gac 3.6.0__py3-none-any.whl → 3.8.1__py3-none-any.whl

gac/__version__.py

@@ -1,3 +1,3 @@
 """Version information for gac package."""
 
-__version__ = "3.6.0"
+__version__ = "3.8.1"

gac/ai_utils.py

@@ -124,6 +124,53 @@ def generate_with_retries(
     if not messages:
         raise AIError.model_error("No messages provided for AI generation")
 
+    # Load Claude Code token from TokenStore if needed
+    if provider == "claude-code":
+        from gac.oauth import refresh_token_if_expired
+        from gac.oauth.token_store import TokenStore
+
+        # Check token expiry and refresh if needed
+        if not refresh_token_if_expired(quiet=True):
+            raise AIError.authentication_error(
+                "Claude Code token not found or expired. Please authenticate with 'gac auth claude-code login'."
+            )
+
+        # Load the (possibly refreshed) token
+        token_store = TokenStore()
+        token_data = token_store.get_token("claude-code")
+        if token_data and "access_token" in token_data:
+            os.environ["CLAUDE_CODE_ACCESS_TOKEN"] = token_data["access_token"]
+        else:
+            raise AIError.authentication_error(
+                "Claude Code token not found. Please authenticate with 'gac auth claude-code login'."
+            )
+
+    # Check Qwen OAuth token expiry and refresh if needed
+    if provider == "qwen":
+        from gac.oauth import QwenOAuthProvider, TokenStore
+
+        oauth_provider = QwenOAuthProvider(TokenStore())
+        token = oauth_provider.get_token()
+        if not token:
+            if not quiet:
+                console.print("[yellow]⚠ Qwen authentication not found or expired[/yellow]")
+                console.print("[cyan]🔐 Starting automatic authentication...[/cyan]")
+            try:
+                oauth_provider.initiate_auth(open_browser=True)
+                token = oauth_provider.get_token()
+                if not token:
+                    raise AIError.authentication_error(
+                        "Qwen authentication failed. Run 'gac auth qwen login' to authenticate manually."
+                    )
+                if not quiet:
+                    console.print("[green]✓ Authentication successful![/green]\n")
+            except AIError:
+                raise
+            except Exception as e:
+                raise AIError.authentication_error(
+                    f"Qwen authentication failed: {e}. Run 'gac auth qwen login' to authenticate manually."
+                ) from e
+
     # Set up spinner
     if is_group:
         message_type = f"grouped {task_description}s"

gac/auth_cli.py

@@ -1,54 +1,95 @@
-"""CLI for authenticating Claude Code OAuth tokens.
+"""CLI for OAuth authentication with various providers.
 
-Provides a command to authenticate and re-authenticate Claude Code subscriptions.
+Provides commands to authenticate and manage OAuth tokens for supported providers.
 """
 
 import logging
 
 import click
 
-from gac.oauth.claude_code import authenticate_and_save, load_stored_token
+from gac.oauth import (
+    QwenOAuthProvider,
+    TokenStore,
+    authenticate_and_save,
+    remove_token,
+)
 from gac.utils import setup_logging
 
 logger = logging.getLogger(__name__)
 
 
-@click.command()
-@click.option(
-    "--quiet",
-    "-q",
-    is_flag=True,
-    help="Suppress non-error output",
-)
-@click.option(
-    "--log-level",
-    default="INFO",
-    type=click.Choice(["CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG"], case_sensitive=False),
-    help="Set log level (default: INFO)",
-)
-def auth(quiet: bool = False, log_level: str = "INFO") -> None:
-    """Authenticate Claude Code OAuth token.
+@click.group(invoke_without_command=True)
+@click.pass_context
+def auth(ctx: click.Context) -> None:
+    """Manage OAuth authentication for AI providers.
 
