npm - opencode-qwen-oauth - Versions diffs - 1.0.1 → 2.0.1 - Mend

opencode-qwen-oauth 1.0.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/dist/oauth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAoCH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,yBAAyB,EAAE,MAAM,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAiBD,wBAAsB,eAAe,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAwEpE;AAED,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,eAAe,EAAE,MAAM,EACvB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC,CAwJD;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC,CA+DD"}

package/dist/oauth.js ADDED Viewed

@@ -0,0 +1,262 @@
+/**
+ * OAuth Device Flow implementation for Qwen
+ */
+import { QWEN_OAUTH_BASE_URL, QWEN_DEVICE_CODE_ENDPOINT, QWEN_TOKEN_ENDPOINT, QWEN_CLIENT_ID, QWEN_SCOPES, } from "./constants.js";
+import { createPkcePair } from "./pkce.js";
+import { debugLog, warnLog } from "./logger.js";
+import { fetchWithRetry } from "./retry.js";
+import { DeviceFlowError, NetworkError, } from "./errors.js";
+import { validateDeviceCode, validateUserCode, validateToken, validateExpiresIn, validateInterval, validateQwenUrl, validateOAuthError, } from "./validation.js";
+import { getConfig } from "./config.js";
+import { Mutex } from "./mutex.js";
+// Global mutex for token refresh to prevent race conditions
+const tokenRefreshMutex = new Mutex();
+// Track active polling operations
+const activePollingOperations = new Set();
+export async function authorizeDevice() {
+    const config = getConfig();
+    const { verifier, challenge } = createPkcePair();
+    const params = new URLSearchParams({
+        client_id: QWEN_CLIENT_ID,
+        scope: QWEN_SCOPES.join(" "),
+        code_challenge: challenge,
+        code_challenge_method: "S256",
+    });
+    try {
+        const url = `${QWEN_OAUTH_BASE_URL}${QWEN_DEVICE_CODE_ENDPOINT}`;
+        debugLog("Requesting device authorization", { url });
+        const response = await fetchWithRetry(url, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: params.toString(),
+        }, {
+            maxRetries: config.maxRetries,
+            baseDelay: config.baseRetryDelay,
+            maxDelay: config.maxRetryDelay,
+            timeout: config.timeout,
+        });
+        const data = (await response.json());
+        // Validate response data
+        validateDeviceCode(data.device_code);
+        validateUserCode(data.user_code);
+        validateExpiresIn(data.expires_in);
+        const interval = data.interval || 5;
+        validateInterval(interval);
+        // Validate URLs
+        if (!validateQwenUrl(data.verification_uri)) {
+            throw new DeviceFlowError("Invalid verification URI received from server");
+        }
+        debugLog("Device authorization successful", {
+            user_code: data.user_code,
+            expires_in: data.expires_in,
+        });
+        return {
+            device_code: data.device_code,
+            user_code: data.user_code,
+            verification_uri: data.verification_uri,
+            verification_uri_complete: data.verification_uri_complete,
+            expires_in: data.expires_in,
+            interval,
+            verifier,
+        };
+    }
+    catch (error) {
+        debugLog("Device authorization failed", { error: String(error) });
+        if (error instanceof DeviceFlowError || error instanceof NetworkError) {
+            throw error;
+        }
+        throw new DeviceFlowError(`Failed to start device flow: ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
+export async function pollForToken(deviceCode, codeVerifier, intervalSeconds, expiresIn) {
+    // Validate inputs
+    try {
+        validateDeviceCode(deviceCode);
+        validateInterval(intervalSeconds);
+        validateExpiresIn(expiresIn);
+    }
+    catch (error) {
+        debugLog("Invalid polling parameters", { error: String(error) });
+        return {
+            success: false,
+            error: error instanceof Error ? error.message : "Invalid parameters",
+        };
+    }
+    // Prevent multiple concurrent polling for same device code
+    if (activePollingOperations.has(deviceCode)) {
+        warnLog("Polling already in progress for this device code", { deviceCode });
+        return {
+            success: false,
+            error: "Authorization already in progress",
+        };
+    }
+    // Register this polling operation
+    activePollingOperations.add(deviceCode);
+    const timeoutMs = expiresIn * 1000;
+    const startTime = Date.now();
+    let currentInterval = intervalSeconds * 1000;
+    let pollAttempts = 0;
+    debugLog("Starting token polling", { timeoutMs, interval: currentInterval });
+    // Ensure cleanup on exit
+    const cleanup = () => {
+        activePollingOperations.delete(deviceCode);
+    };
+    while (Date.now() - startTime < timeoutMs) {
+        await new Promise((resolve) => setTimeout(resolve, currentInterval));
+        pollAttempts++;
+        const params = new URLSearchParams({
+            client_id: QWEN_CLIENT_ID,
+            grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+            device_code: deviceCode,
+            code_verifier: codeVerifier,
+        });
+        debugLog(`Polling attempt ${pollAttempts}...`);
+        try {
