@juspay/neurolink 9.50.2 → 9.51.1

package/dist/proxy/accountQuota.d.ts

@@ -16,6 +16,12 @@ import type { AccountQuota } from "../types/index.js";
  * Pure computation — no I/O, no blocking.
  */
 export declare function parseQuotaHeaders(headers: Headers | Record<string, string>): AccountQuota | null;
+/**
+ * Initialise the quota module with a custom file path.
+ * When set, all reads/writes go to this path instead of the default
+ * ~/.neurolink/account-quotas.json. Call before the first load/save.
+ */
+export declare function initAccountQuota(quotaFilePath: string): void;
 /**
  * Load all persisted account quotas.
  * First call reads from disk; subsequent calls return the in-memory cache.

package/dist/proxy/accountQuota.js

@@ -9,7 +9,7 @@
  * updates an in-memory cache and debounces disk writes so the request/response
  * path is never blocked by file I/O.
  */
-import { join } from "path";
+import { dirname, join } from "path";
 import { homedir } from "os";
 import { promises as fs } from "fs";
 // ---------------------------------------------------------------------------
@@ -73,11 +73,32 @@ let memoryCache = {};
 let cacheLoaded = false;
 let dirty = false;
 let flushTimer = null;
+/** Custom quota file path set via initAccountQuota(). */
+let customQuotaFilePath = null;
+/**
+ * Initialise the quota module with a custom file path.
+ * When set, all reads/writes go to this path instead of the default
+ * ~/.neurolink/account-quotas.json. Call before the first load/save.
+ */
+export function initAccountQuota(quotaFilePath) {
+    customQuotaFilePath = quotaFilePath;
+    // Cancel any pending flush from a previous configuration so it does not
+    // write stale data to the new path.
+    if (flushTimer) {
+        clearTimeout(flushTimer);
+        flushTimer = null;
+    }
+    // Reset cache so the new path is picked up on next load
+    memoryCache = {};
+    cacheLoaded = false;
+    dirty = false;
+}
 function getQuotaFilePath() {
-    return join(homedir(), ".neurolink", QUOTA_FILE);
+    return customQuotaFilePath ?? join(homedir(), ".neurolink", QUOTA_FILE);
 }
 async function ensureDir() {
-    const dir = join(homedir(), ".neurolink");
+    const filePath = getQuotaFilePath();
+    const dir = dirname(filePath);
     await fs.mkdir(dir, { recursive: true, mode: 0o700 }).catch(() => {
         // Non-fatal: directory may already exist
     });

package/dist/proxy/proxyPaths.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Proxy file path resolver.
+ *
+ * In normal mode, all paths resolve under ~/.neurolink/.
+ * In dev mode (--dev), writable paths resolve under <cwd>/.neurolink-dev/
+ * so a local dev proxy never touches the global proxy's state.
+ *
+ * Read-only paths (like .env) always point to the global location
+ * since credentials must be shared.
+ *
+ * NOTE: Claude Code header snapshots (~/.neurolink/header-snapshots/) are
+ * not redirected in dev mode. They are only written when a real Claude Code
+ * client connects, which typically does not happen during dev testing.
+ */
+export type ProxyPaths = {
+    /** Base directory for proxy state files */
+    stateDir: string;
+    /** logs/ — request/response logs */
+    logsDir: string;
+    /** account-quotas.json — per-account rate limit state */
+    quotaFile: string;
+    /** Whether this is a dev-mode isolated instance */
+    isDev: boolean;
+};
+export declare function resolveProxyPaths(dev: boolean): ProxyPaths;

package/dist/proxy/proxyPaths.js

@@ -0,0 +1,34 @@
+/**
+ * Proxy file path resolver.
+ *
+ * In normal mode, all paths resolve under ~/.neurolink/.
+ * In dev mode (--dev), writable paths resolve under <cwd>/.neurolink-dev/
+ * so a local dev proxy never touches the global proxy's state.
+ *
+ * Read-only paths (like .env) always point to the global location
+ * since credentials must be shared.
+ *
+ * NOTE: Claude Code header snapshots (~/.neurolink/header-snapshots/) are
+ * not redirected in dev mode. They are only written when a real Claude Code
+ * client connects, which typically does not happen during dev testing.
+ */
+import { homedir } from "node:os";
+import { join } from "node:path";
+export function resolveProxyPaths(dev) {
+    if (dev) {
+        const base = join(process.cwd(), ".neurolink-dev");
+        return {
+            stateDir: base,
+            logsDir: join(base, "logs"),
+            quotaFile: join(base, "account-quotas.json"),
+            isDev: true,
+        };
+    }
+    const base = join(homedir(), ".neurolink");
+    return {
+        stateDir: base,
+        logsDir: join(base, "logs"),
+        quotaFile: join(base, "account-quotas.json"),
+        isDev: false,
+    };
+}

package/dist/proxy/requestLogger.d.ts

@@ -6,7 +6,7 @@
  * Useful for debugging and auditing proxy traffic.
  */
 import type { RequestAttemptLogEntry, RequestLogEntry } from "../types/index.js";
-export declare function initRequestLogger(enabled?: boolean): void;
+export declare function initRequestLogger(enabled?: boolean, customLogsDir?: string): void;
 export declare function logRequest(entry: RequestLogEntry): Promise<void>;
 /**
  * Log an upstream attempt separately from the final request outcome.

