npm - @juspay/neurolink - Versions diffs - 9.58.0 → 9.59.0 - Mend

@juspay/neurolink 9.58.0 → 9.59.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/CHANGELOG.md +6 -0
package/dist/browser/neurolink.min.js +314 -314
package/dist/lib/neurolink.d.ts +34 -0
package/dist/lib/neurolink.js +89 -1
package/dist/lib/providers/litellm.js +12 -1
package/dist/lib/providers/openAI.js +19 -2
package/dist/lib/types/errors.d.ts +42 -0
package/dist/lib/types/errors.js +94 -0
package/dist/neurolink.d.ts +34 -0
package/dist/neurolink.js +89 -1
package/dist/providers/litellm.js +12 -1
package/dist/providers/openAI.js +19 -2
package/dist/types/errors.d.ts +42 -0
package/dist/types/errors.js +94 -0
package/package.json +1 -1

package/dist/types/errors.js CHANGED Viewed

@@ -165,3 +165,97 @@ export class ModelAccessError extends BaseError {
         this.requiredTier = requiredTier;
     }
 }
+/**
+ * Curator P1-1: thrown when a provider rejects a request because the
+ * caller's team / API key is not whitelisted for the requested model.
+ *
+ * LiteLLM's `team not allowed to access model. This team can only access
+ * models=['glm-latest', 'kimi-latest', ...]` is the canonical example —
+ * the list is parsed off the error body so callers / fallback orchestrators
+ * can choose a whitelisted alternative without scraping strings.
+ */
+export class ModelAccessDeniedError extends ProviderError {
+    requestedModel;
+    allowedModels;
+    code = "MODEL_ACCESS_DENIED";
+    constructor(message, options = {}) {
+        super(message, options.provider);
+        this.name = "ModelAccessDeniedError";
+        this.requestedModel = options.requestedModel;
+        this.allowedModels = options.allowedModels;
+    }
+}
+/** Maximum body length we'll attempt to parse. Real provider error
+ *  bodies are well under 10 KB; longer inputs are either truncated
+ *  log output or a deliberate ReDoS attempt. */
+const MAX_ALLOWED_MODELS_INPUT = 10_000;
+/**
+ * Parse the `allowed_models` array out of a provider error message body.
+ * Currently targets the LiteLLM team-whitelist response shape:
+ *
+ *   "team not allowed to access model. This team can only access
+ *    models=['glm-latest', 'kimi-latest', 'open-large']"
+ *
+ * Implementation note: deliberately uses `indexOf`/`slice` instead of a
+ * single `/models\s*=\s*\[([^\]]*)\]/` regex. CodeQL flagged the latter
+ * as `js/polynomial-redos` because the `[^\]]*` greedy quantifier on
+ * library-supplied input can be exploited by a crafted long string. The
+ * indexOf/slice path is O(n) with no backtracking and we additionally
+ * cap the input length.
+ *
+ * Returns undefined when no list is found.
+ */
+export function parseAllowedModels(message) {
+    if (typeof message !== "string" || message.length === 0) {
+        return undefined;
+    }
+    if (message.length > MAX_ALLOWED_MODELS_INPUT) {
+        return undefined;
+    }
+    // Locate `models` keyword case-insensitively, then walk forward to
+    // confirm `=` and `[` markers — no regex backtracking.
+    const lower = message.toLowerCase();
+    let idx = lower.indexOf("models", 0);
+    while (idx !== -1) {
+        let cursor = idx + "models".length;
+        // Skip whitespace
+        while (cursor < message.length && /\s/.test(message[cursor])) {
+            cursor++;
+        }
+        if (message[cursor] !== "=") {
+            idx = lower.indexOf("models", idx + 1);
+            continue;
+        }
+        cursor++;
+        while (cursor < message.length && /\s/.test(message[cursor])) {
+            cursor++;
+        }
+        if (message[cursor] !== "[") {
+            idx = lower.indexOf("models", idx + 1);
+            continue;
+        }
+        const open = cursor;
+        const close = message.indexOf("]", open + 1);
+        if (close === -1) {
+            return undefined;
+        }
+        const inside = message.slice(open + 1, close);
+        const items = inside
+            .split(",")
+            .map((s) => s.trim().replace(/^['"]|['"]$/g, ""))
+            .filter((s) => s.length > 0);
+        return items.length > 0 ? items : undefined;
+    }
+    return undefined;
+}
+/**
+ * Returns true when `message` looks like a model-access-denied response
+ * (LiteLLM "team not allowed", generic "not allowed to access model",
+ * or "team can only access models=[...]").
+ */
+export function isModelAccessDeniedMessage(message) {
+    const lower = message.toLowerCase();
+    return ((lower.includes("team") && lower.includes("not allowed")) ||
+        lower.includes("team can only access") ||
+        /not\s+allowed\s+to\s+access\s+(this\s+)?model/i.test(message));
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@juspay/neurolink",
-  "version": "9.58.0",
+  "version": "9.59.0",
   "packageManager": "pnpm@10.15.1",
   "description": "Universal AI Development Platform with working MCP integration, multi-provider support, and professional CLI. Built-in tools operational, 58+ external MCP servers discoverable. Connect to filesystem, GitHub, database operations, and more. Build, test, and deploy AI applications with 13 providers: OpenAI, Anthropic, Google AI, AWS Bedrock, Azure, Hugging Face, Ollama, and Mistral AI.",
   "author": {