives in [`docs/cli/commands.md`](docs/cli/comman
 | **Quality & governance** | Auto-evaluation engine (Q3), guardrails middleware (Q4), HITL workflows (Q4), audit logging.                             |
 | **Memory & context**     | Conversation memory, Redis history export (Q4), context summarization (Q4).                                              |
 | **CLI tooling**          | Loop sessions (Q3), setup wizard, config validation, Redis auto-detect, JSON output.                                     |
-| **Enterprise ops**       | Proxy support, regional routing (Q3), telemetry hooks, configuration management.                                         |
+| **Enterprise ops**       | Proxy support, regional routing (Q3), telemetry hooks, local OpenObserve dashboard setup, configuration management.      |
 | **Tool ecosystem**       | MCP auto discovery, HTTP/stdio/SSE/WebSocket transports, LiteLLM hub access, SageMaker custom deployment, web search.    |
 ## Documentation Map

package/dist/auth/anthropicOAuth.d.ts CHANGED Viewed

@@ -43,13 +43,28 @@ export declare const DEFAULT_SCOPES: readonly string[];
 /**
  * User-Agent string to spoof Claude CLI
  */
-export declare const CLAUDE_CLI_USER_AGENT = "claude-cli/2.1.2 (external, cli)";
+export declare const CLAUDE_CODE_VERSION = "2.1.87.6d6";
+export declare const CLAUDE_CODE_ENTRYPOINT = "sdk-cli";
+export declare const CLAUDE_CLI_USER_AGENT = "claude-cli/2.1.87 (external, sdk-cli)";
+export type ClaudeCodeIdentity = {
+    deviceId: string;
+    accountUuid: string;
+    sessionId: string;
+    metadataUserId: string;
+};
+export declare function parseClaudeCodeUserId(userId: unknown): ClaudeCodeIdentity | null;
+export declare function getOrCreateClaudeCodeIdentity(seed: string, options?: {
+    existingUserId?: unknown;
+    preferredSessionId?: string;
+}): ClaudeCodeIdentity;
+export declare function purgeExpiredClaudeCodeIdentities(now?: number): number;
+export declare function buildStableClaudeCodeBillingHeader(originalText?: string): string;
 /**
  * Required beta headers for OAuth API requests.
  * The "oauth-2025-04-20" header is CRITICAL for OAuth authentication.
- * The "interleaved-thinking-2025-05-14" enables extended thinking.
  */
-export declare const OAUTH_BETA_HEADERS = "oauth-2025-04-20,interleaved-thinking-2025-05-14";
+export declare const OAUTH_BETA_HEADERS = "oauth-2025-04-20";
+export declare const CLAUDE_CODE_OAUTH_BETAS: readonly ["oauth-2025-04-20", "claude-code-20250219", "context-management-2025-06-27", "prompt-caching-scope-2026-01-05", "advanced-tool-use-2025-11-20", "effort-2025-11-24"];
 /**
  * Tool name prefix required for OAuth API requests
  */

