opencode-qwen 1.0.0

package/.github/workflows/main.yml

@@ -0,0 +1,30 @@
+# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
+
+name: Node.js Package
+
+on:
+  workflow_dispatch: 
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm install
+
+  publish-npm:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org/
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.npm_token}}

package/README.md

@@ -0,0 +1,142 @@
+# Qwen Authentication Plugin for OpenCode
+
+This plugin provides seamless authentication integration with the Qwen AI API provider for OpenCode, handling token validation, refresh, and secure credential management.
+
+## Features
+
+- **Automatic Token Management**: Validates and refreshes tokens automatically
+- **Secure Credential Handling**: Integrates with environment variables
+- **Token Refresh Support**: Handles access token renewal using refresh tokens
+- **Custom Tools**: Provides dedicated tools for Qwen API interactions
+- **Logging & Monitoring**: Comprehensive logging for debugging and monitoring
+- **Type Safety**: Full TypeScript support with Zod validation
+
+## Installation
+
+1. Place the plugin files in your OpenCode plugin directory:
+   ```
+   .opencode/
+   ├── plugins/
+   │   └── qwen-auth.ts
+   └── package.json
+   ```
+
+2. Install dependencies:
+   ```bash
+   cd .opencode && bun install
+   ```
+
+## Configuration
+
+Set the following environment variables in your environment or `.env` file:
+
+```bash
+# Required: Your Qwen API access token
+QWEN_API_KEY=your_access_token_here
+
+# Optional: Your refresh token for automatic token renewal
+QWEN_REFRESH_TOKEN=your_refresh_token_here
+
+# Optional: Enable/disable automatic token refresh (default: true)
+QWEN_AUTO_REFRESH=true
+
+# Optional: Enable/disable token validation on startup (default: true)
+QWEN_VALIDATE_ON_STARTUP=true
+```
+
+## Usage
+
+### Custom Tools
+
+The plugin provides the following custom tools:
+
+#### `qwen.validate-token`
+Validate your Qwen API access token.
+
+```javascript
+// Example usage
+const result = await qwen.validate-token({
+  token: "optional_token_to_validate" // Uses current token if not provided
+})
+```
+
+#### `qwen.refresh-token`
+Refresh your access token using the refresh token.
+
+```javascript
+// Example usage
+const result = await qwen.refresh-token({
+  refreshToken: "optional_refresh_token" // Uses stored refresh token if not provided
+})
+```
+
+#### `qwen.list-models`
+List all available Qwen models (requires valid authentication).
+
+```javascript
+// Example usage
+const models = await qwen.list-models({})
+console.log(`Available models: ${models.data.length}`)
+```
+
+### Automatic Token Management
+
+The plugin automatically handles:
+
+- **Session Validation**: Validates tokens when a new session starts
+- **Periodic Refresh**: Checks token validity during idle periods
+- **API Call Interception**: Ensures valid tokens before Qwen API calls
+- **Error Recovery**: Attempts token refresh on validation failures
+
+## API Endpoints
+
+The plugin integrates with the following Qwen API endpoints:
+
+- `GET /validate` - Token validation
+- `POST /refresh` - Token refresh
+- `GET /models` - List available models
+
+## Security Considerations
+
+- Store API keys and refresh tokens in environment variables, not in code
+- The plugin never logs sensitive credential information
+- Token validation is performed over secure HTTPS connections
+- Consider rotating API keys regularly for enhanced security
+
+## Troubleshooting
+
+### Common Issues
+
+1. **"No valid Qwen authentication token available"**
+   - Ensure `QWEN_API_KEY` is set correctly
+   - Check if the token has expired and refresh if needed
+
+2. **"No refresh token available"**
+   - Set `QWEN_REFRESH_TOKEN` environment variable
+   - Obtain a refresh token from your Qwen API dashboard
+
+3. **"Failed to fetch models"**
+   - Validate your token first using `qwen.validate-token`
+   - Check network connectivity to `qwen.aikit.club`
+
+### Debug Logging
+
+Enable debug logging to troubleshoot issues:
+
+```bash
+# Set log level for more detailed output
+export DEBUG=qwen-auth:*
+```
+
+## Development
+
+The plugin is built with TypeScript and includes:
+
+- **Type Safety**: Full TypeScript definitions for all API interactions
+- **Zod Validation**: Runtime validation for all inputs and outputs
+- **Structured Logging**: Consistent logging format for debugging
+- **Error Handling**: Comprehensive error handling and recovery
+
+## License
+
+This plugin is provided as-is for use with OpenCode and the Qwen API.