package/dist/proxy/requestLogger.js

@@ -44,13 +44,13 @@ const SENSITIVE_HEADER_NAMES = new Set([
 const SENSITIVE_HEADER_PATTERN = /token|secret|key|password|credential/i;
 /** JSON keys whose values should be redacted in request/response bodies. */
 const SENSITIVE_BODY_KEYS = /("(?:password|access_token|refresh_token|api_key|apiKey|secret|authorization|token|credential|x-api-key)"\s*:\s*)"(?:[^"\\]|\\.)*"/gi;
-export function initRequestLogger(enabled = true) {
+export function initRequestLogger(enabled = true, customLogsDir) {
     logEnabled = enabled;
     if (!enabled) {
         return;
     }
     try {
-        logDir = join(homedir(), ".neurolink", "logs");
+        logDir = customLogsDir ?? join(homedir(), ".neurolink", "logs");
         if (!existsSync(logDir)) {
             mkdirSync(logDir, { recursive: true, mode: 0o700 });
         }

package/dist/types/cli.d.ts

@@ -765,6 +765,7 @@ export type ProxyStartArgs = {
     config?: string;
     envFile?: string;
     passthrough?: boolean;
+    dev?: boolean;
 };
 /** Arguments accepted by `neurolink proxy status` */
 export type ProxyStatusArgs = {

package/dist/types/conversation.d.ts

@@ -385,7 +385,7 @@ export type AgenticLoopReportType = "META" | "GOOGLEADS" | "GOOGLEGA4" | "OTHER"
 /**
  * Status of an agentic loop report
  */
-export type AgenticLoopReportStatus = "INPROGRESS" | "COMPLETED";
+export type AgenticLoopReportStatus = "INPROGRESS" | "COMPLETED" | "CANCELLED" | "FAILED";
 /**
  * Metadata for an individual agentic loop report
  * A conversation session can have multiple reports tracked via this type
@@ -495,6 +495,8 @@ export type ConversationSummary = ConversationBase & {
 export type RedisStorageConfig = {
     /** Redis connection URL (e.g., 'rediss://host:6379' for TLS) */
     url?: string;
+    /** Redis username for ACL authentication (optional) */
+    username?: string;
     /** Redis host (default: 'localhost') */
     host?: string;
     /** Redis port (default: 6379) */

