opencode-qwen-oauth 2.2.0 → 2.3.1

package/README.md

@@ -15,14 +15,15 @@ Qwen OAuth authentication plugin for [OpenCode](https://opencode.ai) - authentic
 
 - 🔐 **OAuth Device Flow** - PKCE-secured authentication, works in headless/CI environments
 - 🔄 **Automatic Token Refresh** - Tokens are refreshed before expiry
+- 💾 **Persistent Credentials** - Tokens saved to `~/.qwen/oauth_creds.json` for persistence across sessions
 - 🌐 **Auto Browser Open** - Automatically opens browser for authentication
 - 📝 **File Logging** - All OAuth activity logged to `~/.config/opencode/logs/qwen-oauth.log`
-- 🐛 **Debug Mode** - Enable verbose output with `QWEN_OAUTH_DEBUG=true`
 - 🚀 **Easy Install** - One-command installation with CLI tool
-- 🎯 **Custom Headers** - Automatically adds Qwen-specific headers to API requests
+- 🎯 **Custom Headers** - Automatically adds Qwen-specific headers (X-DashScope-*) to API requests
 - ⚙️ **Optimized Parameters** - Pre-configured temperature and topP settings for Qwen models
 - 🌍 **Environment Variables** - Exposes Qwen credentials to shell environments
 - 📊 **Event Monitoring** - Tracks authentication and session events for debugging
+- ⏱️ **Request Throttling** - Built-in rate limiting to avoid 429 errors
 
 ## Quick Start
 
@@ -58,15 +59,15 @@ Select **"Qwen Code (qwen.ai OAuth)"** and follow the device flow instructions.
 ### Use Qwen Models
 
 ```
-/model qwen/qwen3-coder-plus
+/model qwen/coder-model
 ```
 
 ## Models
 
-| Model | Context | Features |
-|-------|---------|----------|
-| `qwen3-coder-plus` | 1M tokens | Optimized for coding |
-| `qwen3-vl-plus` | 256K tokens | Vision + language |
+| Model | Context | Output | Features |
+|-------|---------|--------|----------|
+| `coder-model` | 1M tokens | 64K | Optimized for coding |
+| `vision-model` | 128K tokens | 32K | Vision + language |
 
 ## Configuration
 
@@ -106,13 +107,17 @@ If you prefer manual setup, add to `.opencode/opencode.json`:
         "baseURL": "https://portal.qwen.ai/v1"
       },
       "models": {
-        "qwen3-coder-plus": {
-          "id": "qwen3-coder-plus",
-          "name": "Qwen3 Coder Plus"
+        "coder-model": {
+          "id": "coder-model",
+          "name": "Qwen Coder",
+          "limit": { "context": 1048576, "output": 65536 },
+          "modalities": { "input": ["text"], "output": ["text"] }
         },
-        "qwen3-vl-plus": {
-          "id": "qwen3-vl-plus",
-          "name": "Qwen3 VL Plus",
+        "vision-model": {
+          "id": "vision-model",
+          "name": "Qwen Vision",
+          "limit": { "context": 131072, "output": 32768 },
+          "modalities": { "input": ["text", "image"], "output": ["text"] },
           "attachment": true
         }
       }
@@ -134,14 +139,43 @@ npx opencode-qwen-oauth uninstall
 npx opencode-qwen-oauth --help
 ```
 
+## Diagnostics
+
+Test if the Qwen OAuth endpoints are accessible:
+
+```bash
+npm run diagnose
+```
+
+This will check:
+- ✓ OAuth base URL accessibility
+- ✓ Device code endpoint functionality
+- ✓ API endpoint availability
+
+Example output:
+```
+[Base URL] https://chat.qwen.ai
+  Status: ✓ 200
+
+[Device Code] https://chat.qwen.ai/api/v1/oauth2/device/code
+  Status: ✓ 200
+
+[API Endpoints] Testing /chat/completions...
+  ⚠ https://portal.qwen.ai/v1
+    Status: 401 (endpoint exists, requires auth)
+```
+
 ## Troubleshooting
 
 ### "Device code expired"
-Complete the browser login within 5 minutes of starting `/connect`.
+Complete the browser login within 15 minutes of starting `/connect`.
 
 ### "invalid_grant" error
 Your refresh token has expired. Run `/connect` to re-authenticate.
 
+### "Quota exceeded" error
+Your free tier limit has been reached. Wait for quota reset or upgrade your account at https://chat.qwen.ai
+
 ### Provider not showing in /connect
 Use the CLI directly:
 ```bash
@@ -167,6 +201,14 @@ sudo dnf install xdg-utils
 sudo pacman -S xdg-utils
 ```
 
+### Credentials File
+Credentials are saved to `~/.qwen/oauth_creds.json` (compatible with qwen-code CLI):
+```
+~/.qwen/oauth_creds.json
+```
+
+This allows sharing authentication between OpenCode plugin and qwen-code CLI.
+
 ### Check logs
 ```bash
 cat ~/.config/opencode/logs/qwen-oauth.log
@@ -182,12 +224,31 @@ This plugin implements OAuth 2.0 Device Flow (RFC 8628) with PKCE:
 4. **Token Storage** - Tokens are stored in OpenCode's auth system
 5. **Auto Refresh** - Access tokens are refreshed before expiry
 
