@juspay/neurolink 9.44.0 → 9.48.1

package/dist/types/serverTypes.js

@@ -0,0 +1,67 @@
+/**
+ * Server Adapter Types
+ * Comprehensive type system for NeuroLink server adapters
+ */
+// ============================================
+// Error Types
+// ============================================
+/**
+ * Error categories for server adapter errors
+ */
+export const ErrorCategory = {
+    CONFIG: "CONFIG",
+    VALIDATION: "VALIDATION",
+    EXECUTION: "EXECUTION",
+    EXTERNAL: "EXTERNAL",
+    RATE_LIMIT: "RATE_LIMIT",
+    AUTHENTICATION: "AUTHENTICATION",
+    AUTHORIZATION: "AUTHORIZATION",
+    STREAMING: "STREAMING",
+    WEBSOCKET: "WEBSOCKET",
+};
+/**
+ * Error severity levels
+ */
+export const ErrorSeverity = {
+    LOW: "LOW",
+    MEDIUM: "MEDIUM",
+    HIGH: "HIGH",
+    CRITICAL: "CRITICAL",
+};
+/**
+ * Server adapter error codes
+ */
+export const ServerAdapterErrorCode = {
+    // Configuration errors
+    INVALID_CONFIG: "SERVER_ADAPTER_INVALID_CONFIG",
+    MISSING_DEPENDENCY: "SERVER_ADAPTER_MISSING_DEPENDENCY",
+    FRAMEWORK_INIT_FAILED: "SERVER_ADAPTER_FRAMEWORK_INIT_FAILED",
+    // Route errors
+    ROUTE_NOT_FOUND: "SERVER_ADAPTER_ROUTE_NOT_FOUND",
+    ROUTE_CONFLICT: "SERVER_ADAPTER_ROUTE_CONFLICT",
+    INVALID_ROUTE: "SERVER_ADAPTER_INVALID_ROUTE",
+    // Execution errors
+    HANDLER_ERROR: "SERVER_ADAPTER_HANDLER_ERROR",
+    TIMEOUT: "SERVER_ADAPTER_TIMEOUT",
+    MIDDLEWARE_ERROR: "SERVER_ADAPTER_MIDDLEWARE_ERROR",
+    // Rate limit errors
+    RATE_LIMIT_EXCEEDED: "SERVER_ADAPTER_RATE_LIMIT_EXCEEDED",
+    // Authentication/Authorization errors
+    AUTH_REQUIRED: "SERVER_ADAPTER_AUTH_REQUIRED",
+    AUTH_INVALID: "SERVER_ADAPTER_AUTH_INVALID",
+    FORBIDDEN: "SERVER_ADAPTER_FORBIDDEN",
+    // Streaming errors
+    STREAM_ERROR: "SERVER_ADAPTER_STREAM_ERROR",
+    STREAM_ABORTED: "SERVER_ADAPTER_STREAM_ABORTED",
+    // WebSocket errors
+    WEBSOCKET_ERROR: "SERVER_ADAPTER_WEBSOCKET_ERROR",
+    WEBSOCKET_CONNECTION_FAILED: "SERVER_ADAPTER_WEBSOCKET_CONNECTION_FAILED",
+    // Validation errors
+    VALIDATION_ERROR: "SERVER_ADAPTER_VALIDATION_ERROR",
+    SCHEMA_ERROR: "SERVER_ADAPTER_SCHEMA_ERROR",
+    // Server lifecycle errors
+    START_FAILED: "SERVER_ADAPTER_START_FAILED",
+    STOP_FAILED: "SERVER_ADAPTER_STOP_FAILED",
+    ALREADY_RUNNING: "SERVER_ADAPTER_ALREADY_RUNNING",
+    NOT_RUNNING: "SERVER_ADAPTER_NOT_RUNNING",
+};

