feat(qoder): add Qoder as a first-class auth provider

README.md

@@ -49,18 +49,20 @@ VisionCoder is also offering our users a limited-time <a href="https://coder.vis
 - OpenAI Codex support (GPT models) via OAuth login
 - Claude Code support via OAuth login
 - Grok Build support via OAuth login
+- Qoder support via OAuth login
 - Amp CLI and IDE extensions support with provider routing
 - Streaming, non-streaming, and WebSocket responses where supported
 - Function calling/tools support
 - Multimodal input support (text and images)
-- Multiple accounts with round-robin load balancing (Gemini, OpenAI, Claude, Grok)
-- Simple CLI authentication flows (Gemini, OpenAI, Claude, Grok)
+- Multiple accounts with round-robin load balancing (Gemini, OpenAI, Claude, Grok, Qoder)
+- Simple CLI authentication flows (Gemini, OpenAI, Claude, Grok, Qoder)
 - Generative Language API Key support
 - AI Studio Build multi-account load balancing
 - Gemini CLI multi-account load balancing
 - Claude Code multi-account load balancing
 - OpenAI Codex multi-account load balancing
 - Grok Build multi-account load balancing
+- Qoder multi-account load balancing
 - OpenAI-compatible upstream providers via config (e.g., OpenRouter)
 - Reusable Go SDK for embedding the proxy (see `docs/sdk-usage.md`)
 

README_CN.md

@@ -50,17 +50,19 @@ VisionCoder 还为我们的用户提供 <a href="https://coder.visioncoder.cn" t
 - 新增 OpenAI Codex（GPT 系列）支持（OAuth 登录）
 - 新增 Claude Code 支持（OAuth 登录）
 - 新增 Grok Build 支持（OAuth 登录）
+- 新增 Qoder 支持（OAuth 登录）
 - 支持流式、非流式响应，以及受支持场景下的 WebSocket 响应
 - 函数调用/工具支持
 - 多模态输入（文本、图片）
-- 多账户支持与轮询负载均衡（Gemini、OpenAI、Claude、Grok）
-- 简单的 CLI 身份验证流程（Gemini、OpenAI、Claude、Grok）
+- 多账户支持与轮询负载均衡（Gemini、OpenAI、Claude、Qwen、Grok、Qoder 与 iFlow）
+- 简单的 CLI 身份验证流程（Gemini、OpenAI、Claude、Qwen、Grok、Qoder 与 iFlow）
 - 支持 Gemini AIStudio API 密钥
 - 支持 AI Studio Build 多账户轮询
 - 支持 Gemini CLI 多账户轮询
 - 支持 Claude Code 多账户轮询
 - 支持 OpenAI Codex 多账户轮询
 - 支持 Grok Build 多账户轮询
+- 支持 Qoder 多账户轮询
 - 通过配置接入上游 OpenAI 兼容提供商（例如 OpenRouter）
 - 可复用的 Go SDK（见 `docs/sdk-usage_CN.md`）
 

README_JA.md

@@ -47,18 +47,20 @@ PackyCodeは当ソフトウェアのユーザーに特別割引を提供して
 - OAuthログインによるOpenAI Codexサポート（GPTモデル）
 - OAuthログインによるClaude Codeサポート
 - OAuthログインによるGrok Buildサポート
+- OAuthログインによるQoderサポート
 - プロバイダールーティングによるAmp CLIおよびIDE拡張機能のサポート
 - ストリーミング、非ストリーミング、および対応環境でのWebSocketレスポンス
 - 関数呼び出し/ツールのサポート
 - マルチモーダル入力サポート（テキストと画像）
-- ラウンドロビン負荷分散による複数アカウント対応（Gemini、OpenAI、Claude、Grok）
-- シンプルなCLI認証フロー（Gemini、OpenAI、Claude、Grok）
+- ラウンドロビン負荷分散による複数アカウント対応（Gemini、OpenAI、Claude、Qwen、Grok、QoderおよびiFlow）
+- シンプルなCLI認証フロー（Gemini、OpenAI、Claude、Qwen、Grok、QoderおよびiFlow）
 - Generative Language APIキーのサポート
 - AI Studioビルドのマルチアカウント負荷分散
 - Gemini CLIのマルチアカウント負荷分散
 - Claude Codeのマルチアカウント負荷分散
 - OpenAI Codexのマルチアカウント負荷分散
 - Grok Buildのマルチアカウント負荷分散
+- Qoderのマルチアカウント負荷分散
 - 設定によるOpenAI互換アップストリームプロバイダー（例：OpenRouter）
 - プロキシ埋め込み用の再利用可能なGo SDK（`docs/sdk-usage.md`を参照）
 