-## Security
+## Security & Important Notes
+
+### Security Features
+- ✅ Uses PKCE (RFC 7636) for enhanced security
+- ✅ No client secret required (safer for public clients)
+- ✅ Tokens stored in OpenCode's auth system and `~/.qwen/oauth_creds.json` for persistence
+- ✅ All OAuth activity logged for auditing
+- ✅ Sensitive data sanitized in logs
+
+### Implementation Notes
+
+⚠️ **Important**: This plugin uses OAuth endpoints that appear to be part of Qwen's web interface (`chat.qwen.ai`). While the implementation follows standard OAuth 2.0 specifications (RFC 8628 Device Flow + RFC 7636 PKCE), these endpoints are not officially documented in Qwen's public API documentation.
+
+**What this means:**
+- The OAuth flow works correctly and follows industry standards
+- Endpoints are actively maintained and functional
+- Future changes to Qwen's authentication system may require plugin updates
+
+**Verified Working:**
+- ✅ OAuth Device Flow: `https://chat.qwen.ai/api/v1/oauth2/*`
+- ✅ API Endpoint: `https://portal.qwen.ai/v1/chat/completions`
+- ✅ Token Refresh: Automatic refresh before expiration
+- ✅ OpenAI-Compatible: Uses standard OpenAI API format
 
-- Uses PKCE (RFC 7636) for enhanced security
-- No client secret required
-- Tokens stored in OpenCode's secure auth storage
-- All OAuth activity logged for auditing
+Run `npm run diagnose` to verify endpoint availability at any time.
 
 ## Development
 
@@ -226,8 +287,10 @@ Monitors session events (creation, errors) for debugging and logging.
 
 #### `chat.headers` Hook
 Injects custom headers for Qwen API requests:
-- `X-Qwen-Client: OpenCode`
-- `X-Qwen-Plugin-Version: 1.1.0`
+- `User-Agent: QwenCode/0.10.3 (platform)`
+- `X-DashScope-CacheControl: enable`
+- `X-DashScope-UserAgent: QwenCode/0.10.3 (platform)`
+- `X-DashScope-AuthType: qwen-oauth`
 
 #### `chat.params` Hook
 Optimizes model parameters for Qwen:
@@ -246,9 +309,12 @@ opencode-qwen-oauth/
 ├── src/                  # TypeScript source files
 │   ├── index.ts          # Main plugin with hooks
 │   ├── oauth.ts          # OAuth device flow logic
+│   ├── credentials.ts    # Credential storage (~/.qwen/)
 │   ├── pkce.ts           # PKCE implementation
 │   ├── browser.ts        # Browser opening utility
 │   ├── logger.ts         # Logging utilities
+│   ├── request-queue.ts  # Rate limiting
+│   ├── diagnostic.ts     # Diagnostics CLI
 │   └── constants.ts      # API constants
 ├── bin/                  # CLI scripts
 │   └── install.js        # Installer script

