fix: melhorar mensagens de erro quando token OAuth expira

Substitui erros brutos com JSON da API por mensagens amigáveis em pt-BR
com instruções claras de como re-autenticar.

Mudanças principais:
- Criado src/errors.ts com classes QwenAuthError e QwenApiError
- Classificação automática por HTTP status (401/403, 429, 5xx)
- Detalhes técnicos só aparecem com OPENCODE_QWEN_DEBUG=1
- Quando refresh falha, não continua com token expirado
- console.error trocado por logTechnicalDetail condicional

Author: gustavodiasdev

package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-qwencode-auth",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "Qwen OAuth authentication plugin for OpenCode - Access Qwen3-Coder models with your qwen.ai account",
   "module": "index.ts",
   "type": "module",

src/errors.ts

@@ -0,0 +1,75 @@
+/**
+ * Erros customizados do plugin Qwen Auth
+ *
+ * Fornece mensagens amigáveis para o usuário em vez de JSON bruto da API.
+ * Detalhes técnicos só aparecem com OPENCODE_QWEN_DEBUG=1.
+ */
+
+const REAUTH_HINT =
+  'Execute "npx opencode-qwencode-auth" ou "qwen-code auth login" para re-autenticar.';
+
+// ============================================
+// Erro de Autenticação
+// ============================================
+
+export type AuthErrorKind = 'token_expired' | 'refresh_failed' | 'auth_required';
+
+const AUTH_MESSAGES: Record<AuthErrorKind, string> = {
+  token_expired: `[Qwen] Token expirado. ${REAUTH_HINT}`,
+  refresh_failed: `[Qwen] Falha ao renovar token. ${REAUTH_HINT}`,
+  auth_required: `[Qwen] Autenticacao necessaria. ${REAUTH_HINT}`,
+};
+
+export class QwenAuthError extends Error {
+  public readonly kind: AuthErrorKind;
+  public readonly technicalDetail?: string;
+
+  constructor(kind: AuthErrorKind, technicalDetail?: string) {
+    super(AUTH_MESSAGES[kind]);
+    this.name = 'QwenAuthError';
+    this.kind = kind;
+    this.technicalDetail = technicalDetail;
+  }
+}
+
+// ============================================
+// Erro de API
+// ============================================
+
+function classifyApiStatus(statusCode: number): string {
+  if (statusCode === 401 || statusCode === 403) {
+    return `[Qwen] Token invalido ou expirado. ${REAUTH_HINT}`;
+  }
+  if (statusCode === 429) {
+    return '[Qwen] Limite de requisicoes atingido. Aguarde alguns minutos antes de tentar novamente.';
+  }
+  if (statusCode >= 500) {
+    return `[Qwen] Servidor Qwen indisponivel (erro ${statusCode}). Tente novamente em alguns minutos.`;
+  }
+  return `[Qwen] Erro na API Qwen (${statusCode}). Verifique sua conexao e tente novamente.`;
+}
+
+export class QwenApiError extends Error {
+  public readonly statusCode: number;
+  public readonly technicalDetail?: string;
+
+  constructor(statusCode: number, technicalDetail?: string) {
+    super(classifyApiStatus(statusCode));
+    this.name = 'QwenApiError';
+    this.statusCode = statusCode;
+    this.technicalDetail = technicalDetail;
+  }
+}
+
+// ============================================
+// Helper de log condicional
+// ============================================
+
+/**
+ * Loga detalhes técnicos apenas quando debug está ativo.
+ */
+export function logTechnicalDetail(detail: string): void {
+  if (process.env.OPENCODE_QWEN_DEBUG === '1') {
+    console.debug('[Qwen Debug]', detail);
+  }
+}

src/index.ts

@@ -23,6 +23,9 @@ import {
   tokenResponseToCredentials,
   refreshAccessToken,
 } from './qwen/oauth.js';
+import { logTechnicalDetail } from './errors.js';
+export { QwenAuthError, QwenApiError } from './errors.js';
+export type { AuthErrorKind } from './errors.js';
 
 // ============================================
 // Helpers
@@ -102,14 +105,25 @@ export const QwenAuthPlugin = async (_input: unknown) => {
             accessToken = refreshed.accessToken;
             saveCredentials(refreshed);
           } catch (e) {
-            console.error('[Qwen] Token refresh failed:', e);
+            const detail = e instanceof Error ? e.message : String(e);
+            logTechnicalDetail(`Token refresh falhou: ${detail}`);
+            // Não continuar com token expirado - tentar fallback
+            accessToken = undefined;
           }
         }
 