-    This command allows you to authenticate or re-authenticate your
-    Claude Code OAuth token when it expires or you want to refresh it.
-    It opens a browser window for the OAuth flow and saves the token
-    to ~/.gac.env.
+    Supports authentication for:
+    - claude-code: Claude Code subscription OAuth
+    - qwen: Qwen AI OAuth (device flow)
 
-    The token is used by the Claude Code provider to access your
-    Claude Code subscription instead of requiring an Anthropic API key.
+    Examples:
+        gac auth                        # Show authentication status
+        gac auth claude-code login      # Login to Claude Code
+        gac auth claude-code logout     # Logout from Claude Code
+        gac auth claude-code status     # Check Claude Code auth status
+        gac auth qwen login             # Login to Qwen
+        gac auth qwen logout            # Logout from Qwen
+        gac auth qwen status            # Check Qwen auth status
     """
-    # Setup logging
-    if quiet:
-        effective_log_level = "ERROR"
+    if ctx.invoked_subcommand is None:
+        _show_auth_status()
+
+
+def _show_auth_status() -> None:
+    """Show authentication status for all providers."""
+    click.echo("OAuth Authentication Status")
+    click.echo("-" * 40)
+
+    token_store = TokenStore()
+
+    claude_token = token_store.get_token("claude-code")
+    if claude_token:
+        click.echo("Claude Code: ✓ Authenticated")
     else:
-        effective_log_level = log_level
-    setup_logging(effective_log_level)
+        click.echo("Claude Code: ✗ Not authenticated")
+        click.echo("             Run 'gac auth claude-code login' to login")
+
+    qwen_token = token_store.get_token("qwen")
+    if qwen_token:
+        click.echo("Qwen:        ✓ Authenticated")
+    else:
+        click.echo("Qwen:        ✗ Not authenticated")
+        click.echo("             Run 'gac auth qwen login' to login")
+
+
+# Claude Code commands
+@auth.group("claude-code")
+def claude_code() -> None:
+    """Manage Claude Code OAuth authentication.
+
+    Use browser-based authentication to log in to Claude Code.
+    """
+    pass
 
-    # Check if there's an existing token
-    existing_token = load_stored_token()
-    if existing_token and not quiet:
-        click.echo("✓ Found existing Claude Code access token.")
-        click.echo()
+
+@claude_code.command("login")
+@click.option("--quiet", "-q", is_flag=True, help="Suppress non-error output")
+def claude_code_login(quiet: bool = False) -> None:
+    """Login to Claude Code using OAuth.
+
+    Opens a browser to authenticate with Claude Code. The token is stored
+    securely in ~/.gac/oauth/claude-code.json.
+    """
+    if not quiet:
+        setup_logging("INFO")
+
+    token_store = TokenStore()
+    existing_token = token_store.get_token("claude-code")
+    if existing_token:
+        if not quiet:
+            click.echo("✓ Already authenticated with Claude Code.")
+            if not click.confirm("Re-authenticate?"):
+                return
 
     if not quiet:
         click.echo("🔐 Starting Claude Code OAuth authentication...")
@@ -56,14 +97,118 @@ def auth(quiet: bool = False, log_level: str = "INFO") -> None:
         click.echo("   (Waiting up to 3 minutes for callback)")
         click.echo()
 
-    # Perform OAuth authentication
     success = authenticate_and_save(quiet=quiet)
 