package/bin/install.js

@@ -105,13 +105,17 @@ function install() {
         baseURL: "https://portal.qwen.ai/v1",
       },
       models: {
-        "qwen3-coder-plus": {
-          id: "qwen3-coder-plus",
-          name: "Qwen3 Coder Plus",
+        "coder-model": {
+          id: "coder-model",
+          name: "Qwen Coder",
+          limit: { context: 1048576, output: 65536 },
+          modalities: { input: ["text"], output: ["text"] },
         },
-        "qwen3-vl-plus": {
-          id: "qwen3-vl-plus",
-          name: "Qwen3 VL Plus",
+        "vision-model": {
+          id: "vision-model",
+          name: "Qwen Vision",
+          limit: { context: 131072, output: 32768 },
+          modalities: { input: ["text", "image"], output: ["text"] },
           attachment: true,
         },
       },
@@ -144,7 +148,7 @@ function install() {
 
   opencodePackage.dependencies = opencodePackage.dependencies || {};
   if (!opencodePackage.dependencies["opencode-qwen-oauth"]) {
-    opencodePackage.dependencies["opencode-qwen-oauth"] = "^1.0.0";
+    opencodePackage.dependencies["opencode-qwen-oauth"] = "^2.3.1";
     log("Added 'opencode-qwen-oauth' to .opencode/package.json dependencies");
   }
 
@@ -159,12 +163,19 @@ function install() {
     process.exit(1);
   }
 
-  log("Installation complete!");
+  log("Installation complete! ✓");
+  log("");
   log("Next steps:");
-  log("1. Run: opencode");
-  log("2. Connect: /connect (select 'Qwen Code (qwen.ai OAuth)')");
-  log("3. Use model: /model qwen/qwen3-coder-plus");
-  log("Debug mode: QWEN_OAUTH_DEBUG=true opencode");
+  log("  1. Run: opencode");
+  log("  2. Connect: /connect (select 'Qwen Code (qwen.ai OAuth)')");
+  log("  3. Use model: /model qwen/coder-model");
+  log("     Vision model: /model qwen/vision-model");
+  log("");
+  log("Advanced:");
+  log("  • Run diagnostics: npm run diagnose");
+  log("  • View logs: tail -f ~/.config/opencode/logs/qwen-oauth.log");
+  log("  • Credentials saved to: ~/.qwen/oauth_creds.json");
+  log("");
 }
 
 // ============================================
@@ -239,9 +250,14 @@ Usage:
 After installation:
   1. Run: opencode
   2. Connect: /connect (select 'Qwen Code (qwen.ai OAuth)')
-  3. Use model: /model qwen/qwen3-coder-plus
+  3. Use model: /model qwen/coder-model
 
-Debug mode: QWEN_OAUTH_DEBUG=true opencode
+Models:
+  - coder-model: Qwen Coder (1M context, 64K output)
+  - vision-model: Qwen Vision (128K context, 32K output, supports images)
+
+Logs:
+  - tail -f ~/.config/opencode/logs/qwen-oauth.log
 `);
 } else {
   error(`Unknown command: ${command}`);

package/dist/api-key-exchange.d.ts

@@ -0,0 +1,20 @@
+/**
+ * API Key Exchange for Qwen
+ * Attempts to exchange OAuth token for API key
+ */
+interface ApiKeyResponse {
+    success: boolean;
+    api_key?: string;
+    error?: string;
+}
+/**
+ * Try to get API key from OAuth token
+ * This is speculative - Qwen may require OAuth token → API key exchange
+ */
+export declare function tryGetApiKey(oauthToken: string): Promise<ApiKeyResponse>;
+/**
+ * Check if we need to use OAuth token directly or exchange for API key
+ */
+export declare function validateTokenWithApi(token: string, apiBaseUrl: string): Promise<boolean>;
+export {};
+//# sourceMappingURL=api-key-exchange.d.ts.map

