Skip to content

Add Coding Plan Authentication#2490

Open
xuewenjie123 wants to merge 20 commits intoQwenLM:mainfrom
xuewenjie123:feat/2134-auth-parity
Open

Add Coding Plan Authentication#2490
xuewenjie123 wants to merge 20 commits intoQwenLM:mainfrom
xuewenjie123:feat/2134-auth-parity

Conversation

@xuewenjie123
Copy link
Collaborator

@xuewenjie123 xuewenjie123 commented Mar 19, 2026
edited
Loading

Overview

This PR introduces comprehensive authentication enhancements including Alibaba Cloud Coding Plan support and a multi-language internationalization system for the WebUI onboarding experience.

Changes

Core Features

  1. Coding Plan Authentication
    • Added support for Alibaba Cloud Coding Plan authentication method in both CLI and VSCode extension
    • Supports two regions:
      • 阿里云百炼 (aliyun.com) - China region
      • Alibaba Cloud (alibabacloud.com) - Global region
    • New codingPlanLogic.ts utility for handling Coding Plan authentication flow

2 Enhanced Onboarding Experience

  • Updated WebUI Onboarding component with:
    • Authentication method selection interface
    • Coding Plan API key and region input form
    • Custom configuration guidance for OpenAI-compatible APIs
    • Error message display for login failures
  • VSCode WebView integration with auth state management
  • Improved authentication flow with methodId and _meta parameter passing

Modified Files

CLI Package:

  • packages/cli/src/acp-integration/acpAgent.ts - Added Coding Plan auth handling
  • packages/cli/src/acp-integration/authMethods.ts - Updated auth method list with i18n
  • packages/cli/src/utils/codingPlanLogic.ts - New utility for Coding Plan auth

Core Package:

  • packages/core/src/core/contentGenerator.ts - Minor updates
  • packages/core/src/models/constants.ts - Added Coding Plan constants

VSCode Extension:

  • packages/vscode-ide-companion/src/services/acpConnection.ts
  • packages/vscode-ide-companion/src/services/qwenAgentManager.ts
  • packages/vscode-ide-companion/src/services/qwenConnectionHandler.ts
  • packages/vscode-ide-companion/src/types/acpTypes.ts
  • packages/vscode-ide-companion/src/utils/authErrors.ts
  • packages/vscode-ide-companion/src/webview/App.tsx
  • packages/vscode-ide-companion/src/webview/components/layout/Onboarding.tsx
  • packages/vscode-ide-companion/src/webview/handlers/AuthMessageHandler.ts
  • packages/vscode-ide-companion/src/webview/handlers/MessageRouter.ts
  • packages/vscode-ide-companion/src/webview/handlers/SessionMessageHandler.ts
  • packages/vscode-ide-companion/src/webview/hooks/useWebViewMessages.ts
  • packages/vscode-ide-companion/src/webview/providers/MessageHandler.ts
  • packages/vscode-ide-companion/src/webview/providers/WebViewProvider.ts

WebUI:

  • packages/webui/src/components/layout/Onboarding.tsx - Complete UI overhaul
  • packages/webui/src/utils/i18n.ts - New i18n module

Technical Details

Authentication Flow

  1. User selects authentication method from onboarding screen
  2. For Coding Plan:
    • User enters API key and selects region
    • Credentials passed via _meta parameter to authenticate handler
    • API key stored in settings with proper persistence scope
  3. For OAuth: Standard OAuth flow continues
  4. For OpenAI-compatible: Guidance to settings.json configuration

Type Safety Notes

Some any types were introduced to handle dynamic authentication metadata passing between components. These should be refined in future iterations with proper interface definitions.

Testing

  • Manual testing of OAuth flow (unchanged)
  • Manual testing of Coding Plan authentication with both regions
  • UI testing of onboarding flow in WebUI
  • VSCode extension WebView message handling

Related Issues

Screenshots

image image image image

Video

vc.mp4

@github-actions
Copy link
Contributor

github-actions bot commented Mar 19, 2026

📋 Review Summary

This PR introduces comprehensive authentication enhancements including Alibaba Cloud Coding Plan support and a multi-language internationalization system for the WebUI onboarding experience. The implementation is well-structured overall, with good separation of concerns between CLI, VSCode extension, and WebUI packages. However, there are several areas requiring attention, particularly around type safety, error handling consistency, and some architectural decisions.

🔍 General Feedback

  • Positive: Good modular design with clear separation between authentication logic (codingPlanLogic.ts), i18n utilities, and UI components
  • Positive: The authentication flow properly supports multiple regions and maintains backward compatibility with existing OAuth flow
  • Positive: i18n implementation covers 6 languages with automatic browser detection
  • Concern: The PR description mentions "Some any types were introduced" - this should be addressed with proper interface definitions as noted
  • Concern: Several files have substantial logic changes without corresponding test files
  • Pattern: Good use of existing infrastructure (settings persistence, model provider config) rather than creating parallel systems

🎯 Specific Feedback

🔴 Critical

  • File: packages/cli/src/utils/codingPlanLogic.ts:24 - API key is stored in settings and then immediately also set in process.env. This dual storage could lead to inconsistency if one is updated but not the other. Consider making the environment variable derivation purely reactive from settings.