package/auth.ts

@@ -0,0 +1,165 @@
+/**
+ * Qwen Provider Authentication Handler for OpenCode
+ * 
+ * This module handles authentication integration with OpenCode's /connect command
+ * and provides secure credential management.
+ */
+
+import { z } from 'zod'
+import type { AuthHandler, Credential } from '@opencode-ai/plugin'
+import { validateQwenApiKey, createQwenProvider, fetchQwenModels } from './index'
+
+// Credential validation schema
+const QwenCredentialSchema = z.object({
+  apiKey: z.string().min(1, 'API key is required'),
+  name: z.string().optional()
+})
+
+export type QwenCredential = z.infer<typeof QwenCredentialSchema>
+
+/**
+ * Qwen authentication handler
+ */
+export const QwenAuthHandler: AuthHandler = {
+  // Provider metadata
+  provider: {
+    id: 'qwen',
+    name: 'Qwen',
+    description: 'Qwen AI models - high-quality large language models for coding, reasoning, and creative tasks',
+    website: 'https://qwen.aikit.club',
+    icon: '🤖',
+    category: 'ai'
+  },
+
+  // Credential validation
+  validateCredential: async (credential: Credential): Promise<boolean> => {
+    try {
+      const qwenCred = QwenCredentialSchema.parse(credential)
+      return await validateQwenApiKey(qwenCred.apiKey)
+    } catch (error) {
+      console.error('Credential validation error:', error)
+      return false
+    }
+  },
+
+  // Provider creation
+  createProvider: async (credential: Credential) => {
+    try {
+      const qwenCred = QwenCredentialSchema.parse(credential)
+      const baseURL = 'https://qwen.aikit.club/v1'
+      
+      // Validate and fetch models
+      const isValid = await validateQwenApiKey(qwenCred.apiKey)
+      if (!isValid) {
+        throw new Error('Invalid Qwen API key')
+      }
+      
+      const models = await fetchQwenModels(qwenCred.apiKey, baseURL)
+      
+      return createQwenProvider({
+        apiKey: qwenCred.apiKey,
+        baseURL
+      })
+    } catch (error) {
+      throw new Error(`Failed to create Qwen provider: ${error instanceof Error ? error.message : String(error)}`)
+    }
+  },
+
+  // Credential templates for user guidance
+  credentialTemplates: [
+    {
+      name: 'API Key',
+      fields: [
+        {
+          key: 'apiKey',
+          label: 'API Key',
+          type: 'password',
+          placeholder: 'sk-...',
+          required: true,
+          description: 'Your Qwen API key from https://qwen.aikit.club'
+        }
+      ]
+    }
+  ],
+
+  // Additional configuration options
+  configOptions: {
+    autoRefresh: {
+      type: 'boolean',
+      default: true,
+      description: 'Automatically refresh tokens when they expire'
+    },
+    timeout: {
+      type: 'number',
+      default: 30000,
+      description: 'Request timeout in milliseconds'
+    }
+  },
+
+  // Help and documentation
+  help: {
+    title: 'Qwen AI Integration',
+    description: `
+Qwen provides state-of-the-art language models with dynamic model loading:
+
+• **Code Generation**: Qwen Coder, Qwen3-Coder for development tasks