package/dist/api-key-exchange.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-exchange.d.ts","sourceRoot":"","sources":["../src/api-key-exchange.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,UAAU,cAAc;IACtB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAaD;;;GAGG;AACH,wBAAsB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAiD9E;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA2B9F"}

package/dist/api-key-exchange.js

@@ -0,0 +1,91 @@
+/**
+ * API Key Exchange for Qwen
+ * Attempts to exchange OAuth token for API key
+ */
+import { debugLog, warnLog, infoLog } from "./logger.js";
+import { QWEN_OAUTH_BASE_URL } from "./constants.js";
+/**
+ * Potential endpoints for API key retrieval
+ */
+const API_KEY_ENDPOINTS = [
+    "/api/v1/user/api-key",
+    "/api/v1/user/token",
+    "/api/v1/user/info",
+    "/api/v1/auth/api-key",
+    "/api/v1/oauth2/api-key",
+];
+/**
+ * Try to get API key from OAuth token
+ * This is speculative - Qwen may require OAuth token → API key exchange
+ */
+export async function tryGetApiKey(oauthToken) {
+    debugLog("Attempting to exchange OAuth token for API key");
+    for (const endpoint of API_KEY_ENDPOINTS) {
+        const url = `${QWEN_OAUTH_BASE_URL}${endpoint}`;
+        try {
+            debugLog(`Trying endpoint: ${url}`);
+            const response = await fetch(url, {
+                method: "GET",
+                headers: {
+                    "Authorization": `Bearer ${oauthToken}`,
+                    "Content-Type": "application/json",
+                },
+            });
+            debugLog(`Endpoint ${endpoint} responded with ${response.status}`);
+            if (response.ok) {
+                const data = await response.json();
+                // Look for API key in various possible fields
+                const apiKey = data.api_key || data.apiKey || data.key || data.token;
+                if (apiKey && typeof apiKey === "string") {
+                    infoLog(`Found API key via endpoint: ${endpoint}`);
+                    return {
+                        success: true,
+                        api_key: apiKey,
+                    };
+                }
+                debugLog(`Endpoint ${endpoint} returned data but no API key found`, {
+                    fields: Object.keys(data),
+                });
+            }
+        }
+        catch (error) {
+            debugLog(`Error trying endpoint ${endpoint}:`, {
+                error: String(error),
+            });
+        }
+    }
+    warnLog("Could not find API key exchange endpoint");
+    return {
+        success: false,
+        error: "No API key exchange endpoint found",
+    };
+}
+/**
+ * Check if we need to use OAuth token directly or exchange for API key
+ */
+export async function validateTokenWithApi(token, apiBaseUrl) {
+    try {
+        debugLog("Validating token with API endpoint");
+        // Try a simple API call to see if token works
+        const response = await fetch(`${apiBaseUrl}/models`, {
+            method: "GET",
+            headers: {
+                "Authorization": `Bearer ${token}`,
+            },
+        });
+        if (response.ok) {
+            infoLog("Token is valid for API endpoint");
+            return true;
+        }
+        debugLog("Token validation failed", {
+            status: response.status,
+            statusText: response.statusText,
+        });
+        return false;
+    }
+    catch (error) {
+        debugLog("Error validating token", { error: String(error) });
+        return false;
+    }
+}
+//# sourceMappingURL=api-key-exchange.js.map

