refactor(auth): enhance useAuthCommand to include history management and improve error handling in QwenOAuth2Client

Co-authored-by: linda <hxn@163.com>

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@qwen-code/qwen-code",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@qwen-code/qwen-code",
-      "version": "0.2.2",
+      "version": "0.2.3",
       "workspaces": [
         "packages/*"
       ],
@@ -16024,7 +16024,7 @@
     },
     "packages/cli": {
       "name": "@qwen-code/qwen-code",
-      "version": "0.2.2",
+      "version": "0.2.3",
       "dependencies": {
         "@google/genai": "1.16.0",
         "@iarna/toml": "^2.2.5",
@@ -16139,7 +16139,7 @@
     },
     "packages/core": {
       "name": "@qwen-code/qwen-code-core",
-      "version": "0.2.2",
+      "version": "0.2.3",
       "hasInstallScript": true,
       "dependencies": {
         "@google/genai": "1.16.0",
@@ -16278,7 +16278,7 @@
     },
     "packages/test-utils": {
       "name": "@qwen-code/qwen-code-test-utils",
-      "version": "0.2.2",
+      "version": "0.2.3",
       "dev": true,
       "license": "Apache-2.0",
       "devDependencies": {
@@ -16290,7 +16290,7 @@
     },
     "packages/vscode-ide-companion": {
       "name": "qwen-code-vscode-ide-companion",
-      "version": "0.2.2",
+      "version": "0.2.3",
       "license": "LICENSE",
       "dependencies": {
         "@modelcontextprotocol/sdk": "^1.15.1",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qwen-code/qwen-code",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "engines": {
     "node": ">=20.0.0"
   },
@@ -13,7 +13,7 @@
     "url": "git+https://github.com/QwenLM/qwen-code.git"
   },
   "config": {
-    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.2.2"
+    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.2.3"
   },
   "scripts": {
     "start": "cross-env node scripts/start.js",

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qwen-code/qwen-code",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "Qwen Code",
   "repository": {
     "type": "git",
@@ -25,7 +25,7 @@
     "dist"
   ],
   "config": {
-    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.2.2"
+    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.2.3"
   },
   "dependencies": {
     "@google/genai": "1.16.0",

packages/cli/src/ui/AppContainer.tsx

@@ -353,7 +353,7 @@ export const AppContainer = (props: AppContainerProps) => {
     handleAuthSelect,
     openAuthDialog,
     cancelAuthentication,
-  } = useAuthCommand(settings, config);
+  } = useAuthCommand(settings, config, historyManager.addItem);
 
   const { proQuotaRequest, handleProQuotaChoice } = useQuotaAndFallback({
     config,

packages/cli/src/ui/auth/useAuth.ts

@@ -4,23 +4,28 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { useState, useCallback, useEffect } from 'react';
-import type { LoadedSettings, SettingScope } from '../../config/settings.js';
 import type { Config } from '@qwen-code/qwen-code-core';
 import {
+  AuthEvent,
   AuthType,
   clearCachedCredentialFile,
   getErrorMessage,
   logAuth,
-  AuthEvent,
 } from '@qwen-code/qwen-code-core';
-import { AuthState } from '../types.js';
+import { useCallback, useEffect, useState } from 'react';
-import { useQwenAuth } from '../hooks/useQwenAuth.js';
+import type { LoadedSettings, SettingScope } from '../../config/settings.js';
 import type { OpenAICredentials } from '../components/OpenAIKeyPrompt.js';
+import { useQwenAuth } from '../hooks/useQwenAuth.js';
+import { AuthState, MessageType } from '../types.js';
+import type { HistoryItem } from '../types.js';
 
 export type { QwenAuthState } from '../hooks/useQwenAuth.js';
 
-export const useAuthCommand = (settings: LoadedSettings, config: Config) => {
+export const useAuthCommand = (
+  settings: LoadedSettings,
+  config: Config,
+  addItem: (item: Omit<HistoryItem, 'id'>, timestamp: number) => void,
+) => {
   const unAuthenticated =
     settings.merged.security?.auth?.selectedType === undefined;
 