+• **Complex Reasoning**: Qwen Max, Qwen-Deep-Research for advanced problem-solving  
+• **Speed & Efficiency**: Qwen Turbo, Qwen-Flash for quick responses
+• **Multimodal**: Qwen VL, Qwen3-Omni for image and text understanding
+• **Web Development**: Qwen-Web-Dev for frontend development
+• **Full-Stack**: Qwen-Full-Stack for complete application development
+• **Video Generation**: Text-to-video capabilities
+• **Image Generation**: Advanced image creation and editing
+
+**Getting Started:**
+
+1. Visit [chat.qwen.ai](https://chat.qwen.ai) and log in
+2. Extract your access token using the browser console script from [qwen-api repo](https://github.com/tanu1337/qwen-api)
+3. Use \`/connect\` command and select "Qwen"
+4. Paste your access token when prompted
+5. Models will be loaded dynamically based on your account access
+
+**Dynamic Model Loading:**
+Models are fetched directly from the API, ensuring you always have access to the latest available models. Common models include:
+- \`qwen-turbo\`: Fast, efficient for general tasks
+- \`qwen-plus\`: Balanced performance for complex tasks  
+- \`qwen-max\`: Most capable for advanced reasoning
+- \`qwen-coder\`: Specialized for coding and development
+- \`qwen-vl\`: Multimodal, supports images and text
+- \`qwen-deep-research\`: Comprehensive research with web search
+- \`qwen-web-dev\`: Frontend web development
+- \`qwen-full-stack\`: Complete application development
+
+**Getting Your Token:**
+1. Go to [chat.qwen.ai](https://chat.qwen.ai) and login
+2. Open browser console (F12 → Console tab)
+3. Paste this JavaScript code:
+\`\`\`javascript
+(function(){if(window.location.hostname!=="chat.qwen.ai"){alert("🚀 This code is for chat.qwen.ai");window.open("https://chat.qwen.ai","_blank");return;}
+function getApiKeyData(){const token=localStorage.getItem("token");if(!token){alert("❌ qwen access_token not found !!!");return null;}
+return token;}
+async function copyToClipboard(text){try{await navigator.clipboard.writeText(text);return true;}catch(err){console.error("❌ Failed to copy to clipboard:",err);const textarea=document.createElement("textarea");textarea.value=text;textarea.style.position="fixed";textarea.style.opacity="0";document.body.appendChild(textarea);textarea.focus();textarea.select();const success=document.execCommand("copy");document.body.removeChild(textarea);return success;}}
+const apiKeyData=getApiKeyData();if(!apiKeyData)return;copyToClipboard(apiKeyData).then((success)=>{if(success){alert("🔑 Qwen access_token copied to clipboard !!! 🎉");}else{prompt("🔰 Qwen access_token:",apiKeyData);}});})();
+\`\`\`
+
+For more information, visit the [Qwen API repository](https://github.com/tanu1337/qwen-api).
+    `.trim(),
+    links: [
+      {
+        label: 'Get API Key',
+        url: 'https://qwen.aikit.club/api-keys'
+      },
+      {
+        label: 'Documentation',
+        url: 'https://qwen.aikit.club/docs'
+      },
+      {
+        label: 'Pricing',
+        url: 'https://qwen.aikit.club/pricing'
+      }
+    ]
+  }
+}
+
+// Export for direct usage
+export { QwenCredentialSchema, type QwenCredential }

