opencode-qwen-oauth 1.1.0 → 2.0.1

package/dist/retry.js

@@ -0,0 +1,74 @@
+/**
+ * Retry logic with exponential backoff for network requests
+ */
+import { NetworkError, isRecoverableError } from "./errors.js";
+import { debugLog } from "./logger.js";
+const defaultOptions = {
+    maxRetries: 3,
+    baseDelay: 1000,
+    maxDelay: 30000,
+    timeout: 30000,
+};
+/**
+ * Retry a function with exponential backoff
+ */
+export async function retryWithBackoff(fn, options = {}) {
+    const opts = { ...defaultOptions, ...options };
+    let lastError;
+    for (let attempt = 0; attempt < opts.maxRetries; attempt++) {
+        try {
+            debugLog(`Attempt ${attempt + 1}/${opts.maxRetries}`);
+            // Add timeout wrapper
+            const result = await Promise.race([
+                fn(),
+                new Promise((_, reject) => setTimeout(() => reject(new Error("Request timeout")), opts.timeout)),
+            ]);
+            debugLog(`Attempt ${attempt + 1} succeeded`);
+            return result;
+        }
+        catch (error) {
+            lastError = error instanceof Error ? error : new Error(String(error));
+            // Don't retry if error is not recoverable
+            if (!isRecoverableError(error)) {
+                debugLog(`Non-recoverable error, not retrying: ${lastError.message}`);
+                throw lastError;
+            }
+            // Don't retry on last attempt
+            if (attempt === opts.maxRetries - 1) {
+                debugLog(`Max retries (${opts.maxRetries}) reached`);
+                break;
+            }
+            // Calculate delay with exponential backoff and jitter
+            const exponentialDelay = opts.baseDelay * Math.pow(2, attempt);
+            const jitter = Math.random() * 0.1 * exponentialDelay; // 10% jitter
+            const delay = Math.min(exponentialDelay + jitter, opts.maxDelay);
+            debugLog(`Retrying in ${Math.round(delay)}ms...`, {
+                attempt: attempt + 1,
+                error: lastError.message,
+            });
+            await new Promise((resolve) => setTimeout(resolve, delay));
+        }
+    }
+    throw new NetworkError(`Failed after ${opts.maxRetries} retries: ${lastError?.message}`);
+}
+/**
+ * Retry fetch with exponential backoff
+ */
+export async function fetchWithRetry(url, init, options = {}) {
+    return retryWithBackoff(async () => {
+        const response = await fetch(url, init);
+        // Throw on HTTP errors for retry logic
+        if (!response.ok) {
+            // Check for rate limiting
+            if (response.status === 429) {
+                const retryAfter = response.headers.get("Retry-After");
+                const waitTime = retryAfter ? parseInt(retryAfter) * 1000 : 60000;
+                throw new NetworkError(`Rate limited (429)`, `Rate limit exceeded. Please wait ${Math.ceil(waitTime / 1000)} seconds.`);
+            }
+            // Other HTTP errors
+            throw new NetworkError(`HTTP ${response.status}: ${response.statusText}`);
+        }
+        return response;
+    }, options);
+}
+//# sourceMappingURL=retry.js.map

package/dist/retry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry.js","sourceRoot":"","sources":["../src/retry.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AASvC,MAAM,cAAc,GAA2B;IAC7C,UAAU,EAAE,CAAC;IACb,SAAS,EAAE,IAAI;IACf,QAAQ,EAAE,KAAK;IACf,OAAO,EAAE,KAAK;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAoB,EACpB,UAAwB,EAAE;IAE1B,MAAM,IAAI,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;IAC/C,IAAI,SAA4B,CAAC;IAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QAC3D,IAAI,CAAC;YACH,QAAQ,CAAC,WAAW,OAAO,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;YAEtD,sBAAsB;YACtB,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAChC,EAAE,EAAE;gBACJ,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CACR,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,EAC1C,IAAI,CAAC,OAAO,CACb,CACF;aACF,CAAC,CAAC;YAEH,QAAQ,CAAC,WAAW,OAAO,GAAG,CAAC,YAAY,CAAC,CAAC;YAC7C,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAEtE,0CAA0C;YAC1C,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,wCAAwC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;gBACtE,MAAM,SAAS,CAAC;YAClB,CAAC;YAED,8BAA8B;YAC9B,IAAI,OAAO,KAAK,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;gBACpC,QAAQ,CAAC,gBAAgB,IAAI,CAAC,UAAU,WAAW,CAAC,CAAC;gBACrD,MAAM;YACR,CAAC;YAED,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,GAAG,gBAAgB,CAAC,CAAC,aAAa;YACpE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAEjE,QAAQ,CAAC,eAAe,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE;gBAChD,OAAO,EAAE,OAAO,GAAG,CAAC;gBACpB,KAAK,EAAE,SAAS,CAAC,OAAO;aACzB,CAAC,CAAC;YAEH,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,MAAM,IAAI,YAAY,CACpB,gBAAgB,IAAI,CAAC,UAAU,aAAa,SAAS,EAAE,OAAO,EAAE,CACjE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAW,EACX,IAAkB,EAClB,UAAwB,EAAE;IAE1B,OAAO,gBAAgB,CAAC,KAAK,IAAI,EAAE;QACjC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAExC,uCAAuC;QACvC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,0BAA0B;YAC1B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;gBACvD,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;gBAClE,MAAM,IAAI,YAAY,CACpB,oBAAoB,EACpB,oCAAoC,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,WAAW,CAC1E,CAAC;YACJ,CAAC;YAED,oBAAoB;YACpB,MAAM,IAAI,YAAY,CACpB,QAAQ,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAClD,CAAC;QACJ,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC,EAAE,OAAO,CAAC,CAAC;AACd,CAAC"}

