gustavodiasdev
diff --git a/‎CHANGELOG.md‎
Lines changed: 115 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 115 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 52 additions & 22 deletions b/‎README.md‎
Lines changed: 52 additions & 22 deletions
diff --git a/‎README.pt-BR.md‎
Lines changed: 14 additions & 20 deletions b/‎README.pt-BR.md‎
Lines changed: 14 additions & 20 deletions
diff --git a/‎package.json‎
Lines changed: 6 additions & 3 deletions b/‎package.json‎
Lines changed: 6 additions & 3 deletions
@@ -0,0 +1,115 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.5.0] - 2026-03-09
+
+### 🚨 Critical Fixes
+
+- **Fixed rate limiting issue (#4)** - Added official Qwen Code headers to prevent aggressive rate limiting
+  - Added `QWEN_OFFICIAL_HEADERS` constant with required identification headers
+  - Headers include `X-DashScope-CacheControl`, `X-DashScope-AuthType`, `X-DashScope-UserAgent`
+  - Requests now recognized as legitimate Qwen Code client
+  - Full 2,000 requests/day quota now available
+
+- **Added session and prompt tracking** - Prevents false-positive abuse detection
+  - Unique `sessionId` per plugin lifetime
+  - Unique `promptId` per request via `crypto.randomUUID()`
+  - `X-Metadata` header with tracking information
+
+### ✨ New Features
+
+- **Dynamic API endpoint resolution** - Automatic region detection based on OAuth token
+  - `portal.qwen.ai` → `https://portal.qwen.ai/v1` (International)
+  - `dashscope` → `https://dashscope.aliyuncs.com/compatible-mode/v1` (China)
+  - `dashscope-intl` → `https://dashscope-intl.aliyuncs.com/compatible-mode/v1` (International)
+  - Added `loadCredentials()` function to read `resource_url` from credentials file
+  - Added `resolveBaseUrl()` function for intelligent URL resolution
+
+- **Added qwen3.5-plus model support** - Latest flagship hybrid model
+  - 1M token context window
+  - 64K token max output
+  - Reasoning capabilities enabled
+  - Vision support included
+
+- **Vision model capabilities** - Proper modalities configuration
+  - Dynamic `modalities.input` based on model capabilities
+  - Vision models now correctly advertise `['text', 'image']` input
+  - Non-vision models remain `['text']` only
+
+### 🔧 Technical Improvements
+
+- **Enhanced loader hook** - Returns complete configuration with headers
+  - Headers injected at loader level for all requests
+  - Metadata object for backend quota recognition
+  - Session-based tracking for usage patterns
+
+- **Enhanced config hook** - Consistent header configuration
+  - Headers set in provider options
+  - Dynamic modalities based on model capabilities
+  - Better type safety for vision features
+
+- **Improved auth module** - Better credentials management
+  - Added `loadCredentials()` for reading from file
+  - Better error handling in credential loading
+  - Support for multi-region tokens
+
+### 📚 Documentation
+
+- Updated README with new features section
+- Added troubleshooting section for rate limiting
+- Updated model table with `qwen3.5-plus`
+- Added vision model documentation
+- Enhanced installation instructions
+
+### 🔄 Changes from Previous Versions
+
+#### Compared to 1.4.0 (PR #7 by @ishan-parihar)
+
+This version includes all features from PR #7 plus:
+- Complete official headers (not just DashScope-specific)
