@juspay/neurolink 9.58.0 → 9.59.1

package/dist/lib/neurolink.d.ts

@@ -5,13 +5,41 @@
  * Enhanced AI provider system with natural MCP tool access.
  * Uses real MCP infrastructure for tool discovery and execution.
  */
-import type { CompactionConfig, CompactionResult, SpanData, ObservabilityConfig, MetricsSummary, MCPToolAnnotations, TraceView, AuthenticatedContext, AuthProvider, JsonObject, NeuroLinkEvents, TypedEventEmitter, MCPEnhancementsConfig, NeuroLinkAuthConfig, NeurolinkConstructorConfig, ChatMessage, ExternalMCPOperationResult, ExternalMCPServerInstance, ExternalMCPToolInfo, GenerateOptions, GenerateResult, ProviderStatus, TextGenerationOptions, TextGenerationResult, MCPExecutableTool, MCPServerInfo, MCPStatus, StreamOptions, StreamResult, ToolExecutionContext, ToolExecutionSummary, ToolInfo, ToolRegistrationOptions, BatchOperationResult } from "./types/index.js";
+import type { CompactionConfig, CompactionResult, SpanData, ObservabilityConfig, MetricsSummary, MCPToolAnnotations, TraceView, AuthenticatedContext, AuthProvider, JsonObject, NeuroLinkEvents, TypedEventEmitter, MCPEnhancementsConfig, NeuroLinkAuthConfig, NeurolinkConstructorConfig, ChatMessage, ExternalMCPOperationResult, ExternalMCPServerInstance, ExternalMCPToolInfo, GenerateOptions, GenerateResult, ProviderStatus, TextGenerationOptions, TextGenerationResult, MCPExecutableTool, MCPServerInfo, MCPStatus, StreamOptions, StreamResult, ToolExecutionContext, ToolExecutionSummary, ToolInfo, ToolRegistrationOptions, BatchOperationResult, StreamGenerationEndContext } from "./types/index.js";
 import { ConversationMemoryManager } from "./core/conversationMemoryManager.js";
 import type { RedisConversationMemoryManager } from "./core/redisConversationMemoryManager.js";
 import { ExternalServerManager } from "./mcp/externalServerManager.js";
 import { MCPToolRegistry } from "./mcp/toolRegistry.js";
 import type { DynamicOptions } from "./types/index.js";
 import { TaskManager } from "./tasks/taskManager.js";
+/**
+ * Curator P2-4 dedup (concurrency-safe): native providers emit
+ * `generation:end` on the shared SDK emitter. We attach a fresh
+ * mutable `dedupContext` object directly to the per-call
+ * `StreamOptions` (under `_streamDedupContext`) so each stream gets
+ * its own instance — concurrent streams have different option objects
+ * and therefore different contexts, so they cannot interfere.
+ *
+ * Native provider emit sites read `options._streamDedupContext` and
+ * flip `.providerEmitted = true` before emitting; the orchestration's
+ * finally block reads the same closed-over reference and skips its
+ * own emit when the flag is set.
+ *
+ * This avoids the AsyncLocalStorage approach which doesn't reliably
+ * propagate through async-generator yield boundaries when iteration
+ * happens from outside the original `run()` scope (e.g. when the
+ * consumer drives `for await of result.stream` after `sdk.stream(...)`
+ * returns).
+ */
+export declare const STREAM_DEDUP_CONTEXT_KEY: "_streamDedupContext";
+/**
+ * Native providers call this from their `generation:end` emit sites,
+ * passing the same `options` object they received. Safe no-op when
+ * the field isn't set.
+ */
+export declare function markStreamProviderEmittedGenerationEnd(options: {
+    _streamDedupContext?: StreamGenerationEndContext;
+} | undefined): void;
 export declare class NeuroLink {
     private mcpInitialized;
     private mcpSkipped;
@@ -968,6 +996,40 @@ export declare class NeuroLink {
      * @see {@link NeuroLink.executeTool} for events related to tool execution
      */
     getEventEmitter(): TypedEventEmitter<NeuroLinkEvents>;
+    /**
+     * Curator P1-1: synchronous credential health check for a single provider.
+     *
+     * Drives a tiny real call against the provider (1-token completion or
+     * `/models` listing depending on provider) to confirm the configured
+     * credentials are valid. Useful at startup so a service can refuse to
+     * boot if its primary provider's credentials are broken instead of
+     * discovering the problem on first user request.
+     *
+     * @example
+     * ```ts
+     * const health = await neurolink.checkCredentials({ provider: "litellm" });
+     * if (health.status !== "ok") {
+     *   throw new Error(`provider not ready: ${health.detail}`);
+     * }
+     * ```
+     *
+     * @param input - the provider to check
+     * @returns `{ provider, status, detail }`. Possible status values:
+     *   - `"ok"` — credentials valid and provider reachable
+     *   - `"missing"` — required env / credentials not configured
+     *   - `"expired"` — credentials present but rejected (401/403)
+     *   - `"denied"` — credentials valid but team not whitelisted for any model
+     *   - `"network"` — provider unreachable (timeout, ECONNREFUSED, DNS)
+     *   - `"unknown"` — other error; consult `detail`
+     */
+    checkCredentials(input: {
+        provider: string;
+        model?: string;
+    }): Promise<{
+        provider: string;
+        status: "ok" | "missing" | "expired" | "denied" | "network" | "unknown";
+        detail: string;
+    }>;
     /**
      * Emit tool start event with execution tracking
      * @param toolName - Name of the tool being executed

