@juspay/neurolink 9.60.1 → 9.61.1

package/dist/lib/utils/tokenLimits.js

@@ -2,12 +2,54 @@
  * Provider-specific token limit utilities
  * Provides safe maxTokens values based on provider and model capabilities
  */
-import { PROVIDER_MAX_TOKENS } from "../core/constants.js";
+import { PROVIDER_MAX_TOKENS, IMAGE_GENERATION_MODELS, } from "../core/constants.js";
 import { logger } from "./logger.js";
+// Gemini 3 models and Gemini 2.5 image models have a hard limit of 32768 output tokens
+const GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS = 32768;
+/**
+ * Check if a model has the restricted 32768 output token limit
+ * This applies to:
+ * - All Gemini 3 models (gemini-3-flash, gemini-3-pro, etc.)
+ * - All Gemini 2.5 image generation models (gemini-2.5-flash-image)
+ */
+function hasRestrictedOutputLimit(model) {
+    if (!model) {
+        return false;
+    }
+    // Check for Gemini 3 models
+    if (model.includes("gemini-3")) {
+        return true;
+    }
+    // Check for image generation models (includes gemini-2.5-flash-image)
+    if (IMAGE_GENERATION_MODELS.some((m) => model.includes(m))) {
+        return true;
+    }
+    return false;
+}
 /**
  * Get the safe maximum tokens for a provider and model
  */
 export function getSafeMaxTokens(provider, model, requestedMaxTokens) {
+    // CRITICAL: Gemini 3 models AND image generation models have a hard limit of 32768 output tokens
+    // This check must happen FIRST, before any other logic, because these models
+    // will reject requests with maxOutputTokens > 32768
+    const isRestrictedModel = hasRestrictedOutputLimit(model);
+    if (isRestrictedModel) {
+        // Explicit undefined/null check so a caller-supplied 0 is preserved
+        // (truthy checks would treat 0 as "unset" and silently fall back to the cap).
+        if (requestedMaxTokens !== undefined &&
+            requestedMaxTokens !== null &&
+            requestedMaxTokens > GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS) {
+            logger.warn(`Requested maxTokens ${requestedMaxTokens} exceeds ${model} limit of ${GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS}. Using ${GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS} instead.`);
+            return GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS;
+        }
+        // If no maxTokens specified, use the restricted limit as default
+        if (requestedMaxTokens === undefined || requestedMaxTokens === null) {
+            return GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS;
+        }
+        // Otherwise, use the requested value (it's within limits, including 0)
+        return requestedMaxTokens;
+    }
     // Get provider-specific limits
     const providerLimits = PROVIDER_MAX_TOKENS[provider];
     if (!providerLimits) {

package/dist/mcp/auth/oauthClientProvider.js

@@ -5,6 +5,9 @@
 import { randomBytes, createHash } from "crypto";
 import { InMemoryTokenStorage, isTokenExpired, calculateExpiresAt, } from "./tokenStorage.js";
 import { logger } from "../../utils/logger.js";
+import { withTimeout } from "../../utils/errorHandling.js";
+/** Default timeout for OAuth token operations (30 seconds) */
+const OAUTH_TOKEN_TIMEOUT_MS = 30000;
 /**
  * NeuroLink OAuth Provider for MCP HTTP Transport
  * Handles OAuth 2.1 authentication flow with optional PKCE support
@@ -147,15 +150,15 @@ export class NeuroLinkOAuthProvider {
         if (codeVerifier) {
             body.set("code_verifier", codeVerifier);
         }
-        // Request tokens
-        const response = await fetch(this.config.tokenUrl, {
+        // Request tokens with timeout protection
+        const response = await withTimeout(fetch(this.config.tokenUrl, {
             method: "POST",
             headers: {
                 "Content-Type": "application/x-www-form-urlencoded",
                 Accept: "application/json",
             },
             body: body.toString(),
-        });
+        }), OAUTH_TOKEN_TIMEOUT_MS, new Error(`OAuth token exchange timed out after ${OAUTH_TOKEN_TIMEOUT_MS}ms`));
         if (!response.ok) {
             const errorText = await response.text();
             throw new Error(`Token exchange failed: ${response.status} ${response.statusText} - ${errorText}`);
@@ -186,14 +189,15 @@ export class NeuroLinkOAuthProvider {
         if (this.config.clientSecret) {
             body.set("client_secret", this.config.clientSecret);
         }
-        const response = await fetch(this.config.tokenUrl, {
+        // Refresh tokens with timeout protection
+        const response = await withTimeout(fetch(this.config.tokenUrl, {
             method: "POST",
             headers: {
                 "Content-Type": "application/x-www-form-urlencoded",
                 Accept: "application/json",
             },
             body: body.toString(),
-        });
+        }), OAUTH_TOKEN_TIMEOUT_MS, new Error(`OAuth token refresh timed out after ${OAUTH_TOKEN_TIMEOUT_MS}ms`));
         if (!response.ok) {
             const errorText = await response.text();
             throw new Error(`Token refresh failed: ${response.status} ${response.statusText} - ${errorText}`);
@@ -227,13 +231,14 @@ export class NeuroLinkOAuthProvider {
             body.set("client_secret", this.config.clientSecret);
         }
         try {
-            await fetch(revocationUrl, {
+            // Revoke tokens with timeout protection
+            await withTimeout(fetch(revocationUrl, {
                 method: "POST",
                 headers: {
                     "Content-Type": "application/x-www-form-urlencoded",
                 },
                 body: body.toString(),
-            });
+            }), OAUTH_TOKEN_TIMEOUT_MS, new Error(`OAuth token revocation timed out after ${OAUTH_TOKEN_TIMEOUT_MS}ms`));
         }
         catch (error) {
             logger.warn(`[NeuroLinkOAuthProvider] Token revocation failed: ${error instanceof Error ? error.message : String(error)}`);