package/dist/auth/anthropicOAuth.js CHANGED Viewed

@@ -14,7 +14,7 @@
  *
  * @module auth/anthropicOAuth
  */
-import { createHash, randomBytes } from "crypto";
+import { createHash, createHmac, randomBytes, randomUUID } from "crypto";
 import { createServer } from "http";
 import { OAuthError, OAuthConfigurationError, OAuthTokenExchangeError, OAuthTokenRefreshError, OAuthTokenRevocationError, OAuthCallbackServerError, } from "../types/errors.js";
 import { logger } from "../utils/logger.js";
@@ -73,13 +73,158 @@ export const DEFAULT_SCOPES = [
 /**
  * User-Agent string to spoof Claude CLI
  */
-export const CLAUDE_CLI_USER_AGENT = "claude-cli/2.1.2 (external, cli)";
+export const CLAUDE_CODE_VERSION = "2.1.87.6d6";
+export const CLAUDE_CODE_ENTRYPOINT = "sdk-cli";
+export const CLAUDE_CLI_USER_AGENT = "claude-cli/2.1.87 (external, sdk-cli)";
+const CLAUDE_CODE_IDENTITY_TTL_MS = 3_600_000;
+const CLAUDE_CODE_IDENTITY_CACHE_MAX_ENTRIES = 1024;
+const CLAUDE_CODE_IDENTITY_NAMESPACE = "neurolink-claude-code-identity-v1";
+const claudeCodeIdentityCache = new Map();
+function stableIdentityDigest(input) {
+    // These identifiers are deterministic pseudonyms for Claude Code metadata,
+    // not password hashes or authentication secrets.
+    return createHmac("sha256", CLAUDE_CODE_IDENTITY_NAMESPACE)
+        .update(input)
+        .digest("hex");
+}
+function hexToUuid(hex) {
+    const trimmed = hex.replace(/-/g, "").slice(0, 32).padEnd(32, "0");
+    return `${trimmed.slice(0, 8)}-${trimmed.slice(8, 12)}-${trimmed.slice(12, 16)}-${trimmed.slice(16, 20)}-${trimmed.slice(20, 32)}`;
+}
+function isUuid(value) {
+    return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(value);
+}
+function buildMetadataUserId(identity) {
+    return JSON.stringify({
+        device_id: identity.deviceId,
+        account_uuid: identity.accountUuid,
+        session_id: identity.sessionId,
+    });
+}
+export function parseClaudeCodeUserId(userId) {
+    if (typeof userId !== "string") {
+        return null;
+    }
+    try {
+        const parsed = JSON.parse(userId);
+        if (typeof parsed.device_id !== "string" ||
+            !/^[0-9a-f]{64}$/i.test(parsed.device_id) ||
+            typeof parsed.account_uuid !== "string" ||
+            !isUuid(parsed.account_uuid) ||
+            typeof parsed.session_id !== "string" ||
+            !isUuid(parsed.session_id)) {
+            return null;
+        }
+        return {
+            deviceId: parsed.device_id,
+            accountUuid: parsed.account_uuid,
+            sessionId: parsed.session_id,
+            metadataUserId: buildMetadataUserId({
+                deviceId: parsed.device_id,
+                accountUuid: parsed.account_uuid,
+                sessionId: parsed.session_id,
+            }),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+export function getOrCreateClaudeCodeIdentity(seed, options) {
+    const parsedExisting = parseClaudeCodeUserId(options?.existingUserId);
+    if (parsedExisting) {
+        if (options?.preferredSessionId && isUuid(options.preferredSessionId)) {
+            return {
+                deviceId: parsedExisting.deviceId,
+                accountUuid: parsedExisting.accountUuid,
+                sessionId: options.preferredSessionId,
+                metadataUserId: buildMetadataUserId({
+                    deviceId: parsedExisting.deviceId,
+                    accountUuid: parsedExisting.accountUuid,
+                    sessionId: options.preferredSessionId,
+                }),
+            };
+        }
+        return parsedExisting;
+    }
+    const now = Date.now();
+    const cacheKey = seed || "default";
+    const cached = claudeCodeIdentityCache.get(cacheKey);
+    if (cached && cached.expiresAt > now) {
+        if (options?.preferredSessionId && isUuid(options.preferredSessionId)) {
+            return {
+                deviceId: cached.deviceId,
+                accountUuid: cached.accountUuid,
+                sessionId: options.preferredSessionId,
+                metadataUserId: buildMetadataUserId({
+                    deviceId: cached.deviceId,
+                    accountUuid: cached.accountUuid,
+                    sessionId: options.preferredSessionId,
+                }),
+            };
+        }
+        return cached;
+    }
+    const deviceId = stableIdentityDigest(`${cacheKey}:device`);
+    const accountUuid = hexToUuid(stableIdentityDigest(`${cacheKey}:account`));
+    const sessionId = options?.preferredSessionId && isUuid(options.preferredSessionId)
+        ? options.preferredSessionId
+        : randomUUID();
+    const identity = {
+        deviceId,
+        accountUuid,
+        sessionId,
+        metadataUserId: buildMetadataUserId({
+            deviceId,
+            accountUuid,
+            sessionId,
+        }),
+        expiresAt: now + CLAUDE_CODE_IDENTITY_TTL_MS,
+    };
+    enforceClaudeCodeIdentityCacheLimit(now);
+    claudeCodeIdentityCache.set(cacheKey, identity);
+    return identity;
+}
+export function purgeExpiredClaudeCodeIdentities(now = Date.now()) {
+    let removed = 0;
+    for (const [cacheKey, identity] of claudeCodeIdentityCache.entries()) {
+        if (identity.expiresAt <= now) {
+            claudeCodeIdentityCache.delete(cacheKey);
+            removed += 1;
+        }
+    }
+    return removed;
+}
+function enforceClaudeCodeIdentityCacheLimit(now = Date.now()) {
+    purgeExpiredClaudeCodeIdentities(now);
+    while (claudeCodeIdentityCache.size >= CLAUDE_CODE_IDENTITY_CACHE_MAX_ENTRIES) {
+        const oldestKey = claudeCodeIdentityCache.keys().next().value;
+        if (!oldestKey) {
+            break;
+        }
+        claudeCodeIdentityCache.delete(oldestKey);
+    }
+}
+export function buildStableClaudeCodeBillingHeader(originalText) {
+    const version = originalText?.match(/cc_version=([^;]+)/)?.[1]?.trim() ||
+        CLAUDE_CODE_VERSION;
+    const entrypoint = originalText?.match(/cc_entrypoint=([^;]+)/)?.[1]?.trim() ||
+        CLAUDE_CODE_ENTRYPOINT;
+    return `x-anthropic-billing-header: cc_version=${version}; cc_entrypoint=${entrypoint}; cch=00000;`;
+}
 /**
  * Required beta headers for OAuth API requests.
  * The "oauth-2025-04-20" header is CRITICAL for OAuth authentication.
- * The "interleaved-thinking-2025-05-14" enables extended thinking.
  */
-export const OAUTH_BETA_HEADERS = "oauth-2025-04-20,interleaved-thinking-2025-05-14";
+export const OAUTH_BETA_HEADERS = "oauth-2025-04-20";
+export const CLAUDE_CODE_OAUTH_BETAS = [
+    "oauth-2025-04-20",
+    "claude-code-20250219",
+    "context-management-2025-06-27",
+    "prompt-caching-scope-2026-01-05",
+    "advanced-tool-use-2025-11-20",
+    "effort-2025-11-24",
+];
 /**
  * Tool name prefix required for OAuth API requests
  */