+- Session and prompt tracking for quota recognition
+- `qwen3.5-plus` model support
+- Vision capabilities in modalities
+- Direct fix for Issue #4 (rate limiting)
+
+---
+
+## [1.4.0] - 2026-02-27
+
+### Added
+- Dynamic API endpoint resolution (PR #7)
+- DashScope headers support (PR #7)
+- `loadCredentials()` and `resolveBaseUrl()` functions (PR #7)
+
+### Fixed
+- `ERR_INVALID_URL` error - loader now returns `baseURL` correctly (PR #7)
+- "Incorrect API key provided" error for portal.qwen.ai tokens (PR #7)
+
+---
+
+## [1.3.0] - 2026-02-10
+
+### Added
+- OAuth Device Flow authentication
+- Support for qwen3-coder-plus, qwen3-coder-flash models
+- Automatic token refresh
+- Compatibility with qwen-code credentials
+
+### Known Issues
+- Rate limiting reported by users (Issue #4)
+- Missing official headers for quota recognition
+
+---
+
+## [1.2.0] - 2026-01-15
+
+### Added
+- Initial release
+- Basic OAuth authentication
+- Model configuration for Qwen providers
@@ -17,9 +17,46 @@
 - 🔐 **OAuth Device Flow** - Secure browser-based authentication (RFC 8628)
 - ⚡ **Automatic Polling** - No need to press Enter after authorizing
 - 🆓 **2,000 req/day free** - Generous free tier with no credit card
-- 🧠 **1M context window** - Models with 1 million token context
+- 🧠 **1M context window** - 1 million token context
 - 🔄 **Auto-refresh** - Tokens renewed automatically before expiration
 - 🔗 **qwen-code compatible** - Reuses credentials from `~/.qwen/oauth_creds.json`
+- 🌐 **Dynamic Routing** - Automatic resolution of API base URL based on region
+- 🏎️ **KV Cache Support** - Official DashScope headers for high performance
+- 🎯 **Rate Limit Fix** - Official headers prevent aggressive rate limiting (Fixes #4)
+- 🔍 **Session Tracking** - Unique session/prompt IDs for proper quota recognition
+- 🎯 **Aligned with qwen-code** - Exposes same models as official Qwen Code CLI
+
+## 🆕 What's New in v1.5.0
+
+### Rate Limiting Fix (Issue #4)
+
+**Problem:** Users were experiencing aggressive rate limiting (2,000 req/day quota exhausted quickly).
+
+**Solution:** Added official Qwen Code headers that properly identify the client:
+- `X-DashScope-CacheControl: enable` - Enables KV cache optimization
+- `X-DashScope-AuthType: qwen-oauth` - Marks as OAuth authentication
+- `X-DashScope-UserAgent` - Identifies as official Qwen Code client
+- `X-Metadata` - Session and prompt tracking for quota recognition
+
+**Result:** Full daily quota now available without premature rate limiting.
+
+### Dynamic API Endpoint Resolution
+
+The plugin now automatically detects and uses the correct API endpoint based on the `resource_url` returned by the OAuth server:
+
+| resource_url | API Endpoint | Region |
+|-------------|--------------|--------|
+| `portal.qwen.ai` | `https://portal.qwen.ai/v1` | International |
+| `dashscope` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | China |
+| `dashscope-intl` | `https://dashscope-intl.aliyuncs.com/compatible-mode/v1` | International |
+
+This means the plugin works correctly regardless of which region your Qwen account is associated with.
+
+### Aligned with qwen-code-0.12.0
+
+- ✅ **coder-model** - Only model exposed (matches official Qwen Code CLI)
+- ✅ **Vision capabilities** - Supports image input
+- ✅ **Dynamic modalities** - Input modalities adapt based on model capabilities
 
