fix: remover dependencia qwen-code e corrigir bugs criticos (#5)

Corrige autenticacao que falhava sem qwen-code instalado.
O plugin ja possui seu proprio OAuth Device Flow e nunca
precisou do qwen-code - o problema eram bugs e codigo morto.

Bugs corrigidos:
- slow_down retornava null em vez de lancar erro (RFC 8628)
- Bun.sleep nao funciona em Node.js (substituido por setTimeout)
- refreshToken || '' tratava string vazia como falsy (trocado por ??)
- REAUTH_HINT referenciava qwen-code auth login inexistente

Codigo morto removido:
- Fallback para ~/.qwen/oauth_creds.json (checkExistingCredentials)
- loadCredentials, getValidCredentials, getOpenCodeAuthPath
- generateState (nunca usada)
- Tipos nao usados (QwenOAuthState, QwenModelId, ChatMessage, etc)
- Arquivos mortos: plugin/utils.ts, plugin/client.ts
- Dependencia open (nao importada por nenhum codigo ativo)

Author: gustavodiasdev

.gitignore

@@ -2,3 +2,4 @@ node_modules/
 dist/
 *.log
 .DS_Store
+package-lock.json

bun.lock

@@ -1,6 +1,6 @@
 {
   "name": "opencode-qwencode-auth",
-  "version": "1.2.1",
+  "version": "1.3.0",
   "description": "Qwen OAuth authentication plugin for OpenCode - Access Qwen AI models (Coder, Vision) with your qwen.ai account",
   "module": "index.ts",
   "type": "module",
@@ -32,9 +32,6 @@
   "bugs": {
     "url": "https://github.com/gustavodiasdev/opencode-qwencode-auth/issues"
   },
-  "dependencies": {
-    "open": "^10.1.0"
-  },
   "devDependencies": {
     "@opencode-ai/plugin": "^1.1.48",
     "@types/node": "^22.0.0",

package.json

@@ -6,7 +6,7 @@
  */
 
 const REAUTH_HINT =
-  'Execute "npx opencode-qwencode-auth" ou "qwen-code auth login" para re-autenticar.';
+  'Execute "opencode auth login" e selecione "Qwen Code (qwen.ai OAuth)" para autenticar.';
 
 // ============================================
 // Erro de Autenticação

src/errors.ts

@@ -1,34 +1,27 @@
 /**
  * OpenCode Qwen Auth Plugin
  *
- * Plugin de autenticação OAuth para Qwen, baseado no qwen-code.
- * Implementa Device Flow (RFC 8628) para autenticação.
+ * Plugin de autenticacao OAuth para Qwen, baseado no qwen-code.
+ * Implementa Device Flow (RFC 8628) para autenticacao.
  *
- * Provider único: qwen-code → portal.qwen.ai/v1
- * Modelos confirmados: qwen3-coder-plus, qwen3-coder-flash, coder-model, vision-model
+ * Provider: qwen-code -> portal.qwen.ai/v1
+ * Modelos: qwen3-coder-plus, qwen3-coder-flash, coder-model, vision-model
  */
 
-import { existsSync } from 'node:fs';
 import { spawn } from 'node:child_process';
 
 import { QWEN_PROVIDER_ID, QWEN_API_CONFIG, QWEN_MODELS } from './constants.js';
 import type { QwenCredentials } from './types.js';
-import {
-  loadCredentials,
-  saveCredentials,
-  getCredentialsPath,
-  isCredentialsExpired,
-} from './plugin/auth.js';
+import { saveCredentials } from './plugin/auth.js';
 import {
   generatePKCE,
   requestDeviceAuthorization,
   pollDeviceToken,
   tokenResponseToCredentials,
   refreshAccessToken,
+  SlowDownError,
 } from './qwen/oauth.js';
 import { logTechnicalDetail } from './errors.js';
-export { QwenAuthError, QwenApiError } from './errors.js';
-export type { AuthErrorKind } from './errors.js';
 
 // ============================================
 // Helpers
@@ -46,34 +39,20 @@ function openBrowser(url: string): void {
   }
 }
 
-/** Verifica se existem credenciais válidas em ~/.qwen/oauth_creds.json */
-export function checkExistingCredentials(): QwenCredentials | null {
-  const credPath = getCredentialsPath();
-  if (existsSync(credPath)) {
-    const creds = loadCredentials();
-    if (creds && !isCredentialsExpired(creds)) {
-      return creds;
-    }
-  }
-  return null;
-}
-
-/** Obtém um access token válido (com refresh se necessário) */
+/** Obtem um access token valido (com refresh se necessario) */
 async function getValidAccessToken(
   getAuth: () => Promise<{ type: string; access?: string; refresh?: string; expires?: number }>,
 ): Promise<string | null> {
   const auth = await getAuth();
 
-  // Se não é OAuth, tentar carregar credenciais locais do qwen-code
   if (!auth || auth.type !== 'oauth') {
-    const creds = checkExistingCredentials();
-    return creds?.accessToken ?? null;
+    return null;
   }
 
   let accessToken = auth.access;
 
-  // Refresh se expirado (com margem de 30s)
-  if (accessToken && auth.expires && Date.now() > auth.expires - 30000 && auth.refresh) {
+  // Refresh se expirado (com margem de 60s)
+  if (accessToken && auth.expires && Date.now() > auth.expires - 60_000 && auth.refresh) {
     try {
       const refreshed = await refreshAccessToken(auth.refresh);
       accessToken = refreshed.accessToken;
@@ -85,20 +64,6 @@ async function getValidAccessToken(
     }
   }
 