package/dist/auth/providers/firebase.js CHANGED Viewed

@@ -60,8 +60,12 @@ export class FirebaseAuthProvider extends BaseAuthProvider {
             await this.initialize();
         }
         try {
+            const jwks = this.jwks;
+            if (!jwks) {
+                throw AuthError.create("PROVIDER_INIT_FAILED", "Firebase JWKS was not initialized", { details: { provider: "firebase" } });
+            }
             // Verify the token using Google's public keys
-            const { payload } = await jose.jwtVerify(token, this.jwks, {
+            const { payload } = await jose.jwtVerify(token, jwks, {
                 issuer: `https://securetoken.google.com/${this.projectId}`,
                 audience: this.projectId,
             });

package/dist/auth/providers/jwt.js CHANGED Viewed

@@ -92,6 +92,10 @@ export class JWTProvider extends BaseAuthProvider {
             await this.initialize();
         }
         try {
+            const keyObject = this.keyObject;
+            if (!keyObject) {
+                throw AuthError.create("PROVIDER_INIT_FAILED", "JWT verification key was not initialized", { details: { provider: "jwt" } });
+            }
             const verifyOptions = {};
             if (this.algorithms.length > 0) {
                 verifyOptions.algorithms = this
@@ -103,7 +107,7 @@ export class JWTProvider extends BaseAuthProvider {
             if (this.audience) {
                 verifyOptions.audience = this.audience;
             }
-            const { payload } = await jose.jwtVerify(token, this.keyObject, verifyOptions);
+            const { payload } = await jose.jwtVerify(token, keyObject, verifyOptions);
             // Reject tokens without a non-empty sub claim
             if (!payload.sub) {
                 return {