package/dist/types/streamTypes.d.ts

@@ -1,7 +1,7 @@
 import type { LanguageModel, StepResult, Tool, ToolChoice } from "ai";
 import type { AIProviderName } from "../constants/enums.js";
-import type { EvaluationData } from "../index.js";
-import type { RAGConfig } from "../rag/types.js";
+import type { EvaluationData } from "./evaluation.js";
+import type { RAGConfig } from "./ragTypes.js";
 import type { AnalyticsData, ToolExecutionEvent, ToolExecutionSummary } from "../types/index.js";
 import type { MiddlewareFactoryOptions, OnChunkCallback, OnErrorCallback, OnFinishCallback } from "../types/middlewareTypes.js";
 import type { TokenUsage } from "./analytics.js";

package/dist/types/typeAliases.d.ts

@@ -4,7 +4,7 @@
  */
 import type { ZodTypeAny } from "zod";
 import type { Schema } from "ai";
-import type { JsonValue, JsonObject } from "./common.js";
+import type { JsonValue, Result, AsyncFunction } from "./common.js";
 import { zodToJsonSchema } from "zod-to-json-schema";
 /**
  * Type alias for complex Zod schema type to improve readability
@@ -65,11 +65,6 @@ export type JsonRecord = Record<string, JsonValue>;
 export type OptionalStandardRecord = StandardRecord | undefined;
 export type OptionalStringRecord = StringRecord | undefined;
 export type OptionalJsonRecord = JsonRecord | undefined;
-/**
- * Standard async function type for tool execution
- * Most common function signature in the codebase
- */
-export type AsyncFunction<TParams = unknown, TResult = unknown> = (params: TParams) => Promise<TResult>;
 /**
  * Tool execution function with context
  * Standard pattern for MCP tool execution
@@ -98,21 +93,11 @@ export type TransformFunction<TInput = unknown, TOutput = unknown> = (input: TIn
  * Async transformation function type
  */
 export type AsyncTransformFunction<TInput = unknown, TOutput = unknown> = (input: TInput) => Promise<TOutput>;
-/**
- * Array of unknown values
- * Common for flexible array parameters
- */
-export type UnknownArray = unknown[];
 /**
  * Array of standard records
  * Common in data collections
  */
 export type RecordArray = StandardRecord[];
-/**
- * Array of JSON objects
- * API-safe array type
- */
-export type JsonArray = JsonObject[];
 /**
  * String array type
  * Very common for lists of identifiers, names, etc.
@@ -203,17 +188,6 @@ export type StandardError = {
     details?: StandardRecord;
     stack?: string;
 };
-/**
- * Result type with success/error pattern
- * Common pattern for operation results
- */
-export type Result<TData = unknown, TError = StandardError> = {
-    success: true;
-    data: TData;
-} | {
-    success: false;
-    error: TError;
-};
 /**
  * Async result type
  */
@@ -285,16 +259,6 @@ export type ServiceConfig = {
     apiKey?: string;
     metadata?: StandardRecord;
 };
-/**
- * Cache configuration
- * Common caching parameters
- */
-export type CacheConfig = {
-    enabled?: boolean;
-    ttl?: number;
-    maxSize?: number;
-    strategy?: "memory" | "redis" | "hybrid";
-};
 /**
  * Rate limiting configuration
  * Common rate limiting parameters

