opencode-qwen-oauth 2.3.1 → 2.4.0

package/dist/strategies/oauth.strategy.js

@@ -0,0 +1,249 @@
+/**
+ * OAuth Device Flow strategy
+ * Implements OAuth 2.0 Device Authorization Grant (RFC 8628)
+ */
+import { QWEN_OAUTH_BASE_URL, QWEN_DEVICE_CODE_ENDPOINT, QWEN_TOKEN_ENDPOINT, QWEN_CLIENT_ID, QWEN_SCOPES, } from "../constants.js";
+import { createPkcePair } from "../utils/pkce.js";
+import { fetchWithRetry } from "../middleware/retry.middleware.js";
+import { getConfig } from "../config.js";
+import { validateDeviceCode, validateUserCode, validateToken, validateExpiresIn, validateInterval, validateQwenUrl, validateOAuthError, } from "../validation.js";
+import { debugLog, warnLog, infoLog } from "../utils/logger.js";
+const activePollingOperations = new Set();
+export async function authorizeDevice() {
+    const config = getConfig();
+    const { verifier, challenge } = createPkcePair();
+    const params = new URLSearchParams({
+        client_id: QWEN_CLIENT_ID,
+        scope: QWEN_SCOPES.join(" "),
+        code_challenge: challenge,
+        code_challenge_method: "S256",
+    });
+    try {
+        const response = await fetchWithRetry(`${QWEN_OAUTH_BASE_URL}${QWEN_DEVICE_CODE_ENDPOINT}`, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: params.toString(),
+        }, {
+            maxRetries: config.maxRetries,
+            baseDelay: config.baseRetryDelay,
+            maxDelay: config.maxRetryDelay,
+            timeout: config.timeout,
+        });
+        const data = (await response.json());
+        validateDeviceCode(String(data.device_code));
+        validateUserCode(String(data.user_code));
+        const expiresIn = validateExpiresIn(typeof data.expires_in === "number" ? data.expires_in : undefined, 300);
+        const interval = validateInterval(typeof data.interval === "number" ? data.interval : undefined);
+        if (!validateQwenUrl(String(data.verification_uri))) {
+            throw new Error("Invalid verificationURI received from server");
+        }
+        debugLog("Device authorization successful", {
+            user_code: String(data.user_code),
+            expires_in: data.expires_in,
+        });
+        return {
+            device_code: String(data.device_code),
+            user_code: String(data.user_code),
+            verification_uri: String(data.verification_uri),
+            verification_uri_complete: String(data.verification_uri_complete),
+            expires_in: expiresIn,
+            interval,
+            verifier,
+        };
+    }
+    catch (error) {
+        debugLog("Device authorization failed", { error: String(error) });
+        throw new Error(`Failed to start device flow: ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
+export async function pollForToken(deviceCode, codeVerifier, intervalSeconds, expiresIn) {
+    try {
+        validateDeviceCode(deviceCode);
+        intervalSeconds = validateInterval(intervalSeconds);
+        expiresIn = validateExpiresIn(expiresIn);
+    }
+    catch (error) {
+        debugLog("Invalid polling parameters", { error: String(error) });
+        return {
+            success: false,
+            error: error instanceof Error ? error.message : "Invalid parameters",
+        };
+    }
+    if (activePollingOperations.has(deviceCode)) {
+        warnLog("Polling already in progress for this device code");
+        return {
+            success: false,
+            error: "Authorization already in progress",
+        };
+    }
+    activePollingOperations.add(deviceCode);
+    const timeoutMs = expiresIn * 1000;
+    const startTime = Date.now();
+    let currentInterval = intervalSeconds * 1000;
+    let pollAttempts = 0;
+    const cleanup = () => activePollingOperations.delete(deviceCode);
+    while (Date.now() - startTime < timeoutMs) {
+        await new Promise((resolve) => setTimeout(resolve, currentInterval));
+        pollAttempts++;
+        const params = new URLSearchParams({
+            client_id: QWEN_CLIENT_ID,
+            grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+            device_code: deviceCode,
+            code_verifier: codeVerifier,
+        });
+        debugLog(`Polling attempt ${pollAttempts}...`);
+        try {
+            const response = await fetch(`${QWEN_OAUTH_BASE_URL}${QWEN_TOKEN_ENDPOINT}`, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: params.toString(),
+            });
+            if (response.ok) {
+                const data = (await response.json());
+                infoLog("OAuth token received", {
+                    hasAccessToken: !!data.access_token,
+                    hasRefreshToken: !!data.refresh_token,
+                    hasApiKey: !!data.api_key,
+                });
+                try {
+                    validateToken(String(data.access_token));
+                    if (data.refresh_token)
+                        validateToken(String(data.refresh_token));
+                    if (data.api_key)
+                        validateToken(String(data.api_key));
+                    const expiresIn = validateExpiresIn(typeof data.expires_in === "number" ? data.expires_in : undefined, 3600);