package/dist/lib/neurolink.js

@@ -52,7 +52,7 @@ import { resolveDynamicArgument } from "./dynamic/dynamicResolver.js";
 import { initializeHippocampus } from "./memory/hippocampusInitializer.js";
 import { createMemoryRetrievalTools } from "./memory/memoryRetrievalTools.js";
 import { getMetricsAggregator, MetricsAggregator, } from "./observability/metricsAggregator.js";
-import { SpanStatus, SpanType, CircuitBreakerOpenError, ConversationMemoryError, AuthenticationError, AuthorizationError, InvalidModelError, } from "./types/index.js";
+import { SpanStatus, SpanType, CircuitBreakerOpenError, ConversationMemoryError, AuthenticationError, AuthorizationError, InvalidModelError, ModelAccessDeniedError, } from "./types/index.js";
 import { SpanSerializer } from "./observability/utils/spanSerializer.js";
 import { flushOpenTelemetry, getLangfuseHealthStatus, initializeOpenTelemetry, isOpenTelemetryInitialized, runWithCurrentLangfuseContext, setLangfuseContext, shutdownOpenTelemetry, } from "./services/server/ai/observability/instrumentation.js";
 import { TaskManager } from "./tasks/taskManager.js";
@@ -187,6 +187,13 @@ function isNonRetryableProviderError(error) {
     if (error instanceof AuthorizationError) {
         return true;
     }
+    // Curator P1-1: model-access-denied is permanent for the (provider, model)
+    // pair until the team whitelist changes. Retrying with the same config
+    // would just waste a second roundtrip. Caller / fallback-orchestrator
+    // should pick a different model.
+    if (error instanceof ModelAccessDeniedError) {
+        return true;
+    }
     // Check for HTTP status codes on error objects (e.g., from Vercel AI SDK)
     if (error && typeof error === "object") {
         const err = error;
@@ -290,6 +297,37 @@ function isNonRetryableProviderError(error) {
  * same NeuroLink instance would clobber each other's trace context.
  */
 const metricsTraceContextStorage = new AsyncLocalStorage();
+/**
+ * Curator P2-4 dedup (concurrency-safe): native providers emit
+ * `generation:end` on the shared SDK emitter. We attach a fresh
+ * mutable `dedupContext` object directly to the per-call
+ * `StreamOptions` (under `_streamDedupContext`) so each stream gets
+ * its own instance — concurrent streams have different option objects
+ * and therefore different contexts, so they cannot interfere.
+ *
+ * Native provider emit sites read `options._streamDedupContext` and
+ * flip `.providerEmitted = true` before emitting; the orchestration's
+ * finally block reads the same closed-over reference and skips its
+ * own emit when the flag is set.
+ *
+ * This avoids the AsyncLocalStorage approach which doesn't reliably
+ * propagate through async-generator yield boundaries when iteration
+ * happens from outside the original `run()` scope (e.g. when the
+ * consumer drives `for await of result.stream` after `sdk.stream(...)`
+ * returns).
+ */
+export const STREAM_DEDUP_CONTEXT_KEY = "_streamDedupContext";
+/**
+ * Native providers call this from their `generation:end` emit sites,
+ * passing the same `options` object they received. Safe no-op when
+ * the field isn't set.
+ */
+export function markStreamProviderEmittedGenerationEnd(options) {
+    const ctx = options?._streamDedupContext;
+    if (ctx) {
+        ctx.providerEmitted = true;
+    }
+}
 export class NeuroLink {
     mcpInitialized = false;
     mcpSkipped = false;
@@ -4977,8 +5015,23 @@ Current user's request: ${currentInput}`;
             const streamStartTime = Date.now();
             const sessionId = enhancedOptions.context
                 ?.sessionId;
+            // Curator P2-4 dedup (concurrency-safe): native provider stream paths
+            // (Gemini 3 on Vertex / Google AI Studio) emit `generation:end`
+            // themselves. We attach a per-stream mutable flag directly to
+            // `enhancedOptions._streamDedupContext` — native providers receive
+            // these options and flip the flag before their emit; this finally
+            // block reads the same closed-over reference. Concurrent streams
+            // have different option objects so the contexts don't interfere.
+            const dedupContext = {
+                providerEmitted: false,
+            };
+            enhancedOptions._streamDedupContext = dedupContext;