package/dist/types/tools.d.ts

@@ -439,6 +439,7 @@ export type PendingToolExecution = {
     toolResults: Array<{
         toolCallId?: string;
         toolName?: string;
+        output?: unknown;
         result?: unknown;
         error?: string;
         timestamp?: Date;

package/dist/utils/schemaConversion.d.ts

@@ -8,16 +8,24 @@ import type { ZodUnknownSchema } from "../types/index.js";
  * - Top-level $ref resolution
  * - Nested $ref within properties, items, additionalProperties
  * - $ref within allOf, anyOf, oneOf arrays
+ * - Deep $ref paths like "#/definitions/Foo/properties/bar"
  * - Circular reference detection to prevent infinite loops
  */
-export declare function inlineJsonSchema(schema: Record<string, unknown>, definitions?: Record<string, Record<string, unknown>>, visited?: Set<string>): Record<string, unknown>;
+export declare function inlineJsonSchema(schema: Record<string, unknown>, definitions?: Record<string, Record<string, unknown>>, visited?: Set<string>, rootSchema?: Record<string, unknown>): Record<string, unknown>;
+/**
+ * Recursively ensure all nested schemas have a type field.
+ * Google Vertex AI requires ALL schema objects (including nested properties) to have a type field.
+ * This function walks through the schema tree and adds type:"object" to any object-like schema
+ * that's missing its type field.
+ */
+export declare function ensureNestedSchemaTypes(schema: Record<string, unknown>): Record<string, unknown>;
 /**
  * Convert Zod schema to JSON Schema format for provider APIs.
  *
  * Handles three input types:
- * 1. Zod schemas (have `_def.typeName`) — converted via zod-to-json-schema
- * 2. AI SDK `jsonSchema()` wrappers (have `.jsonSchema` property) — extracted directly
- * 3. Plain JSON Schema objects (have `type`/`properties` but no `_def`) — returned as-is
+ * 1. Zod schemas (have `_def.typeName`) -- converted via zod-to-json-schema
+ * 2. AI SDK `jsonSchema()` wrappers (have `.jsonSchema` property) -- extracted directly
+ * 3. Plain JSON Schema objects (have `type`/`properties` but no `_def`) -- returned as-is
  */
 export declare function convertZodToJsonSchema(zodSchema: ZodUnknownSchema): object;
 export declare function normalizeJsonSchemaObject(schema: Record<string, unknown> | undefined | null): Record<string, unknown>;