+                    cleanup();
+                    return {
+                        success: true,
+                        access_token: String(data.access_token),
+                        refresh_token: data.refresh_token ? String(data.refresh_token) : undefined,
+                        expires_in: expiresIn,
+                        api_key: data.api_key ? String(data.api_key) : undefined,
+                    };
+                }
+                catch (validationError) {
+                    debugLog("Invalid token response", { error: String(validationError) });
+                    cleanup();
+                    return {
+                        success: false,
+                        error: "Received invalid token from server",
+                    };
+                }
+            }
+            const errorData = await response.json().catch(() => ({}));
+            const oauthError = validateOAuthError(errorData);
+            if (oauthError.error === "authorization_pending") {
+                continue;
+            }
+            if (oauthError.error === "slow_down") {
+                currentInterval += 5000;
+                continue;
+            }
+            if (oauthError.error === "expired_token") {
+                cleanup();
+                return {
+                    success: false,
+                    error: "Device code expired. Please run '/connect' again.",
+                };
+            }
+            if (oauthError.error === "access_denied") {
+                cleanup();
+                return {
+                    success: false,
+                    error: "Authorization was denied",
+                };
+            }
+            cleanup();
+            return {
+                success: false,
+                error: oauthError.error_description || oauthError.error,
+            };
+        }
+        catch (error) {
+            debugLog("Network error during polling", { error: String(error) });
+            if (Date.now() - startTime >= timeoutMs) {
+                cleanup();
+                return {
+                    success: false,
+                    error: "Network error occurred during authentication",
+                };
+            }
+        }
+    }
+    cleanup();
+    return { success: false, error: "Polling timeout - device code expired" };
+}
+export async function refreshAccessToken(refreshToken) {
+    try {
+        validateToken(refreshToken);
+    }
+    catch (error) {
+        return { success: false, error: "Invalid refresh token" };
+    }
+    const config = getConfig();
+    try {
+        const params = new URLSearchParams({
+            client_id: QWEN_CLIENT_ID,
+            grant_type: "refresh_token",
+            refresh_token: refreshToken,
+        });
+        debugLog("Refreshing access token");
+        const response = await fetchWithRetry(`${QWEN_OAUTH_BASE_URL}${QWEN_TOKEN_ENDPOINT}`, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: params.toString(),
+        }, {
+            maxRetries: config.maxRetries,
+            timeout: config.timeout,
+        });
+        if (!response.ok) {
+            const errorData = await response.json().catch(() => ({}));
+            const oauthError = validateOAuthError(errorData);
+            debugLog("OAuth error during token refresh", {
+                status: response.status,
+                error: oauthError.error,
+            });
+            if (oauthError.error === "invalid_grant") {
+                return {
+                    success: false,
+                    error: "Your refresh token has expired. Please run '/connect' to re-authenticate.",
+                };
+            }
+            if (oauthError.error === "invalid_client") {
+                return {
+                    success: false,
+                    error: "OAuth client configuration error.",
+                };
+            }
+            return {
+                success: false,
+                error: oauthError.error_description || oauthError.error || "Token refresh failed",
+            };
+        }
+        const data = (await response.json());
+        validateToken(String(data.access_token));
+        if (data.api_key)
+            validateToken(String(data.api_key));
+        const expiresIn = validateExpiresIn(typeof data.expires_in === "number" ? data.expires_in : undefined, 3600);
+        const newRefreshToken = data.refresh_token ? String(data.refresh_token) : refreshToken;
+        debugLog("Token refresh successful", {
+            new_refresh_token: !!data.refresh_token,
+            has_api_key: !!data.api_key,
+        });
+        return {
+            success: true,
+            access_token: String(data.access_token),
+            refresh_token: newRefreshToken,
+            expires_in: expiresIn,
+            api_key: data.api_key ? String(data.api_key) : undefined,
+        };
+    }
+    catch (error) {
+        debugLog("Token refresh failed", { error: String(error) });
+        return {
+            success: false,
+            error: error instanceof Error ? error.message : "Token refresh failed",
+        };
+    }
+}
+//# sourceMappingURL=oauth.strategy.js.map