             const processedStream = (async function* () {
                 let streamError;
+                // Curator P2-4: hoist `resolvedUsage` so the finally block can emit a
+                // single `generation:end` event with cost data. Cost listeners
+                // subscribe here; previously the stream path never fired it.
+                let resolvedUsage;
                 try {
                     for await (const chunk of mcpStream) {
                         chunkCount++;
@@ -5008,7 +5061,7 @@ Current user's request: ${currentInput}`;
                             accumulatedContent += content;
                         });
                     }
-                    let resolvedUsage = streamUsage;
+                    resolvedUsage = streamUsage;
                     if (!resolvedUsage && streamAnalytics) {
                         try {
                             const resolved = await Promise.resolve(streamAnalytics);
@@ -5083,6 +5136,61 @@ Current user's request: ${currentInput}`;
                         guardrailsBlocked: metadata.guardrailsBlocked,
                         error: metadata.error,
                     });
+                    // Curator P2-4: emit `generation:end` exactly once per stream so
+                    // cost listeners receive the same contract as for `generate()`.
+                    // The previous implementation only fired `stream:complete`, leaving
+                    // any subscriber to `generation:end` with zero events.
+                    //
+                    // Dedup: native provider stream paths (Gemini 3 on Vertex / Google
+                    // AI Studio) already emit `generation:end` themselves so Pipeline B
+                    // (Langfuse) records a GENERATION observation. Skip our emit when
+                    // they already fired — preserves their Pipeline B observation
+                    // source and keeps the "exactly once" contract. Per-stream flag
+                    // is concurrency-safe because it's scoped via AsyncLocalStorage.
+                    if (!dedupContext.providerEmitted) {
+                        try {
+                            const finalProvider = metadata.fallbackProvider ?? providerName ?? "unknown";
+                            const finalModel = metadata.fallbackModel ??
+                                streamModel ??
+                                enhancedOptions.model ??
+                                "unknown";
+                            const finalFinishReason = streamError
+                                ? "error"
+                                : (streamState.finishReason ?? "stop");
+                            self.emitter.emit("generation:end", {
+                                provider: finalProvider,
+                                model: finalModel,
+                                responseTime: Date.now() - streamStartTime,
+                                toolsUsed: streamState.toolCalls?.map((t) => t.toolName),
+                                timestamp: Date.now(),
+                                result: {
+                                    content: accumulatedContent,
+                                    usage: resolvedUsage,
+                                    model: finalModel,
+                                    provider: finalProvider,
+                                    finishReason: finalFinishReason,
+                                },
+                                prompt: enhancedOptions.input?.text ||
+                                    enhancedOptions.prompt,
+                                temperature: enhancedOptions.temperature,
+                                maxTokens: enhancedOptions.maxTokens,
+                                success: !streamError,
+                                error: streamError
+                                    ? streamError instanceof Error
+                                        ? streamError.message
+                                        : String(streamError)
+                                    : undefined,
+                                pipelineAHandled: true,
+                            });
+                        }
+                        catch (emitError) {
+                            logger.debug("[NeuroLink.stream] generation:end listener threw — ignored", {