 ## 📋 Prerequisites
 
@@ -31,12 +68,12 @@
 ### 1. Install the plugin
 
 ```bash
-cd ~/.opencode && npm install opencode-qwencode-auth
+cd ~/.config/opencode && npm install opencode-qwencode-auth
 ```
 
 ### 2. Enable the plugin
 
-Edit `~/.opencode/opencode.jsonc`:
+Edit `~/.config/opencode/opencode.jsonc`:
 
 ```json
 {
@@ -69,28 +106,18 @@ Select **"Qwen Code (qwen.ai OAuth)"**
 
 ## 🎯 Available Models
 
-### Coding Models
+### Coding Model
 
-| Model | Context | Max Output | Best For |
+| Model | Context | Max Output | Features |
 |-------|---------|------------|----------|
-| `qwen3-coder-plus` | 1M tokens | 64K tokens | Complex coding tasks |
-| `qwen3-coder-flash` | 1M tokens | 64K tokens | Fast coding responses |
-
-### General Purpose Models
+| `coder-model` | 1M tokens | 64K tokens | Official alias (Auto-routes to Qwen 3.5 Plus - Hybrid & Vision) |
 
-| Model | Context | Max Output | Reasoning | Best For |
-|-------|---------|------------|-----------|----------|
-| `qwen3-max` | 256K tokens | 64K tokens | No | Flagship model, complex reasoning and tool use |
-| `qwen-plus-latest` | 128K tokens | 16K tokens | Yes | Balanced quality-speed with thinking mode |
-| `qwen3-235b-a22b` | 128K tokens | 32K tokens | Yes | Largest open-weight MoE with thinking mode |
-| `qwen-flash` | 1M tokens | 8K tokens | No | Ultra-fast, low-cost simple tasks |
+> **Note:** This plugin aligns with the official `qwen-code-0.12.0` client, which exposes only the `coder-model` alias. This model automatically routes to the best available Qwen 3.5 Plus with hybrid reasoning and vision capabilities.
 
-### Using a specific model
+### Using the model
 
 ```bash
-opencode --provider qwen-code --model qwen3-coder-plus
-opencode --provider qwen-code --model qwen3-max
-opencode --provider qwen-code --model qwen-plus-latest
+opencode --provider qwen-code --model coder-model
 ```
 
 ## ⚙️ How It Works
@@ -139,8 +166,11 @@ The `qwen-code` provider is added via plugin. In the `opencode auth login` comma
 
 ### Rate limit exceeded (429 errors)
 
+**As of v1.5.0, this should no longer occur!** The plugin now sends official Qwen Code headers that properly identify your client and prevent aggressive rate limiting.
+
+If you still experience rate limiting:
+- Ensure you're using v1.5.0 or later: `npm update opencode-qwencode-auth`
 - Wait until midnight UTC for quota reset
-- Try using `qwen3-coder-flash` for faster, lighter requests
 - Consider [DashScope API](https://dashscope.aliyun.com) for higher limits
 
 ## 🛠️ Development
@@ -159,7 +189,7 @@ bun run typecheck
 
 ### Local testing
 
-Edit `~/.opencode/package.json`:
+Edit `~/.config/opencode/package.json`:
 
 ```json
 {
@@ -172,7 +202,7 @@ Edit `~/.opencode/package.json`:
 Then reinstall:
 
 ```bash
-cd ~/.opencode && npm install
+cd ~/.config/opencode && npm install
 ```
 
 ## 📁 Project Structure
 
@@ -8,7 +8,7 @@
   <img src="assets/screenshot.png" alt="OpenCode com Qwen Code" width="800">
 </p>
 
-**Autentique o OpenCode CLI com sua conta qwen.ai.** Este plugin permite usar modelos Qwen (Coder, Max, Plus e mais) com **2.000 requisições gratuitas por dia** - sem API key ou cartão de crédito!
+**Autentique o OpenCode CLI com sua conta qwen.ai.** Este plugin permite usar o modelo `coder-model` com **2.000 requisições gratuitas por dia** - sem API key ou cartão de crédito!
 
 [🇺🇸 Read in English](./README.md)
 
@@ -17,9 +17,14 @@
 - 🔐 **OAuth Device Flow** - Autenticação segura via navegador (RFC 8628)
 - ⚡ **Polling Automático** - Não precisa pressionar Enter após autorizar
 - 🆓 **2.000 req/dia grátis** - Plano gratuito generoso sem cartão
-- 🧠 **1M de contexto** - Modelos com 1 milhão de tokens de contexto
+- 🧠 **1M de contexto** - 1 milhão de tokens de contexto
 - 🔄 **Auto-refresh** - Tokens renovados automaticamente antes de expirar
 - 🔗 **Compatível com qwen-code** - Reutiliza credenciais de `~/.qwen/oauth_creds.json`
+- 🌐 **Roteamento Dinâmico** - Resolução automática da URL base da API por região
+- 🏎️ **Suporte a KV Cache** - Headers oficiais DashScope para alta performance
+- 🎯 **Correção de Rate Limit** - Headers oficiais previnem rate limiting agressivo (Fix #4)
+- 🔍 **Session Tracking** - IDs únicos de sessão/prompt para reconhecimento de cota
+- 🎯 **Alinhado com qwen-code** - Expõe os mesmos modelos do Qwen Code CLI oficial
 