+            const response = await fetch(`${QWEN_OAUTH_BASE_URL}${QWEN_TOKEN_ENDPOINT}`, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: params.toString(),
+            });
+            if (response.ok) {
+                const data = (await response.json());
+                // Validate token response
+                try {
+                    validateToken(data.access_token);
+                    validateToken(data.refresh_token);
+                    validateExpiresIn(data.expires_in);
+                }
+                catch (validationError) {
+                    debugLog("Invalid token response", {
+                        error: String(validationError),
+                    });
+                    cleanup();
+                    return {
+                        success: false,
+                        error: "Received invalid token from server",
+                    };
+                }
+                debugLog("Token received successfully", { pollAttempts });
+                cleanup();
+                return {
+                    success: true,
+                    access_token: data.access_token,
+                    refresh_token: data.refresh_token,
+                    expires_in: data.expires_in,
+                };
+            }
+            // Handle error responses
+            const errorData = await response.json().catch(() => ({}));
+            const oauthError = validateOAuthError(errorData);
+            if (oauthError.error === "authorization_pending") {
+                debugLog("Authorization pending, retrying...");
+                continue;
+            }
+            if (oauthError.error === "slow_down") {
+                currentInterval += 5000;
+                debugLog("Server requested slow down", {
+                    newInterval: currentInterval,
+                });
+                continue;
+            }
+            if (oauthError.error === "expired_token") {
+                debugLog("Device code expired");
+                cleanup();
+                return {
+                    success: false,
+                    error: "Device code expired. Please try again.",
+                };
+            }
+            if (oauthError.error === "access_denied") {
+                debugLog("User denied authorization");
+                cleanup();
+                return {
+                    success: false,
+                    error: "Authorization was denied",
+                };
+            }
+            debugLog(`Token polling failed: ${oauthError.error}`, {
+                description: oauthError.error_description,
+            });
+            cleanup();
+            return {
+                success: false,
+                error: oauthError.error_description || oauthError.error,
+            };
+        }
+        catch (error) {
+            debugLog("Network error during polling", { error: String(error) });
+            // Continue polling on network errors
+            if (Date.now() - startTime < timeoutMs) {
+                continue;
+            }
+            cleanup();
+            return {
+                success: false,
+                error: "Network error occurred during authentication",
+            };
+        }
+    }
+    debugLog("Polling timeout exceeded", { attempts: pollAttempts });
+    cleanup();
+    return { success: false, error: "Polling timeout - device code expired" };
+}
+/**
+ * Refresh an expired access token using a refresh token
+ * Uses mutex to prevent race conditions when multiple requests
+ * try to refresh the token simultaneously
+ */
+export async function refreshAccessToken(refreshToken) {
+    // Use mutex to ensure only one refresh happens at a time
+    return tokenRefreshMutex.runExclusive(async () => {
+        try {
+            validateToken(refreshToken);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: "Invalid refresh token",
+            };
+        }
+        // Check if a refresh is already in progress
+        if (tokenRefreshMutex.isLocked()) {
+            debugLog("Token refresh already in progress, waiting...");
+        }
+        const config = getConfig();
+        try {
+            const params = new URLSearchParams({
+                client_id: QWEN_CLIENT_ID,
+                grant_type: "refresh_token",
+                refresh_token: refreshToken,
+            });
+            debugLog("Refreshing access token");
+            const response = await fetchWithRetry(`${QWEN_OAUTH_BASE_URL}${QWEN_TOKEN_ENDPOINT}`, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: params.toString(),
+            }, {
+                maxRetries: config.maxRetries,
+                timeout: config.timeout,
+            });
+            const data = (await response.json());
+            // Validate new tokens
+            validateToken(data.access_token);
+            validateToken(data.refresh_token);
+            validateExpiresIn(data.expires_in);
+            debugLog("Token refresh successful");
+            return {
+                success: true,
+                access_token: data.access_token,
+                refresh_token: data.refresh_token,
+                expires_in: data.expires_in,
+            };
+        }
+        catch (error) {
+            debugLog("Token refresh failed", { error: String(error) });
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : "Token refresh failed",
+            };
+        }
+    });
+}
+//# sourceMappingURL=oauth.js.map