     if success:
         if not quiet:
+            click.echo()
             click.echo("✅ Claude Code authentication completed successfully!")
-            click.echo("   Your new token has been saved and is ready to use.")
     else:
         click.echo("❌ Claude Code authentication failed.")
         click.echo("   Please try again or check your network connection.")
         raise click.ClickException("Claude Code authentication failed")
+
+
+@claude_code.command("logout")
+@click.option("--quiet", "-q", is_flag=True, help="Suppress non-error output")
+def claude_code_logout(quiet: bool = False) -> None:
+    """Logout from Claude Code and remove stored tokens."""
+    token_store = TokenStore()
+    existing_token = token_store.get_token("claude-code")
+
+    if not existing_token:
+        if not quiet:
+            click.echo("Not currently authenticated with Claude Code.")
+        return
+
+    try:
+        remove_token()
+        if not quiet:
+            click.echo("✅ Successfully logged out from Claude Code.")
+    except Exception as e:
+        click.echo("❌ Failed to remove Claude Code token.")
+        raise click.ClickException("Claude Code logout failed") from e
+
+
+@claude_code.command("status")
+def claude_code_status() -> None:
+    """Check Claude Code authentication status."""
+    token_store = TokenStore()
+    token = token_store.get_token("claude-code")
+
+    if token:
+        click.echo("Claude Code Authentication Status: ✓ Authenticated")
+    else:
+        click.echo("Claude Code Authentication Status: ✗ Not authenticated")
+        click.echo("Run 'gac auth claude-code login' to authenticate.")
+
+
+# Qwen commands
+@auth.group()
+def qwen() -> None:
+    """Manage Qwen OAuth authentication.
+
+    Use device flow authentication to log in to Qwen AI.
+    """
+    pass
+
+
+@qwen.command("login")
+@click.option("--no-browser", is_flag=True, help="Don't automatically open browser")
+@click.option("--quiet", "-q", is_flag=True, help="Suppress non-error output")
+def qwen_login(no_browser: bool = False, quiet: bool = False) -> None:
+    """Login to Qwen using OAuth device flow.
+
+    Opens a browser to authenticate with Qwen. The token is stored
+    securely in ~/.gac/oauth/qwen.json.
+    """
+    if not quiet:
+        setup_logging("INFO")
+
+    provider = QwenOAuthProvider()
+
+    if provider.is_authenticated():
+        if not quiet:
+            click.echo("✓ Already authenticated with Qwen.")
+            if not click.confirm("Re-authenticate?"):
+                return
+
+    try:
+        provider.initiate_auth(open_browser=not no_browser)
+        if not quiet:
+            click.echo()
+            click.echo("✅ Qwen authentication completed successfully!")
+    except Exception as e:
+        click.echo(f"❌ Qwen authentication failed: {e}")
+        raise click.ClickException("Qwen authentication failed") from None
+
+
+@qwen.command("logout")
+@click.option("--quiet", "-q", is_flag=True, help="Suppress non-error output")
+def qwen_logout(quiet: bool = False) -> None:
+    """Logout from Qwen and remove stored tokens."""
+    provider = QwenOAuthProvider()
+
+    if not provider.is_authenticated():
+        if not quiet:
+            click.echo("Not currently authenticated with Qwen.")
+        return
+
+    provider.logout()
+    if not quiet:
+        click.echo("✅ Successfully logged out from Qwen.")
+
+
+@qwen.command("status")
+def qwen_status() -> None:
+    """Check Qwen authentication status."""
+    provider = QwenOAuthProvider()
+    token = provider.get_token()
+
+    if token:
+        click.echo("Qwen Authentication Status: ✓ Authenticated")
+        if token.get("resource_url"):
+            click.echo(f"API Endpoint: {token['resource_url']}")
+    else:
+        click.echo("Qwen Authentication Status: ✗ Not authenticated")
+        click.echo("Run 'gac auth qwen login' to authenticate.")

gac/cli.py

@@ -6,6 +6,7 @@ Defines the Click-based command-line interface and delegates execution to the ma
 """
 
 import logging
+import os
 import sys
 
 import click
@@ -73,6 +74,11 @@ console = Console()
 # Advanced options
 @click.option("--no-verify", is_flag=True, help="Skip pre-commit and lefthook hooks when committing")
 @click.option("--skip-secret-scan", is_flag=True, help="Skip security scan for secrets in staged changes")
+@click.option(
+    "--no-verify-ssl",
+    is_flag=True,
+    help="Skip SSL certificate verification (useful for corporate proxies)",
+)
 @click.option(
     "--hook-timeout",
     type=int,
@@ -103,6 +109,7 @@ def cli(
     verbose: bool = False,
     no_verify: bool = False,
     skip_secret_scan: bool = False,
+    no_verify_ssl: bool = False,
     hook_timeout: int = 0,
 ) -> None:
     """Git Auto Commit - Generate commit messages with AI."""
@@ -116,6 +123,11 @@ def cli(
         setup_logging(effective_log_level)
         logger.info("Starting gac")
 