package/index.ts

@@ -0,0 +1,223 @@
+/**
+ * Qwen Provider for OpenCode
+ * 
+ * This package provides Qwen API integration for OpenCode following the provider specification.
+ * It supports both direct API key usage and token refresh capabilities.
+ * Models are fetched dynamically from the API.
+ */
+
+import { createOpenAI } from '@ai-sdk/openai-compatible'
+import type { Provider, Model } from '@ai-sdk/provider'
+import { z } from 'zod'
+
+// Qwen API base URL
+const QWEN_BASE_URL = 'https://qwen.aikit.club/v1'
+
+// Qwen model interface from API response
+export interface QwenApiModel {
+  id: string
+  object: string
+  created: number
+  owned_by: string
+  permission?: any[]
+  root?: string
+  parent?: string
+}
+
+export interface QwenModelsResponse {
+  object: string
+  data: QwenApiModel[]
+}
+
+// Model cache to avoid repeated API calls
+let modelCache: Record<string, Model> | null = null
+let modelCacheTime = 0
+const CACHE_DURATION = 5 * 60 * 1000 // 5 minutes
+
+// Configuration schema for Qwen provider
+const QwenConfigSchema = z.object({
+  apiKey: z.string().min(1, 'API key is required'),
+  baseURL: z.string().default(QWEN_BASE_URL),
+  refreshToken: z.string().optional(),
+  autoRefresh: z.boolean().default(true),
+  timeout: z.number().default(30000)
+})
+
+export type QwenConfig = z.infer<typeof QwenConfigSchema>
+
+/**
+ * Convert Qwen API model to OpenCode Model format
+ */
+function convertApiModelToModel(apiModel: QwenApiModel): Model {
+  const modelId = apiModel.id
+  
+  // Extract capabilities from model name
+  const isVisionModel = modelId.includes('vl') || modelId.includes('vision') || modelId.includes('qvq')
+  const isCoderModel = modelId.includes('coder') || modelId.includes('code')
+  const isTurboModel = modelId.includes('turbo') || modelId.includes('flash')
+  const isMaxModel = modelId.includes('max')
+  const isPlusModel = modelId.includes('plus')
+  const isDeepResearch = modelId.includes('deep-research')
+  const isWebDev = modelId.includes('web-dev')
+  const isFullStack = modelId.includes('full-stack')
+  const isOmni = modelId.includes('omni')
+  
+  // Determine supported capabilities
+  const supports: string[] = ['text']
+  if (isVisionModel) supports.push('image')
+  if (modelId.includes('search') || modelId.includes('plus') || modelId.includes('max')) supports.push('web_search')
+  if (isCoderModel || modelId.includes('tools') || modelId.includes('plus') || modelId.includes('max')) supports.push('tools')
+  if (modelId.includes('thinking') || modelId.includes('max')) supports.push('thinking')
+  
+  // Determine max tokens based on model
+  let maxTokens = 8192
+  if (modelId.includes('32b') || modelId.includes('80b') || modelId.includes('235b') || 
+      modelId.includes('max') || modelId.includes('plus') || isCoderModel) {
+    maxTokens = 32768
+  } else if (modelId.includes('14b')) {
+    maxTokens = 8192
+  } else if (modelId.includes('72b')) {
+    maxTokens = 32768
+  }
+  
+  // Generate description
+  let description = ''
+  if (isTurboModel) description = 'Fast and efficient model for general tasks'
+  else if (isMaxModel) description = 'Most capable model for advanced tasks'
+  else if (isPlusModel) description = 'Balanced model for complex reasoning'
+  else if (isCoderModel) description = 'Specialized model for coding and development'
+  else if (isDeepResearch) description = 'Research model with comprehensive analysis capabilities'
+  else if (isWebDev) description = 'Specialized for web development and UI generation'