package/dist/utils/schemaConversion.js

@@ -2,6 +2,53 @@ import { zodToJsonSchema } from "zod-to-json-schema";
 import { jsonSchemaToZod } from "json-schema-to-zod";
 import { z } from "zod";
 import { logger } from "./logger.js";
+/**
+ * Resolve a deep JSON pointer path within a schema.
+ * Handles paths like "#/definitions/ToolParameters/properties/foo/properties/bar"
+ *
+ * Implements RFC 6901 token decoding so property names containing the literal
+ * characters "/" or "~" can still be resolved (their escaped forms are "~1"
+ * and "~0" respectively). Because "#/..." is the URI-fragment form of a JSON
+ * Pointer (RFC 6901 §6), each segment may also be percent-encoded; we decode
+ * that first.
+ *
+ * Order matters: percent-decode → "~1" → "/" → "~0" → "~". Reversing the
+ * tilde steps would let "~01" round-trip to "/" instead of the intended "~1".
+ */
+function resolveDeepRef(rootSchema, refPath) {
+    // Strip the leading "#/" then split + decode each segment per RFC 6901
+    const pathParts = refPath
+        .replace(/^#\//, "")
+        .split("/")
+        .map((seg) => safePercentDecode(seg).replace(/~1/g, "/").replace(/~0/g, "~"));
+    let current = rootSchema;
+    for (const part of pathParts) {
+        if (current && typeof current === "object" && part in current) {
+            current = current[part];
+        }
+        else {
+            return undefined;
+        }
+    }
+    if (current && typeof current === "object") {
+        return current;
+    }
+    return undefined;
+}
+/**
+ * Percent-decode a JSON Pointer segment defensively. Falls back to the raw
+ * segment if the input contains a malformed escape sequence (decodeURIComponent
+ * throws URIError on those) — better to attempt a literal match than fail the
+ * whole resolution.
+ */
+function safePercentDecode(segment) {
+    try {
+        return decodeURIComponent(segment);
+    }
+    catch {
+        return segment;
+    }
+}
 /**
  * Inline a JSON Schema by recursively resolving all $ref references.
  * zodToJsonSchema with 'name' option produces schemas with $ref pointing to definitions.
@@ -11,29 +58,45 @@ import { logger } from "./logger.js";
  * - Top-level $ref resolution
  * - Nested $ref within properties, items, additionalProperties
  * - $ref within allOf, anyOf, oneOf arrays
+ * - Deep $ref paths like "#/definitions/Foo/properties/bar"
  * - Circular reference detection to prevent infinite loops
  */
-export function inlineJsonSchema(schema, definitions, visited = new Set()) {
+export function inlineJsonSchema(schema, definitions, visited = new Set(), rootSchema) {
     // Use definitions from schema if not provided
     const defs = definitions ||
         schema.definitions;
+    // Keep track of the root schema for deep ref resolution
+    const root = rootSchema || schema;
     // Handle $ref at current level
-    if (typeof schema.$ref === "string" &&
-        schema.$ref.startsWith("#/definitions/")) {
-        const defName = schema.$ref.replace("#/definitions/", "");
+    if (typeof schema.$ref === "string" && schema.$ref.startsWith("#/")) {
+        const refPath = schema.$ref;
         // Prevent circular reference infinite loops
-        if (visited.has(defName)) {
-            logger.debug(`[SCHEMA-INLINE] Circular reference detected for: ${defName}`);
+        if (visited.has(refPath)) {
+            logger.debug(`[SCHEMA-INLINE] Circular reference detected for: ${refPath}`);
             // Return a simple object placeholder for circular refs
             return { type: "object" };
         }
-        if (defs && defs[defName]) {
-            visited.add(defName);
-            // Recursively inline the resolved definition
-            const resolved = inlineJsonSchema({ ...defs[defName] }, defs, visited);
-            visited.delete(defName);
-            return resolved;
+        // Try simple definition lookup first (for #/definitions/SomeName)
+        if (refPath.startsWith("#/definitions/")) {
+            const defName = refPath.replace("#/definitions/", "");
+            // Check if it's a simple definition name (no slashes after definitions/)
+            if (!defName.includes("/") && defs && defs[defName]) {
+                visited.add(refPath);
+                const resolved = inlineJsonSchema({ ...defs[defName] }, defs, visited, root);
+                visited.delete(refPath);
+                return resolved;
+            }
+        }
+        // Try deep path resolution for complex paths like
+        // #/definitions/ToolParameters/properties/accountPerformance/properties/roas
+        const resolved = resolveDeepRef(root, refPath);
+        if (resolved) {
+            visited.add(refPath);
+            const inlined = inlineJsonSchema({ ...resolved }, defs, visited, root);
+            visited.delete(refPath);
+            return inlined;
         }
+        logger.debug(`[SCHEMA-INLINE] Could not resolve $ref: ${refPath}`);
     }
     // Create result without $ref and definitions
     const result = {};
@@ -47,7 +110,7 @@ export function inlineJsonSchema(schema, definitions, visited = new Set()) {