package/dist/oauth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,cAAc,EACd,WAAW,GACZ,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EACL,eAAe,EACf,YAAY,GAGb,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,kBAAkB,GACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAEnC,4DAA4D;AAC5D,MAAM,iBAAiB,GAAG,IAAI,KAAK,EAAE,CAAC;AAEtC,kCAAkC;AAClC,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;AA2BlD,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,cAAc,EAAE,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,cAAc;QACzB,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;QAC5B,cAAc,EAAE,SAAS;QACzB,qBAAqB,EAAE,MAAM;KAC9B,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,mBAAmB,GAAG,yBAAyB,EAAE,CAAC;QACjE,QAAQ,CAAC,iCAAiC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAErD,MAAM,QAAQ,GAAG,MAAM,cAAc,CACnC,GAAG,EACH;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,EACD;YACE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM,CAAC,cAAc;YAChC,QAAQ,EAAE,MAAM,CAAC,aAAa;YAC9B,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CACF,CAAC;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAuB,CAAC;QAE3D,yBAAyB;QACzB,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEnC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;QACpC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAE3B,gBAAgB;QAChB,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,eAAe,CACvB,+CAA+C,CAChD,CAAC;QACJ,CAAC;QAED,QAAQ,CAAC,iCAAiC,EAAE;YAC1C,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,yBAAyB,EAAE,IAAI,CAAC,yBAAyB;YACzD,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ;YACR,QAAQ;SACT,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAElE,IAAI,KAAK,YAAY,eAAe,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;YACtE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,IAAI,eAAe,CACvB,gCAAgC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACzF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,YAAoB,EACpB,eAAuB,EACvB,SAAiB;IAQjB,kBAAkB;IAClB,IAAI,CAAC;QACH,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC/B,gBAAgB,CAAC,eAAe,CAAC,CAAC;QAClC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAC/B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB;SACrE,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,IAAI,uBAAuB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5C,OAAO,CAAC,kDAAkD,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QAC5E,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,mCAAmC;SAC3C,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,uBAAuB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAExC,MAAM,SAAS,GAAG,SAAS,GAAG,IAAI,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,eAAe,GAAG,eAAe,GAAG,IAAI,CAAC;IAC7C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,QAAQ,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC,CAAC;IAE7E,yBAAyB;IACzB,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,uBAAuB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC7C,CAAC,CAAC;IAEF,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE,CAAC;QAC1C,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC;QACrE,YAAY,EAAE,CAAC;QAEf,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,cAAc;YACzB,UAAU,EAAE,8CAA8C;YAC1D,WAAW,EAAE,UAAU;YACvB,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QAEH,QAAQ,CAAC,mBAAmB,YAAY,KAAK,CAAC,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,GAAG,mBAAmB,GAAG,mBAAmB,EAAE,EAC9C;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;aACxB,CACF,CAAC;YAEF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;gBAEtD,0