add acp authenticate update message

2025-12-20 16:57:46 +00:00 · 2025-12-13 12:01:46 +08:00
parent 9978fe107b
commit 4eb7aa5448
5 changed files with 89 additions and 236 deletions
--- a/packages/cli/src/acp-integration/acp.ts
+++ b/packages/cli/src/acp-integration/acp.ts
@@ -88,6 +88,16 @@ export class AgentSideConnection implements Client {
    );
  }

+  /**
+   * Streams authentication updates (e.g. Qwen OAuth authUri) to the client.
+   */
+  async authenticateUpdate(params: schema.AuthenticateUpdate): Promise<void> {
+    return await this.#connection.sendNotification(
+      schema.CLIENT_METHODS.authenticate_update,
+      params,
+    );
+  }
+
  /**
   * Request permission before running a tool
   *
@@ -241,9 +251,11 @@ class Connection {
        ).toResult();
      }

+      let errorName;
      let details;

      if (error instanceof Error) {
+        errorName = error.name;
        details = error.message;
      } else if (
        typeof error === 'object' &&
@@ -254,6 +266,10 @@ class Connection {
        details = error.message;
      }

+      if (errorName === 'TokenManagerError') {
+        return RequestError.authRequired(details).toResult();
+      }
+
      return RequestError.internalError(details).toResult();
    }
  }
@@ -357,6 +373,7 @@ export interface Client {
    params: schema.RequestPermissionRequest,
  ): Promise<schema.RequestPermissionResponse>;
  sessionUpdate(params: schema.SessionNotification): Promise<void>;
+  authenticateUpdate(params: schema.AuthenticateUpdate): Promise<void>;
  writeTextFile(
    params: schema.WriteTextFileRequest,
  ): Promise<schema.WriteTextFileResponse>;
--- a/packages/cli/src/acp-integration/acpAgent.ts
+++ b/packages/cli/src/acp-integration/acpAgent.ts
@@ -6,15 +6,19 @@

 import type { ReadableStream, WritableStream } from 'node:stream/web';

-import type { Config, ConversationRecord } from '@qwen-code/qwen-code-core';
 import {
  APPROVAL_MODE_INFO,
  APPROVAL_MODES,
  AuthType,
  clearCachedCredentialFile,
+  QwenOAuth2Event,
+  qwenOAuth2Events,
  MCPServerConfig,
  SessionService,
  buildApiHistoryFromConversation,
+  type Config,
+  type ConversationRecord,
+  type DeviceAuthorizationData,
 } from '@qwen-code/qwen-code-core';
 import type { ApprovalModeValue } from './schema.js';
 import * as acp from './acp.js';
@@ -123,13 +127,33 @@ class GeminiAgent {
  async authenticate({ methodId }: acp.AuthenticateRequest): Promise<void> {
    const method = z.nativeEnum(AuthType).parse(methodId);

+    let authUri: string | undefined;
+    const authUriHandler = (deviceAuth: DeviceAuthorizationData) => {
+      authUri = deviceAuth.verification_uri_complete;
+      // Send the auth URL to ACP client as soon as it's available (refreshAuth is blocking).
+      void this.client.authenticateUpdate({ _meta: { authUri } });
+    };
+
+    if (method === AuthType.QWEN_OAUTH) {
+      qwenOAuth2Events.once(QwenOAuth2Event.AuthUri, authUriHandler);
+    }
+
    await clearCachedCredentialFile();
-    await this.config.refreshAuth(method);
-    this.settings.setValue(
-      SettingScope.User,
-      'security.auth.selectedType',
-      method,
-    );
+    try {
+      await this.config.refreshAuth(method);
+      this.settings.setValue(
+        SettingScope.User,
+        'security.auth.selectedType',
+        method,
+      );
+    } finally {
+      // Ensure we don't leak listeners if auth fails early.
+      if (method === AuthType.QWEN_OAUTH) {
+        qwenOAuth2Events.off(QwenOAuth2Event.AuthUri, authUriHandler);
+      }
+    }
+
+    return;
  }

  async newSession({
@@ -272,7 +296,8 @@ class GeminiAgent {
    }

    try {
-      await config.refreshAuth(selectedType);
+      // Use true for the second argument to ensure only cached credentials are used
+      await config.refreshAuth(selectedType, true);
    } catch (e) {
      console.error(`Authentication failed: ${e}`);
      throw acp.RequestError.authRequired();
--- a/packages/cli/src/acp-integration/schema.ts
+++ b/packages/cli/src/acp-integration/schema.ts
@@ -20,6 +20,7 @@ export const AGENT_METHODS = {
 export const CLIENT_METHODS = {
  fs_read_text_file: 'fs/read_text_file',
  fs_write_text_file: 'fs/write_text_file',
+  authenticate_update: 'authenticate/update',
  session_request_permission: 'session/request_permission',
  session_update: 'session/update',
 };
@@ -57,8 +58,6 @@ export type CancelNotification = z.infer<typeof cancelNotificationSchema>;

 export type AuthenticateRequest = z.infer<typeof authenticateRequestSchema>;

-export type AuthenticateResponse = z.infer<typeof authenticateResponseSchema>;
-
 export type NewSessionResponse = z.infer<typeof newSessionResponseSchema>;

 export type LoadSessionResponse = z.infer<typeof loadSessionResponseSchema>;
@@ -247,7 +246,13 @@ export const authenticateRequestSchema = z.object({
  methodId: z.string(),
 });

-export const authenticateResponseSchema = z.null();
+export const authenticateUpdateSchema = z.object({
+  _meta: z.object({
+    authUri: z.string(),
+  }),
+});
+
+export type AuthenticateUpdate = z.infer<typeof authenticateUpdateSchema>;

 export const newSessionResponseSchema = z.object({
  sessionId: z.string(),
@@ -555,7 +560,6 @@ export const sessionUpdateSchema = z.union([

 export const agentResponseSchema = z.union([
  initializeResponseSchema,
-  authenticateResponseSchema,
  newSessionResponseSchema,
  loadSessionResponseSchema,
  promptResponseSchema,