package/dist/strategies/oauth.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.strategy.js","sourceRoot":"","sources":["../../src/strategies/oauth.strategy.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,cAAc,EACd,WAAW,GACZ,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAGhE,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;AAElD,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,cAAc,EAAE,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,cAAc;QACzB,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;QAC5B,cAAc,EAAE,SAAS;QACzB,qBAAqB,EAAE,MAAM;KAC9B,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,cAAc,CACnC,GAAG,mBAAmB,GAAG,yBAAyB,EAAE,EACpD;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,EACD;YACE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM,CAAC,cAAc;YAChC,QAAQ,EAAE,MAAM,CAAC,aAAa;YAC9B,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CACF,CAAC;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QAEzC,MAAM,SAAS,GAAG,iBAAiB,CACjC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,EACjE,GAAG,CACJ,CAAC;QACF,MAAM,QAAQ,GAAG,gBAAgB,CAC/B,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAC9D,CAAC;QAEF,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QAED,QAAQ,CAAC,iCAAiC,EAAE;YAC1C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;YACjC,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,OAAO;YACL,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC;YACrC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;YACjC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC;YAC/C,yBAAyB,EAAE,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC;YACjE,UAAU,EAAE,SAAS;YACrB,QAAQ;YACR,QAAQ;SACT,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,gCAAgC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC5G,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,YAAoB,EACpB,eAAuB,EACvB,SAAiB;IAEjB,IAAI,CAAC;QACH,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC/B,eAAe,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;QACpD,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB;SACrE,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5C,OAAO,CAAC,kDAAkD,CAAC,CAAC;QAC5D,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,mCAAmC;SAC3C,CAAC;IACJ,CAAC;IAED,uBAAuB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAExC,MAAM,SAAS,GAAG,SAAS,GAAG,IAAI,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,eAAe,GAAG,eAAe,GAAG,IAAI,CAAC;IAC7C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,uBAAuB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEjE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE,CAAC;QAC1C,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC;QACrE,YAAY,EAAE,CAAC;QAEf,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,cAAc;YACzB,UAAU,EAAE,8CAA8C;YAC1D,WAAW,EAAE,UAAU;YACvB,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QAEH,QAAQ,CAAC,mBAAmB,YAAY,KAAK,CAAC,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,mBAAmB,GAAG,mBAAmB,EAAE,EAAE;gBAC3E,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;aACxB,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;gBAEhE,OAAO,CAAC,sBAAsB,EAAE;oBAC9B,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY;oBACnC,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa;oBACrC,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO;iBAC1B,CAAC,CAAC;gBAEH,IAAI,CAAC;oBACH,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;oBACzC,IAAI,IAAI,CAAC,aAAa;wBAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;oBAClE,IAAI,IAAI,CAAC,OAAO;wBAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;oBAEtD,MAAM,SAAS,GAAG,iBAAiB,CACjC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,EACjE,IAAI,CACL,CAAC;oBAEF,OAAO,EAAE,CAAC;oBACV,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;wBACvC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;wBAC1E,UAAU,EAAE,SAAS;wBACrB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;qBACzD,CAAC;gBACJ,CAAC;gBAAC,OAAO,eAAe,EAAE,CAAC;oBACzB,QAAQ,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;oBACvE,OAAO,EAAE,CAAC;oBACV,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,oCAAoC;qBAC5C,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1D,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;YAEjD,IAAI,UAAU,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;gBACjD,SAAS;YACX,CAAC;YAED,IAAI,UAAU,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBACrC,eAAe,IAAI,IAAI,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,IAAI,UAAU,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;gBACzC,OAAO,EAAE,CAAC;gBACV,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,mDAAmD;iBAC3D,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;gBACzC,OAAO,EAAE,CAAC;gBACV,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,0BAA0B;iBAClC,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,UAAU,CAAC,iBAAiB,IAAI,UAAU,CAAC,KAAK;aACxD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACnE,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,SAAS,EAAE,CAAC;gBACxC,OAAO,EAAE,CAAC;gBACV,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,8CAA8C;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAC3D,IAAI,CAAC;QACH,aAAa,CAAC,YAAY,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,cAAc;YACzB,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QAEH,QAAQ,CAAC,yBAAyB,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAG,MAAM,cAAc,CACnC,GAAG,mBAAmB,GAAG,mBAAmB,EAAE,EAC9C;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,EACD;YACE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CACF,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1D,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;YAEjD,QAAQ,CAAC,kCAAkC,EAAE;gBAC3C,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,KAAK,EAAE,UAAU,CAAC,KAAK;aACxB,CAAC,CAAC;YAEH,IAAI,UAAU,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;gBACzC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,2EAA2E;iBACnF,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,CAAC,KAAK,KAAK,gBAAgB,EAAE,CAAC;gBAC1C,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,mCAAmC;iBAC3C,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,UAAU,CAAC,iBAAiB,IAAI,UAAU,CAAC,KAAK,IAAI,sBAAsB;aAClF,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACzC,IAAI,IAAI,CAAC,OAAO;YAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAEtD,MAAM,SAAS,GAAG,iBAAiB,CACjC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,EACjE,IAAI,CACL,CAAC;QACF,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;QAEvF,QAAQ,CAAC,0BAA0B,EAAE;YACnC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa;YACvC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO;SAC5B,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;YACvC,aAAa,EAAE,eAAe;YAC9B,UAAU,EAAE,SAAS;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;SACzD,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC3D,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,sBAAsB;SACvE,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Shared type definitions
+ */
+export interface OAuthAuthDetails {
+    type: "oauth";
+    refresh: string;
+    access: string;
+    expires?: number;
+    apiKey?: string;
+}
+export interface StoredCredentials {
+    accessToken: string;
+    refreshToken: string;
+    expiryDate: number;
+    tokenType: string;
+}
+export interface TokenResponse {
+    success: boolean;
+    access_token?: string;
+    refresh_token?: string;
+    expires_in?: number;
+    api_key?: string;
+    error?: string;
+}
+export interface DeviceAuthorization {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete: string;
+    expires_in: number;
+    interval: number;
+    verifier: string;
+}
+export type RequestInfoType = string | URL | Request;
+export interface FetchInterceptor {
+    (input: RequestInfoType, init?: RequestInit): Promise<Response>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,yBAAyB,EAAE,MAAM,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC;AAErD,MAAM,WAAW,gBAAgB;IAC/B,CAAC,KAAK,EAAE,eAAe,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACjE"}

