@juspay/neurolink 9.70.5 → 9.70.7

package/dist/lib/neurolink.js

@@ -76,7 +76,7 @@ import { resolveModel } from "./utils/modelAliasResolver.js";
 // Import orchestration components
 import { ModelRouter } from "./utils/modelRouter.js";
 import { getBestProvider } from "./utils/providerUtils.js";
-import { NON_RETRYABLE_HTTP_STATUS_CODES } from "./utils/retryability.js";
+import { NON_RETRYABLE_HTTP_STATUS_CODES, isDeterministicClientErrorMessage, } from "./utils/retryability.js";
 import { isZodSchema } from "./utils/schemaConversion.js";
 import { BinaryTaskClassifier } from "./utils/taskClassifier.js";
 // Tool detection and execution imports
@@ -226,6 +226,15 @@ function isNonRetryableProviderError(error) {
             msg.includes("UNAUTHENTICATED")) {
             return true;
         }
+        // A deterministic 400 / malformed-request whose status is only present in
+        // the message string (e.g. Vertex wraps `{"code":400,"status":
+        // "INVALID_ARGUMENT"}` inside the message). The object-level status check
+        // above misses it, so without this the fallback orchestrator retries the
+        // identical bad payload on every other provider — they reject it the same
+        // way. The request itself is malformed, so abort fast.
+        if (isDeterministicClientErrorMessage(msg)) {
+            return true;
+        }
     }
     return false;
 }

package/dist/lib/utils/json/coerce.js

@@ -49,6 +49,73 @@ function parseOrRepair(candidate) {
         return undefined;
     }
 }
+/** Bounds the recursive nested-string unwrap against pathological inputs. */
+const MAX_NESTED_UNWRAP_DEPTH = 6;
+/**
+ * Recursively replace any string-valued field whose content is itself a JSON
+ * object/array with the parsed value. Models sometimes double-encode a NESTED
+ * field — e.g. `{ "attachment": "{\"k\":1}" }` instead of
+ * `{ "attachment": { "k": 1 } }` — which fails schema validation even though the
+ * intended object is right there. (`coerceJsonToSchema` already unwraps a
+ * stringified TOP-LEVEL object; this handles the nested case.)
+ *
+ * A parsed string is NOT re-descended into: its own string fields (e.g. an
+ * attachment's `content`) are the model's intended values and must be left
+ * alone. Recursion only walks already-structural objects/arrays to find
+ * stringified fields anywhere in the tree. Returns a NEW value (never mutates
+ * the input) plus whether anything changed, so the caller can skip a redundant
+ * re-validation when nothing was unwrapped. Callers MUST re-validate the result
+ * against the schema — that gate is what keeps an over-eager unwrap (a field
+ * that should stay a string) from being accepted.
+ */
+function deepUnwrapJsonStrings(value, depth = 0) {
+    if (depth > MAX_NESTED_UNWRAP_DEPTH) {
+        return { value, changed: false };
+    }
+    if (typeof value === "string") {
+        const s = value.trim();
+        const looksJson = (s.startsWith("{") && s.endsWith("}")) ||
+            (s.startsWith("[") && s.endsWith("]"));
+        if (looksJson) {
+            try {
+                const parsed = JSON.parse(s);
+                if (parsed !== null && typeof parsed === "object") {
+                    // Parsed one stringified layer. Do NOT descend into `parsed` — its
+                    // own string fields are intended values, not double-encodings.
+                    return { value: parsed, changed: true };
+                }
+            }
+            catch {
+                // not JSON — leave the string as-is
+            }
+        }
+        return { value, changed: false };
+    }
+    if (Array.isArray(value)) {
+        let changed = false;
+        const out = value.map((item) => {
+            const r = deepUnwrapJsonStrings(item, depth + 1);
+            if (r.changed) {
+                changed = true;
+            }
+            return r.value;
+        });
+        return { value: changed ? out : value, changed };
+    }
+    if (value !== null && typeof value === "object") {
+        let changed = false;
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            const r = deepUnwrapJsonStrings(v, depth + 1);
+            if (r.changed) {
+                changed = true;
+            }
+            out[k] = r.value;
+        }
+        return { value: changed ? out : value, changed };
+    }
+    return { value, changed: false };
+}
 /**
  * Try to produce canonical JSON from `text`. Returns null when no JSON object
  * could be recovered (caller should then keep the raw text).
@@ -147,6 +214,24 @@ export function coerceJsonToSchema(text, schema) {
         if (safeParseable.safeParse(outcome.value).success) {
             schemaValid.push(record);
         }
+        else {
+            // The model may have double-encoded a NESTED field as a JSON string
+            // (e.g. `{"attachment":"{...}"}` instead of `{"attachment":{...}}`),
+            // which fails validation even though the intended object is present.
+            // Unwrap stringified object/array fields and re-validate before giving
+            // up — the safeParse gate rejects any over-eager unwrap.
+            const unwrapped = deepUnwrapJsonStrings(outcome.value);
+            if (unwrapped.changed &&
+                unwrapped.value !== null &&
+                typeof unwrapped.value === "object" &&
+                safeParseable.safeParse(unwrapped.value).success) {
+                schemaValid.push({
+                    value: unwrapped.value,
+                    repaired: true,
+                    truncated: candidate.truncated,
+                });
+            }
+        }
     }
     // Among schema-valid candidates prefer the MOST COMPLETE one. With nullable
     // fields a lean object (e.g. `{summary, attachment: null}`) validates