+  else if (isFullStack) description = 'Full-stack application development model'
+  else if (isVisionModel) description = 'Multimodal model supporting text and image analysis'
+  else description = 'Qwen language model'
+  
+  return {
+    name: apiModel.id.replace(/-/g, ' ').replace(/\b\w/g, l => l.toUpperCase()),
+    provider: 'Qwen',
+    maxTokens,
+    supports,
+    description
+  }
+}
+
+/**
+ * Fetch models from Qwen API
+ */
+export async function fetchQwenModels(apiKey: string, baseURL: string = QWEN_BASE_URL): Promise<Record<string, Model>> {
+  const now = Date.now()
+  
+  // Return cached models if still valid
+  if (modelCache && (now - modelCacheTime) < CACHE_DURATION) {
+    return modelCache
+  }
+  
+  try {
+    const response = await fetch(`${baseURL}/models`, {
+      method: 'GET',
+      headers: {
+        'Authorization': `Bearer ${apiKey}`,
+        'Content-Type': 'application/json',
+        'User-Agent': 'OpenCode-Qwen-Provider/1.0.0'
+      }
+    })
+    
+    if (!response.ok) {
+      throw new Error(`Failed to fetch models: ${response.status} ${response.statusText}`)
+    }
+    
+    const data: QwenModelsResponse = await response.json()
+    
+    // Convert API models to OpenCode format
+    const models: Record<string, Model> = {}
+    for (const apiModel of data.data) {
+      models[apiModel.id] = convertApiModelToModel(apiModel)
+    }
+    
+    // Cache the results
+    modelCache = models
+    modelCacheTime = now
+    
+    return models
+  } catch (error) {
+    console.error('Failed to fetch Qwen models:', error)
+    
+    // Return fallback models if cache exists but is expired
+    if (modelCache) {
+      console.warn('Using cached models due to API error')
+      return modelCache
+    }
+    
+    // Return minimal fallback models
+    return {
+      'qwen-turbo': {
+        name: 'Qwen Turbo',
+        provider: 'Qwen',
+        maxTokens: 8192,
+        supports: ['text'],
+        description: 'Fast and efficient model for general tasks'
+      }
+    }
+  }
+}
+
+/**
+ * Create Qwen provider instance
+ */
+export function createQwenProvider(config: QwenConfig): Provider {
+  const validatedConfig = QwenConfigSchema.parse(config)
+  
+  return createOpenAI({
+    name: 'Qwen',
+    baseURL: validatedConfig.baseURL,
+    apiKey: validatedConfig.apiKey,
+    headers: {
+      'User-Agent': 'OpenCode-Qwen-Provider/1.0.0'
+    },
+    compatibility: 'compatible'
+  })
+}
+
+/**
+ * Validate Qwen API key
+ */
+export async function validateQwenApiKey(apiKey: string): Promise<boolean> {
+  try {
+    const response = await fetch(`${QWEN_BASE_URL}/models`, {
+      method: 'GET',
+      headers: {
+        'Authorization': `Bearer ${apiKey}`,
+        'Content-Type': 'application/json'
+      }
+    })
+    
+    return response.ok
+  } catch {
+    return false
+  }
+}
+
+/**
+ * Get available Qwen models (requires API key for dynamic loading)
+ */
+export async function getQwenModels(apiKey: string, baseURL?: string): Promise<Record<string, Model>> {
+  return await fetchQwenModels(apiKey, baseURL)
+}
+
+/**
+ * Provider factory for OpenCode integration
+ */
+export default function qwenProvider() {
+  return {
+    id: 'qwen',
+    name: 'Qwen',
+    description: 'Qwen AI models - high-quality large language models with dynamic model loading',
+    website: 'https://qwen.aikit.club',
+    create: createQwenProvider,
+    validate: validateQwenApiKey,
+    getModels: fetchQwenModels
+  }
+}
+
+// Export types for TypeScript users
+export type { QwenConfig }