package/dist/types.js

@@ -0,0 +1,5 @@
+/**
+ * Shared type definitions
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/utils/logger.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Logging utilities for Qwen OAuth plugin
+ */
+type LogLevel = "debug" | "info" | "warn" | "error";
+interface LogEntry {
+    service: string;
+    level: LogLevel;
+    message: string;
+    extra?: Record<string, unknown>;
+}
+export declare function setLoggerClient(client: {
+    app: {
+        log: (entry: {
+            body: LogEntry;
+        }) => Promise<void>;
+    };
+}): void;
+export declare function log(level: LogLevel, message: string, data?: Record<string, unknown>): Promise<void>;
+export declare const debugLog: (message: string, data?: Record<string, unknown>) => Promise<void>;
+export declare const infoLog: (message: string, data?: Record<string, unknown>) => Promise<void>;
+export declare const warnLog: (message: string, data?: Record<string, unknown>) => Promise<void>;
+export declare const errorLog: (message: string, data?: Record<string, unknown>) => Promise<void>;
+export {};
+//# sourceMappingURL=logger.d.ts.map

package/dist/utils/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,KAAK,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAEpD,UAAU,QAAQ;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAUD,wBAAgB,eAAe,CAAC,MAAM,EAAE;IAAE,GAAG,EAAE;QAAE,GAAG,EAAE,CAAC,KAAK,EAAE;YAAE,IAAI,EAAE,QAAQ,CAAA;SAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KAAE,CAAA;CAAE,GAAG,IAAI,CAE5G;AAED,wBAAsB,GAAG,CACvB,KAAK,EAAE,QAAQ,EACf,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,IAAI,CAAC,CAiBf;AAED,eAAO,MAAM,QAAQ,GAAI,SAAS,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,kBAAgC,CAAC;AACzG,eAAO,MAAM,OAAO,GAAI,SAAS,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,kBAA+B,CAAC;AACvG,eAAO,MAAM,OAAO,GAAI,SAAS,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,kBAA+B,CAAC;AACvG,eAAO,MAAM,QAAQ,GAAI,SAAS,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,kBAAgC,CAAC"}

package/dist/utils/logger.js

@@ -0,0 +1,32 @@
+/**
+ * Logging utilities for Qwen OAuth plugin
+ */
+let appLogger = null;
+export function setLoggerClient(client) {
+    appLogger = client;
+}
+export async function log(level, message, data) {
+    try {
+        if (appLogger) {
+            await appLogger.app.log({
+                body: {
+                    service: "qwen-oauth",
+                    level,
+                    message,
+                    extra: data,
+                },
+            });
+        }
+        else {
+            console.log(`[${level}] ${message}`, data || "");
+        }
+    }
+    catch {
+        console.log(`[${level}] ${message}`, data || "");
+    }
+}
+export const debugLog = (message, data) => log("debug", message, data);
+export const infoLog = (message, data) => log("info", message, data);
+export const warnLog = (message, data) => log("warn", message, data);
+export const errorLog = (message, data) => log("error", message, data);
+//# sourceMappingURL=logger.js.map

package/dist/utils/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAiBH,IAAI,SAAS,GAAqB,IAAI,CAAC;AAEvC,MAAM,UAAU,eAAe,CAAC,MAAsE;IACpG,SAAS,GAAG,MAAM,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,KAAe,EACf,OAAe,EACf,IAA8B;IAE9B,IAAI,CAAC;QACH,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBACtB,IAAI,EAAE;oBACJ,OAAO,EAAE,YAAY;oBACrB,KAAK;oBACL,OAAO;oBACP,KAAK,EAAE,IAAI;iBACZ;aACF,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,IAAI,KAAK,KAAK,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,IAAI,KAAK,KAAK,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,OAAe,EAAE,IAA8B,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AACzG,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAe,EAAE,IAA8B,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AACvG,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAe,EAAE,IAA8B,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AACvG,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,OAAe,EAAE,IAA8B,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC"}

package/dist/utils/mutex.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Simple mutex implementation for preventing race conditions
+ */
+export declare class Mutex {
+    private locked;
+    private queue;
+    runExclusive<T>(fn: () => Promise<T>): Promise<T>;
+    private acquire;
+    private release;
+    isLocked(): boolean;
+}
+export declare class Debouncer {
+    private timeouts;
+    debounce<T extends (...args: any[]) => Promise<void>>(fn: T, delay: number): (...args: Parameters<T>) => void;
+}
+//# sourceMappingURL=mutex.d.ts.map

package/dist/utils/mutex.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mutex.d.ts","sourceRoot":"","sources":["../../src/utils/mutex.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,qBAAa,KAAK;IAChB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,KAAK,CAAyB;IAEhC,YAAY,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IASvD,OAAO,CAAC,OAAO;IAWf,OAAO,CAAC,OAAO;IASf,QAAQ,IAAI,OAAO;CAGpB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAuC;IAEvD,QAAQ,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,EAClD,EAAE,EAAE,CAAC,EACL,KAAK,EAAE,MAAM,GACZ,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,IAAI;CAcpC"}