package/dist/lib/utils/retryability.d.ts

@@ -12,3 +12,16 @@ export declare const NON_RETRYABLE_HTTP_STATUS_CODES: readonly number[];
 export declare function isRetryableStatusCode(code: number): boolean;
 /** Check whether an HTTP status code is non-retryable. */
 export declare function isNonRetryableStatusCode(code: number): boolean;
+/**
+ * Detect a deterministic client-error (HTTP 400 / malformed request) signature
+ * embedded in a provider error MESSAGE, for cases where the numeric status is
+ * not exposed as a structured `status`/`statusCode` field. Vertex/Gemini wrap a
+ * 400 INVALID_ARGUMENT inside the message string (e.g. `Google Vertex AI Invalid
+ * Request: {"error":{"code":400,"status":"INVALID_ARGUMENT", …}}`), so the
+ * object-level status check misses it and the fallback orchestrator keeps
+ * retrying the identical, malformed payload on every other provider — they
+ * reject it the same way. A 400 means the request itself is bad, so retrying is
+ * pointless regardless of provider. Matches only unambiguous markers to avoid
+ * misclassifying transient (5xx/429) failures.
+ */
+export declare function isDeterministicClientErrorMessage(message: string): boolean;

package/dist/lib/utils/retryability.js

@@ -20,4 +20,26 @@ export function isRetryableStatusCode(code) {
 export function isNonRetryableStatusCode(code) {
     return NON_RETRYABLE_HTTP_STATUS_CODES.includes(code);
 }
+/**
+ * Detect a deterministic client-error (HTTP 400 / malformed request) signature
+ * embedded in a provider error MESSAGE, for cases where the numeric status is
+ * not exposed as a structured `status`/`statusCode` field. Vertex/Gemini wrap a
+ * 400 INVALID_ARGUMENT inside the message string (e.g. `Google Vertex AI Invalid
+ * Request: {"error":{"code":400,"status":"INVALID_ARGUMENT", …}}`), so the
+ * object-level status check misses it and the fallback orchestrator keeps
+ * retrying the identical, malformed payload on every other provider — they
+ * reject it the same way. A 400 means the request itself is bad, so retrying is
+ * pointless regardless of provider. Matches only unambiguous markers to avoid
+ * misclassifying transient (5xx/429) failures.
+ */
+export function isDeterministicClientErrorMessage(message) {
+    if (!message) {
+        return false;
+    }
+    return (message.includes("INVALID_ARGUMENT") ||
+        message.includes("Invalid JSON payload") ||
+        /\bInvalid Request\b/i.test(message) ||
+        /"code"\s*:\s*400\b/.test(message) ||
+        /\b400\s+Bad Request\b/i.test(message));
+}
 //# sourceMappingURL=retryability.js.map

