feat(vscode-ide-companion): improve authentication flow with cached auth state

优化认证流程，支持缓存认证状态避免重复认证：
- 在 qwenAgentManager 中创建会话前先进行认证
- 在 qwenConnectionHandler 中检查缓存的认证状态
- 只在没有有效缓存时触发新的认证流程
- 认证失败时清除无效缓存
- 添加详细的日志记录用于调试

packages/vscode-ide-companion/src/agents/qwenAgentManager.ts

@@ -3,7 +3,7 @@
  * Copyright 2025 Qwen Team
  * SPDX-License-Identifier: Apache-2.0
  */
-
+import * as vscode from 'vscode';
 import { AcpConnection } from '../acp/acpConnection.js';
 import type {
   AcpSessionUpdate,
@@ -423,11 +423,28 @@ export class QwenAgentManager {
   /**
    * 创建新会话
    *
+   * 注意：认证应该在connect()方法中完成，这里只创建会话
+   *
    * @param workingDir - 工作目录
    * @returns 新创建的 session ID
    */
   async createNewSession(workingDir: string): Promise<string | null> {
     console.log('[QwenAgentManager] Creating new session...');
+
+    // 先进行认证
+    console.log('[QwenAgentManager] Authenticating before creating session...');
+    try {
+      const config = vscode.workspace.getConfiguration('qwenCode');
+      const openaiApiKey = config.get<string>('qwen.openaiApiKey', '');
+      const authMethod = openaiApiKey ? 'openai' : 'qwen-oauth';
+
+      await this.connection.authenticate(authMethod);
+      console.log('[QwenAgentManager] Authentication successful');
+    } catch (authError) {
+      console.error('[QwenAgentManager] Authentication failed:', authError);
+      throw authError;
+    }
+
     await this.connection.newSession(workingDir);
     const newSessionId = this.connection.currentSessionId;
     console.log(

packages/vscode-ide-companion/src/agents/qwenConnectionHandler.ts

@@ -132,25 +132,58 @@ export class QwenConnectionHandler {
     // 如果无法恢复会话则创建新会话
     if (!sessionRestored) {
       console.log('[QwenAgentManager] Creating new session...');
-      console.log(
+
-        `[QwenAgentManager] ⚠️ WORKAROUND: Skipping explicit authenticate() call`,
+      // 检查是否有有效的缓存认证
+      let hasValidAuth = false;
+      if (authStateManager) {
+        hasValidAuth = await authStateManager.hasValidAuth(
+          workingDir,
+          authMethod,
         );
+      }
+
+      // 只在没有有效缓存认证时进行认证
+      if (!hasValidAuth) {
         console.log(
-        `[QwenAgentManager] ⚠️ Reason: newSession() internally calls refreshAuth(), which triggers device flow`,
+          '[QwenAgentManager] Authenticating before creating session...',
         );
+        try {
+          await connection.authenticate(authMethod);
+          console.log('[QwenAgentManager] Authentication successful');
+
+          // 保存认证状态
+          if (authStateManager) {
             console.log(
-        `[QwenAgentManager] ⚠️ Calling authenticate() first causes double authentication`,
+              '[QwenAgentManager] Saving auth state after successful authentication',
             );
+            await authStateManager.saveAuthState(workingDir, authMethod);
+          }
+        } catch (authError) {
+          console.error('[QwenAgentManager] Authentication failed:', authError);
+          // 清除可能无效的缓存
+          if (authStateManager) {
+            console.log(
+              '[QwenAgentManager] Clearing auth cache due to authentication failure',
+            );
+            await authStateManager.clearAuthState();
+          }
+          throw authError;
+        }
+      } else {
+        console.log(
+          '[QwenAgentManager] Skipping authentication - using valid cached auth',
+        );
+      }
 
       try {
         console.log(
-          `\n🔐 [AUTO AUTH] newSession will handle authentication automatically\n`,
+          '[QwenAgentManager] Creating new session after authentication...',
         );
         await this.newSessionWithRetry(connection, workingDir, 3);
         console.log('[QwenAgentManager] New session created successfully');
 
-        // 保存认证状态
+        // 确保认证状态已保存（防止重复认证）
-        if (authStateManager) {
+        if (authStateManager && !hasValidAuth) {
           console.log(
             '[QwenAgentManager] Saving auth state after successful session creation',
           );