+                                error: emitError instanceof Error
+                                    ? emitError.message
+                                    : String(emitError),
+                            });
+                        }
+                    }
                     self._disableToolCacheForCurrentRequest = false;
                     cleanupListeners();
                     streamSpan.setAttribute("neurolink.response_time_ms", Date.now() - spanStartTime);
@@ -6087,6 +6195,87 @@ Current user's request: ${currentInput}`;
     getEventEmitter() {
         return this.emitter;
     }
+    /**
+     * Curator P1-1: synchronous credential health check for a single provider.
+     *
+     * Drives a tiny real call against the provider (1-token completion or
+     * `/models` listing depending on provider) to confirm the configured
+     * credentials are valid. Useful at startup so a service can refuse to
+     * boot if its primary provider's credentials are broken instead of
+     * discovering the problem on first user request.
+     *
+     * @example
+     * ```ts
+     * const health = await neurolink.checkCredentials({ provider: "litellm" });
+     * if (health.status !== "ok") {
+     *   throw new Error(`provider not ready: ${health.detail}`);
+     * }
+     * ```
+     *
+     * @param input - the provider to check
+     * @returns `{ provider, status, detail }`. Possible status values:
+     *   - `"ok"` — credentials valid and provider reachable
+     *   - `"missing"` — required env / credentials not configured
+     *   - `"expired"` — credentials present but rejected (401/403)
+     *   - `"denied"` — credentials valid but team not whitelisted for any model
+     *   - `"network"` — provider unreachable (timeout, ECONNREFUSED, DNS)
+     *   - `"unknown"` — other error; consult `detail`
+     */
+    async checkCredentials(input) {
+        const { provider, model } = input;
+        const probeText = "ping";
+        try {
+            // 1-token probe is cheap, exercises auth + routing without much cost.
+            await this.generate({
+                provider: provider,
+                ...(model && { model }),
+                input: { text: probeText },
+                maxTokens: 16,
+                disableTools: true,
+            });
+            return { provider, status: "ok", detail: "credentials valid" };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            const lower = msg.toLowerCase();
+            if (err instanceof ModelAccessDeniedError) {
+                return {
+                    provider,
+                    status: "denied",
+                    detail: msg,
+                };
+            }
+            if (lower.includes("authentication") ||
+                lower.includes("401") ||
+                lower.includes("invalid api key") ||
+                lower.includes("incorrect api key") ||
+                lower.includes("api_key_invalid") ||
+                lower.includes("token has expired") ||
+                lower.includes("expired credentials")) {
+                return { provider, status: "expired", detail: msg };
+            }
+            if (lower.includes("not configured") ||
+                lower.includes("missing api") ||
+                lower.includes("api key is required") ||
+                lower.includes("no api key") ||
+                lower.includes("application default credentials") ||
+                lower.includes("google_application_credentials") ||
+                lower.includes("project_id") ||
+                lower.includes("default credentials") ||
+                lower.includes("service account")) {
+                return { provider, status: "missing", detail: msg };
+            }
+            if (lower.includes("econnrefused") ||
+                lower.includes("enotfound") ||
+                lower.includes("could not resolve") ||
+                lower.includes("timeout") ||
+                lower.includes("network") ||
+                lower.includes("cannot connect")) {
+                return { provider, status: "network", detail: msg };
+            }
+            return { provider, status: "unknown", detail: msg };
+        }
+    }
     // ========================================
     // ENHANCED: Tool Event Emission API
     // ========================================