package/dist/auth/providers/workos.js CHANGED Viewed

@@ -65,8 +65,12 @@ export class WorkOSProvider extends BaseAuthProvider {
             await this.initialize();
         }
         try {
+            const jwks = this.jwks;
+            if (!jwks) {
+                throw AuthError.create("PROVIDER_INIT_FAILED", "WorkOS JWKS was not initialized", { details: { provider: "workos" } });
+            }
             // Verify the JWT
-            const { payload } = await jose.jwtVerify(token, this.jwks, {
+            const { payload } = await jose.jwtVerify(token, jwks, {
                 audience: this.clientId,
             });
             // Enforce organizationId if configured

package/dist/auth/sessionManager.d.ts CHANGED Viewed

@@ -46,7 +46,7 @@ export declare class MemorySessionStorage implements SessionManagerStorage {
  * Redis session storage
  *
  * Distributed session storage using Redis. Suitable for multi-instance
- * deployments. Requires ioredis or similar Redis client.
+ * deployments. Requires the "redis" (node-redis) package.
  *
  * Note: Redis client must be provided or configured via environment.
  */

package/dist/auth/sessionManager.js CHANGED Viewed

@@ -1,4 +1,5 @@
 // src/lib/auth/sessionManager.ts
+import { withTimeout } from "../utils/async/withTimeout.js";
 import { logger } from "../utils/logger.js";
 /** Mask an identifier for safe logging: show first 4 chars + "***" */
 function maskId(id) {
@@ -7,6 +8,7 @@ function maskId(id) {
     }
     return `${id.slice(0, 4)}***`;
 }
+const REDIS_CONNECT_TIMEOUT_MS = 5000;
 /**
  * In-memory session storage
  *
@@ -31,10 +33,12 @@ export class MemorySessionStorage {
     async set(session) {
         this.sessions.set(session.id, session);
         // Track user's sessions
-        if (!this.userSessions.has(session.user.id)) {
-            this.userSessions.set(session.user.id, new Set());
+        let sessionIds = this.userSessions.get(session.user.id);
+        if (!sessionIds) {
+            sessionIds = new Set();
+            this.userSessions.set(session.user.id, sessionIds);
         }
-        this.userSessions.get(session.user.id).add(session.id);
+        sessionIds.add(session.id);
     }
     async delete(sessionId) {
         const session = this.sessions.get(sessionId);
@@ -84,7 +88,7 @@ export class MemorySessionStorage {
  * Redis session storage
  *
  * Distributed session storage using Redis. Suitable for multi-instance
- * deployments. Requires ioredis or similar Redis client.
+ * deployments. Requires the "redis" (node-redis) package.
  *
  * Note: Redis client must be provided or configured via environment.
  */
@@ -111,16 +115,25 @@ export class RedisSessionStorage {
     async createClient() {
         try {
             // Use variable indirection to prevent TypeScript from resolving the module at compile time
-            const moduleName = "ioredis";
-            const ioredis = await import(/* @vite-ignore */ moduleName);
-            const Redis = ioredis.default || ioredis.Redis;
-            this.client = new Redis(this.redisUrl);
-            return this.client;
+            const moduleName = "redis";
+            const redisModule = (await import(
+            /* @vite-ignore */ moduleName));
+            const client = redisModule.createClient({
+                url: this.redisUrl,
+            });
+            client.on("error", (err) => {
+                logger.error("Redis session client error:", err.message);
+            });
+            await withTimeout(client.connect(), REDIS_CONNECT_TIMEOUT_MS, `Redis session client connect timed out after ${REDIS_CONNECT_TIMEOUT_MS}ms`);
+            this.client = client;
+            return client;
         }
-        catch {
+        catch (error) {
             this.initPromise = null;
-            logger.error('Redis client (ioredis) not available. Install ioredis package and ensure Redis is reachable when using storage: "redis".');
-            throw new Error("Redis client not available");
+            logger.error('Redis client not available. Ensure the "redis" package is installed and Redis is reachable when using storage: "redis".');
+            throw error instanceof Error
+                ? error
+                : new Error("Redis client not available");
         }
     }
     sessionKey(sessionId) {
@@ -136,6 +149,13 @@ export class RedisSessionStorage {
             if (!data) {
                 return null;
             }
+            if (typeof data !== "string") {
+                logger.warn("Unexpected Redis session payload type", {