  • File: packages/vscode-ide-companion/src/utils/authErrors.ts:73 - The extractAuthMethodsFromError function uses any[] return type and loose type checking. The early return statement if (!error || typeof error !== 'object') {return null;} has inconsistent formatting (missing space before brace).

  • File: packages/webui/src/utils/i18n.ts:97 - The getCurrentLanguage() function returns 'en' for SSR environments (typeof navigator === 'undefined'), but this could cause hydration mismatches if the server-rendered content differs from client. Consider making this more explicit or deferring language detection until mount.

🟡 High

  • File: packages/cli/src/acp-integration/acpAgent.ts:148-152 - The Coding Plan authentication extracts apiKey and region from _meta without validating their types beyond existence. The region validation only checks for 'global' vs defaulting to China, but doesn't validate that regionStr is actually a valid string.

  • File: packages/vscode-ide-companion/src/services/qwenAgentManager.ts:91 - Changed private currentWorkingDir to public (currentWorkingDir). This breaks encapsulation. If external access is needed, consider a getter method instead.

  • File: packages/vscode-ide-companion/src/services/qwenAgentManager.ts:92 - New property availableAuthMethods is typed as Array<Record<string, unknown>> | undefined. This should use the AuthMethod type from ACP SDK or a properly defined interface.

  • File: packages/vscode-ide-companion/src/webview/App.tsx:85 - State variable authMethods uses Array<Record<string, unknown>> instead of a proper type. This propagates type unsafety throughout the authentication flow.

  • File: packages/webui/src/components/layout/Onboarding.tsx:43-48 - The handleLogin function sets selectedMethodId for 'coding-plan' and 'openai', but the type of methodId parameter allows any string. This should be typed more strictly.

🟢 Medium

  • File: packages/cli/src/acp-integration/authMethods.ts:10-38 - The auth methods are now using i18n for name and description, but the AuthMethod interface from ACP SDK may not expect localized strings. Consider whether these should be localized at the display layer instead.

  • File: packages/vscode-ide-companion/src/utils/authErrors.ts:73-84 - The extractAuthMethodsFromError function has two similar code paths checking record['data'] and record['error']['data']. This could be refactored into a helper function.

  • File: packages/vscode-ide-companion/src/webview/App.tsx:945 - The className conditional logic ${hasContent ? 'pb-[140px]' : 'pb-5'} is good, but consider extracting this complex className to a separate variable or using a classnames utility for better readability.

  • File: packages/webui/src/utils/i18n.ts:89-96 - Language detection only checks startsWith() which would match 'zh-CN', 'zh-TW', etc. to 'zh'. This is probably intentional, but consider handling Traditional vs Simplified Chinese explicitly if different translations are needed in the future.

  • File: packages/cli/src/utils/codingPlanLogic.ts:48-50 - Settings are set for security.auth.selectedType to AuthType.USE_OPENAI after Coding Plan auth. This seems like a workaround that could be confusing. Consider documenting why Coding Plan auth maps to USE_OPENAI.

🔵 Low

  • File: packages/vscode-ide-companion/src/services/acpConnection.ts:169 - The comment // eslint-disable-next-line @typescript-eslint/no-this-alias was removed and replaced with just whitespace. Either keep the eslint disable with explanation or remove the self variable entirely by using arrow functions.

  • File: packages/webui/src/components/layout/Onboarding.tsx:78 - The error message div uses hardcoded bg-red-500/10 and text-red-500 colors. Consider using CSS variables for theme consistency with VSCode.

  • File: packages/webui/src/utils/i18n.ts - Missing translations for some keys that appear in the Onboarding component. For example, "Bring your own API key" and "Paid · Up to 6,000 requests/5 hrs · All Alibaba Cloud Coding Plan Models" from authMethods.ts are not in the i18n file.

  • File: packages/vscode-ide-companion/src/webview/handlers/AuthMessageHandler.ts:16 - The type ((methodId?: string, _meta?: any) => Promise<void>) uses any for _meta. Should use a proper interface.

  • File: packages/core/src/models/constants.ts:90-95 - The CODING_PLAN auth type mapping has empty arrays for baseUrl and model. This is fine if intentional, but could use a comment explaining why these are empty.

  • File: packages/webui/src/components/layout/Onboarding.tsx:120 - The region select options have Chinese characters hardcoded (阿里云百炼, etc.). These should also be translated via i18n keys.