package/dist/lib/providers/googleAiStudio.js

@@ -4,6 +4,7 @@ import { ErrorCategory, ErrorSeverity, GoogleAIModels, } from "../constants/enum
 import { BaseProvider } from "../core/baseProvider.js";
 import { DEFAULT_MAX_STEPS } from "../core/constants.js";
 import { streamAnalyticsCollector } from "../core/streamAnalytics.js";
+import { markStreamProviderEmittedGenerationEnd, } from "../neurolink.js";
 import { SpanStatusCode } from "@opentelemetry/api";
 import { ATTR, tracers, withClientSpan } from "../telemetry/index.js";
 import { AuthenticationError, NetworkError, ProviderError, RateLimitError, } from "../types/index.js";
@@ -735,6 +736,9 @@ export class GoogleAIStudioProvider extends BaseProvider {
                         // AI SDK so experimental_telemetry is never injected; we emit manually.
                         const nativeStreamEmitter = this.neurolink?.getEventEmitter();
                         if (nativeStreamEmitter) {
+                            // Curator P2-4 dedup: flag the per-stream context attached
+                            // to options so the orchestration skips its own emit.
+                            markStreamProviderEmittedGenerationEnd(options);
                             nativeStreamEmitter.emit("generation:end", {
                                 provider: this.providerName,
                                 responseTime,
@@ -767,6 +771,9 @@ export class GoogleAIStudioProvider extends BaseProvider {
                         // Emit failure generation:end so Pipeline B records the failed stream
                         const errorEmitter = this.neurolink?.getEventEmitter();
                         if (errorEmitter) {
+                            // Curator P2-4 dedup: flag the per-stream context attached
+                            // to options so the orchestration skips its own emit.
+                            markStreamProviderEmittedGenerationEnd(options);
                             errorEmitter.emit("generation:end", {
                                 provider: this.providerName,
                                 responseTime: Date.now() - startTime,

package/dist/lib/providers/googleVertex.js

@@ -10,6 +10,7 @@ import { ErrorCategory, ErrorSeverity, } from "../constants/enums.js";
 import { BaseProvider } from "../core/baseProvider.js";
 import { DEFAULT_MAX_STEPS, GLOBAL_LOCATION_MODELS, } from "../core/constants.js";
 import { ModelConfigurationManager } from "../core/modelConfiguration.js";
+import { markStreamProviderEmittedGenerationEnd, } from "../neurolink.js";
 import { createProxyFetch } from "../proxy/proxyFetch.js";
 import { ATTR, tracers, withClientSpan } from "../telemetry/index.js";
 import { AuthenticationError, InvalidModelError, NetworkError, ProviderError, RateLimitError, } from "../types/index.js";
@@ -1630,8 +1631,12 @@ export class GoogleVertexProvider extends BaseProvider {
             // Emit generation:end so Pipeline B (Langfuse) creates a GENERATION
             // observation. The native @google/genai stream path on Vertex bypasses the
             // Vercel AI SDK so experimental_telemetry is never injected; we emit manually.
+            // Curator P2-4 dedup: flag the per-stream context attached to options
+            // so the orchestration in `runStandardStreamRequest` knows we already
+            // emitted and skips its own emit (preserving exactly-once).
             const vertexStreamEmitter = this.neurolink?.getEventEmitter();
             if (vertexStreamEmitter) {
+                markStreamProviderEmittedGenerationEnd(params.options);
                 vertexStreamEmitter.emit("generation:end", {
                     provider: this.providerName,
                     responseTime,