-  // Fallback para credenciais locais do qwen-code
-  if (!accessToken) {
-    const creds = checkExistingCredentials();
-    if (creds) {
-      accessToken = creds.accessToken;
-    } else {
-      console.warn(
-        '[Qwen] Token expirado e sem credenciais alternativas. ' +
-        'Execute "npx opencode-qwencode-auth" ou "qwen-code auth login" para re-autenticar.'
-      );
-      return null;
-    }
-  }
-
   return accessToken ?? null;
 }
 
@@ -146,15 +111,15 @@ export const QwenAuthPlugin = async (_input: unknown) => {
 
               return {
                 url: deviceAuth.verification_uri_complete,
-                instructions: `Código: ${deviceAuth.user_code}`,
+                instructions: `Codigo: ${deviceAuth.user_code}`,
                 method: 'auto' as const,
                 callback: async () => {
                   const startTime = Date.now();
                   const timeoutMs = deviceAuth.expires_in * 1000;
                   let interval = 5000;
 
                   while (Date.now() - startTime < timeoutMs) {
-                    await Bun.sleep(interval + POLLING_MARGIN_MS);
+                    await new Promise(resolve => setTimeout(resolve, interval + POLLING_MARGIN_MS));
 
                     try {
                       const tokenResponse = await pollDeviceToken(deviceAuth.device_code, verifier);
@@ -166,15 +131,14 @@ export const QwenAuthPlugin = async (_input: unknown) => {
                         return {
                           type: 'success' as const,
                           access: credentials.accessToken,
-                          refresh: credentials.refreshToken || '',
+                          refresh: credentials.refreshToken ?? '',
                           expires: credentials.expiryDate || Date.now() + 3600000,
                         };
                       }
                     } catch (e) {
-                      const msg = e instanceof Error ? e.message : '';
-                      if (msg.includes('slow_down')) {
+                      if (e instanceof SlowDownError) {
                         interval = Math.min(interval + 5000, 15000);
-                      } else if (!msg.includes('authorization_pending')) {
+                      } else if (!(e instanceof Error) || !e.message.includes('authorization_pending')) {
                         return { type: 'failed' as const };
                       }
                     }

src/index.ts

@@ -1,69 +1,23 @@
 /**
  * Qwen Credentials Management
  *
- * Handles loading, saving, and validating credentials
+ * Handles saving credentials to ~/.qwen/oauth_creds.json
  */
 
 import { homedir } from 'node:os';
 import { join } from 'node:path';
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, writeFileSync, mkdirSync } from 'node:fs';
 
 import type { QwenCredentials } from '../types.js';
-import { refreshAccessToken, isCredentialsExpired } from '../qwen/oauth.js';
-import { logTechnicalDetail } from '../errors.js';
 
 /**
  * Get the path to the credentials file
- * Uses the same location as qwen-code for compatibility
  */
 export function getCredentialsPath(): string {
   const homeDir = homedir();
   return join(homeDir, '.qwen', 'oauth_creds.json');
 }
 
-/**
- * Get the OpenCode auth store path
- */
-export function getOpenCodeAuthPath(): string {
-  const homeDir = homedir();
-  return join(homeDir, '.local', 'share', 'opencode', 'auth.json');
-}
-
-/**
- * Load existing Qwen credentials if available
- * Supports qwen-code format with expiry_date and resource_url
- */
-export function loadCredentials(): QwenCredentials | null {
-  const credPath = getCredentialsPath();
-
-  if (!existsSync(credPath)) {
-    return null;
-  }
-
-  try {
-    const data = readFileSync(credPath, 'utf-8');
-    const parsed = JSON.parse(data);
-
-    // Handle qwen-code format and variations
-    if (parsed.access_token || parsed.accessToken) {
-      return {
-        accessToken: parsed.access_token || parsed.accessToken,
-        tokenType: parsed.token_type || parsed.tokenType || 'Bearer',
-        refreshToken: parsed.refresh_token || parsed.refreshToken,
-        resourceUrl: parsed.resource_url || parsed.resourceUrl,
-        // qwen-code uses expiry_date, fallback to expires_at for compatibility
-        expiryDate: parsed.expiry_date || parsed.expiresAt || parsed.expires_at,
-        scope: parsed.scope,
-      };
-    }
-
-    return null;
-  } catch (error) {
-    logTechnicalDetail(`Erro ao carregar credenciais: ${error}`);
-    return null;
-  }
-}
-
 /**
  * Save credentials to file in qwen-code compatible format
  */
@@ -87,29 +41,3 @@ export function saveCredentials(credentials: QwenCredentials): void {
 
   writeFileSync(credPath, JSON.stringify(data, null, 2));
 }
-
-/**
- * Get valid credentials, refreshing if necessary
- */
-export async function getValidCredentials(): Promise<QwenCredentials | null> {
-  let credentials = loadCredentials();
-
-  if (!credentials) {
-    return null;
-  }
-
-  if (isCredentialsExpired(credentials) && credentials.refreshToken) {
-    try {
-      credentials = await refreshAccessToken(credentials.refreshToken);
-      saveCredentials(credentials);
-    } catch (error) {
-      logTechnicalDetail(`Falha no refresh: ${error}`);
-      return null;
-    }
-  }
-
-  return credentials;
-}
-
-// Re-export isCredentialsExpired for convenience
-export { isCredentialsExpired } from '../qwen/oauth.js';