BAA0B;gBAC1B,IAAI,CAAC;oBACH,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBACjC,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;oBAClC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACrC,CAAC;gBAAC,OAAO,eAAe,EAAE,CAAC;oBACzB,QAAQ,CAAC,wBAAwB,EAAE;wBACjC,KAAK,EAAE,MAAM,CAAC,eAAe,CAAC;qBAC/B,CAAC,CAAC;oBACH,OAAO,EAAE,CAAC;oBACV,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,oCAAoC;qBAC5C,CAAC;gBACJ,CAAC;gBAED,QAAQ,CAAC,6BAA6B,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;gBAC1D,OAAO,EAAE,CAAC;gBACV,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,YAAY,EAAE,IAAI,CAAC,YAAY;oBAC/B,aAAa,EAAE,IAAI,CAAC,aAAa;oBACjC,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC5B,CAAC;YACJ,CAAC;YAED,yBAAyB;YACzB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1D,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;YAEjD,IAAI,UAAU,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;gBACjD,QAAQ,CAAC,oCAAoC,CAAC,CAAC;gBAC/C,SAAS;YACX,CAAC;YAED,IAAI,UAAU,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBACrC,eAAe,IAAI,IAAI,CAAC;gBACxB,QAAQ,CAAC,4BAA4B,EAAE;oBACrC,WAAW,EAAE,eAAe;iBAC7B,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,IAAI,UAAU,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;gBACzC,QAAQ,CAAC,qBAAqB,CAAC,CAAC;gBAChC,OAAO,EAAE,CAAC;gBACV,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,wCAAwC;iBAChD,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;gBACzC,QAAQ,CAAC,2BAA2B,CAAC,CAAC;gBACtC,OAAO,EAAE,CAAC;gBACV,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,0BAA0B;iBAClC,CAAC;YACJ,CAAC;YAED,QAAQ,CAAC,yBAAyB,UAAU,CAAC,KAAK,EAAE,EAAE;gBACpD,WAAW,EAAE,UAAU,CAAC,iBAAiB;aAC1C,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,UAAU,CAAC,iBAAiB,IAAI,UAAU,CAAC,KAAK;aACxD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAEnE,qCAAqC;YACrC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE,CAAC;gBACvC,SAAS;YACX,CAAC;YAED,OAAO,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,8CAA8C;aACtD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,0BAA0B,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC;IACjE,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC;AAC5E,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,YAAoB;IAQpB,yDAAyD;IACzD,OAAO,iBAAiB,CAAC,YAAY,CAAC,KAAK,IAAI,EAAE;QAC/C,IAAI,CAAC;YACH,aAAa,CAAC,YAAY,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,uBAAuB;aAC/B,CAAC;QACJ,CAAC;QAED,4CAA4C;QAC5C,IAAI,iBAAiB,CAAC,QAAQ,EAAE,EAAE,CAAC;YACjC,QAAQ,CAAC,+CAA+C,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAE3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,SAAS,EAAE,cAAc;gBACzB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC;YAEH,QAAQ,CAAC,yBAAyB,CAAC,CAAC;YAEpC,MAAM,QAAQ,GAAG,MAAM,cAAc,CACnC,GAAG,mBAAmB,GAAG,mBAAmB,EAAE,EAC9C;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;aACxB,EACD;gBACE,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CACF,CAAC;YAEF,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;YAEtD,sBAAsB;YACtB,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACjC,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAClC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEnC,QAAQ,CAAC,0BAA0B,CAAC,CAAC;YACrC,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC3D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,sBAAsB;aACvE,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/pkce.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities
+ */
+export declare function createPkcePair(): {
+    verifier: string;
+    challenge: string;
+};
+//# sourceMappingURL=pkce.d.ts.map

