npm - @qwen-code/qwen-code - Versions diffs - 0.15.12-preview.3 → 0.16.0 - Mend

@qwen-code/qwen-code 0.15.12-preview.3 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (94) hide show

package/chunks/{chunk-SQNQIOD5.js → chunk-GGNTZ2NH.js} RENAMED Viewed

@@ -2,11 +2,11 @@
 "use strict";
 import {
   formatFetchErrorForUser
-} from "./chunk-FKVKVE6N.js";
+} from "./chunk-KXZ4TJB4.js";
 import {
   Storage,
   createDebugLogger
-} from "./chunk-GJXIKCKL.js";
+} from "./chunk-XP27SJMH.js";
 import {
   init_esbuild_shims
 } from "./chunk-A4BMJM77.js";
@@ -1202,6 +1202,23 @@ var CredentialsClearRequiredError = class extends Error {
     __name(this, "CredentialsClearRequiredError");
   }
 };
+var QwenOAuthPollError = class extends Error {
+  static {
+    __name(this, "QwenOAuthPollError");
+  }
+  status;
+  oauthError;
+  description;
+  constructor(opts) {
+    super(
+      `Device token poll failed: ${opts.oauthError ?? "Unknown error"} - ${opts.description ?? "(no description)"}`
+    );
+    this.name = "QwenOAuthPollError";
+    this.oauthError = opts.oauthError;
+    this.description = opts.description;
+    this.status = opts.status;
+  }
+};
 function isDeviceAuthorizationSuccess(response) {
   return "device_code" in response;
 }
@@ -1245,7 +1262,7 @@ var QwenOAuth2Client = class {
       return { token: void 0 };
     }
   }
-  async requestDeviceAuthorization(options) {
+  async requestDeviceAuthorization(options, fetchOpts) {
     const bodyData = {
       client_id: QWEN_OAUTH_CLIENT_ID,
       scope: options.scope,
@@ -1259,7 +1276,13 @@ var QwenOAuth2Client = class {
         Accept: "application/json",
         "x-request-id": randomUUID2()
       },
-      body: objectToUrlEncoded(bodyData)
+      body: objectToUrlEncoded(bodyData),
+      // PR #4255 — daemon device-flow registry passes its
+      // `cancelController.signal` so dispose / cancel during a slow
+      // device-authorization request actually aborts the in-flight
+      // socket immediately. Pre-existing CLI callers omit it; the
+      // optional shape preserves backward compatibility.
+      ...fetchOpts?.signal ? { signal: fetchOpts.signal } : {}
     });
     if (!response.ok) {
       const errorData = await response.text();
@@ -1268,7 +1291,18 @@ var QwenOAuth2Client = class {
       );
     }
     const result = await response.json();
-    debugLogger2.debug("Device authorization result:", result);
+    if (isDeviceAuthorizationSuccess(result)) {
+      debugLogger2.debug("Device authorization result (sanitized):", {
+        ok: true,
+        expires_in: result.expires_in
+      });
+    } else {
+      const errorData = result;
+      debugLogger2.debug("Device authorization result (sanitized):", {
+        ok: false,
+        error: errorData?.error
+      });
+    }
     if (!isDeviceAuthorizationSuccess(result)) {
       const errorData = result;
       throw new Error(
@@ -1277,7 +1311,7 @@ var QwenOAuth2Client = class {
     }
     return result;
   }
-  async pollDeviceToken(options) {
+  async pollDeviceToken(options, fetchOpts) {
     const bodyData = {
       grant_type: QWEN_OAUTH_GRANT_TYPE,
       client_id: QWEN_OAUTH_CLIENT_ID,
@@ -1290,7 +1324,12 @@ var QwenOAuth2Client = class {
         "Content-Type": "application/x-www-form-urlencoded",
         Accept: "application/json"
       },
-      body: objectToUrlEncoded(bodyData)
+      body: objectToUrlEncoded(bodyData),
+      // PR #4255 — daemon device-flow registry passes its per-entry
+      // `cancelController.signal` so cancel() / dispose() during a
+      // slow IdP response actually aborts the in-flight socket
+      // instead of waiting for the upstream timeout.
+      ...fetchOpts?.signal ? { signal: fetchOpts.signal } : {}
     });
     if (!response.ok) {
       const responseText = await response.text();
@@ -1298,11 +1337,11 @@ var QwenOAuth2Client = class {
       try {
         errorData = JSON.parse(responseText);
       } catch (_parseError) {
-        const error2 = new Error(
+        const error = new Error(
           `Device token poll failed: ${response.status} ${response.statusText}. Response: ${responseText}`