package/dist/neurolink.js

@@ -76,7 +76,7 @@ import { resolveModel } from "./utils/modelAliasResolver.js";
 // Import orchestration components
 import { ModelRouter } from "./utils/modelRouter.js";
 import { getBestProvider } from "./utils/providerUtils.js";
-import { NON_RETRYABLE_HTTP_STATUS_CODES } from "./utils/retryability.js";
+import { NON_RETRYABLE_HTTP_STATUS_CODES, isDeterministicClientErrorMessage, } from "./utils/retryability.js";
 import { isZodSchema } from "./utils/schemaConversion.js";
 import { BinaryTaskClassifier } from "./utils/taskClassifier.js";
 // Tool detection and execution imports
@@ -226,6 +226,15 @@ function isNonRetryableProviderError(error) {
             msg.includes("UNAUTHENTICATED")) {
             return true;
         }
+        // A deterministic 400 / malformed-request whose status is only present in
+        // the message string (e.g. Vertex wraps `{"code":400,"status":
+        // "INVALID_ARGUMENT"}` inside the message). The object-level status check
+        // above misses it, so without this the fallback orchestrator retries the
+        // identical bad payload on every other provider — they reject it the same
+        // way. The request itself is malformed, so abort fast.
+        if (isDeterministicClientErrorMessage(msg)) {
+            return true;
+        }
     }
     return false;
 }

package/dist/utils/json/coerce.js

@@ -49,6 +49,73 @@ function parseOrRepair(candidate) {
         return undefined;
     }
 }
+/** Bounds the recursive nested-string unwrap against pathological inputs. */
+const MAX_NESTED_UNWRAP_DEPTH = 6;
+/**
+ * Recursively replace any string-valued field whose content is itself a JSON
+ * object/array with the parsed value. Models sometimes double-encode a NESTED
+ * field — e.g. `{ "attachment": "{\"k\":1}" }` instead of
+ * `{ "attachment": { "k": 1 } }` — which fails schema validation even though the
+ * intended object is right there. (`coerceJsonToSchema` already unwraps a
+ * stringified TOP-LEVEL object; this handles the nested case.)
+ *
+ * A parsed string is NOT re-descended into: its own string fields (e.g. an
+ * attachment's `content`) are the model's intended values and must be left
+ * alone. Recursion only walks already-structural objects/arrays to find
+ * stringified fields anywhere in the tree. Returns a NEW value (never mutates
+ * the input) plus whether anything changed, so the caller can skip a redundant
+ * re-validation when nothing was unwrapped. Callers MUST re-validate the result
+ * against the schema — that gate is what keeps an over-eager unwrap (a field
+ * that should stay a string) from being accepted.
+ */
+function deepUnwrapJsonStrings(value, depth = 0) {
+    if (depth > MAX_NESTED_UNWRAP_DEPTH) {
+        return { value, changed: false };
+    }
+    if (typeof value === "string") {
+        const s = value.trim();
+        const looksJson = (s.startsWith("{") && s.endsWith("}")) ||
+            (s.startsWith("[") && s.endsWith("]"));
+        if (looksJson) {
+            try {
+                const parsed = JSON.parse(s);
+                if (parsed !== null && typeof parsed === "object") {
+                    // Parsed one stringified layer. Do NOT descend into `parsed` — its
+                    // own string fields are intended values, not double-encodings.
+                    return { value: parsed, changed: true };
+                }
+            }
+            catch {
+                // not JSON — leave the string as-is
+            }
+        }
+        return { value, changed: false };
+    }
+    if (Array.isArray(value)) {
+        let changed = false;
+        const out = value.map((item) => {
+            const r = deepUnwrapJsonStrings(item, depth + 1);
+            if (r.changed) {
+                changed = true;
+            }
+            return r.value;
+        });
+        return { value: changed ? out : value, changed };
+    }
+    if (value !== null && typeof value === "object") {
+        let changed = false;
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            const r = deepUnwrapJsonStrings(v, depth + 1);
+            if (r.changed) {
+                changed = true;
+            }
+            out[k] = r.value;
+        }
+        return { value: changed ? out : value, changed };
+    }
+    return { value, changed: false };
+}
 /**
  * Try to produce canonical JSON from `text`. Returns null when no JSON object
  * could be recovered (caller should then keep the raw text).
@@ -147,6 +214,24 @@ export function coerceJsonToSchema(text, schema) {
         if (safeParseable.safeParse(outcome.value).success) {
             schemaValid.push(record);
         }
+        else {
+            // The model may have double-encoded a NESTED field as a JSON string
+            // (e.g. `{"attachment":"{...}"}` instead of `{"attachment":{...}}`),
+            // which fails validation even though the intended object is present.
+            // Unwrap stringified object/array fields and re-validate before giving
+            // up — the safeParse gate rejects any over-eager unwrap.
+            const unwrapped = deepUnwrapJsonStrings(outcome.value);
+            if (unwrapped.changed &&
+                unwrapped.value !== null &&
+                typeof unwrapped.value === "object" &&
+                safeParseable.safeParse(unwrapped.value).success) {
+                schemaValid.push({
+                    value: unwrapped.value,
+                    repaired: true,
+                    truncated: candidate.truncated,
+                });
+            }
+        }
     }
     // Among schema-valid candidates prefer the MOST COMPLETE one. With nullable
     // fields a lean object (e.g. `{summary, attachment: null}`) validates