package/dist/pkce.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAYH,wBAAgB,cAAc,IAAI;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAMxE"}

package/dist/pkce.js ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities
+ */
+import { createHash, randomBytes } from "node:crypto";
+function base64UrlEncode(buffer) {
+    return buffer
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+export function createPkcePair() {
+    const verifier = base64UrlEncode(randomBytes(32));
+    const challenge = base64UrlEncode(createHash("sha256").update(verifier).digest());
+    return { verifier, challenge };
+}
+//# sourceMappingURL=pkce.js.map

package/dist/pkce.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pkce.js","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEtD,SAAS,eAAe,CAAC,MAAc;IACrC,OAAO,MAAM;SACV,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,eAAe,CAC/B,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAC/C,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC"}

package/dist/retry.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Retry logic with exponential backoff for network requests
+ */
+export interface RetryOptions {
+    maxRetries?: number;
+    baseDelay?: number;
+    maxDelay?: number;
+    timeout?: number;
+}
+/**
+ * Retry a function with exponential backoff
+ */
+export declare function retryWithBackoff<T>(fn: () => Promise<T>, options?: RetryOptions): Promise<T>;
+/**
+ * Retry fetch with exponential backoff
+ */
+export declare function fetchWithRetry(url: string, init?: RequestInit, options?: RetryOptions): Promise<Response>;
+//# sourceMappingURL=retry.d.ts.map

package/dist/retry.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"retry.d.ts","sourceRoot":"","sources":["../src/retry.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AASD;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EACtC,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,CAAC,CAAC,CAqDZ;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,MAAM,EACX,IAAI,CAAC,EAAE,WAAW,EAClB,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,QAAQ,CAAC,CAwBnB"}

package/dist/retry.js ADDED Viewed

@@ -0,0 +1,74 @@
+/**
+ * Retry logic with exponential backoff for network requests
+ */
+import { NetworkError, isRecoverableError } from "./errors.js";
+import { debugLog } from "./logger.js";
+const defaultOptions = {
+    maxRetries: 3,
+    baseDelay: 1000,
+    maxDelay: 30000,
+    timeout: 30000,
+};
+/**
+ * Retry a function with exponential backoff
+ */
+export async function retryWithBackoff(fn, options = {}) {
+    const opts = { ...defaultOptions, ...options };
+    let lastError;
+    for (let attempt = 0; attempt < opts.maxRetries; attempt++) {
+        try {
+            debugLog(`Attempt ${attempt + 1}/${opts.maxRetries}`);
+            // Add timeout wrapper
+            const result = await Promise.race([
+                fn(),
+                new Promise((_, reject) => setTimeout(() => reject(new Error("Request timeout")), opts.timeout)),
+            ]);
+            debugLog(`Attempt ${attempt + 1} succeeded`);
+            return result;
+        }
+        catch (error) {
+            lastError = error instanceof Error ? error : new Error(String(error));
+            // Don't retry if error is not recoverable
+            if (!isRecoverableError(error)) {
+                debugLog(`Non-recoverable error, not retrying: ${lastError.message}`);
+                throw lastError;
+            }
+            // Don't retry on last attempt
+            if (attempt === opts.maxRetries - 1) {
+                debugLog(`Max retries (${opts.maxRetries}) reached`);
+                break;
+            }
+            // Calculate delay with exponential backoff and jitter
+            const exponentialDelay = opts.baseDelay * Math.pow(2, attempt);
+            const jitter = Math.random() * 0.1 * exponentialDelay; // 10% jitter
+            const delay = Math.min(exponentialDelay + jitter, opts.maxDelay);
+            debugLog(`Retrying in ${Math.round(delay)}ms...`, {
+                attempt: attempt + 1,
+                error: lastError.message,
+            });
+            await new Promise((resolve) => setTimeout(resolve, delay));
+        }
+    }
+    throw new NetworkError(`Failed after ${opts.maxRetries} retries: ${lastError?.message}`);
+}
+/**
+ * Retry fetch with exponential backoff
+ */
+export async function fetchWithRetry(url, init, options = {}) {
+    return retryWithBackoff(async () => {
+        const response = await fetch(url, init);
+        // Throw on HTTP errors for retry logic
+        if (!response.ok) {
+            // Check for rate limiting
+            if (response.status === 429) {
+                const retryAfter = response.headers.get("Retry-After");
+                const waitTime = retryAfter ? parseInt(retryAfter) * 1000 : 60000;
+                throw new NetworkError(`Rate limited (429)`, `Rate limit exceeded. Please wait ${Math.ceil(waitTime / 1000)} seconds.`);
+            }
+            // Other HTTP errors
+            throw new NetworkError(`HTTP ${response.status}: ${response.statusText}`);
+        }
+        return response;
+    }, options);
+}
+//# sourceMappingURL=retry.js.map