@@ -117,8 +122,17 @@ export const useAuthCommand = (settings: LoadedSettings, config: Config) => {
       // Log authentication success
       const authEvent = new AuthEvent(authType, 'manual', 'success');
       logAuth(config, authEvent);
+
+      // Show success message
+      addItem(
+        {
+          type: MessageType.INFO,
+          text: `Authenticated successfully with ${authType} credentials.`,
+        },
+        Date.now(),
+      );
     },
-    [settings, handleAuthFailure, config],
+    [settings, handleAuthFailure, config, addItem],
   );
 
   const performAuth = useCallback(

packages/cli/src/ui/utils/commandUtils.test.ts

@@ -13,6 +13,7 @@ import {
   isSlashCommand,
   copyToClipboard,
   getUrlOpenCommand,
+  CodePage,
 } from './commandUtils.js';
 
 // Mock child_process
@@ -188,7 +189,10 @@ describe('commandUtils', () => {
 
         await copyToClipboard(testText);
 
-        expect(mockSpawn).toHaveBeenCalledWith('clip', []);
+        expect(mockSpawn).toHaveBeenCalledWith('cmd', [
+          '/c',
+          `chcp ${CodePage.UTF8} >nul && clip`,
+        ]);
         expect(mockChild.stdin.write).toHaveBeenCalledWith(testText);
         expect(mockChild.stdin.end).toHaveBeenCalled();
       });

packages/cli/src/ui/utils/commandUtils.ts

@@ -7,6 +7,23 @@
 import type { SpawnOptions } from 'node:child_process';
 import { spawn } from 'node:child_process';
 
+/**
+ * Common Windows console code pages (CP) used for encoding conversions.
+ *
+ * @remarks
+ * - `UTF8` (65001): Unicode (UTF-8) — recommended for cross-language scripts.
+ * - `GBK` (936): Simplified Chinese — default on most Chinese Windows systems.
+ * - `BIG5` (950): Traditional Chinese.
+ * - `LATIN1` (1252): Western European — default on many Western systems.
+ */
+export const CodePage = {
+  UTF8: 65001,
+  GBK: 936,
+  BIG5: 950,
+  LATIN1: 1252,
+} as const;
+
+export type CodePage = (typeof CodePage)[keyof typeof CodePage];
 /**
  * Checks if a query string potentially represents an '@' command.
  * It triggers if the query starts with '@' or contains '@' preceded by whitespace
@@ -80,7 +97,7 @@ export const copyToClipboard = async (text: string): Promise<void> => {
 
   switch (process.platform) {
     case 'win32':
-      return run('clip', []);
+      return run('cmd', ['/c', `chcp ${CodePage.UTF8} >nul && clip`]);
     case 'darwin':
       return run('pbcopy', []);
     case 'linux':

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qwen-code/qwen-code-core",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "Qwen Code Core",
   "repository": {
     "type": "git",

packages/core/src/qwen/qwenOAuth2.test.ts

@@ -623,14 +623,16 @@ describe('QwenOAuth2Client', () => {
     });
 
     it('should handle authorization_pending with HTTP 400 according to RFC 8628', async () => {
+      const errorData = {
+        error: 'authorization_pending',
+        error_description: 'The authorization request is still pending',
+      };
       const mockResponse = {
         ok: false,
         status: 400,
         statusText: 'Bad Request',
-        json: async () => ({
+        text: async () => JSON.stringify(errorData),
-          error: 'authorization_pending',
+        json: async () => errorData,
-          error_description: 'The authorization request is still pending',
-        }),
       };
 
       vi.mocked(global.fetch).mockResolvedValue(mockResponse as Response);
@@ -646,14 +648,16 @@ describe('QwenOAuth2Client', () => {
     });
 
     it('should handle slow_down with HTTP 429 according to RFC 8628', async () => {
+      const errorData = {
+        error: 'slow_down',
+        error_description: 'The client is polling too frequently',
+      };
       const mockResponse = {
         ok: false,
         status: 429,
         statusText: 'Too Many Requests',
-        json: async () => ({
+        text: async () => JSON.stringify(errorData),
-          error: 'slow_down',
+        json: async () => errorData,
-          error_description: 'The client is polling too frequently',
-        }),
       };
 