package/opencode.example.json

@@ -0,0 +1,34 @@
+# Example OpenCode configuration with Qwen auth plugin
+
+{
+  "$schema": "https://opencode.ai/config.json",
+  "plugins": [
+    "./plugins/qwen-auth.ts"
+  ],
+  "tools": {
+    "qwen": {
+      "baseUrl": "https://qwen.aikit.club/v1",
+      "apiKey": "${QWEN_API_KEY}"
+    }
+  },
+  "env": {
+    "QWEN_API_KEY": {
+      "description": "Qwen API access token",
+      "required": true
+    },
+    "QWEN_REFRESH_TOKEN": {
+      "description": "Qwen API refresh token for automatic renewal",
+      "required": false
+    },
+    "QWEN_AUTO_REFRESH": {
+      "description": "Enable automatic token refresh",
+      "default": "true",
+      "type": "boolean"
+    },
+    "QWEN_VALIDATE_ON_STARTUP": {
+      "description": "Validate token on session startup",
+      "default": "true", 
+      "type": "boolean"
+    }
+  }
+}

package/opencode.json

@@ -0,0 +1,41 @@
+{
+  "$schema": "https://opencode.ai/config.json",
+  "provider": {
+    "qwen": {
+      "npm": "opencode-qwen",
+      "name": "Qwen AI",
+      "description": "High-quality large language models with dynamic model loading - optimized for coding, reasoning, web development, and creative tasks",
+      "website": "https://qwen.aikit.club",
+      "documentation": "https://github.com/tanu1337/qwen-api",
+      "options": {
+        "baseURL": "https://qwen.aikit.club/v1",
+        "dynamicModels": true,
+        "modelCacheDuration": 300000
+      },
+      "authentication": {
+        "type": "bearer",
+        "help": "Get your access token from https://chat.qwen.ai by running the token extractor script in browser console"
+      }
+    }
+  },
+  "env": {
+    "QWEN_API_KEY": {
+      "description": "Qwen API access key",
+      "required": true
+    },
+    "QWEN_BASE_URL": {
+      "description": "Qwen API base URL",
+      "default": "https://qwen.aikit.club/v1"
+    },
+    "QWEN_AUTO_REFRESH": {
+      "description": "Enable automatic token refresh",
+      "default": "true",
+      "type": "boolean"
+    },
+    "QWEN_TIMEOUT": {
+      "description": "Request timeout in milliseconds",
+      "default": "30000",
+      "type": "number"
+    }
+  }
+}

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "opencode-qwen",
+  "version": "1.0.0",
+  "description": "Qwen provider for OpenCode with npm package support",
+  "main": "index.ts",
+  "exports": {
+    ".": "./index.ts"
+  },
+  "dependencies": {
+    "@opencode-ai/plugin": "^1.0.0",
+    "zod": "^3.22.0",
+    "@ai-sdk/openai-compatible": "^1.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.0.0",
+    "@types/node": "^20.0.0"
+  },
+  "keywords": [
+    "opencode",
+    "plugin",
+    "provider",
+    "qwen",
+    "ai"
+  ],
+  "author": "OpenCode Community",
+  "license": "MIT"
+}