             const properties = {};
             for (const [propName, propSchema] of Object.entries(value)) {
                 if (propSchema && typeof propSchema === "object") {
-                    properties[propName] = inlineJsonSchema(propSchema, defs, visited);
+                    properties[propName] = inlineJsonSchema(propSchema, defs, visited, root);
                 }
                 else {
                     properties[propName] = propSchema;
@@ -59,32 +122,32 @@ export function inlineJsonSchema(schema, definitions, visited = new Set()) {
             // Handle array items schema
             if (Array.isArray(value)) {
                 result[key] = value.map((item) => item && typeof item === "object"
-                    ? inlineJsonSchema(item, defs, visited)
+                    ? inlineJsonSchema(item, defs, visited, root)
                     : item);
             }
             else {
-                result[key] = inlineJsonSchema(value, defs, visited);
+                result[key] = inlineJsonSchema(value, defs, visited, root);
             }
         }
         else if (key === "additionalProperties" &&
             value &&
             typeof value === "object") {
-            result[key] = inlineJsonSchema(value, defs, visited);
+            result[key] = inlineJsonSchema(value, defs, visited, root);
         }
         else if ((key === "allOf" || key === "anyOf" || key === "oneOf") &&
             Array.isArray(value)) {
             // Handle composition schemas
             result[key] = value.map((item) => item && typeof item === "object"
-                ? inlineJsonSchema(item, defs, visited)
+                ? inlineJsonSchema(item, defs, visited, root)
                 : item);
         }
         else if (key === "not" && value && typeof value === "object") {
-            result[key] = inlineJsonSchema(value, defs, visited);
+            result[key] = inlineJsonSchema(value, defs, visited, root);
         }
         else if ((key === "if" || key === "then" || key === "else") &&
             value &&
             typeof value === "object") {
-            result[key] = inlineJsonSchema(value, defs, visited);
+            result[key] = inlineJsonSchema(value, defs, visited, root);
         }
         else {
             result[key] = value;
@@ -92,13 +155,129 @@ export function inlineJsonSchema(schema, definitions, visited = new Set()) {
     }
     return result;
 }
+/**
+ * Recursively ensure all nested schemas have a type field.
+ * Google Vertex AI requires ALL schema objects (including nested properties) to have a type field.
+ * This function walks through the schema tree and adds type:"object" to any object-like schema
+ * that's missing its type field.
+ */
+export function ensureNestedSchemaTypes(schema) {
+    if (!schema || typeof schema !== "object") {
+        return {};
+    }
+    let result = { ...schema };
+    // CRITICAL FIX: Flatten single-item allOf for Google Vertex AI compatibility
+    // When we have { allOf: [{ type: "object", ... }], nullable: true }, flatten it to:
+    // { type: "object", ..., nullable: true }
+    if (result.allOf &&
+        Array.isArray(result.allOf) &&
+        result.allOf.length === 1 &&
+        result.allOf[0] &&
+        typeof result.allOf[0] === "object") {
+        const innerSchema = result.allOf[0];
+        // Only flatten if inner schema has meaningful content (type, properties, items, etc.)
+        if (innerSchema.type ||
+            innerSchema.properties ||
+            innerSchema.items ||
+            innerSchema.enum) {
+            logger.debug(`[SCHEMA-TYPE-FIX] Flattening single-item allOf with type: ${innerSchema.type}`);
+            // Merge: inner schema properties take precedence, except for wrapper's metadata
+            const { allOf: _ignored, ...wrapperProps } = result;
+            result = {
+                ...innerSchema,
+                ...wrapperProps, // Keep wrapper's nullable, description, etc.
+            };
+            // If inner schema had its own nullable/description, restore them
+            if (innerSchema.description && !wrapperProps.description) {
+                result.description = innerSchema.description;
+            }
+        }
+    }
+    // Infer type from structure if missing
+    if (!result.type) {
+        // If it has properties, it's an object
+        if (result.properties) {
+            result.type = "object";
+            logger.debug(`[SCHEMA-TYPE-FIX] Added type:"object" to schema with properties`);
+        }
+        // If it has items, it's an array
+        else if (result.items) {
+            result.type = "array";
+            logger.debug(`[SCHEMA-TYPE-FIX] Added type:"array" to schema with items`);
+        }
+        // If it has enum, infer from enum values — but only when ALL elements
+        // share the same primitive type. A mixed enum like [1, "x"] would
+        // otherwise be silently narrowed to whatever the first element is.
+        else if (result.enum &&