package/dist/retry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"retry.js","sourceRoot":"","sources":["../src/retry.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AASvC,MAAM,cAAc,GAA2B;IAC7C,UAAU,EAAE,CAAC;IACb,SAAS,EAAE,IAAI;IACf,QAAQ,EAAE,KAAK;IACf,OAAO,EAAE,KAAK;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAoB,EACpB,UAAwB,EAAE;IAE1B,MAAM,IAAI,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;IAC/C,IAAI,SAA4B,CAAC;IAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QAC3D,IAAI,CAAC;YACH,QAAQ,CAAC,WAAW,OAAO,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;YAEtD,sBAAsB;YACtB,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAChC,EAAE,EAAE;gBACJ,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CACR,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,EAC1C,IAAI,CAAC,OAAO,CACb,CACF;aACF,CAAC,CAAC;YAEH,QAAQ,CAAC,WAAW,OAAO,GAAG,CAAC,YAAY,CAAC,CAAC;YAC7C,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAEtE,0CAA0C;YAC1C,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,wCAAwC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;gBACtE,MAAM,SAAS,CAAC;YAClB,CAAC;YAED,8BAA8B;YAC9B,IAAI,OAAO,KAAK,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;gBACpC,QAAQ,CAAC,gBAAgB,IAAI,CAAC,UAAU,WAAW,CAAC,CAAC;gBACrD,MAAM;YACR,CAAC;YAED,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,GAAG,gBAAgB,CAAC,CAAC,aAAa;YACpE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAEjE,QAAQ,CAAC,eAAe,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE;gBAChD,OAAO,EAAE,OAAO,GAAG,CAAC;gBACpB,KAAK,EAAE,SAAS,CAAC,OAAO;aACzB,CAAC,CAAC;YAEH,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,MAAM,IAAI,YAAY,CACpB,gBAAgB,IAAI,CAAC,UAAU,aAAa,SAAS,EAAE,OAAO,EAAE,CACjE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAW,EACX,IAAkB,EAClB,UAAwB,EAAE;IAE1B,OAAO,gBAAgB,CAAC,KAAK,IAAI,EAAE;QACjC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAExC,uCAAuC;QACvC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,0BAA0B;YAC1B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;gBACvD,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;gBAClE,MAAM,IAAI,YAAY,CACpB,oBAAoB,EACpB,oCAAoC,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,WAAW,CAC1E,CAAC;YACJ,CAAC;YAED,oBAAoB;YACpB,MAAM,IAAI,YAAY,CACpB,QAAQ,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAClD,CAAC;QACJ,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC,EAAE,OAAO,CAAC,CAAC;AACd,CAAC"}