package/qwen-auth.ts

@@ -0,0 +1,337 @@
+/**
+ * Qwen Provider Authentication Plugin for OpenCode
+ * 
+ * This plugin handles authentication for the Qwen API provider,
+ * including token validation, refresh, and secure credential management.
+ */
+
+import type { Plugin, tool } from "@opencode-ai/plugin"
+import { z } from "zod"
+
+// Qwen API base URL
+const QWEN_API_BASE = "https://qwen.aikit.club/v1"
+
+// TypeScript types for Qwen authentication
+export interface QwenAuthState {
+  accessToken?: string
+  refreshToken?: string
+  expiresAt?: number
+  isValid: boolean
+  lastValidated?: number
+}
+
+export interface QwenTokenResponse {
+  access_token: string
+  refresh_token?: string
+  expires_in: number
+  token_type: string
+}
+
+export interface QwenModel {
+  id: string
+  object: string
+  created: number
+  owned_by: string
+}
+
+export interface QwenModelsResponse {
+  object: string
+  data: QwenModel[]
+}
+
+// Zod schemas for validation
+const QwenAuthConfigSchema = z.object({
+  apiKey: z.string().min(1, "API key is required"),
+  refreshToken: z.string().optional(),
+  autoRefresh: z.boolean().default(true),
+  validateOnStartup: z.boolean().default(true)
+})
+
+const ValidateTokenSchema = z.object({
+  token: z.string().optional()
+})
+
+const RefreshTokenSchema = z.object({
+  refreshToken: z.string().optional()
+})
+
+/**
+ * Qwen Authentication Plugin
+ */
+export const QwenAuthPlugin: Plugin = async ({ project, client, $, directory, worktree }) => {
+  let authState: QwenAuthState = {
+    isValid: false
+  }
+
+  /**
+   * Load authentication state from environment or secure storage
+   */
+  const loadAuthState = async (): Promise<QwenAuthState> => {
+    try {
+      const config = QwenAuthConfigSchema.parse({
+        apiKey: process.env.QWEN_API_KEY,
+        refreshToken: process.env.QWEN_REFRESH_TOKEN,
+        autoRefresh: process.env.QWEN_AUTO_REFRESH !== 'false',
+        validateOnStartup: process.env.QWEN_VALIDATE_ON_STARTUP !== 'false'
+      })
+
+      authState = {
+        accessToken: config.apiKey,
+        refreshToken: config.refreshToken,
+        isValid: !!config.apiKey,
+        lastValidated: Date.now()
+      }
+
+      await client.app.log({
+        service: "qwen-auth",
+        level: "info",
+        message: "Auth state loaded",
+        extra: { hasToken: !!config.apiKey, hasRefreshToken: !!config.refreshToken }
+      })
+
+      return authState
+    } catch (error) {
+      await client.app.log({
+        service: "qwen-auth",
+        level: "error",
+        message: "Failed to load auth state",
+        extra: { error: error instanceof Error ? error.message : String(error) }
+      })
+      return { isValid: false }
+    }
+  }
+
+  /**
+   * Validate current access token
+   */
+  const validateToken = async (token?: string): Promise<boolean> => {
+    try {
+      const tokenToValidate = token || authState.accessToken
+      if (!tokenToValidate) {
+        return false
+      }
+
+      const response = await fetch(`${QWEN_API_BASE}/validate`, {
+        method: "GET",
+        headers: {
+          "Authorization": `Bearer ${tokenToValidate}`,
+          "Content-Type": "application/json"
+        }
+      })
+
+      const isValid = response.ok
+      authState.isValid = isValid
+      authState.lastValidated = Date.now()
+
+      await client.app.log({
+        service: "qwen-auth",
+        level: isValid ? "info" : "warn",
+        message: `Token validation ${isValid ? 'successful' : 'failed'}`,
+        extra: { status: response.status }
+      })
+
+      return isValid
+    } catch (error) {
+      authState.isValid = false
+      await client.app.log({
+        service: "qwen-auth",
+        level: "error",
+        message: "Token validation error",
+        extra: { error: error instanceof Error ? error.message : String(error) }
+      })
+      return false
+    }
+  }
+
+  /**
+   * Refresh access token using refresh token
+   */
+  const refreshToken = async (refreshTokenValue?: string): Promise<boolean> => {
+    try {
+      const tokenToUse = refreshTokenValue || authState.refreshToken
+      if (!tokenToUse) {
+        await client.app.log({
+          service: "qwen-auth",
+          level: "warn",
+          message: "No refresh token available"
+        })
+        return false
+      }
+
+      const response = await fetch(`${QWEN_API_BASE}/refresh`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          refresh_token: tokenToUse
+        })
+      })
+
+      if (!response.ok) {
+        throw new Error(`Refresh failed: ${response.status}`)
+      }
+
+      const tokenData: QwenTokenResponse = await response.json()
+      
+      authState.accessToken = tokenData.access_token
+      if (tokenData.refresh_token) {
+        authState.refreshToken = tokenData.refresh_token
+      }
+      authState.expiresAt = Date.now() + (tokenData.expires_in * 1000)
+      authState.isValid = true
+      authState.lastValidated = Date.now()
+
+      await client.app.log({
+        service: "qwen-auth",
+        level: "info",
+        message: "Token refreshed successfully",
+        extra: { expiresIn: tokenData.expires_in }
+      })
+
+      return true
+    } catch (error) {
+      await client.app.log({
+        service: "qwen-auth",
+        level: "error",
+        message: "Token refresh failed",
+        extra: { error: error instanceof Error ? error.message : String(error) }
+      })
+      return false
+    }
+  }
+
+  /**
+   * Auto-refresh token if needed
+   */
+  const ensureValidToken = async (): Promise<boolean> => {
+    if (!authState.accessToken) {
+      await loadAuthState()
+    }
+
+    if (authState.isValid && authState.lastValidated && 
+        Date.now() - authState.lastValidated < 5 * 60 * 1000) {
+      return true // Valid within last 5 minutes
+    }
+
+    const isValid = await validateToken()
+    if (isValid) {
+      return true
+    }
+
+    if (authState.refreshToken) {
+      return await refreshToken()
+    }
+
+    return false
+  }
+
+  // Initialize plugin
+  await loadAuthState()
+
+  return {
+    // Custom tools for Qwen authentication
+    tool: {
+      "qwen.validate-token": tool({
+        description: "Validate Qwen API access token",
+        args: ValidateTokenSchema,
+        async execute(args, context) {
+          const isValid = await validateToken(args.token)
+          return {
+            valid: isValid,
+            timestamp: new Date().toISOString(),
+            state: authState
+          }
+        }
+      }),
+
+      "qwen.refresh-token": tool({
+        description: "Refresh Qwen API access token",
+        args: RefreshTokenSchema,
+        async execute(args, context) {
+          const success = await refreshToken(args.refreshToken)
+          return {
+            success,
+            timestamp: new Date().toISOString(),
+            state: authState
+          }
+        }
+      }),
+
+      "qwen.list-models": tool({
+        description: "List available Qwen models (requires valid authentication)",
+        args: z.object({}),
+        async execute(args, context) {
+          await ensureValidToken()
+          
+          if (!authState.accessToken || !authState.isValid) {
+            throw new Error("No valid Qwen authentication token available")
+          }
+
+          try {
+            const response = await fetch(`${QWEN_API_BASE}/models`, {
+              headers: {
+                "Authorization": `Bearer ${authState.accessToken}`,
+                "Content-Type": "application/json"
+              }
+            })
+
+            if (!response.ok) {
+              throw new Error(`Failed to fetch models: ${response.status}`)
+            }
+
+            const models: QwenModelsResponse = await response.json()
+            
+            await client.app.log({
+              service: "qwen-auth",
+              level: "info",
+              message: `Successfully retrieved ${models.data.length} models`
+            })
+
+            return models
+          } catch (error) {
+            await client.app.log({
+              service: "qwen-auth",
+              level: "error",
+              message: "Failed to fetch models",
+              extra: { error: error instanceof Error ? error.message : String(error) }
+            })
+            throw error
+          }
+        }
+      })
+    },
+
+    // Hooks for automatic token management
+    "tool.execute.before": async (input, output) => {
+      // Intercept Qwen API calls and ensure valid authentication
+      if (input.tool === "bash" && output.args.command?.includes("qwen.aikit.club")) {
+        await ensureValidToken()
+        if (authState.accessToken) {
+          // Inject token into command if needed
+          output.args.command = output.args.command.replace(
+            /qwen\.aikit\.club\/v1\//,
+            `qwen.aikit.club/v1/?api_key=${authState.accessToken}&`
+          )
+        }
+      }
+    },
+
+    "session.created": async () => {
+      // Validate token on session creation if enabled
+      if (process.env.QWEN_VALIDATE_ON_STARTUP !== 'false') {
+        await ensureValidToken()
+      }
+    },
+
+    "session.idle": async () => {
+      // Periodic validation when session is idle
+      if (authState.isValid && authState.lastValidated) {
+        const timeSinceValidation = Date.now() - authState.lastValidated
+        if (timeSinceValidation > 30 * 60 * 1000) { // 30 minutes
+          await validateToken()
+        }
+      }
+    }
+  }
+}