+            Array.isArray(result.enum) &&
+            result.enum.length > 0) {
+            if (result.enum.every((v) => typeof v === "string")) {
+                result.type = "string";
+                logger.debug(`[SCHEMA-TYPE-FIX] Added type:"string" to schema with enum`);
+            }
+            else if (result.enum.every((v) => typeof v === "number")) {
+                result.type = "number";
+                logger.debug(`[SCHEMA-TYPE-FIX] Added type:"number" to schema with enum`);
+            }
+            // Mixed-type enum: leave result.type unset rather than narrow it.
+        }
+        // If it has allOf with typed schemas, infer from first item
+        else if (result.allOf &&
+            Array.isArray(result.allOf) &&
+            result.allOf.length > 0) {
+            const firstItem = result.allOf[0];
+            if (firstItem && firstItem.type) {
+                result.type = firstItem.type;
+                logger.debug(`[SCHEMA-TYPE-FIX] Inferred type from allOf: ${result.type}`);
+            }
+        }
+    }
+    // Recursively process properties
+    if (result.properties && typeof result.properties === "object") {
+        const properties = {};
+        for (const [propName, propSchema] of Object.entries(result.properties)) {
+            if (propSchema && typeof propSchema === "object") {
+                properties[propName] = ensureNestedSchemaTypes(propSchema);
+            }
+            else {
+                properties[propName] = propSchema;
+            }
+        }
+        result.properties = properties;
+    }
+    // Recursively process items (for arrays)
+    if (result.items && typeof result.items === "object") {
+        if (Array.isArray(result.items)) {
+            result.items = result.items.map((item) => item && typeof item === "object"
+                ? ensureNestedSchemaTypes(item)
+                : item);
+        }
+        else {
+            result.items = ensureNestedSchemaTypes(result.items);
+        }
+    }
+    // Recursively process additionalProperties
+    if (result.additionalProperties &&
+        typeof result.additionalProperties === "object") {
+        result.additionalProperties = ensureNestedSchemaTypes(result.additionalProperties);
+    }
+    // Recursively process allOf, anyOf, oneOf
+    for (const key of ["allOf", "anyOf", "oneOf"]) {
+        if (result[key] && Array.isArray(result[key])) {
+            result[key] = result[key].map((item) => item && typeof item === "object"
+                ? ensureNestedSchemaTypes(item)
+                : item);
+        }
+    }
+    return result;
+}
 /**
  * Convert Zod schema to JSON Schema format for provider APIs.
  *
  * Handles three input types:
- * 1. Zod schemas (have `_def.typeName`) — converted via zod-to-json-schema
- * 2. AI SDK `jsonSchema()` wrappers (have `.jsonSchema` property) — extracted directly
- * 3. Plain JSON Schema objects (have `type`/`properties` but no `_def`) — returned as-is
+ * 1. Zod schemas (have `_def.typeName`) -- converted via zod-to-json-schema
+ * 2. AI SDK `jsonSchema()` wrappers (have `.jsonSchema` property) -- extracted directly
+ * 3. Plain JSON Schema objects (have `type`/`properties` but no `_def`) -- returned as-is
  */
 export function convertZodToJsonSchema(zodSchema) {
     const schema = zodSchema;
@@ -110,11 +289,11 @@ export function convertZodToJsonSchema(zodSchema) {
         schema.jsonSchema !== null &&
         typeof schema.jsonSchema === "object") {
         const extracted = schema.jsonSchema;
-        return ensureTypeField(extracted);
+        return ensureNestedSchemaTypes(ensureTypeField(extracted));
     }
     // Plain JSON Schema object (from external MCP tools) — no Zod internals
     if (!isZodSchema(schema)) {
-        return ensureTypeField(schema);
+        return ensureNestedSchemaTypes(ensureTypeField(schema));
     }
     // Actual Zod schema — convert via zod-to-json-schema
     try {
@@ -123,13 +302,15 @@ export function convertZodToJsonSchema(zodSchema) {
         const zodV3Schema = zodSchema;
         const jsonSchema = zodToJsonSchema(zodV3Schema, {
             name: "ToolParameters",
-            target: "jsonSchema7",
+            target: "openApi3", // Use OpenAPI 3.0 for nullable: true instead of anyOf with null (required for Vertex AI)
             errorMessages: true,
         });
         // zodToJsonSchema with 'name' produces { $ref: "#/definitions/ToolParameters", definitions: {...} }
-        // Inline the $ref to produce a flat schema before passing to ensureTypeField
+        // Inline the $ref to produce a flat schema, ensure the root has a type
+        // field, then walk the tree so nested objects/arrays/additionalProperties
+        // also pick up an inferred type (Vertex/Gemini require it everywhere).
         const inlined = inlineJsonSchema(jsonSchema);
-        return ensureTypeField(inlined);
+        return ensureNestedSchemaTypes(ensureTypeField(inlined));
     }
     catch (error) {
         logger.warn("Failed to convert Zod schema to JSON Schema", {