package/dist/validation.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Input validation and security utilities
+ */
+/**
+ * Validate URL is HTTPS and from qwen.ai domain
+ */
+export declare function validateQwenUrl(url: string): boolean;
+/**
+ * Validate device code format
+ */
+export declare function validateDeviceCode(code: string): void;
+/**
+ * Validate user code format
+ */
+export declare function validateUserCode(code: string): void;
+/**
+ * Validate access token format
+ */
+export declare function validateToken(token: string): void;
+/**
+ * Validate expires_in value
+ */
+export declare function validateExpiresIn(expiresIn: number): void;
+/**
+ * Validate interval for polling
+ */
+export declare function validateInterval(interval: number): void;
+/**
+ * Sanitize log data by removing sensitive fields
+ */
+export declare function sanitizeLogData(data: any): any;
+/**
+ * Validate OAuth error response
+ */
+export declare function validateOAuthError(error: any): {
+    error: string;
+    error_description?: string;
+};
+//# sourceMappingURL=validation.d.ts.map

package/dist/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../src/validation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAYpD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAOrD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAQnD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAQzD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAQvD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,GAAG,GAAG,GAAG,CA8B9C;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,GAAG,GAAG;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAWA"}

package/dist/validation.js

@@ -0,0 +1,125 @@
+/**
+ * Input validation and security utilities
+ */
+import { ValidationError } from "./errors.js";
+/**
+ * Validate URL is HTTPS and from qwen.ai domain
+ */
+export function validateQwenUrl(url) {
+    try {
+        const parsed = new URL(url);
+        return (parsed.protocol === "https:" &&
+            (parsed.hostname === "chat.qwen.ai" ||
+                parsed.hostname === "portal.qwen.ai" ||
+                parsed.hostname.endsWith(".qwen.ai")));
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Validate device code format
+ */
+export function validateDeviceCode(code) {
+    if (!code || typeof code !== "string") {
+        throw new ValidationError("Device code must be a non-empty string", "device_code");
+    }
+    if (code.length < 10 || code.length > 100) {
+        throw new ValidationError("Device code has invalid length", "device_code");
+    }
+}
+/**
+ * Validate user code format
+ */
+export function validateUserCode(code) {
+    if (!code || typeof code !== "string") {
+        throw new ValidationError("User code must be a non-empty string", "user_code");
+    }
+    // User codes are typically short alphanumeric codes
+    if (!/^[A-Z0-9-]{4,12}$/i.test(code)) {
+        throw new ValidationError("User code has invalid format", "user_code");
+    }
+}
+/**
+ * Validate access token format
+ */
+export function validateToken(token) {
+    if (!token || typeof token !== "string") {
+        throw new ValidationError("Token must be a non-empty string", "token");
+    }
+    if (token.length < 20) {
+        throw new ValidationError("Token is too short", "token");
+    }
+}
+/**
+ * Validate expires_in value
+ */
+export function validateExpiresIn(expiresIn) {
+    if (!Number.isInteger(expiresIn) || expiresIn <= 0) {
+        throw new ValidationError("expires_in must be a positive integer", "expires_in");
+    }
+    // Sanity check: shouldn't be more than 1 year
+    if (expiresIn > 365 * 24 * 60 * 60) {
+        throw new ValidationError("expires_in value is unreasonably large", "expires_in");
+    }
+}
+/**
+ * Validate interval for polling
+ */
+export function validateInterval(interval) {
+    if (!Number.isInteger(interval) || interval <= 0) {
+        throw new ValidationError("Interval must be a positive integer", "interval");
+    }
+    // Minimum 1 second, maximum 60 seconds
+    if (interval < 1 || interval > 60) {
+        throw new ValidationError("Interval must be between 1 and 60 seconds", "interval");
+    }
+}
+/**
+ * Sanitize log data by removing sensitive fields
+ */
+export function sanitizeLogData(data) {
+    if (!data || typeof data !== "object") {
+        return data;
+    }
+    const sensitiveFields = [
+        "access_token",
+        "refresh_token",
+        "api_key",
+        "apiKey",
+        "secret",
+        "password",
+        "verifier",
+        "device_code",
+    ];
+    const sanitized = Array.isArray(data) ? [] : {};
+    for (const [key, value] of Object.entries(data)) {
+        const lowerKey = key.toLowerCase();
+        if (sensitiveFields.some((field) => lowerKey.includes(field))) {
+            sanitized[key] = "[REDACTED]";
+        }
+        else if (value && typeof value === "object") {
+            sanitized[key] = sanitizeLogData(value);
+        }
+        else {
+            sanitized[key] = value;
+        }
+    }
+    return sanitized;
+}
+/**
+ * Validate OAuth error response
+ */
+export function validateOAuthError(error) {
+    if (!error || typeof error !== "object") {
+        throw new ValidationError("Invalid OAuth error response");
+    }
+    if (!error.error || typeof error.error !== "string") {
+        throw new ValidationError("OAuth error must have an error field");
+    }
+    return {
+        error: error.error,
+        error_description: error.error_description,
+    };
+}
+//# sourceMappingURL=validation.js.map