package/dist/api-key-exchange.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-exchange.js","sourceRoot":"","sources":["../src/api-key-exchange.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAQrD;;GAEG;AACH,MAAM,iBAAiB,GAAG;IACxB,sBAAsB;IACtB,oBAAoB;IACpB,mBAAmB;IACnB,sBAAsB;IACtB,wBAAwB;CACzB,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAAkB;IACnD,QAAQ,CAAC,gDAAgD,CAAC,CAAC;IAE3D,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,GAAG,mBAAmB,GAAG,QAAQ,EAAE,CAAC;QAEhD,IAAI,CAAC;YACH,QAAQ,CAAC,oBAAoB,GAAG,EAAE,CAAC,CAAC;YAEpC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,UAAU,EAAE;oBACvC,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAC;YAEH,QAAQ,CAAC,YAAY,QAAQ,mBAAmB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAEnE,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;gBAE9D,8CAA8C;gBAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC;gBAErE,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;oBACzC,OAAO,CAAC,+BAA+B,QAAQ,EAAE,CAAC,CAAC;oBACnD,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,OAAO,EAAE,MAAM;qBAChB,CAAC;gBACJ,CAAC;gBAED,QAAQ,CAAC,YAAY,QAAQ,qCAAqC,EAAE;oBAClE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;iBAC1B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,yBAAyB,QAAQ,GAAG,EAAE;gBAC7C,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,CAAC,0CAA0C,CAAC,CAAC;IACpD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,oCAAoC;KAC5C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,KAAa,EAAE,UAAkB;IAC1E,IAAI,CAAC;QACH,QAAQ,CAAC,oCAAoC,CAAC,CAAC;QAE/C,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,SAAS,EAAE;YACnD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,KAAK,EAAE;aACnC;SACF,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,CAAC,iCAAiC,CAAC,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,QAAQ,CAAC,yBAAyB,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;SAChC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC7D,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/credentials.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Credential storage for Qwen OAuth
+ * Saves/loads credentials from ~/.qwen/oauth_creds.json
+ */
+export interface QwenCredentials {
+    accessToken: string;
+    refreshToken?: string;
+    expiryDate?: number;
+    tokenType?: string;
+    resourceUrl?: string;
+    scope?: string;
+}
+export declare function saveCredentials(credentials: QwenCredentials): void;
+export declare function loadCredentials(): QwenCredentials | null;
+export declare function deleteCredentials(): void;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAqBD,wBAAgB,eAAe,CAAC,WAAW,EAAE,eAAe,GAAG,IAAI,CAmBlE;AAED,wBAAgB,eAAe,IAAI,eAAe,GAAG,IAAI,CA2BxD;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAWxC"}

package/dist/credentials.js

@@ -0,0 +1,75 @@
+/**
+ * Credential storage for Qwen OAuth
+ * Saves/loads credentials from ~/.qwen/oauth_creds.json
+ */
+import { writeFileSync, mkdirSync, existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+const CREDENTIALS_DIR = join(homedir(), ".qwen");
+const CREDENTIALS_FILE = join(CREDENTIALS_DIR, "oauth_creds.json");
+function ensureCredentialsDir() {
+    if (!existsSync(CREDENTIALS_DIR)) {
+        mkdirSync(CREDENTIALS_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+export function saveCredentials(credentials) {
+    try {
+        ensureCredentialsDir();
+        // Save in snake_case format (matches OAuth response)
+        const data = {
+            access_token: credentials.accessToken,
+            refresh_token: credentials.refreshToken,
+            expiry_date: credentials.expiryDate,
+            token_type: credentials.tokenType,
+            resource_url: credentials.resourceUrl,
+            scope: credentials.scope,
+        };
+        writeFileSync(CREDENTIALS_FILE, JSON.stringify(data, null, 2), {
+            encoding: "utf-8",
+            mode: 0o600,
+        });
+    }
+    catch (error) {
+        console.error("Failed to save credentials:", error);
+    }
+}
+export function loadCredentials() {
+    try {
+        if (!existsSync(CREDENTIALS_FILE)) {
+            return null;
+        }
+        const data = readFileSync(CREDENTIALS_FILE, "utf-8");
+        const fileCreds = JSON.parse(data);
+        // Convert snake_case to camelCase
+        const credentials = {
+            accessToken: fileCreds.access_token,
+            refreshToken: fileCreds.refresh_token,
+            expiryDate: fileCreds.expiry_date,
+            tokenType: fileCreds.token_type,
+            resourceUrl: fileCreds.resource_url,
+            scope: fileCreds.scope,
+        };
+        // Check if token is expired
+        if (credentials.expiryDate && Date.now() > credentials.expiryDate) {
+            return null;
+        }
+        return credentials;
+    }
+    catch {
+        return null;
+    }
+}
+export function deleteCredentials() {
+    try {
+        if (existsSync(CREDENTIALS_FILE)) {
+            writeFileSync(CREDENTIALS_FILE, JSON.stringify({}, null, 2), {
+                encoding: "utf-8",
+                mode: 0o600,
+            });
+        }
+    }
+    catch {
+        // Ignore errors
+    }
+}
+//# sourceMappingURL=credentials.js.map