+        # Set SSL verification environment variable if flag is used or config is set
+        if no_verify_ssl or config.get("no_verify_ssl", False):
+            os.environ["GAC_NO_VERIFY_SSL"] = "true"
+            logger.info("SSL certificate verification disabled")
+
         # Validate incompatible flag combinations
         if message_only and group:
             console.print("[red]Error: --message-only and --group options are mutually exclusive[/red]")
@@ -179,6 +191,7 @@ def cli(
             "verbose": verbose,
             "no_verify": no_verify,
             "skip_secret_scan": skip_secret_scan,
+            "no_verify_ssl": no_verify_ssl,
             "hook_timeout": hook_timeout,
         }
 

gac/config.py

@@ -9,6 +9,57 @@ from pathlib import Path
 from dotenv import load_dotenv
 
 from gac.constants import EnvDefaults, Logging
+from gac.errors import ConfigError
+
+
+def validate_config(config: dict[str, str | int | float | bool | None]) -> None:
+    """Validate configuration values at load time.
+
+    Args:
+        config: Configuration dictionary to validate
+
+    Raises:
+        ConfigError: If any configuration value is invalid
+    """
+    # Validate temperature (0.0 to 2.0)
+    if config.get("temperature") is not None:
+        temp = config["temperature"]
+        if not isinstance(temp, (int, float)):
+            raise ConfigError(f"temperature must be a number, got {type(temp).__name__}")
+        if not 0.0 <= temp <= 2.0:
+            raise ConfigError(f"temperature must be between 0.0 and 2.0, got {temp}")
+
+    # Validate max_output_tokens (1 to 100000)
+    if config.get("max_output_tokens") is not None:
+        tokens = config["max_output_tokens"]
+        if not isinstance(tokens, int):
+            raise ConfigError(f"max_output_tokens must be an integer, got {type(tokens).__name__}")
+        if tokens < 1 or tokens > 100000:
+            raise ConfigError(f"max_output_tokens must be between 1 and 100000, got {tokens}")
+
+    # Validate max_retries (1 to 10)
+    if config.get("max_retries") is not None:
+        retries = config["max_retries"]
+        if not isinstance(retries, int):
+            raise ConfigError(f"max_retries must be an integer, got {type(retries).__name__}")
+        if retries < 1 or retries > 10:
+            raise ConfigError(f"max_retries must be between 1 and 10, got {retries}")
+
+    # Validate warning_limit_tokens (must be positive)
+    if config.get("warning_limit_tokens") is not None:
+        warning_limit = config["warning_limit_tokens"]
+        if not isinstance(warning_limit, int):
+            raise ConfigError(f"warning_limit_tokens must be an integer, got {type(warning_limit).__name__}")
+        if warning_limit < 1:
+            raise ConfigError(f"warning_limit_tokens must be positive, got {warning_limit}")
+
+    # Validate hook_timeout (must be positive)
+    if config.get("hook_timeout") is not None:
+        hook_timeout = config["hook_timeout"]
+        if not isinstance(hook_timeout, int):
+            raise ConfigError(f"hook_timeout must be an integer, got {type(hook_timeout).__name__}")
+        if hook_timeout < 1:
+            raise ConfigError(f"hook_timeout must be positive, got {hook_timeout}")
 