package/dist/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../src/validation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CACL,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAC5B,CAAC,MAAM,CAAC,QAAQ,KAAK,cAAc;gBACjC,MAAM,CAAC,QAAQ,KAAK,gBAAgB;gBACpC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CACxC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,eAAe,CAAC,wCAAwC,EAAE,aAAa,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC1C,MAAM,IAAI,eAAe,CAAC,gCAAgC,EAAE,aAAa,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,eAAe,CAAC,sCAAsC,EAAE,WAAW,CAAC,CAAC;IACjF,CAAC;IACD,oDAAoD;IACpD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,eAAe,CAAC,8BAA8B,EAAE,WAAW,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,eAAe,CAAC,kCAAkC,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,eAAe,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,eAAe,CAAC,uCAAuC,EAAE,YAAY,CAAC,CAAC;IACnF,CAAC;IACD,8CAA8C;IAC9C,IAAI,SAAS,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,eAAe,CAAC,wCAAwC,EAAE,YAAY,CAAC,CAAC;IACpF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,eAAe,CAAC,qCAAqC,EAAE,UAAU,CAAC,CAAC;IAC/E,CAAC;IACD,uCAAuC;IACvC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,eAAe,CAAC,2CAA2C,EAAE,UAAU,CAAC,CAAC;IACrF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAS;IACvC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,eAAe,GAAG;QACtB,cAAc;QACd,eAAe;QACf,SAAS;QACT,QAAQ;QACR,QAAQ;QACR,UAAU;QACV,UAAU;QACV,aAAa;KACd,CAAC;IAEF,MAAM,SAAS,GAAQ,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAErD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC9D,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAChC,CAAC;aAAM,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9C,SAAS,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAU;IAI3C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,eAAe,CAAC,8BAA8B,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,IAAI,eAAe,CAAC,sCAAsC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;KAC3C,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "opencode-qwen-oauth",
-  "version": "1.1.0",
+  "version": "2.0.1",
   "description": "Qwen OAuth authentication plugin for OpenCode - authenticate with Qwen.ai using OAuth device flow",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
-    "opencode-qwen-oauth": "./bin/install.js"
+    "opencode-qwen-oauth": "bin/install.js"
   },
   "files": [
     "dist",
@@ -18,7 +18,8 @@
     "build": "tsc -p tsconfig.json",
     "dev": "tsc -p tsconfig.json --watch",
     "prepublishOnly": "npm run build",
-    "test": "echo \"No tests specified\" && exit 0"
+    "test": "bun test",
+    "test:watch": "bun test --watch"
   },
   "keywords": [
     "opencode",
@@ -33,7 +34,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/yourusername/opencode-qwen-oauth.git"
+    "url": "git+https://github.com/yourusername/opencode-qwen-oauth.git"
   },
   "bugs": {
     "url": "https://github.com/yourusername/opencode-qwen-oauth/issues"