package/dist/utils/imageProcessor.js

@@ -364,11 +364,58 @@ export class ImageProcessor {
                 const height = buffer.readUInt32BE(20);
                 return { width, height };
             }
-            // Basic JPEG dimension extraction (simplified)
+            // JPEG dimension extraction via SOF marker parsing
             if (buffer.length >= 4 && buffer[0] === 0xff && buffer[1] === 0xd8) {
-                // This is a very basic implementation
-                // For production, consider using a proper image library
-                return null;
+                // Search for SOF0 (0xFFC0) or SOF2 (0xFFC2) markers
+                let offset = 2;
+                while (offset < buffer.length - 1) {
+                    // Find next marker (0xFF followed by non-zero, non-0xFF byte)
+                    if (buffer[offset] !== 0xff) {
+                        offset++;
+                        continue;
+                    }
+                    // Skip any padding 0xFF bytes
+                    while (offset < buffer.length && buffer[offset] === 0xff) {
+                        offset++;
+                    }
+                    if (offset >= buffer.length) {
+                        break;
+                    }
+                    const marker = buffer[offset];
+                    offset++;
+                    // Check for SOF0 (0xC0 - baseline DCT) and SOF2 (0xC2 - progressive DCT)
+                    // These are the most common JPEG encoding modes
+                    if (marker === 0xc0 || marker === 0xc2) {
+                        // SOF marker found: length (2 bytes) + precision (1 byte) + height (2 bytes) + width (2 bytes)
+                        if (offset + 7 > buffer.length) {
+                            break; // Truncated file
+                        }
+                        const height = buffer.readUInt16BE(offset + 3);
+                        const width = buffer.readUInt16BE(offset + 5);
+                        return { width, height };
+                    }
+                    // Skip this marker's segment (except for markers without length)
+                    if (marker === 0xd0 ||
+                        marker === 0xd1 ||
+                        marker === 0xd2 ||
+                        marker === 0xd3 ||
+                        marker === 0xd4 ||
+                        marker === 0xd5 ||
+                        marker === 0xd6 ||
+                        marker === 0xd7 ||
+                        marker === 0xd8 ||
+                        marker === 0xd9 ||
+                        marker === 0x01) {
+                        // RST0-RST7, SOI, EOI, TEM - no length field
+                        continue;
+                    }
+                    if (offset + 2 > buffer.length) {
+                        break; // Truncated file
+                    }
+                    const segmentLength = buffer.readUInt16BE(offset);
+                    offset += segmentLength;
+                }
+                return null; // No SOF marker found
             }
             return null;
         }
@@ -437,6 +484,30 @@ export class ImageProcessor {
         }
     }
 }
+/**
+ * Whitelist of valid image file extensions (lowercase, no dots).
+ * Used to validate file extensions against a known set of image formats.
+ */
+export const VALID_IMAGE_EXTENSIONS = [
+    "jpg",
+    "jpeg",
+    "png",
+    "gif",
+    "webp",
+    "bmp",
+    "tiff",
+    "tif",
+    "svg",
+    "avif",
+    "ico",
+    "heic",
+    "heif",
+];
+/**
+ * Set of valid image extensions for O(1) lookup.
+ * @internal
+ */
+const VALID_IMAGE_EXTENSIONS_SET = new Set(VALID_IMAGE_EXTENSIONS);
 /**
  * Utility functions for image handling
  */
@@ -466,11 +537,52 @@ export const imageUtils = {
      */
     isBase64: (str) => imageUtils.isValidBase64(str),
     /**
-     * Extract file extension from filename or URL
+     * Extract file extension from filename or URL.
+     * Strips query strings and fragments before matching so that
+     * "image.jpg?v=1" correctly returns "jpg".
+     * Returns null if no extension is found or if the extension
+     * contains non-alphanumeric characters.
      */
     getFileExtension: (filename) => {
-        const match = filename.match(/\.([^.]+)$/);
-        return match ? match[1].toLowerCase() : null;
+        const sanitized = filename.split(/[?#]/)[0];
+        const match = sanitized.match(/\.([^.]+)$/);
+        if (!match) {
+            return null;
+        }
+        const extension = match[1].toLowerCase();
+        if (!/^[a-z0-9]+$/.test(extension)) {
+            return null;
+        }
+        return extension;
+    },
+    /**
+     * Validate that an extension is a recognised image format.
+     * Case-insensitive; rejects extensions with special characters.
+     */
+    isValidImageExtension: (extension) => {
+        if (!extension || typeof extension !== "string") {
+            return false;
+        }
+        const normalizedExt = extension.toLowerCase();
+        if (!/^[a-z0-9]+$/.test(normalizedExt)) {
+            return false;
+        }
+        return VALID_IMAGE_EXTENSIONS_SET.has(normalizedExt);
+    },
+    /**
+     * Extract and validate image file extension from a filename or URL.
+     * Returns null if the extension is missing or not a recognised image format.
+     *
+     * Security note: the last extension is used, so "malware.exe.jpg" returns
+     * "jpg". Callers should apply additional checks (e.g. content inspection)
+     * where double-extension attacks are a concern.
+     */
+    getValidatedImageExtension: (filename) => {
+        const extension = imageUtils.getFileExtension(filename);
+        if (!extension) {
+            return null;
+        }
+        return imageUtils.isValidImageExtension(extension) ? extension : null;
     },
     /**
      * Convert file size to human readable format
@@ -576,7 +688,11 @@ export const imageUtils = {
                 if (!/^image\//i.test(contentType)) {
                     throw new Error(`Unsupported content-type: ${contentType || "unknown"}`);
                 }
-                const len = Number(response.headers.get("content-length") || 0);
+                const contentLengthHeader = response.headers.get("content-length");
+                const len = Number(contentLengthHeader || 0);
+                if (contentLengthHeader !== null && len === 0) {
+                    throw new Error("Empty response: content-length is 0");
+                }
                 if (len && len > maxBytes) {
                     throw new Error(`Content too large: ${len} bytes`);
                 }