package/dist/validation.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Input validation and security utilities
+ */
+/**
+ * Validate URL is HTTPS and from qwen.ai domain
+ */
+export declare function validateQwenUrl(url: string): boolean;
+/**
+ * Validate device code format
+ */
+export declare function validateDeviceCode(code: string): void;
+/**
+ * Validate user code format
+ */
+export declare function validateUserCode(code: string): void;
+/**
+ * Validate access token format
+ */
+export declare function validateToken(token: string): void;
+/**
+ * Validate expires_in value
+ */
+export declare function validateExpiresIn(expiresIn: number): void;
+/**
+ * Validate interval for polling
+ */
+export declare function validateInterval(interval: number): void;
+/**
+ * Sanitize log data by removing sensitive fields
+ */
+export declare function sanitizeLogData(data: any): any;
+/**
+ * Validate OAuth error response
+ */
+export declare function validateOAuthError(error: any): {
+    error: string;
+    error_description?: string;
+};
+//# sourceMappingURL=validation.d.ts.map

package/dist/validation.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../src/validation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAYpD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAOrD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAQnD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAQzD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAQvD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,GAAG,GAAG,GAAG,CA8B9C;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,GAAG,GAAG;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAWA"}

package/dist/validation.js ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * Input validation and security utilities
+ */
+import { ValidationError } from "./errors.js";
+/**
+ * Validate URL is HTTPS and from qwen.ai domain
+ */
+export function validateQwenUrl(url) {
+    try {
+        const parsed = new URL(url);
+        return (parsed.protocol === "https:" &&
+            (parsed.hostname === "chat.qwen.ai" ||
+                parsed.hostname === "portal.qwen.ai" ||
+                parsed.hostname.endsWith(".qwen.ai")));
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Validate device code format
+ */
+export function validateDeviceCode(code) {
+    if (!code || typeof code !== "string") {
+        throw new ValidationError("Device code must be a non-empty string", "device_code");
+    }
+    if (code.length < 10 || code.length > 100) {
+        throw new ValidationError("Device code has invalid length", "device_code");
+    }
+}
+/**
+ * Validate user code format
+ */
+export function validateUserCode(code) {
+    if (!code || typeof code !== "string") {
+        throw new ValidationError("User code must be a non-empty string", "user_code");
+    }
+    // User codes are typically short alphanumeric codes
+    if (!/^[A-Z0-9-]{4,12}$/i.test(code)) {
+        throw new ValidationError("User code has invalid format", "user_code");
+    }
+}
+/**
+ * Validate access token format
+ */
+export function validateToken(token) {
+    if (!token || typeof token !== "string") {
+        throw new ValidationError("Token must be a non-empty string", "token");
+    }
+    if (token.length < 20) {
+        throw new ValidationError("Token is too short", "token");
+    }
+}
+/**
+ * Validate expires_in value
+ */
+export function validateExpiresIn(expiresIn) {
+    if (!Number.isInteger(expiresIn) || expiresIn <= 0) {
+        throw new ValidationError("expires_in must be a positive integer", "expires_in");
+    }
+    // Sanity check: shouldn't be more than 1 year
+    if (expiresIn > 365 * 24 * 60 * 60) {
+        throw new ValidationError("expires_in value is unreasonably large", "expires_in");
+    }
+}
+/**
+ * Validate interval for polling
+ */
+export function validateInterval(interval) {
+    if (!Number.isInteger(interval) || interval <= 0) {
+        throw new ValidationError("Interval must be a positive integer", "interval");
+    }
+    // Minimum 1 second, maximum 60 seconds
+    if (interval < 1 || interval > 60) {
+        throw new ValidationError("Interval must be between 1 and 60 seconds", "interval");
+    }
+}
+/**
+ * Sanitize log data by removing sensitive fields
+ */
+export function sanitizeLogData(data) {
+    if (!data || typeof data !== "object") {
+        return data;
+    }
+    const sensitiveFields = [
+        "access_token",
+        "refresh_token",
+        "api_key",
+        "apiKey",
+        "secret",
+        "password",
+        "verifier",
+        "device_code",
+    ];
+    const sanitized = Array.isArray(data) ? [] : {};
+    for (const [key, value] of Object.entries(data)) {
+        const lowerKey = key.toLowerCase();
+        if (sensitiveFields.some((field) => lowerKey.includes(field))) {
+            sanitized[key] = "[REDACTED]";
+        }
+        else if (value && typeof value === "object") {
+            sanitized[key] = sanitizeLogData(value);
+        }
+        else {
+            sanitized[key] = value;
+        }
+    }
+    return sanitized;
+}
+/**
+ * Validate OAuth error response
+ */
+export function validateOAuthError(error) {
+    if (!error || typeof error !== "object") {
+        throw new ValidationError("Invalid OAuth error response");
+    }
+    if (!error.error || typeof error.error !== "string") {
+        throw new ValidationError("OAuth error must have an error field");
+    }
+    return {
+        error: error.error,
+        error_description: error.error_description,
+    };
+}
+//# sourceMappingURL=validation.js.map