       vi.mocked(global.fetch).mockResolvedValue(mockResponse as Response);
@@ -1993,14 +1997,16 @@ describe('Enhanced Error Handling and Edge Cases', () => {
     });
 
     it('should handle authorization_pending with correct status', async () => {
+      const errorData = {
+        error: 'authorization_pending',
+        error_description: 'Authorization request is pending',
+      };
       const mockResponse = {
         ok: false,
         status: 400,
         statusText: 'Bad Request',
-        json: vi.fn().mockResolvedValue({
+        text: vi.fn().mockResolvedValue(JSON.stringify(errorData)),
-          error: 'authorization_pending',
+        json: vi.fn().mockResolvedValue(errorData),
-          error_description: 'Authorization request is pending',
-        }),
       };
 
       vi.mocked(global.fetch).mockResolvedValue(

packages/core/src/qwen/qwenOAuth2.ts

@@ -345,44 +345,47 @@ export class QwenOAuth2Client implements IQwenOAuth2Client {
     });
 
     if (!response.ok) {
-      // Parse the response as JSON to check for OAuth RFC 8628 standard errors
+      // Read response body as text first (can only be read once)
+      const responseText = await response.text();
+
+      // Try to parse as JSON to check for OAuth RFC 8628 standard errors
+      let errorData: ErrorData | null = null;
       try {
-        const errorData = (await response.json()) as ErrorData;
+        errorData = JSON.parse(responseText) as ErrorData;
-
-        // According to OAuth RFC 8628, handle standard polling responses
-        if (
-          response.status === 400 &&
-          errorData.error === 'authorization_pending'
-        ) {
-          // User has not yet approved the authorization request. Continue polling.
-          return { status: 'pending' } as DeviceTokenPendingData;
-        }
-
-        if (response.status === 429 && errorData.error === 'slow_down') {
-          // Client is polling too frequently. Return pending with slowDown flag.
-          return {
-            status: 'pending',
-            slowDown: true,
-          } as DeviceTokenPendingData;
-        }
-
-        // Handle other 400 errors (access_denied, expired_token, etc.) as real errors
-
-        // For other errors, throw with proper error information
-        const error = new Error(
-          `Device token poll failed: ${errorData.error || 'Unknown error'} - ${errorData.error_description || 'No details provided'}`,
-        );
-        (error as Error & { status?: number }).status = response.status;
-        throw error;
       } catch (_parseError) {
-        // If JSON parsing fails, fall back to text response
+        // If JSON parsing fails, use text response
-        const errorData = await response.text();
         const error = new Error(
-          `Device token poll failed: ${response.status} ${response.statusText}. Response: ${errorData}`,
+          `Device token poll failed: ${response.status} ${response.statusText}. Response: ${responseText}`,
         );
         (error as Error & { status?: number }).status = response.status;
         throw error;
       }
+
+      // According to OAuth RFC 8628, handle standard polling responses
+      if (
+        response.status === 400 &&
+        errorData.error === 'authorization_pending'
+      ) {
+        // User has not yet approved the authorization request. Continue polling.
+        return { status: 'pending' } as DeviceTokenPendingData;
+      }
+
+      if (response.status === 429 && errorData.error === 'slow_down') {
+        // Client is polling too frequently. Return pending with slowDown flag.
+        return {
+          status: 'pending',
+          slowDown: true,
+        } as DeviceTokenPendingData;
+      }
+
+      // Handle other 400 errors (access_denied, expired_token, etc.) as real errors
+
+      // For other errors, throw with proper error information
+      const error = new Error(
+        `Device token poll failed: ${errorData.error || 'Unknown error'} - ${errorData.error_description}`,
+      );
+      (error as Error & { status?: number }).status = response.status;
+      throw error;
     }
 
     return (await response.json()) as DeviceTokenResponse;

packages/test-utils/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qwen-code/qwen-code-test-utils",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "private": true,
   "main": "src/index.ts",
   "license": "Apache-2.0",

packages/vscode-ide-companion/package.json

@@ -2,7 +2,7 @@
   "name": "qwen-code-vscode-ide-companion",
   "displayName": "Qwen Code Companion",
   "description": "Enable Qwen Code with direct access to your VS Code workspace.",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "publisher": "qwenlm",
   "icon": "assets/icon.png",
   "repository": {