package/dist/utils/mutex.js

@@ -0,0 +1,54 @@
+/**
+ * Simple mutex implementation for preventing race conditions
+ */
+export class Mutex {
+    locked = false;
+    queue = [];
+    async runExclusive(fn) {
+        await this.acquire();
+        try {
+            return await fn();
+        }
+        finally {
+            this.release();
+        }
+    }
+    acquire() {
+        return new Promise((resolve) => {
+            if (!this.locked) {
+                this.locked = true;
+                resolve();
+            }
+            else {
+                this.queue.push(resolve);
+            }
+        });
+    }
+    release() {
+        const next = this.queue.shift();
+        if (next) {
+            next();
+        }
+        else {
+            this.locked = false;
+        }
+    }
+    isLocked() {
+        return this.locked;
+    }
+}
+export class Debouncer {
+    timeouts = new Map();
+    debounce(fn, delay) {
+        return (...args) => {
+            const timeout = this.timeouts.get(fn);
+            if (timeout)
+                clearTimeout(timeout);
+            this.timeouts.set(fn, setTimeout(async () => {
+                await fn(...args);
+                this.timeouts.delete(fn);
+            }, delay));
+        };
+    }
+}
+//# sourceMappingURL=mutex.js.map

package/dist/utils/mutex.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mutex.js","sourceRoot":"","sources":["../../src/utils/mutex.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,OAAO,KAAK;IACR,MAAM,GAAG,KAAK,CAAC;IACf,KAAK,GAAsB,EAAE,CAAC;IAEtC,KAAK,CAAC,YAAY,CAAI,EAAoB;QACxC,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAEO,OAAO;QACb,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;gBACnB,OAAO,EAAE,CAAC;YACZ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,OAAO;QACb,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAChC,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,EAAE,CAAC;QACT,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF;AAED,MAAM,OAAO,SAAS;IACZ,QAAQ,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEvD,QAAQ,CACN,EAAK,EACL,KAAa;QAEb,OAAO,CAAC,GAAG,IAAmB,EAAE,EAAE;YAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtC,IAAI,OAAO;gBAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YAEnC,IAAI,CAAC,QAAQ,CAAC,GAAG,CACf,EAAE,EACF,UAAU,CAAC,KAAK,IAAI,EAAE;gBACpB,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBAClB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC3B,CAAC,EAAE,KAAK,CAAC,CACV,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC;CACF"}

package/dist/utils/pkce.d.ts

@@ -0,0 +1,8 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities
+ */
+export declare function createPkcePair(): {
+    verifier: string;
+    challenge: string;
+};
+//# sourceMappingURL=pkce.d.ts.map

package/dist/utils/pkce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../src/utils/pkce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAYH,wBAAgB,cAAc,IAAI;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAMxE"}

package/dist/utils/pkce.js

@@ -0,0 +1,17 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities
+ */
+import { createHash, randomBytes } from "node:crypto";
+function base64UrlEncode(buffer) {
+    return buffer
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+export function createPkcePair() {
+    const verifier = base64UrlEncode(randomBytes(32));
+    const challenge = base64UrlEncode(createHash("sha256").update(verifier).digest());
+    return { verifier, challenge };
+}
+//# sourceMappingURL=pkce.js.map

package/dist/utils/pkce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../../src/utils/pkce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEtD,SAAS,eAAe,CAAC,MAAc;IACrC,OAAO,MAAM;SACV,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,eAAe,CAC/B,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAC/C,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-qwen-oauth",
-  "version": "2.3.1",
+  "version": "2.4.0",
   "description": "Qwen OAuth authentication plugin for OpenCode - authenticate with Qwen.ai using OAuth device flow",
   "type": "module",
   "main": "dist/index.js",
@@ -18,8 +18,8 @@
     "build": "tsc -p tsconfig.json",
     "dev": "tsc -p tsconfig.json --watch",
     "prepublishOnly": "npm run build",
-    "test": "bun test",
-    "test:watch": "bun test --watch",
+    "test": "tsx --test tests/**/*.test.ts",
+    "test:watch": "tsx --test --watch tests/**/*.test.ts",
     "diagnose": "npm run build && node dist/diagnostic.js",
     "test:tokens": "npm run build && node dist/token-test.js"
   },
@@ -47,6 +47,7 @@
   },
   "devDependencies": {
     "@types/node": "^20.10.0",
+    "tsx": "^4.21.0",
     "typescript": "^5.3.0"
   },
   "engines": {