package/dist/utils/messageBuilder.js

@@ -1209,6 +1209,155 @@ async function downloadImageFromUrl(url) {
         throw new Error(`Failed to download image from ${url}: ${error instanceof Error ? error.message : String(error)}`, { cause: error });
     }
 }
+/**
+ * Get MIME type from file extension
+ */
+function getMimeTypeFromExtension(filePath) {
+    const ext = filePath.toLowerCase().split(".").pop();
+    switch (ext) {
+        case "png":
+            return "image/png";
+        case "gif":
+            return "image/gif";
+        case "webp":
+            return "image/webp";
+        case "bmp":
+            return "image/bmp";
+        case "tiff":
+        case "tif":
+            return "image/tiff";
+        default:
+            return "image/jpeg";
+    }
+}
+/**
+ * Detect MIME type from buffer magic bytes
+ * Returns undefined if format cannot be detected
+ */
+function detectMimeTypeFromBuffer(buffer) {
+    // JPEG: FF D8 FF
+    if (buffer.length >= 3 &&
+        buffer[0] === 0xff &&
+        buffer[1] === 0xd8 &&
+        buffer[2] === 0xff) {
+        return "image/jpeg";
+    }
+    // PNG: 89 50 4E 47 0D 0A 1A 0A
+    if (buffer.length >= 8 &&
+        buffer[0] === 0x89 &&
+        buffer[1] === 0x50 &&
+        buffer[2] === 0x4e &&
+        buffer[3] === 0x47 &&
+        buffer[4] === 0x0d &&
+        buffer[5] === 0x0a &&
+        buffer[6] === 0x1a &&
+        buffer[7] === 0x0a) {
+        return "image/png";
+    }
+    // GIF: 47 49 46 38 (37|39) 61
+    if (buffer.length >= 6 &&
+        buffer[0] === 0x47 &&
+        buffer[1] === 0x49 &&
+        buffer[2] === 0x46 &&
+        buffer[3] === 0x38 &&
+        (buffer[4] === 0x37 || buffer[4] === 0x39) &&
+        buffer[5] === 0x61) {
+        return "image/gif";
+    }
+    // WebP: 52 49 46 46 ?? ?? ?? ?? 57 45 42 50
+    if (buffer.length >= 12 &&
+        buffer[0] === 0x52 &&
+        buffer[1] === 0x49 &&
+        buffer[2] === 0x46 &&
+        buffer[3] === 0x46 &&
+        buffer[8] === 0x57 &&
+        buffer[9] === 0x45 &&
+        buffer[10] === 0x42 &&
+        buffer[11] === 0x50) {
+        return "image/webp";
+    }
+    // BMP: 42 4D
+    if (buffer.length >= 2 && buffer[0] === 0x42 && buffer[1] === 0x4d) {
+        return "image/bmp";
+    }
+    // TIFF: (49 49 2A 00) or (4D 4D 00 2A)
+    if (buffer.length >= 4 &&
+        ((buffer[0] === 0x49 &&
+            buffer[1] === 0x49 &&
+            buffer[2] === 0x2a &&
+            buffer[3] === 0x00) ||
+            (buffer[0] === 0x4d &&
+                buffer[1] === 0x4d &&
+                buffer[2] === 0x00 &&
+                buffer[3] === 0x2a))) {
+        return "image/tiff";
+    }
+    return undefined;
+}
+/**
+ * Convert file path to raw base64 string.
+ * Returns raw base64 (not a data: URI) to avoid SSRF validation in AI SDK v6.
+ */
+function convertFilePathToBase64(filePath) {
+    if (!existsSync(filePath)) {
+        throw new Error(`Image file not found: ${filePath}`);
+    }
+    const buffer = readFileSync(filePath);
+    return buffer.toString("base64");
+}
+/**
+ * Process a single image input and convert to raw base64 format.
+ * IMPORTANT: Returns raw base64 (not a data: URI) to avoid SSRF validation
+ * in Vercel AI SDK v6. The SDK calls `new URL(image)` on string values;
+ * a data: URI is a valid URL, causing the SDK to "download" it and hit
+ * validateDownloadUrl which throws "URL scheme must be http or https, got data:".
+ * Passing raw base64 avoids this because `new URL(base64string)` throws and
+ * the SDK treats the string as inline base64 data instead.
+ */
+function processImageToBase64(image, index) {
+    let imageData;
+    let mimeType = "image/jpeg"; // Default mime type
+    if (typeof image === "string") {
+        if (image.startsWith("data:")) {
+            // Data URI (including downloaded URLs) - extract mime type and raw base64
+            const match = image.match(/^data:([^;]+);base64,(.+)$/);
+            if (match) {
+                mimeType = match[1];
+                imageData = match[2]; // Raw base64 only — NOT the full data: URI
+            }
+            else {
+                imageData = image;
+            }
+        }
+        else if (isInternetUrl(image)) {
+            // This should not happen as URLs are processed separately
+            throw new Error(`Unprocessed URL found in actualImages: ${image}`);
+        }
+        else {
+            // File path string - convert to raw base64
+            try {
+                imageData = convertFilePathToBase64(image);
+                mimeType = getMimeTypeFromExtension(image);
+            }
+            catch (error) {
+                MultimodalLogger.logError("FILE_PATH_CONVERSION", error, {
+                    index,
+                    filePath: image,
+                });
+                throw new Error(`Failed to convert file path to base64: ${image}. ${error}`, { cause: error });
+            }
+        }
+    }
+    else {
+        // Buffer - convert to raw base64 with proper MIME type detection
+        const detectedMimeType = detectMimeTypeFromBuffer(image);
+        if (detectedMimeType) {
+            mimeType = detectedMimeType;
+        }
+        imageData = image.toString("base64");
+    }
+    return { imageData, mimeType };
+}
 /**
  * Convert simple images format to Vercel AI SDK format with smart auto-detection
  * - URLs: Downloaded and converted to base64 for Vercel AI SDK compatibility
@@ -1270,80 +1419,8 @@ async function convertSimpleImagesToProviderFormat(text, images, provider, _mode
     // Process all images (including downloaded URLs) for Vercel AI SDK
     actualImages.forEach(({ data: image }, index) => {
         try {
-            // Vercel AI SDK v6 expects { type: 'image', image: Buffer | string, mimeType?: string }
-            // IMPORTANT: The `image` field must be raw base64 or a Buffer — NOT a data: URI string.
-            // The AI SDK v6's download pipeline calls `new URL(image)` on string values. A data: URI
-            // is a valid URL, so the SDK tries to "download" it, which hits SSRF validation
-            // (validateDownloadUrl) and throws "URL scheme must be http or https, got data:".
-            // Passing raw base64 avoids this because `new URL(base64string)` throws and the SDK
-            // treats the string as inline base64 data instead.
-            let imageData;
-            let mimeType = "image/jpeg"; // Default mime type
-            if (typeof image === "string") {
-                if (image.startsWith("data:")) {
-                    // Data URI (including downloaded URLs) - extract mime type and raw base64
-                    const match = image.match(/^data:([^;]+);base64,(.+)$/);
-                    if (match) {
-                        mimeType = match[1];
-                        imageData = match[2]; // Raw base64 only — NOT the full data: URI
-                    }
-                    else {
-                        imageData = image;
-                    }
-                }
-                else if (isInternetUrl(image)) {
-                    // This should not happen as URLs are processed separately above
-                    // But handle it gracefully just in case
-                    throw new Error(`Unprocessed URL found in actualImages: ${image}`);
-                }
-                else {
-                    // File path string - convert to base64
-                    try {
-                        if (existsSync(image)) {
-                            const buffer = readFileSync(image);
-                            const base64 = buffer.toString("base64");
-                            // Detect mime type from file extension
-                            const ext = image.toLowerCase().split(".").pop();
-                            switch (ext) {
-                                case "png":
-                                    mimeType = "image/png";
-                                    break;
-                                case "gif":
-                                    mimeType = "image/gif";
-                                    break;
-                                case "webp":
-                                    mimeType = "image/webp";
-                                    break;
-                                case "bmp":
-                                    mimeType = "image/bmp";
-                                    break;
-                                case "tiff":
-                                case "tif":
-                                    mimeType = "image/tiff";
-                                    break;
-                                default:
-                                    mimeType = "image/jpeg";
-                                    break;
-                            }
-                            imageData = base64; // Raw base64 only
-                        }
-                        else {
-                            throw new Error(`Image file not found: ${image}`);
-                        }
-                    }
-                    catch (error) {
-                        MultimodalLogger.logError("FILE_PATH_CONVERSION", error, {
-                            index,
-                            filePath: image,
-                        });
-                        throw new Error(`Failed to convert file path to base64: ${image}. ${error}`, { cause: error });
-                    }
-                }
-            }
-            else {
-                // Buffer - convert to raw base64
-                imageData = image.toString("base64");
-            }
+            // Use helper function to process image and reduce nesting depth
+            const { imageData, mimeType } = processImageToBase64(image, index);
             content.push({
                 type: "image",
                 image: imageData,