✅ Highlights

  • Excellent: The codingPlanLogic.ts utility cleanly separates the authentication flow logic, making it testable and reusable
  • Excellent: The i18n module is well-structured with clear translation keys and easy extensibility for additional languages
  • Good: Proper error message propagation from backend to UI through the loginErrorMessage state
  • Good: The authentication flow preserves existing OAuth functionality while adding new Coding Plan support
  • Good: VSCode WebView integration properly handles auth state with authMethods array for dynamic UI rendering
  • Good: The Onboarding component provides clear guidance for OpenAI-compatible API configuration with documentation links

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 19, 2026
View reviewed changes
xwj02155382 added 7 commits March 19, 2026 16:11
feat(auth): add Coding Plan authentication and multi-language support
97df4be
fix(webview): sync authMethods directly on connection init and handle…
5d535f2 
… frontend auth sync across sessions
fix(webview): clear current conversation contents on force relogin to…
af32bd2 
… ensure ui hasContent evaluates to false to allow Onboarding panel render
fix(webview): clear tool calls and plan entries when a new conversati…
056acc7 
…on is loaded to prevent old session data from stalling the UI rendering
style(webui): fix Onboarding screen flex layout overflow the top caus…
f3c8b68 
…ing unscrollable header
style(webview): remove bottom padding from empty state panels to prev…
c8dc0f6 
…ent flex child overflow
chore(auth): stabilize auth ui and resolve styling overflow
425eed1
@xuewenjie123 xuewenjie123 force-pushed the feat/2134-auth-parity branch from ad7446e to 425eed1 Compare March 19, 2026 08:12
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 19, 2026
View reviewed changes
@tanzhenxin tanzhenxin assigned yiliang114 and unassigned yiliang114 Mar 19, 2026
xwj02155382 added 4 commits March 20, 2026 11:22
feat(webui): redesign onboarding UI and refactor auth methods without…
c06dcc8 
… i18n overlay

This commit achieves the following:

- Redesigns the `Onboarding.tsx` screen to match Claude Code's minimalist structure with better spacing, robust dash borders, and solid styling on primary and secondary buttons.

- Disconnects UI languages from IDE language injection (`vscode.env.language`) in `acpConnection.ts`.

- Strips branch-specific multi-language wrapping (`t()` and `import { t }`) across components like `AskUserQuestionDialog.tsx` and `authMethods.ts`.

- Configures auth method identifiers properly stringified (`coding-plan`) instead of mutating global Enums.
Merge branch 'main' into feat/2134-auth-parity
82b8e2b
chore: flush out residual i18n scanner diffs to purely mirror main
f9d124c
chore: strictly sync i18n locales with upstream origin/main to clear …
c74240e 
…PR diffs
xwj02155382 and others added 3 commits March 20, 2026 15:05
fix(test): adapt acpConnection test to isConnected getter changes
d809a9c
feat(webui): redesign onboarding UI with CLI text parity and UX fixes
c964246 
- Fix connection error showing in chat instead of onboarding page
- Fix OAuth race condition: keep onboarding visible during re-auth
- Align auth method labels with CLI (Select Authentication Method,
  Free · Up to 1,000 requests/day, API Key / Bring your own API key)
- Redesign Coding Plan flow: Region select → API Key (two-step)
- Add API key validation (empty check + sk-sp- prefix for China)
- Region options: 阿里云百炼 (aliyun.com) / Alibaba Cloud (alibabacloud.com)
- Add 'Coding Plan API key here' link per CLI parity
- Use Qwen brand purple (#6366f1) for primary buttons
- Add outlined secondary buttons and ghost back buttons for better
  visual hierarchy and button affordance
- Center-align all onboarding content

Closes QwenLM#2134
Merge branch 'main' of https://github.com/QwenLM/qwen-code into feat/…
c69e0ba 
…2134-auth-parity
@xuewenjie123 xuewenjie123 changed the title Add Coding Plan Authentication and Multi-language i18n Support Add Coding Plan Authentication Mar 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tanzhenxin tanzhenxin Awaiting requested review from tanzhenxin tanzhenxin is a code owner

@DennisYu07 DennisYu07 Awaiting requested review from DennisYu07 DennisYu07 is a code owner

@gwinthis gwinthis Awaiting requested review from gwinthis gwinthis is a code owner

@LaZzyMan LaZzyMan Awaiting requested review from LaZzyMan LaZzyMan is a code owner

@pomelo-nwu pomelo-nwu Awaiting requested review from pomelo-nwu pomelo-nwu is a code owner

@Mingholy Mingholy Awaiting requested review from Mingholy Mingholy is a code owner

@DragonnZhang DragonnZhang Awaiting requested review from DragonnZhang DragonnZhang is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@yiliang114 yiliang114

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xuewenjie123 @yiliang114