package/dist/lib/providers/litellm.js

@@ -5,7 +5,7 @@ import { BaseProvider } from "../core/baseProvider.js";
 import { DEFAULT_MAX_STEPS } from "../core/constants.js";
 import { streamAnalyticsCollector } from "../core/streamAnalytics.js";
 import { createProxyFetch } from "../proxy/proxyFetch.js";
-import { AuthenticationError, InvalidModelError, NetworkError, ProviderError, RateLimitError, } from "../types/index.js";
+import { AuthenticationError, InvalidModelError, ModelAccessDeniedError, NetworkError, ProviderError, RateLimitError, isModelAccessDeniedMessage, parseAllowedModels, } from "../types/index.js";
 import { isAbortError } from "../utils/errorHandling.js";
 import { emitToolEndFromStepFinish } from "../utils/toolEndEmitter.js";
 import { logger } from "../utils/logger.js";
@@ -100,6 +100,17 @@ export class LiteLLMProvider extends BaseProvider {
                 return new NetworkError("LiteLLM proxy server not available. Please start the LiteLLM proxy server at " +
                     `${process.env.LITELLM_BASE_URL || "http://localhost:4000"}`, this.providerName);
             }
+            // Curator P1-1: detect "team not allowed to access model" responses
+            // and surface as ModelAccessDeniedError with the allowed_models array
+            // parsed from the body. Must run before the generic "API key" check
+            // because LiteLLM phrases this as a 403 distinct from auth.
+            if (isModelAccessDeniedMessage(errorRecord.message)) {
+                return new ModelAccessDeniedError(errorRecord.message, {
+                    provider: this.providerName,
+                    requestedModel: this.modelName,
+                    allowedModels: parseAllowedModels(errorRecord.message),
+                });
+            }
             if (errorRecord.message.includes("API_KEY_INVALID") ||
                 errorRecord.message.includes("Invalid API key")) {
                 return new AuthenticationError("Invalid LiteLLM configuration. Please check your LITELLM_API_KEY environment variable.", this.providerName);

package/dist/lib/providers/openAI.js

@@ -235,10 +235,27 @@ export class OpenAIProvider extends BaseProvider {
         const errorType = errorObj?.type && typeof errorObj.type === "string"
             ? errorObj.type
             : undefined;
+        const statusCode = typeof errorObj?.status === "number"
+            ? errorObj.status
+            : typeof errorObj?.statusCode === "number"
+                ? errorObj.statusCode
+                : undefined;
+        // Curator P1-1 / Reviewer Finding #4: only the explicit auth markers
+        // map to AuthenticationError. Earlier we treated every
+        // `invalid_request_error` as an auth failure — that's OpenAI's catch-all
+        // for any bad request (unsupported parameter, malformed JSON, etc.) and
+        // mislabelled them as "invalid API key". Use credential-specific
+        // signals only.
         if (message.includes("API_KEY_INVALID") ||
             message.includes("Invalid API key") ||
-            errorType === "invalid_api_key") {
-            return new AuthenticationError("Invalid OpenAI API key. Please check your OPENAI_API_KEY environment variable.", this.providerName);
+            message.includes("Incorrect API key") ||
+            message.includes("invalid_api_key") ||
+            errorType === "invalid_api_key" ||
+            statusCode === 401) {
+            return new AuthenticationError(message.includes("Incorrect API key") ||
+                message.includes("Invalid API key")
+                ? message
+                : "Invalid OpenAI API key. Please check your OPENAI_API_KEY environment variable.", this.providerName);
         }
         if (message.includes("rate limit") || errorType === "rate_limit_error") {
             return new RateLimitError("OpenAI rate limit exceeded. Please try again later.", this.providerName);

package/dist/lib/types/errors.d.ts

@@ -104,3 +104,45 @@ export declare class ModelAccessError extends BaseError {
     readonly requiredTier: string;
     constructor(model: string, tier: string, requiredTier: string);
 }
+/**
+ * Curator P1-1: thrown when a provider rejects a request because the
+ * caller's team / API key is not whitelisted for the requested model.
+ *
+ * LiteLLM's `team not allowed to access model. This team can only access
+ * models=['glm-latest', 'kimi-latest', ...]` is the canonical example —
+ * the list is parsed off the error body so callers / fallback orchestrators
+ * can choose a whitelisted alternative without scraping strings.
+ */
+export declare class ModelAccessDeniedError extends ProviderError {
+    readonly requestedModel: string | undefined;
+    readonly allowedModels: string[] | undefined;
+    readonly code: "MODEL_ACCESS_DENIED";
+    constructor(message: string, options?: {
+        provider?: string;
+        requestedModel?: string;
+        allowedModels?: string[];
+    });
+}
+/**
+ * Parse the `allowed_models` array out of a provider error message body.
+ * Currently targets the LiteLLM team-whitelist response shape:
+ *
+ *   "team not allowed to access model. This team can only access
+ *    models=['glm-latest', 'kimi-latest', 'open-large']"
+ *
+ * Implementation note: deliberately uses `indexOf`/`slice` instead of a
+ * single `/models\s*=\s*\[([^\]]*)\]/` regex. CodeQL flagged the latter
+ * as `js/polynomial-redos` because the `[^\]]*` greedy quantifier on
+ * library-supplied input can be exploited by a crafted long string. The
+ * indexOf/slice path is O(n) with no backtracking and we additionally
+ * cap the input length.
+ *
+ * Returns undefined when no list is found.
+ */
+export declare function parseAllowedModels(message: string): string[] | undefined;
+/**
+ * Returns true when `message` looks like a model-access-denied response
+ * (LiteLLM "team not allowed", generic "not allowed to access model",
+ * or "team can only access models=[...]").
+ */
+export declare function isModelAccessDeniedMessage(message: string): boolean;