package/dist/utils/messageBuilder.js

@@ -1127,15 +1127,27 @@ export async function buildMultimodalMessagesArray(options, provider, model) {
 async function convertContentToProviderFormat(content, provider, _model) {
     const textContent = content.find((c) => c.type === "text");
     const imageContent = content.filter((c) => c.type === "image");
-    if (!textContent) {
-        throw new Error("Multimodal content must include at least one text element");
-    }
-    if (imageContent.length === 0) {
-        return textContent.text;
+    const pdfContent = content.filter((c) => c.type === "pdf");
+    // Allow empty text when multimodal content is present (enables image-only or PDF-only queries)
+    const text = textContent?.text || "";
+    const hasMultimodal = imageContent.length > 0 || pdfContent.length > 0;
+    // Validate that we have at least some content
+    if (!hasMultimodal && !text) {
+        throw new Error("Content must include either text or multimodal content");
+    }
+    // Text-only case
+    if (imageContent.length === 0 && pdfContent.length === 0) {
+        return text;
     }
     // Extract images as Buffer | string array
     const images = imageContent.map((img) => img.data);
-    return await convertSimpleImagesToProviderFormat(textContent.text, images, provider, _model);
+    // Extract PDFs in the expected format
+    const pdfFiles = pdfContent.map((pdf) => ({
+        buffer: typeof pdf.data === "string" ? Buffer.from(pdf.data, "base64") : pdf.data,
+        filename: pdf.metadata?.filename || "document.pdf",
+        pageCount: pdf.metadata?.pages ?? null,
+    }));
+    return await convertMultimodalToProviderFormat(text, images, pdfFiles, provider, _model);
 }
 /**
  * Check if a string is an internet URL