package/dist/utils/redis.js

@@ -353,6 +353,7 @@ export function getNormalizedConfig(config) {
     const defaultUserSessionsPrefix = keyPrefix.replace(/conversation:?$/, "user:sessions:");
     let host = config.host || "localhost";
     let port = config.port || 6379;
+    let username = config.username || "";
     let password = config.password || "";
     let db = config.db || 0;
     let url = config.url;
@@ -361,13 +362,14 @@ export function getNormalizedConfig(config) {
             const parsedUrl = new URL(url);
             host = parsedUrl.hostname;
             port = parsedUrl.port ? parseInt(parsedUrl.port) : 6379;
+            username = parsedUrl.username || username;
             password = parsedUrl.password || password;
             db = parsedUrl.pathname
                 ? parseInt(parsedUrl.pathname.replace("/", "")) || 0
                 : 0;
         }
         catch (e) {
-            const sanitizedUrl = url.replace(/:\/\/[^:]+:[^@]+@/, "://[redacted]@");
+            const sanitizedUrl = url.replace(/:\/\/[^@]+@/, "://[redacted]@");
             logger.warn("[redisUtils] Failed to parse Redis URL, falling back to component-based connection", {
                 url: sanitizedUrl,
                 error: e instanceof Error ? e.message : String(e),
@@ -380,6 +382,7 @@ export function getNormalizedConfig(config) {
         host,
         port,
         password,
+        username,
         db,
         keyPrefix,
         userSessionsKeyPrefix: config.userSessionsKeyPrefix || defaultUserSessionsPrefix,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@juspay/neurolink",
-  "version": "9.50.2",
+  "version": "9.51.1",
   "packageManager": "pnpm@10.15.1",
   "description": "Universal AI Development Platform with working MCP integration, multi-provider support, and professional CLI. Built-in tools operational, 58+ external MCP servers discoverable. Connect to filesystem, GitHub, database operations, and more. Build, test, and deploy AI applications with 13 providers: OpenAI, Anthropic, Google AI, AWS Bedrock, Azure, Hugging Face, Ollama, and Mistral AI.",
   "author": {