package/dist/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAqBlC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AACjD,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;AAEnE,SAAS,oBAAoB;IAC3B,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACjC,SAAS,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,WAA4B;IAC1D,IAAI,CAAC;QACH,oBAAoB,EAAE,CAAC;QACvB,qDAAqD;QACrD,MAAM,IAAI,GAAwB;YAChC,YAAY,EAAE,WAAW,CAAC,WAAW;YACrC,aAAa,EAAE,WAAW,CAAC,YAAY;YACvC,WAAW,EAAE,WAAW,CAAC,UAAU;YACnC,UAAU,EAAE,WAAW,CAAC,SAAS;YACjC,YAAY,EAAE,WAAW,CAAC,WAAW;YACrC,KAAK,EAAE,WAAW,CAAC,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;YAC7D,QAAQ,EAAE,OAAO;YACjB,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,GAAG,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC;QAE1D,kCAAkC;QAClC,MAAM,WAAW,GAAoB;YACnC,WAAW,EAAE,SAAS,CAAC,YAAY;YACnC,YAAY,EAAE,SAAS,CAAC,aAAa;YACrC,UAAU,EAAE,SAAS,CAAC,WAAW;YACjC,SAAS,EAAE,SAAS,CAAC,UAAU;YAC/B,WAAW,EAAE,SAAS,CAAC,YAAY;YACnC,KAAK,EAAE,SAAS,CAAC,KAAK;SACvB,CAAC;QAEF,4BAA4B;QAC5B,IAAI,WAAW,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,UAAU,EAAE,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACjC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;gBAC3D,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gBAAgB;IAClB,CAAC;AACH,CAAC"}

package/dist/diagnostic.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Diagnostic utilities for testing Qwen OAuth endpoints
+ */
+export interface DiagnosticResult {
+    success: boolean;
+    endpoint: string;
+    status?: number;
+    statusText?: string;
+    error?: string;
+    data?: any;
+    responseTime?: number;
+}
+/**
+ * Test if Qwen OAuth device code endpoint is accessible
+ */
+export declare function testDeviceCodeEndpoint(): Promise<DiagnosticResult>;
+/**
+ * Test if Qwen API endpoint is accessible
+ * Tests the /chat/completions endpoint (OpenAI-compatible)
+ */
+export declare function testAPIEndpoint(baseURL: string, token?: string): Promise<DiagnosticResult>;
+/**
+ * Test if the base OAuth URL is accessible
+ */
+export declare function testBaseURL(): Promise<DiagnosticResult>;
+/**
+ * Run all diagnostic tests
+ */
+export declare function runDiagnostics(token?: string): Promise<{
+    baseURL: DiagnosticResult;
+    deviceCode: DiagnosticResult;
+    apis: Record<string, DiagnosticResult>;
+}>;
+/**
+ * Run the OAuth device flow to get a token
+ */
+export declare function runOAuthFlow(): Promise<{
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+} | null>;
+/**
+ * Refresh an access token
+ */
+export declare function refreshToken(refreshToken: string): Promise<{
+    access_token: string;
+    expires_in: number;
+} | null>;
+//# sourceMappingURL=diagnostic.d.ts.map

package/dist/diagnostic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"diagnostic.d.ts","sourceRoot":"","sources":["../src/diagnostic.ts"],"names":[],"mappings":"AAAA;;GAEG;AAgBH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAuCxE;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAmDhG;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC,CA2B7D;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IAC5D,OAAO,EAAE,gBAAgB,CAAC;IAC1B,UAAU,EAAE,gBAAgB,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CACxC,CAAC,CAgDD;AAED;;GAEG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB,GAAG,IAAI,CAAC,CA6HR;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CA8B9D"}