fix(installer): use robust Windows checksum hashing

scripts/installation/install-qwen-with-source.bat

@@ -347,9 +347,11 @@ if "!EXPECTED_HASH!"=="" (
 )
 
 set "ACTUAL_HASH="
-for /f "tokens=1" %%H in ('certutil -hashfile "!ARCHIVE_FILE!" SHA256 ^| findstr /R /C:"^[0-9A-Fa-f][0-9A-Fa-f]"') do (
+set "QWEN_HASH_FILE=!ARCHIVE_FILE!"
+for /f "delims=" %%H in ('powershell -NoProfile -ExecutionPolicy Bypass -Command "$ErrorActionPreference = 'Stop'; (Get-FileHash -Algorithm SHA256 -LiteralPath $env:QWEN_HASH_FILE).Hash" 2^>nul') do (
     if "!ACTUAL_HASH!"=="" set "ACTUAL_HASH=%%H"
 )
+set "QWEN_HASH_FILE="
 
 if not "!TEMP_CHECKSUM!"=="" del /F /Q "!TEMP_CHECKSUM!" >nul 2>&1
 

scripts/tests/install-script.test.js

@@ -127,10 +127,12 @@ describe('installation scripts', () => {
     expect(script).toContain(':InstallNpm');
     expect(script).toContain(':VerifyChecksum');
     expect(script).toContain('SHA256SUMS not found; cannot verify archive');
+    expect(script).toContain('Get-FileHash -Algorithm SHA256');
     expect(script).toContain('tokens=1,2');
     expect(script).toContain('CHECKSUM_NAME');
     expect(script).toContain('if "!CHECKSUM_NAME!"=="!ARCHIVE_NAME!"');
     expect(script).not.toContain('findstr /C:"!ARCHIVE_NAME!"');
+    expect(script).not.toContain('certutil -hashfile');
     expect(script).toContain('qwen-code-win-x64.zip');
     expect(script).toContain('Expand-Archive');
     expect(script).toContain('$env:QWEN_DOWNLOAD_URL');