package/dist/utils/tokenLimits.js

@@ -2,12 +2,54 @@
  * Provider-specific token limit utilities
  * Provides safe maxTokens values based on provider and model capabilities
  */
-import { PROVIDER_MAX_TOKENS } from "../core/constants.js";
+import { PROVIDER_MAX_TOKENS, IMAGE_GENERATION_MODELS, } from "../core/constants.js";
 import { logger } from "./logger.js";
+// Gemini 3 models and Gemini 2.5 image models have a hard limit of 32768 output tokens
+const GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS = 32768;
+/**
+ * Check if a model has the restricted 32768 output token limit
+ * This applies to:
+ * - All Gemini 3 models (gemini-3-flash, gemini-3-pro, etc.)
+ * - All Gemini 2.5 image generation models (gemini-2.5-flash-image)
+ */
+function hasRestrictedOutputLimit(model) {
+    if (!model) {
+        return false;
+    }
+    // Check for Gemini 3 models
+    if (model.includes("gemini-3")) {
+        return true;
+    }
+    // Check for image generation models (includes gemini-2.5-flash-image)
+    if (IMAGE_GENERATION_MODELS.some((m) => model.includes(m))) {
+        return true;
+    }
+    return false;
+}
 /**
  * Get the safe maximum tokens for a provider and model
  */
 export function getSafeMaxTokens(provider, model, requestedMaxTokens) {
+    // CRITICAL: Gemini 3 models AND image generation models have a hard limit of 32768 output tokens
+    // This check must happen FIRST, before any other logic, because these models
+    // will reject requests with maxOutputTokens > 32768
+    const isRestrictedModel = hasRestrictedOutputLimit(model);
+    if (isRestrictedModel) {
+        // Explicit undefined/null check so a caller-supplied 0 is preserved
+        // (truthy checks would treat 0 as "unset" and silently fall back to the cap).
+        if (requestedMaxTokens !== undefined &&
+            requestedMaxTokens !== null &&
+            requestedMaxTokens > GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS) {
+            logger.warn(`Requested maxTokens ${requestedMaxTokens} exceeds ${model} limit of ${GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS}. Using ${GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS} instead.`);
+            return GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS;
+        }
+        // If no maxTokens specified, use the restricted limit as default
+        if (requestedMaxTokens === undefined || requestedMaxTokens === null) {
+            return GEMINI_RESTRICTED_MAX_OUTPUT_TOKENS;
+        }
+        // Otherwise, use the requested value (it's within limits, including 0)
+        return requestedMaxTokens;
+    }
     // Get provider-specific limits
     const providerLimits = PROVIDER_MAX_TOKENS[provider];
     if (!providerLimits) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@juspay/neurolink",
-  "version": "9.60.1",
+  "version": "9.61.1",
   "packageManager": "pnpm@10.15.1",
   "description": "Universal AI Development Platform with working MCP integration, multi-provider support, and professional CLI. Built-in tools operational, 58+ external MCP servers discoverable. Connect to filesystem, GitHub, database operations, and more. Build, test, and deploy AI applications with 13 providers: OpenAI, Anthropic, Google AI, AWS Bedrock, Azure, Hugging Face, Ollama, and Mistral AI.",
   "author": {