 
 def load_config() -> dict[str, str | int | float | bool | None]:
@@ -35,6 +86,8 @@ def load_config() -> dict[str, str | int | float | bool | None]:
         "skip_secret_scan": os.getenv("GAC_SKIP_SECRET_SCAN", str(EnvDefaults.SKIP_SECRET_SCAN)).lower()
         in ("true", "1", "yes", "on"),
         "no_tiktoken": os.getenv("GAC_NO_TIKTOKEN", str(EnvDefaults.NO_TIKTOKEN)).lower() in ("true", "1", "yes", "on"),
+        "no_verify_ssl": os.getenv("GAC_NO_VERIFY_SSL", str(EnvDefaults.NO_VERIFY_SSL)).lower()
+        in ("true", "1", "yes", "on"),
         "verbose": os.getenv("GAC_VERBOSE", str(EnvDefaults.VERBOSE)).lower() in ("true", "1", "yes", "on"),
         "system_prompt_path": os.getenv("GAC_SYSTEM_PROMPT_PATH"),
         "language": os.getenv("GAC_LANGUAGE"),
@@ -43,4 +96,5 @@ def load_config() -> dict[str, str | int | float | bool | None]:
         "hook_timeout": int(os.getenv("GAC_HOOK_TIMEOUT", EnvDefaults.HOOK_TIMEOUT)),
     }
 
+    validate_config(config)
     return config

gac/constants.py

@@ -26,9 +26,16 @@ class EnvDefaults:
     SKIP_SECRET_SCAN: bool = False
     VERBOSE: bool = False
     NO_TIKTOKEN: bool = False
+    NO_VERIFY_SSL: bool = False  # Skip SSL certificate verification (for corporate proxies)
     HOOK_TIMEOUT: int = 120  # Timeout for pre-commit and lefthook hooks in seconds
 
 
+class ProviderDefaults:
+    """Default values for provider configurations."""
+
+    HTTP_TIMEOUT: int = 120  # seconds - timeout for HTTP requests to LLM providers
+
+
 class Logging:
     """Logging configuration constants."""
 

gac/main.py

@@ -14,7 +14,7 @@ from gac.ai import generate_commit_message
 from gac.ai_utils import count_tokens
 from gac.config import load_config
 from gac.constants import EnvDefaults, Utility
-from gac.errors import AIError, GitError, handle_error
+from gac.errors import AIError, ConfigError, GitError, handle_error
 from gac.git import (
     detect_rename_mappings,
     get_staged_files,
@@ -233,7 +233,8 @@ def execute_grouped_commits_workflow(
 
         if first_iteration:
             warning_limit_val = config.get("warning_limit_tokens", EnvDefaults.WARNING_LIMIT_TOKENS)
-            assert warning_limit_val is not None
+            if warning_limit_val is None:
+                raise ConfigError("warning_limit_tokens configuration missing")
             warning_limit = int(warning_limit_val)
             if not check_token_warning(prompt_tokens, warning_limit, require_confirmation):
                 sys.exit(0)
@@ -343,7 +344,7 @@ def execute_grouped_commits_workflow(
                 files = commit["files"]
                 files_display = ", ".join(files)
                 console.print(f"[dim]{files_display}[/dim]")
-                commit_msg = commit["message"]
+                commit_msg = commit["message"].strip()
                 console.print(Panel(commit_msg, title=f"Commit Message {idx}/{num_commits}", border_style="cyan"))
                 console.print()
 
@@ -396,7 +397,7 @@ def execute_grouped_commits_workflow(
             for idx, commit in enumerate(grouped_result["commits"], 1):
                 console.print(f"\n[cyan]Commit {idx}/{num_commits}:[/cyan]")
                 console.print(f"  Files: {', '.join(commit['files'])}")
-                console.print(f"  Message: {commit['message'][:50]}...")
+                console.print(f"  Message: {commit['message'].strip()[:50]}...")
         else:
             original_staged_files = get_staged_files(existing_only=False)
             original_staged_diff = run_git_command(["diff", "--cached", "--binary"], silent=True)
@@ -418,7 +419,7 @@ def execute_grouped_commits_workflow(
                                 run_git_command(["add", "-A", file_path])
                             else:
                                 run_git_command(["add", "-A", file_path])
-                        execute_commit(commit["message"], no_verify, hook_timeout)
+                        execute_commit(commit["message"].strip(), no_verify, hook_timeout)
                         console.print(f"[green]✓ Commit {idx}/{num_commits} created[/green]")
                     except Exception as e:
                         console.print(f"[red]✗ Failed at commit {idx}/{num_commits}: {e}[/red]")
@@ -550,7 +551,8 @@ def execute_single_commit_workflow(
         prompt_tokens = count_tokens(conversation_messages, model)
         if first_iteration:
             warning_limit_val = config.get("warning_limit_tokens", EnvDefaults.WARNING_LIMIT_TOKENS)
-            assert warning_limit_val is not None
+            if warning_limit_val is None:
+                raise ConfigError("warning_limit_tokens configuration missing")
             warning_limit = int(warning_limit_val)
             if not check_token_warning(prompt_tokens, warning_limit, require_confirmation):
                 sys.exit(0)
@@ -773,15 +775,18 @@ def main(
         model = str(model_from_config)
 