         );
-        error2.status = response.status;
-        throw error2;
+        error.status = response.status;
+        throw error;
       }
       if (response.status === 400 && errorData.error === "authorization_pending") {
         return { status: "pending" };
@@ -1313,11 +1352,11 @@ var QwenOAuth2Client = class {
           slowDown: true
         };
       }
-      const error = new Error(
-        `Device token poll failed: ${errorData.error || "Unknown error"} - ${errorData.error_description}`
-      );
-      error.status = response.status;
-      throw error;
+      throw new QwenOAuthPollError({
+        oauthError: errorData.error,
+        description: errorData.error_description,
+        status: response.status
+      });
     }
     return await response.json();
   }
@@ -1608,10 +1647,6 @@ async function authWithQwenDeviceFlow(client, config) {
           };
           client.setCredentials(credentials);
           await cacheQwenCredentials(credentials);
-          try {
-            SharedTokenManager.getInstance().clearCache();
-          } catch {
-          }
           emitAuthProgress(
             "success",
             "Authentication successful! Access token obtained."
@@ -1712,12 +1747,45 @@ Server requested to slow down, increasing poll interval to ${pollInterval}ms'`
   }
 }
 __name(authWithQwenDeviceFlow, "authWithQwenDeviceFlow");
-async function cacheQwenCredentials(credentials) {
+var QWEN_CREDENTIAL_FILE_MODE = 384;
+async function cacheQwenCredentials(credentials, opts) {
   const filePath = getQwenCachedCredentialPath();
   try {
     await fs7.mkdir(path3.dirname(filePath), { recursive: true });
     const credString = JSON.stringify(credentials, null, 2);
-    await fs7.writeFile(filePath, credString);
+    const tempPath = `${filePath}.tmp.${process.pid}.${randomUUID2()}`;
+    try {
+      await fs7.writeFile(tempPath, credString, {
+        mode: QWEN_CREDENTIAL_FILE_MODE,
+        ...opts?.signal ? { signal: opts.signal } : {}
+      });
+      try {
+        await fs7.chmod(tempPath, QWEN_CREDENTIAL_FILE_MODE);
+      } catch (chmodErr) {
+        if (process.platform !== "win32") {
+          throw new Error(
+            `cacheQwenCredentials: refusing to publish credentials \u2014 chmod 0o${QWEN_CREDENTIAL_FILE_MODE.toString(8)} on temp file failed: ${chmodErr instanceof Error ? chmodErr.message : String(chmodErr)}`
+          );
+        }
+        debugLogger2.warn(
+          `cacheQwenCredentials: chmod 0o${QWEN_CREDENTIAL_FILE_MODE.toString(8)} on Windows temp file ${tempPath} failed; relying on NTFS ACL: ${chmodErr instanceof Error ? chmodErr.message : String(chmodErr)}`
+        );
+      }
+      await fs7.rename(tempPath, filePath);
+    } catch (writeErr) {
+      try {
+        await fs7.unlink(tempPath);
+      } catch {
+      }
+      throw writeErr;
+    }
+    try {
+      SharedTokenManager.getInstance().clearCache();
+    } catch (clearErr) {
+      debugLogger2.warn(
+        `cacheQwenCredentials: SharedTokenManager.clearCache failed; in-process callers may serve stale credentials until the next mtime poll: ${clearErr instanceof Error ? clearErr.message : String(clearErr)}`
+      );
+    }
   } catch (error) {
     const errorMessage = error instanceof Error ? error.message : String(error);
     const errorCode = error instanceof Error && "code" in error ? error.code : void 0;
@@ -1766,6 +1834,7 @@ export {
   generateCodeChallenge,
   generatePKCEPair,
   CredentialsClearRequiredError,
+  QwenOAuthPollError,
   isDeviceAuthorizationSuccess,
   isDeviceTokenSuccess,
   isDeviceTokenPending,
@@ -1774,6 +1843,8 @@ export {
   QwenOAuth2Event,
   qwenOAuth2Events,
   getQwenOAuthClient,
+  QWEN_CREDENTIAL_FILE_MODE,
+  cacheQwenCredentials,
   clearQwenCredentials,
   clearCachedCredentialFile
 };

package/chunks/{chunk-FKVKVE6N.js → chunk-KXZ4TJB4.js} RENAMED Viewed

@@ -3,7 +3,7 @@
 import {
   getErrorMessage,
   isNodeError
-} from "./chunk-GJXIKCKL.js";
+} from "./chunk-XP27SJMH.js";
 import {
   init_esbuild_shims
 } from "./chunk-A4BMJM77.js";