+                    sessionId: maskId(sessionId),
+                    type: typeof data,
+                });
+                return null;
+            }
             const session = JSON.parse(data);
             // Parse dates
             session.createdAt = new Date(session.createdAt);
@@ -143,7 +163,7 @@ export class RedisSessionStorage {
                 session.expiresAt = new Date(session.expiresAt);
             }
             // Check expiration
-            if (new Date() > session.expiresAt) {
+            if (session.expiresAt && new Date() > session.expiresAt) {
                 await this.delete(sessionId);
                 return null;
             }
@@ -162,9 +182,9 @@ export class RedisSessionStorage {
                 ? Math.max(1, Math.floor((session.expiresAt.getTime() - Date.now()) / 1000))
                 : this.ttl;
             // Store session
-            await client.setex(this.sessionKey(session.id), ttlSeconds, JSON.stringify(session));
+            await client.setEx(this.sessionKey(session.id), ttlSeconds, JSON.stringify(session));
             // Track user's sessions
-            await client.sadd(this.userSessionsKey(session.user.id), session.id);
+            await client.sAdd(this.userSessionsKey(session.user.id), session.id);
             await client.expire(this.userSessionsKey(session.user.id), this.ttl);
         }
         catch (error) {
@@ -180,13 +200,21 @@ export class RedisSessionStorage {
             // recursion for expired sessions.
             const data = await client.get(this.sessionKey(sessionId));
             if (data) {
-                try {
-                    const session = JSON.parse(data);
-                    await client.srem(this.userSessionsKey(session.user.id), sessionId);
+                if (typeof data !== "string") {
+                    logger.warn("Unexpected Redis session payload type during delete", {
+                        sessionId: maskId(sessionId),
+                        type: typeof data,
+                    });
                 }
-                catch {
-                    // If parsing fails, we still delete the key below
-                    logger.warn(`Failed to parse session data for cleanup: ${maskId(sessionId)}`);
+                else {
+                    try {
+                        const session = JSON.parse(data);
+                        await client.sRem(this.userSessionsKey(session.user.id), sessionId);
+                    }
+                    catch {
+                        // If parsing fails, we still delete the key below
+                        logger.warn(`Failed to parse session data for cleanup: ${maskId(sessionId)}`);
+                    }
                 }
             }
             await client.del(this.sessionKey(sessionId));
@@ -198,7 +226,7 @@ export class RedisSessionStorage {
     async getUserSessions(userId) {
         try {
             const client = await this.getClient();
-            const sessionIds = await client.smembers(this.userSessionsKey(userId));
+            const sessionIds = await client.sMembers(this.userSessionsKey(userId));
             const sessions = [];
             for (const sessionId of sessionIds) {
                 const session = await this.get(sessionId);
@@ -216,7 +244,7 @@ export class RedisSessionStorage {
     async deleteUserSessions(userId) {
         try {
             const client = await this.getClient();
-            const sessionIds = await client.smembers(this.userSessionsKey(userId));
+            const sessionIds = await client.sMembers(this.userSessionsKey(userId));
             for (const sessionId of sessionIds) {
                 await client.del(this.sessionKey(sessionId));
             }
@@ -232,10 +260,13 @@ export class RedisSessionStorage {
             // Use SCAN instead of KEYS to avoid blocking Redis in production
             let cursor = "0";
             do {
-                const [nextCursor, keys] = await client.scan(cursor, "MATCH", `${this.prefix}*`, "COUNT", "100");
-                cursor = nextCursor;
-                if (keys.length > 0) {
-                    await client.del(...keys);
+                const result = await client.scan(cursor, {
+                    MATCH: `${this.prefix}*`,
+                    COUNT: 100,
+                });
+                cursor = result.cursor;
+                if (result.keys.length > 0) {
+                    await client.del(result.keys);
                 }
             } while (cursor !== "0");
         }