cmd/qoder_replay/main.go

@@ -0,0 +1,225 @@
+// Command qoder_replay replays a captured Qoder request JSON file against the
+// live upstream, using stored credentials for COSY signing. Supports binary
+// search mode to isolate the message that triggers a WAF 405.
+//
+// Usage:
+//
+//	qoder_replay -auth <auth-file> -req <req-file>
+//	qoder_replay -auth <auth-file> -req <req-file> -bisect
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/google/uuid"
+	qoderauth "github.com/router-for-me/CLIProxyAPI/v7/internal/auth/qoder"
+	"github.com/router-for-me/CLIProxyAPI/v7/internal/runtime/executor/helps"
+)
+
+func main() {
+	authFile := flag.String("auth", "", "Path to qoder auth JSON file")
+	reqFile := flag.String("req", "", "Path to captured request JSON file")
+	bisect := flag.Bool("bisect", false, "Binary search for the offending message")
+	chatURL := flag.String("url", "", "Override chat URL (default: auto based on -encode flag)")
+	encode := flag.Bool("encode", true, "Wrap and encode body (Encode=1 mode)")
+	flag.Parse()
+
+	if *chatURL == "" {
+		if *encode {
+			*chatURL = qoderauth.QoderChatURLEncoded
+		} else {
+			*chatURL = qoderauth.QoderChatURL
+		}
+	}
+
+	if *authFile == "" || *reqFile == "" {
+		fmt.Fprintln(os.Stderr, "usage: qoder_replay -auth <auth-file> -req <req-file> [-bisect]")
+		os.Exit(1)
+	}
+
+	// Load auth
+	authData, err := os.ReadFile(*authFile)
+	if err != nil {
+		fatalf("read auth: %v", err)
+	}
+	var storage qoderauth.QoderTokenStorage
+	if err := json.Unmarshal(authData, &storage); err != nil {
+		fatalf("parse auth: %v", err)
+	}
+
+	// Load request
+	reqData, err := os.ReadFile(*reqFile)
+	if err != nil {
+		fatalf("read req: %v", err)
+	}
+	var reqBody map[string]interface{}
+	if err := json.Unmarshal(reqData, &reqBody); err != nil {
+		fatalf("parse req: %v", err)
+	}
+
+	msgs, _ := reqBody["messages"].([]interface{})
+	fmt.Printf("Loaded request with %d messages\n", len(msgs))
+
+	if !*bisect {
+		status, body := send(&storage, reqBody, *chatURL, *encode)
+		fmt.Printf("Status: %d\n", status)
+		fmt.Printf("Body: %s\n", truncate(string(body), 500))
+		return
+	}
+
+	// Binary search
+	fmt.Printf("\nBisecting %d messages...\n\n", len(msgs))
+
+	// Verify full set fails
+	status, _ := send(&storage, withMessages(reqBody, msgs), *chatURL, *encode)
+	if status != 405 {
+		fmt.Printf("WARNING: full request returned %d (not 405), bisect may be unreliable\n", status)
+	}
+
+	lo, hi := 0, len(msgs)
+	for hi-lo > 1 {
+		mid := (lo + hi) / 2
+		subset := msgs[:mid]
+		fmt.Printf("Testing msgs[0:%d]... ", mid)
+		status, _ := send(&storage, withMessages(reqBody, subset), *chatURL, *encode)
+		fmt.Printf("-> %d\n", status)
+		if status == 405 {
+			hi = mid
+		} else {
+			lo = mid
+		}
+	}
+
+	fmt.Printf("\nOffending message index: %d\n", lo)
+	m, _ := msgs[lo].(map[string]interface{})
+	if m == nil {
+		fmt.Println("(could not parse message)")
+		return
+	}
+	fmt.Printf("role: %s\n", m["role"])
+	content, _ := m["content"].(string)
+	fmt.Printf("content: %s\n", truncate(content, 300))
+	if tcs, ok := m["tool_calls"].([]interface{}); ok {
+		for _, tc := range tcs {
+			tcMap, _ := tc.(map[string]interface{})
+			if tcMap == nil {
+				continue
+			}
+			fn, _ := tcMap["function"].(map[string]interface{})
+			if fn == nil {
+				continue
+			}
+			fmt.Printf("tool_call: %s\n  args: %s\n", fn["name"], truncate(fmt.Sprintf("%v", fn["arguments"]), 500))
+		}
+	}
+}
+
+func withMessages(base map[string]interface{}, msgs []interface{}) map[string]interface{} {
+	clone := make(map[string]interface{}, len(base))
+	for k, v := range base {
+		clone[k] = v
+	}
+	clone["messages"] = msgs
+	// Fresh IDs so each bisect call is independent
+	clone["request_id"] = uuid.New().String()
+	clone["request_set_id"] = uuid.New().String()
+	clone["chat_record_id"] = uuid.New().String()
+	clone["session_id"] = uuid.New().String()
+	if biz, ok := clone["business"].(map[string]interface{}); ok {
+		bizClone := make(map[string]interface{}, len(biz))
+		for k, v := range biz {
+			bizClone[k] = v
+		}
+		bizClone["id"] = uuid.New().String()
+		bizClone["begin_at"] = time.Now().UnixMilli()
+		clone["business"] = bizClone
+	}
+	return clone
+}
+
+func send(storage *qoderauth.QoderTokenStorage, reqBody map[string]interface{}, chatURL string, encode bool) (int, []byte) {
+	bodyBytes, err := json.Marshal(reqBody)
+	if err != nil {
+		fatalf("marshal: %v", err)
+	}
+
+	var sendBytes []byte
+	if encode {
+		sendBytes = []byte(helps.QoderEncodeBody(bodyBytes))
+	} else {
+		sendBytes = bodyBytes
+	}
+
+	req, err := http.NewRequest("POST", chatURL, bytes.NewReader(sendBytes))
+	if err != nil {
+		fatalf("new request: %v", err)
+	}
+
+	headers, err := qoderauth.BuildAuthHeaders(
+		sendBytes,
+		chatURL,
+		qoderauth.CosyCredentials{
+			UserID:    storage.UserID,
+			AuthToken: storage.Token,
+			Name:      storage.Name,
+			Email:     storage.Email,
+			MachineID: storage.MachineID,
+		},
+	)
+	if err != nil {
+		fatalf("build auth headers: %v", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "text/event-stream")
+	req.Header.Set("Cache-Control", "no-cache")
+	headers.Apply(req)
+	// Extract model key from request body for X-Model-Key header
+	if modelKey, ok := reqBody["model_config"].(map[string]interface{}); ok {
+		if key, ok := modelKey["key"].(string); ok && key != "" {
+			req.Header.Set("X-Model-Key", key)
+		}
+		if src, ok := modelKey["source"].(string); ok && src != "" {
+			req.Header.Set("X-Model-Source", src)
+		} else {
+			req.Header.Set("X-Model-Source", "system")
+		}
+	}
+	req.Header.Set("Accept-Encoding", "identity")
+
+	client := &http.Client{Timeout: 15 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "request error: %v\n", err)
+		return 0, nil
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode != http.StatusOK {
+		body, _ := io.ReadAll(resp.Body)
+		return resp.StatusCode, body
+	}
+	// For 200 SSE responses, just read the first chunk to confirm success.
+	buf := make([]byte, 512)
+	n, _ := resp.Body.Read(buf)
+	return resp.StatusCode, buf[:n]
+}
+
+func truncate(s string, n int) string {
+	if len(s) <= n {
+		return s
+	}
+	return s[:n] + "..."
+}
+
+func fatalf(format string, args ...interface{}) {
+	fmt.Fprintf(os.Stderr, "error: "+format+"\n", args...)
+	os.Exit(1)
+}