package/dist/utils/retryability.d.ts

@@ -12,3 +12,16 @@ export declare const NON_RETRYABLE_HTTP_STATUS_CODES: readonly number[];
 export declare function isRetryableStatusCode(code: number): boolean;
 /** Check whether an HTTP status code is non-retryable. */
 export declare function isNonRetryableStatusCode(code: number): boolean;
+/**
+ * Detect a deterministic client-error (HTTP 400 / malformed request) signature
+ * embedded in a provider error MESSAGE, for cases where the numeric status is
+ * not exposed as a structured `status`/`statusCode` field. Vertex/Gemini wrap a
+ * 400 INVALID_ARGUMENT inside the message string (e.g. `Google Vertex AI Invalid
+ * Request: {"error":{"code":400,"status":"INVALID_ARGUMENT", …}}`), so the
+ * object-level status check misses it and the fallback orchestrator keeps
+ * retrying the identical, malformed payload on every other provider — they
+ * reject it the same way. A 400 means the request itself is bad, so retrying is
+ * pointless regardless of provider. Matches only unambiguous markers to avoid
+ * misclassifying transient (5xx/429) failures.
+ */
+export declare function isDeterministicClientErrorMessage(message: string): boolean;

package/dist/utils/retryability.js

@@ -20,3 +20,25 @@ export function isRetryableStatusCode(code) {
 export function isNonRetryableStatusCode(code) {
     return NON_RETRYABLE_HTTP_STATUS_CODES.includes(code);
 }
+/**
+ * Detect a deterministic client-error (HTTP 400 / malformed request) signature
+ * embedded in a provider error MESSAGE, for cases where the numeric status is
+ * not exposed as a structured `status`/`statusCode` field. Vertex/Gemini wrap a
+ * 400 INVALID_ARGUMENT inside the message string (e.g. `Google Vertex AI Invalid
+ * Request: {"error":{"code":400,"status":"INVALID_ARGUMENT", …}}`), so the
+ * object-level status check misses it and the fallback orchestrator keeps
+ * retrying the identical, malformed payload on every other provider — they
+ * reject it the same way. A 400 means the request itself is bad, so retrying is
+ * pointless regardless of provider. Matches only unambiguous markers to avoid
+ * misclassifying transient (5xx/429) failures.
+ */
+export function isDeterministicClientErrorMessage(message) {
+    if (!message) {
+        return false;
+    }
+    return (message.includes("INVALID_ARGUMENT") ||
+        message.includes("Invalid JSON payload") ||
+        /\bInvalid Request\b/i.test(message) ||
+        /"code"\s*:\s*400\b/.test(message) ||
+        /\b400\s+Bad Request\b/i.test(message));
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@juspay/neurolink",
-  "version": "9.70.5",
+  "version": "9.70.7",
   "packageManager": "pnpm@10.15.1",
   "description": "Universal AI Development Platform with working MCP integration, multi-provider support, voice (TTS/STT/realtime), and professional CLI. 58+ external MCP servers discoverable, multimodal file processing, RAG pipelines. Build, test, and deploy AI applications with 21+ providers: OpenAI, Anthropic, Google AI Studio, Google Vertex, AWS Bedrock, Azure OpenAI, Mistral, LiteLLM, SageMaker, Hugging Face, Ollama, OpenAI-compatible, OpenRouter, DeepSeek, NVIDIA NIM, LM Studio, llama.cpp, plus voice (OpenAI TTS, ElevenLabs, Deepgram, Azure Speech).",
   "author": {
@@ -418,7 +418,7 @@
     "@changesets/changelog-github": "^0.6.0",
     "@changesets/cli": "^2.29.8",
     "@eslint/js": "^10.0.1",
-    "@juspay/hippocampus": "^0.1.6",
+    "@juspay/hippocampus": ">=0.1.7",
     "@opentelemetry/api": "^1.9.0",
     "@opentelemetry/sdk-trace-base": "^2.6.0",
     "@opentelemetry/sdk-trace-node": "^2.6.0",