package/dist/validation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validation.js","sourceRoot":"","sources":["../src/validation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CACL,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAC5B,CAAC,MAAM,CAAC,QAAQ,KAAK,cAAc;gBACjC,MAAM,CAAC,QAAQ,KAAK,gBAAgB;gBACpC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CACxC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,eAAe,CAAC,wCAAwC,EAAE,aAAa,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC1C,MAAM,IAAI,eAAe,CAAC,gCAAgC,EAAE,aAAa,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,eAAe,CAAC,sCAAsC,EAAE,WAAW,CAAC,CAAC;IACjF,CAAC;IACD,oDAAoD;IACpD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,eAAe,CAAC,8BAA8B,EAAE,WAAW,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,eAAe,CAAC,kCAAkC,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,eAAe,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,eAAe,CAAC,uCAAuC,EAAE,YAAY,CAAC,CAAC;IACnF,CAAC;IACD,8CAA8C;IAC9C,IAAI,SAAS,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,eAAe,CAAC,wCAAwC,EAAE,YAAY,CAAC,CAAC;IACpF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,eAAe,CAAC,qCAAqC,EAAE,UAAU,CAAC,CAAC;IAC/E,CAAC;IACD,uCAAuC;IACvC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,eAAe,CAAC,2CAA2C,EAAE,UAAU,CAAC,CAAC;IACrF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAS;IACvC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,eAAe,GAAG;QACtB,cAAc;QACd,eAAe;QACf,SAAS;QACT,QAAQ;QACR,QAAQ;QACR,UAAU;QACV,UAAU;QACV,aAAa;KACd,CAAC;IAEF,MAAM,SAAS,GAAQ,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAErD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC9D,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAChC,CAAC;aAAM,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9C,SAAS,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAU;IAI3C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,eAAe,CAAC,8BAA8B,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,IAAI,eAAe,CAAC,sCAAsC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;KAC3C,CAAC;AACJ,CAAC"}

package/package.json CHANGED Viewed

@@ -1,12 +1,12 @@
 {
   "name": "opencode-qwen-oauth",
-  "version": "1.0.1",
+  "version": "2.0.1",
   "description": "Qwen OAuth authentication plugin for OpenCode - authenticate with Qwen.ai using OAuth device flow",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
-    "opencode-qwen-oauth": "./bin/install.js"
+    "opencode-qwen-oauth": "bin/install.js"
   },
   "files": [
     "dist",
@@ -18,7 +18,8 @@
     "build": "tsc -p tsconfig.json",
     "dev": "tsc -p tsconfig.json --watch",
     "prepublishOnly": "npm run build",
-    "test": "echo \"No tests specified\" && exit 0"
+    "test": "bun test",
+    "test:watch": "bun test --watch"
   },
   "keywords": [
     "opencode",
@@ -33,7 +34,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/yourusername/opencode-qwen-oauth.git"
+    "url": "git+https://github.com/yourusername/opencode-qwen-oauth.git"
   },
   "bugs": {
     "url": "https://github.com/yourusername/opencode-qwen-oauth/issues"