package/dist/lib/types/errors.js

@@ -165,4 +165,98 @@ export class ModelAccessError extends BaseError {
         this.requiredTier = requiredTier;
     }
 }
+/**
+ * Curator P1-1: thrown when a provider rejects a request because the
+ * caller's team / API key is not whitelisted for the requested model.
+ *
+ * LiteLLM's `team not allowed to access model. This team can only access
+ * models=['glm-latest', 'kimi-latest', ...]` is the canonical example —
+ * the list is parsed off the error body so callers / fallback orchestrators
+ * can choose a whitelisted alternative without scraping strings.
+ */
+export class ModelAccessDeniedError extends ProviderError {
+    requestedModel;
+    allowedModels;
+    code = "MODEL_ACCESS_DENIED";
+    constructor(message, options = {}) {
+        super(message, options.provider);
+        this.name = "ModelAccessDeniedError";
+        this.requestedModel = options.requestedModel;
+        this.allowedModels = options.allowedModels;
+    }
+}
+/** Maximum body length we'll attempt to parse. Real provider error
+ *  bodies are well under 10 KB; longer inputs are either truncated
+ *  log output or a deliberate ReDoS attempt. */
+const MAX_ALLOWED_MODELS_INPUT = 10_000;
+/**
+ * Parse the `allowed_models` array out of a provider error message body.
+ * Currently targets the LiteLLM team-whitelist response shape:
+ *
+ *   "team not allowed to access model. This team can only access
+ *    models=['glm-latest', 'kimi-latest', 'open-large']"
+ *
+ * Implementation note: deliberately uses `indexOf`/`slice` instead of a
+ * single `/models\s*=\s*\[([^\]]*)\]/` regex. CodeQL flagged the latter
+ * as `js/polynomial-redos` because the `[^\]]*` greedy quantifier on
+ * library-supplied input can be exploited by a crafted long string. The
+ * indexOf/slice path is O(n) with no backtracking and we additionally
+ * cap the input length.
+ *
+ * Returns undefined when no list is found.
+ */
+export function parseAllowedModels(message) {
+    if (typeof message !== "string" || message.length === 0) {
+        return undefined;
+    }
+    if (message.length > MAX_ALLOWED_MODELS_INPUT) {
+        return undefined;
+    }
+    // Locate `models` keyword case-insensitively, then walk forward to
+    // confirm `=` and `[` markers — no regex backtracking.
+    const lower = message.toLowerCase();
+    let idx = lower.indexOf("models", 0);
+    while (idx !== -1) {
+        let cursor = idx + "models".length;
+        // Skip whitespace
+        while (cursor < message.length && /\s/.test(message[cursor])) {
+            cursor++;
+        }
+        if (message[cursor] !== "=") {
+            idx = lower.indexOf("models", idx + 1);
+            continue;
+        }
+        cursor++;
+        while (cursor < message.length && /\s/.test(message[cursor])) {
+            cursor++;
+        }
+        if (message[cursor] !== "[") {
+            idx = lower.indexOf("models", idx + 1);
+            continue;
+        }
+        const open = cursor;
+        const close = message.indexOf("]", open + 1);
+        if (close === -1) {
+            return undefined;
+        }
+        const inside = message.slice(open + 1, close);
+        const items = inside
+            .split(",")
+            .map((s) => s.trim().replace(/^['"]|['"]$/g, ""))
+            .filter((s) => s.length > 0);
+        return items.length > 0 ? items : undefined;
+    }
+    return undefined;
+}
+/**
+ * Returns true when `message` looks like a model-access-denied response
+ * (LiteLLM "team not allowed", generic "not allowed to access model",
+ * or "team can only access models=[...]").
+ */
+export function isModelAccessDeniedMessage(message) {
+    const lower = message.toLowerCase();
+    return ((lower.includes("team") && lower.includes("not allowed")) ||
+        lower.includes("team can only access") ||
+        /not\s+allowed\s+to\s+access\s+(this\s+)?model/i.test(message));
+}
 //# sourceMappingURL=errors.js.map

package/dist/lib/types/index.d.ts

@@ -57,3 +57,4 @@ export * from "./span.js";
 export * from "./imageGen.js";
 export * from "./elicitation.js";
 export * from "./dynamic.js";
+export * from "./streamDedup.js";

package/dist/lib/types/index.js

@@ -60,4 +60,6 @@ export * from "./imageGen.js";
 export * from "./elicitation.js";
 // Dynamic Arguments types
 export * from "./dynamic.js";
+// Curator P2-4 dedup: per-stream AsyncLocalStorage context
+export * from "./streamDedup.js";
 //# sourceMappingURL=index.js.map

package/dist/lib/types/streamDedup.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Curator P2-4 dedup (concurrency-safe): per-stream context that lets
+ * the orchestration's `runStandardStreamRequest` finally block know
+ * whether a *native provider* path within THIS stream's async chain
+ * already emitted `generation:end`. Native providers (Vertex / Google
+ * AI Studio for Gemini 3, etc.) emit on the shared SDK emitter; without
+ * scoping, a concurrent unrelated stream's emit on the same NeuroLink
+ * instance would suppress the wrong stream's orchestration emit.
+ *
+ * AsyncLocalStorage scopes each stream's flag to its own async chain.
+ */
+export type StreamGenerationEndContext = {
+    providerEmitted: boolean;
+};

package/dist/lib/types/streamDedup.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=streamDedup.js.map