     temperature_val = config["temperature"]
-    assert temperature_val is not None
+    if temperature_val is None:
+        raise ConfigError("temperature configuration missing")
     temperature = float(temperature_val)
 
     max_tokens_val = config["max_output_tokens"]
-    assert max_tokens_val is not None
+    if max_tokens_val is None:
+        raise ConfigError("max_output_tokens configuration missing")
     max_output_tokens = int(max_tokens_val)
 
     max_retries_val = config["max_retries"]
-    assert max_retries_val is not None
+    if max_retries_val is None:
+        raise ConfigError("max_retries configuration missing")
     max_retries = int(max_retries_val)
 
     if stage_all and (not dry_run):
@@ -882,7 +887,8 @@ def main(
             logger.info("No secrets detected in staged changes")
 
     logger.debug(f"Preprocessing diff ({len(diff)} characters)")
-    assert model is not None
+    if model is None:
+        raise ConfigError("Model must be specified via GAC_MODEL environment variable or --model flag")
     processed_diff = preprocess_diff(diff, token_limit=Utility.DEFAULT_DIFF_TOKEN_LIMIT, model=model)
     logger.debug(f"Processed diff ({len(processed_diff)} characters)")
 
@@ -1012,8 +1018,44 @@ def main(
                     console.print(f"[red]Re-authentication error: {auth_error}[/red]")
                     console.print("[yellow]Run 'gac model' to re-authenticate manually.[/yellow]")
                     sys.exit(1)
+            # Check if this is a Qwen OAuth token expiration
+            elif e.error_type == "authentication" and model.startswith("qwen:"):
+                logger.error(str(e))
+                console.print("[yellow]⚠ Qwen authentication failed[/yellow]")
+                console.print("[cyan]🔐 Starting automatic re-authentication...[/cyan]")
+
+                try:
+                    from gac.oauth import QwenOAuthProvider, TokenStore
+
+                    oauth_provider = QwenOAuthProvider(TokenStore())
+                    oauth_provider.initiate_auth(open_browser=True)
+                    console.print("[green]✓ Re-authentication successful![/green]")
+                    console.print("[cyan]Retrying commit...[/cyan]\n")
+
+                    # Retry the commit workflow
+                    execute_single_commit_workflow(
+                        system_prompt=system_prompt,
+                        user_prompt=user_prompt,
+                        model=model,
+                        temperature=temperature,
+                        max_output_tokens=max_output_tokens,
+                        max_retries=max_retries,
+                        require_confirmation=require_confirmation,
+                        quiet=quiet,
+                        no_verify=no_verify,
+                        dry_run=dry_run,
+                        message_only=message_only,
+                        push=push,
+                        show_prompt=show_prompt,
+                        hook_timeout=hook_timeout,
+                        interactive=interactive,
+                    )
+                except Exception as auth_error:
+                    console.print(f"[red]Re-authentication error: {auth_error}[/red]")
+                    console.print("[yellow]Run 'gac auth qwen login' to re-authenticate manually.[/yellow]")
+                    sys.exit(1)
             else:
-                # Non-Claude Code error or non-auth error
+                # Non-Claude Code/Qwen error or non-auth error
                 logger.error(str(e))
                 console.print(f"[red]Failed to generate commit message: {str(e)}[/red]")
                 sys.exit(1)