         // Fallback para credenciais do qwen-code
         if (!accessToken) {
           const creds = checkExistingCredentials();
-          if (creds) accessToken = creds.accessToken;
+          if (creds) {
+            accessToken = creds.accessToken;
+          } else {
+            console.warn(
+              '[Qwen] Token expirado e sem credenciais alternativas. ' +
+              'Execute "npx opencode-qwencode-auth" ou "qwen-code auth login" para re-autenticar.'
+            );
+            return null;
+          }
         }
 
         if (!accessToken) return null;

src/plugin/auth.ts

@@ -10,6 +10,7 @@ import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
 
 import type { QwenCredentials } from '../types.js';
 import { refreshAccessToken, isCredentialsExpired } from '../qwen/oauth.js';
+import { logTechnicalDetail } from '../errors.js';
 
 /**
  * Get the path to the credentials file
@@ -58,7 +59,7 @@ export function loadCredentials(): QwenCredentials | null {
 
     return null;
   } catch (error) {
-    console.error('Error loading Qwen credentials:', error);
+    logTechnicalDetail(`Erro ao carregar credenciais: ${error}`);
     return null;
   }
 }
@@ -102,7 +103,7 @@ export async function getValidCredentials(): Promise<QwenCredentials | null> {
       credentials = await refreshAccessToken(credentials.refreshToken);
       saveCredentials(credentials);
     } catch (error) {
-      console.error('Failed to refresh token:', error);
+      logTechnicalDetail(`Falha no refresh: ${error}`);
       return null;
     }
   }

src/plugin/client.ts

@@ -12,6 +12,7 @@ import type {
   StreamChunk
 } from '../types.js';
 import { getValidCredentials, loadCredentials, isCredentialsExpired } from './auth.js';
+import { QwenAuthError, QwenApiError } from '../errors.js';
 
 /**
  * QwenClient - Makes authenticated API calls to Qwen
@@ -66,7 +67,7 @@ export class QwenClient {
    */
   private getAuthHeader(): string {
     if (!this.credentials) {
-      throw new Error('Not authenticated. Please run the OAuth flow first.');
+      throw new QwenAuthError('auth_required');
     }
     return `Bearer ${this.credentials.accessToken}`;
   }
@@ -87,7 +88,7 @@ export class QwenClient {
     if (!this.credentials) {
       const initialized = await this.initialize();
       if (!initialized) {
-        throw new Error('No valid Qwen credentials found. Please authenticate first.');
+        throw new QwenAuthError('auth_required');
       }
     }
 
@@ -106,7 +107,7 @@ export class QwenClient {
     if (!response.ok) {
       const errorText = await response.text();
       this.log('API Error:', response.status, errorText);
-      throw new Error(`Qwen API error: ${response.status} - ${errorText}`);
+      throw new QwenApiError(response.status, errorText);
     }
 
     const data = await response.json();
@@ -122,7 +123,7 @@ export class QwenClient {
     if (!this.credentials) {
       const initialized = await this.initialize();
       if (!initialized) {
-        throw new Error('No valid Qwen credentials found. Please authenticate first.');
+        throw new QwenAuthError('auth_required');
       }
     }
 
@@ -142,7 +143,7 @@ export class QwenClient {
     if (!response.ok) {
       const errorText = await response.text();
       this.log('API Error:', response.status, errorText);
-      throw new Error(`Qwen API error: ${response.status} - ${errorText}`);
+      throw new QwenApiError(response.status, errorText);
     }
 
     const reader = response.body?.getReader();

src/qwen/oauth.ts

@@ -9,6 +9,7 @@ import { randomBytes, createHash, randomUUID } from 'node:crypto';
 
 import { QWEN_OAUTH_CONFIG } from '../constants.js';
 import type { QwenCredentials } from '../types.js';
+import { QwenAuthError, logTechnicalDetail } from '../errors.js';
 
 /**
  * Device authorization response from Qwen OAuth
@@ -87,9 +88,8 @@ export async function requestDeviceAuthorization(
 
   if (!response.ok) {
     const errorData = await response.text();
-    throw new Error(
-      `Device authorization failed: ${response.status} ${response.statusText}. Response: ${errorData}`
-    );
+    logTechnicalDetail(`Device auth HTTP ${response.status}: ${errorData}`);
+    throw new QwenAuthError('auth_required', `HTTP ${response.status}: ${errorData}`);
   }
 
   const result = await response.json() as DeviceAuthorizationResponse;
@@ -193,7 +193,8 @@ export async function refreshAccessToken(refreshToken: string): Promise<QwenCred
 
   if (!response.ok) {
     const errorText = await response.text();
-    throw new Error(`Token refresh failed: ${response.status} - ${errorText}`);
+    logTechnicalDetail(`Token refresh HTTP ${response.status}: ${errorText}`);
+    throw new QwenAuthError('refresh_failed', `HTTP ${response.status}: ${errorText}`);
   }
 
   const data = await response.json() as TokenResponse;