 ## 📋 Pré-requisitos
 
@@ -69,28 +74,18 @@ Selecione **"Qwen Code (qwen.ai OAuth)"**
 
 ## 🎯 Modelos Disponíveis
 
-### Modelos de Código
+### Modelo de Código
 
-| Modelo | Contexto | Max Output | Melhor Para |
-|--------|----------|------------|-------------|
-| `qwen3-coder-plus` | 1M tokens | 64K tokens | Tarefas complexas de código |
-| `qwen3-coder-flash` | 1M tokens | 64K tokens | Respostas rápidas de código |
+| Modelo | Contexto | Max Output | Recursos |
+|--------|----------|------------|----------|
+| `coder-model` | 1M tokens | 64K tokens | Alias oficial (Auto-rotas para Qwen 3.5 Plus - Hybrid & Vision) |
 
-### Modelos de Propósito Geral
+> **Nota:** Este plugin está alinhado com o cliente oficial `qwen-code-0.12.0`, que expõe apenas o alias `coder-model`. Este modelo automaticamente rotaciona para o melhor Qwen 3.5 Plus disponível com raciocínio híbrido e capacidades de visão.
 
-| Modelo | Contexto | Max Output | Reasoning | Melhor Para |
-|--------|----------|------------|-----------|-------------|
-| `qwen3-max` | 256K tokens | 64K tokens | Não | Modelo flagship, raciocínio complexo e tool use |
-| `qwen-plus-latest` | 128K tokens | 16K tokens | Sim | Equilíbrio qualidade-velocidade com thinking mode |
-| `qwen3-235b-a22b` | 128K tokens | 32K tokens | Sim | Maior modelo open-weight MoE com thinking mode |
-| `qwen-flash` | 1M tokens | 8K tokens | Não | Ultra-rápido, baixo custo para tarefas simples |
-
-### Usando um modelo específico
+### Usando o modelo
 
 ```bash
-opencode --provider qwen-code --model qwen3-coder-plus
-opencode --provider qwen-code --model qwen3-max
-opencode --provider qwen-code --model qwen-plus-latest
+opencode --provider qwen-code --model coder-model
 ```
 
 ## ⚙️ Como Funciona
@@ -140,7 +135,6 @@ O provider `qwen-code` é adicionado via plugin. No comando `opencode auth login
 ### Rate limit excedido (erros 429)
 
 - Aguarde até meia-noite UTC para reset da cota
-- Tente usar `qwen3-coder-flash` para requisições mais leves
 - Considere a [API DashScope](https://dashscope.aliyun.com) para limites maiores
 
 ## 🛠️ Desenvolvimento
 
@@ -1,7 +1,7 @@
 {
   "name": "opencode-qwencode-auth",
-  "version": "1.3.0",
-  "description": "Qwen OAuth authentication plugin for OpenCode - Access Qwen AI models (Coder, Vision) with your qwen.ai account",
+  "version": "1.5.0",
+  "description": "Qwen OAuth authentication plugin for OpenCode - Access Qwen AI models (Coder, Vision) with your qwen.ai account - Fixes rate limiting (Issue #4)",
   "module": "index.ts",
   "type": "module",
   "scripts": {
@@ -15,12 +15,15 @@
     "qwen-code",
     "qwen3-coder",
     "qwen3-vl-plus",
+    "qwen3.5-plus",
     "vision-model",
     "oauth",
     "authentication",
     "ai",
     "llm",
-    "opencode-plugins"
+    "opencode-plugins",
+    "rate-limit-fix",
+    "dashscope"
   ],
   "author": "Gustavo Dias <me@gustavodias.dev>",
   "license": "MIT",