package/dist/workflow/config.d.ts

@@ -41,8 +41,8 @@ export declare const JudgeConfigSchema: z.ZodObject<{
     model: z.ZodString;
     criteria: z.ZodArray<z.ZodString>;
     outputFormat: z.ZodEnum<{
-        scores: "scores";
         detailed: "detailed";
+        scores: "scores";
         ranking: "ranking";
         best: "best";
     }>;
@@ -195,8 +195,8 @@ export declare const WorkflowConfigSchema: z.ZodObject<{
         model: z.ZodString;
         criteria: z.ZodArray<z.ZodString>;
         outputFormat: z.ZodEnum<{
-            scores: "scores";
             detailed: "detailed";
+            scores: "scores";
             ranking: "ranking";
             best: "best";
         }>;
@@ -219,8 +219,8 @@ export declare const WorkflowConfigSchema: z.ZodObject<{
         model: z.ZodString;
         criteria: z.ZodArray<z.ZodString>;
         outputFormat: z.ZodEnum<{
-            scores: "scores";
             detailed: "detailed";
+            scores: "scores";
             ranking: "ranking";
             best: "best";
         }>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@juspay/neurolink",
-  "version": "9.44.0",
+  "version": "9.48.1",
   "packageManager": "pnpm@10.15.1",
   "description": "Universal AI Development Platform with working MCP integration, multi-provider support, and professional CLI. Built-in tools operational, 58+ external MCP servers discoverable. Connect to filesystem, GitHub, database operations, and more. Build, test, and deploy AI applications with 13 providers: OpenAI, Anthropic, Google AI, AWS Bedrock, Azure, Hugging Face, Ollama, and Mistral AI.",
   "author": {

package/scripts/observability/manage-local-openobserve.sh

@@ -167,6 +167,33 @@ export NEUROLINK_OPENOBSERVE_OTLP_ENDPOINT
 
 select_compose
 
+# Write or update OTEL_EXPORTER_OTLP_ENDPOINT in ~/.neurolink/.env so the
+# proxy picks it up automatically without any manual export.
+upsert_neurolink_env() {
+  local neurolink_dir="${HOME}/.neurolink"
+  local env_file="${neurolink_dir}/.env"
+  local endpoint="http://localhost:${NEUROLINK_OTLP_HTTP_PORT}"
+  local key="OTEL_EXPORTER_OTLP_ENDPOINT"
+
+  mkdir -p "${neurolink_dir}"
+  chmod 700 "${neurolink_dir}" 2>/dev/null || true
+
+  if [[ -f "${env_file}" ]] && grep -Eq "^[[:space:]]*(export[[:space:]]+)?${key}=" "${env_file}"; then
+    # Replace existing line in-place (portable sed -i)
+    sed -i.bak -E "s|^[[:space:]]*(export[[:space:]]+)?${key}=.*|${key}=${endpoint}|" "${env_file}"
+    rm -f "${env_file}.bak"
+  else
+    # Ensure the new entry starts on its own line if the file lacks a trailing newline
+    if [[ -f "${env_file}" ]] && [[ -s "${env_file}" ]] && [[ "$(tail -c 1 "${env_file}")" != "" ]]; then
+      echo "" >> "${env_file}"
+    fi
+    echo "${key}=${endpoint}" >> "${env_file}"
+  fi
+  chmod 600 "${env_file}" 2>/dev/null || true
+
+  echo "  Wrote ${key}=${endpoint} to ${env_file}"
+}
+
 command="${1:-setup}"
 
 case "${command}" in
@@ -175,6 +202,7 @@ case "${command}" in
     wait_for_http "OpenObserve" "${NEUROLINK_OPENOBSERVE_URL}/healthz"
     wait_for_http "OTEL collector" "http://localhost:${NEUROLINK_OTEL_HEALTH_PORT}/"
     node "${IMPORT_SCRIPT}" --replace-by-title
+    upsert_neurolink_env
     cat <<EOF
 Local proxy observability is ready.
 
@@ -183,12 +211,12 @@ OpenObserve login user: ${NEUROLINK_OPENOBSERVE_USER}
 OpenObserve password source: ${ENV_FILE} (NEUROLINK_OPENOBSERVE_PASSWORD)
 OTLP HTTP endpoint: http://localhost:${NEUROLINK_OTLP_HTTP_PORT}
 
-Set this before starting the proxy:
-  export OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:${NEUROLINK_OTLP_HTTP_PORT}
+OTEL endpoint written to ~/.neurolink/.env — the proxy will pick it up automatically on next start.
 EOF
     ;;
   up|start)
     compose up -d
+    upsert_neurolink_env
     ;;
   down|stop)
     compose down