cmd/server/main.go

@@ -99,6 +99,7 @@ func main() {
 	var githubCopilotLogin bool
 	var codeBuddyLogin bool
 	var xaiLogin bool
+	var qoderLogin bool
 	var projectID string
 	var vertexImport string
 	var vertexImportPrefix string
@@ -141,6 +142,7 @@ func main() {
 	flag.BoolVar(&githubCopilotLogin, "github-copilot-login", false, "Login to GitHub Copilot using device flow")
 	flag.BoolVar(&codeBuddyLogin, "codebuddy-login", false, "Login to CodeBuddy using browser OAuth flow")
 	flag.BoolVar(&xaiLogin, "xai-login", false, "Login to xAI using OAuth")
+	flag.BoolVar(&qoderLogin, "qoder-login", false, "Login to Qoder using OAuth device flow")
 	flag.StringVar(&projectID, "project_id", "", "Project ID (Gemini only, not required)")
 	flag.StringVar(&configPath, "config", DefaultConfigPath, "Configure File Path")
 	flag.StringVar(&vertexImport, "vertex-import", "", "Import Vertex service account key JSON file")
@@ -680,6 +682,8 @@ func main() {
 		cmd.DoKiroIDCLogin(cfg, options, kiroIDCStartURL, kiroIDCRegion, kiroIDCFlow)
 	} else if xaiLogin {
 		cmd.DoXAILogin(cfg, options)
+	} else if qoderLogin {
+		cmd.DoQoderLogin(cfg, options)
 	} else {
 		// In cloud deploy mode without config file, just wait for shutdown signals
 		if isCloudDeploy && !configFileExists {

config.example.yaml

@@ -399,7 +399,7 @@ nonstream-keepalive-interval: 0
 
 # Global OAuth model name aliases (per channel)
 # These aliases rename model IDs for both model listing and request routing.
-# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, kimi, xai.
+# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, kimi, xai, qoder.
 # NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode.
 # NOTE: Because aliases affect the merged /v1 model list and merged request routing, overlapping
 # client-visible names can become ambiguous across providers. /api/provider/{provider}/... helps
@@ -444,9 +444,12 @@ nonstream-keepalive-interval: 0
 #   xai:
 #     - name: "grok-4.3"
 #       alias: "grok-latest"
+#   qoder:
+#     - name: "auto"
+#       alias: "qoder-auto"
 
 # OAuth provider excluded models
-# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot.
+# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot, qoder.
 # oauth-excluded-models:
 #   gemini-cli:
 #     - "gemini-2.5-pro"     # exclude specific models (exact match)
@@ -467,6 +470,8 @@ nonstream-keepalive-interval: 0
 #     - "kimi-k2-thinking"
 #   xai:
 #     - "grok-3-mini"
+#   qoder:
+#     - "auto"
 
 # Optional payload configuration
 # payload: