Find a file
曹潇缤 c1235d8c69
fix(qqbot): security hardening — gateway validation, atomic state, sanitized logging (#6200)
* fix(qqbot): validate gateway URL protocol to prevent SSRF

- Add validateGatewayUrl(): enforce wss:// protocol, warn on unexpected hostnames
- Integrate into fetchGatewayUrl() return path
- Truncate error body in fetchAccessToken() to 80 chars
- Add 6 tests covering protocol rejection, wss acceptance, and edge cases

* fix(qqbot): atomic state persistence and error log sanitization

State persistence hardening:
- Atomic saveQQState() via tmp+renameSync with disposed guard and unref()
- Atomic flushQQState() with {mode: 0o600} permissions
- Entry type validation in restoreQQState() for chatTypeMap and msgSeqMap

Error log sanitization:
- Wrap all user-controlled data in process.stderr.write() with sanitizeLogText()
- Covering: connect retry, sendMessage errors, state persistence failures,
  token refresh, malformed gateway, WebSocket errors, reconnect, and
  C2C/group handler error paths

* fix(qqbot): add replyMsgId validation in restoreQQState()

Add type/length validation for replyMsgId entries when restoring from
persisted state, consistent with the existing chatTypeMap and msgSeqMap
input validation filters. Entries must be strings ≤ 128 chars.

* fix(qqbot): add test coverage for restoreQQState filters, atomic writes, and gateway URL validation

* docs(qqbot): update restoreQQState doc and add disposed guard comment

- Update restoreQQState JSDoc: document validation instead of "trusts persisted JSON"
- Add inline comment explaining why saveQQState has disposed guard but flushQQState doesn't

* docs(qqbot): update validateGatewayUrl docstring to reflect TLS enforcement, not SSRF

* fix(qqbot): address wenshao review — hostname rejection, error sanitization, msgSeqMap validation

* fix(qqbot): address PR review — drain body, narrow gateway hostname

- Drain resp.body?.cancel() in fetchAccessToken error to prevent
  Undici connection leaks on repeated token failures
- Narrow validateGatewayUrl hostname check from broad Tencent
  wildcards (.tencent.com, .tencentcs.com) to only *.qq.com
  to prevent attacker-controlled Tencent Cloud API Gateway
  domains from passing validation

* test(qqbot): tighten token-error assertion to exact match

* test(qqbot): add connect retry sanitization + msgSeqMap edge-case tests

Add test verifying the final connect() retry sanitizes newline/control
characters in the thrown error message. Add tests for fractional,
overflow, and Infinity values in msgSeqMap restore validation to
prevent regression of the Number.isSafeInteger fix.

* fix(qqbot): address wenshao review round 3 — error preservation, validation logging, URL normalization

* test(qqbot): fix connect retry sanitization assertion — sanitizeLogText preserves readable content, not censor words

* fix(qqbot): address wenshao review — error preservation, validation logging, URL userinfo stripping, test coverage

* fix(qqbot): add Array.isArray guards and replyMsgId drop logging in restoreQQState

Prevent TypeError from .filter() on non-array state values (e.g. object
from partial write). Missing Array.isArray() guard caused all three maps
to be lost on a single corrupted section — now each map independently
validates with both truthiness + Array.isArray() before filtering.

Also add replyMsgId drop-count logging (was missing while chatTypeMap
and msgSeqMap already had it).

* fix(qqbot): drain response body in token error path, sanitize URL TypeError, clean tmp on atomic write failure

Three fixes from wenshao review:

1. fetchAccessToken: cancel unconsumed response body to prevent Undici TCP
   socket leak (could exhaust connection pool over hours in long-running daemon)

2. validateGatewayUrl: strip raw URL from TypeError message to prevent
   log injection via malformed URL strings

3. saveQQState/flushQQState: unlinkSync(tmpPath) in catch blocks to
   prevent orphaned .tmp files when renameSync fails (cross-device, Docker)

* fix(qqbot): test Infinity rejection via 1e999 raw JSON, not JSON.stringify nullification

* fix(qqbot): address PR #6200 review — beforeExit hook, key validation, error clarity

- Add beforeExit hook to flush debounced state on abnormal process exit
  (SIGKILL, OOM, crash) when unref'd 500ms timer has pending writes
- Validate map keys (typeof string, ≤256 chars) in restoreQQState filters
  alongside existing value validation to prevent non-string key bloat
- Improve gateway hostname error message to include expected domain

* fix(qqbot): address PR #6200 review round — non-object JSON restore, disposed guard, beforeExit dedup, comment fix

* fix(qqbot): hoist tmpPath declaration before try block in saveQQState

* fix(qqbot): update beforeExit JSDoc to accurately describe behavior

* fix(qqbot): drain response body in fetchGatewayUrl error path
2026-07-03 07:26:13 +00:00
.github ci(release): optimize validation steps (#6133) 2026-07-02 23:53:08 +00:00
.husky Sync upstream Gemini-CLI v0.8.2 (#838) 2025-10-23 09:27:04 +08:00
.qwen feat(channels): show lifecycle status in adapters (#6114) 2026-07-02 11:01:07 +00:00
.vscode Merge branch 'main' into feat/sandbox-config-improvements 2026-03-06 14:38:39 +08:00
docs feat(scheduler): make recurring cron/loop job expiration configurable (#6173) 2026-07-03 06:34:37 +00:00
docs-site Hide internal docs from docs site (#4357) 2026-06-01 15:55:14 +08:00
eslint-rules pre-release commit 2025-07-22 23:26:01 +08:00
integration-tests test(e2e): stabilize plan mode tool-control assertion (#6176) 2026-07-02 12:07:11 +00:00
packages fix(qqbot): security hardening — gateway validation, atomic state, sanitized logging (#6200) 2026-07-03 07:26:13 +00:00
patches fix(release): reduce npm package scan triggers (#6164) 2026-07-02 08:06:43 +00:00
scripts feat(core): add dataviz bundled skill (#6198) 2026-07-03 01:06:39 +00:00
.dockerignore fix(cli): skip stdin read for ACP mode 2026-03-27 11:47:01 +00:00
.editorconfig pre-release commit 2025-07-22 23:26:01 +08:00
.gitattributes feat(installer): add standalone hosted install and uninstall flow (#3828) 2026-05-21 11:57:10 +08:00
.gitignore feat(web-shell): add daemon UI support for vision model selection (#6209) 2026-07-03 04:31:11 +00:00
.npmrc chore: remove google registry 2025-08-08 20:45:54 +08:00
.nvmrc chore(deps): upgrade ink 6.2.3 → 7.0.2 + bump Node engine to 22 (#3860) 2026-05-11 17:29:50 +08:00
.prettierignore feat(acp): support /cd command in ACP sessions (#5903) 2026-06-27 14:47:40 +00:00
.prettierrc.json pre-release commit 2025-07-22 23:26:01 +08:00
.yamllint.yml feat(desktop): Add desktop app package with Qwen ACP SDK integration (#3778) 2026-06-11 21:57:20 +08:00
AGENTS.md feat(lint): enforce kebab-case filenames with ESLint (#4797) 2026-06-22 10:10:07 +08:00
CHANGELOG.md chore(release): v0.19.5 (#6194) 2026-07-02 13:38:46 +00:00
CLAUDE.md docs: rewrite CLAUDE.md to point to AGENTS.md as authoritative source (#5138) 2026-06-15 15:23:26 +08:00
CONTRIBUTING.md docs: add provider preset governance policy to CONTRIBUTING.md (#5631) 2026-06-27 14:44:21 +00:00
Dockerfile chore(deps): upgrade ink 6.2.3 → 7.0.2 + bump Node engine to 22 (#3860) 2026-05-11 17:29:50 +08:00
esbuild.config.js fix(cli): add bootstrap fast paths (#6188) 2026-07-02 22:28:11 +00:00
eslint.config.js ci: add fork PR safety precheck (#5926) 2026-07-01 19:31:25 +00:00
eslint.legacy-filenames.mjs refactor(cli): Finish serve kebab-case filenames (#5604) 2026-06-22 21:15:40 +08:00
LICENSE Sync upstream Gemini-CLI v0.8.2 (#838) 2025-10-23 09:27:04 +08:00
Makefile feat: update docs 2025-12-22 21:11:33 +08:00
package-lock.json chore(release): v0.19.5 (#6194) 2026-07-02 13:38:46 +00:00
package.json ci(release): optimize validation steps (#6133) 2026-07-02 23:53:08 +00:00
README.md docs: Revamp README for clarity and focus (#5257) 2026-06-18 10:27:16 +08:00
SECURITY.md fix: update security vulnerability reporting channel 2026-02-24 14:22:47 +08:00
tsconfig.json # 🚀 Sync Gemini CLI v0.2.1 - Major Feature Update (#483) 2025-09-01 14:48:55 +08:00
vitest.config.ts feat(channel): add QQ Bot (QQ机器人) channel adapter (#5202) 2026-06-19 06:32:52 +08:00

npm version License Node.js Version Downloads

QwenLM%2Fqwen-code | Trendshift

The open-source AI coding agent that lives in your terminal.

中文 | Deutsch | français | 日本語 | Русский | Português (Brasil)

Why Qwen Code?

  • Agentic out of the box — Auto-Memory, Auto-Skills, SubAgents, Agent Teams, and MCP. Dynamic workflows, zero setup.
  • Open-source, inside and out — The framework and the Qwen models are open-source. They evolve together. No vendor lock-in.
  • Multi-protocol — Supports OpenAI, Anthropic, Gemini, and Qwen APIs. Any third-party provider or local model (Ollama / vLLM). Switch at runtime.
  • Beyond the terminal — IDE plugins, Desktop app, daemon mode, SDKs, and IM bots (Telegram / DingTalk / WeChat / Feishu).

Tip

Qwen Code is actively iterating on itself — using its own agent and models to file issues, submit PRs, review code, and run tests. Powered by the community, driven by AI.

Installation

Linux / macOS:

curl -fsSL https://qwen-code-assets.oss-cn-hangzhou.aliyuncs.com/installation/install-qwen-standalone.sh | bash

Windows:

irm https://qwen-code-assets.oss-cn-hangzhou.aliyuncs.com/installation/install-qwen-standalone.ps1 | iex

Restart your terminal after installation to ensure environment variables take effect.

NPM / Homebrew

NPM (requires Node.js 22+):

npm install -g @qwen-code/qwen-code@latest

Homebrew (macOS / Linux):

brew install qwen-code

Quick Start

qwen          # Launch interactive terminal UI
# Inside the session:
/auth         # Configure your provider and API key

See the Authentication Guide and Settings Reference for detailed setup.

Qwen Code

How to Use Qwen Code

Mode Command Use Case
Interactive qwen Terminal UI with rich rendering, @file references, slash commands
Headless qwen -p "..." Scripts, CI/CD, batch processing — no UI
IDE VS Code, Zed, JetBrains
Desktop Qwen Code Desktop — GUI for macOS, Windows, Linux
Daemon qwen serve Shared agent session over HTTP+SSE (ACP). Multiple clients, one agent. (experimental) Docs
SDK TypeScript, Python, Java
IM Bot qwen channel Connect to Telegram, DingTalk, WeChat, or Feishu
SDK example (Python)
import asyncio

from qwen_code_sdk import is_sdk_result_message, query


async def main() -> None:
    result = query(
        "Summarize the repository layout.",
        {
            "cwd": "/path/to/project",
            "path_to_qwen_executable": "qwen",
        },
    )

    async for message in result:
        if is_sdk_result_message(message):
            print(message["result"])


asyncio.run(main())

Capabilities

If you know Claude Code, you already know Qwen Code — and then some. We've put significant effort into bringing Qwen Code to feature parity with Claude Code, improving both breadth and reliability across the board.

Feature Qwen Code Claude Code
SubAgents, Agent Teams, Dynamic Workflows
Auto-Memory, Auto-Skills, Hooks
Built-in Skills (/review, /batch, /loop, /bugfix…)
MCP, Plan Mode, LSP Integration
Auto Mode, Sandbox, Git Worktrees
Computer Use (desktop automation)
IDE Plugins (VS Code / JetBrains / Zed)
SDK
Headless Mode, Session Management
Open-source — model and framework
Multi-protocol (OpenAI / Anthropic / Gemini / Qwen + any provider)
Agent Arena (multi-model head-to-head on same task)
Daemon Mode — qwen serve (multi-client shared agent)
IM Channels (Telegram / DingTalk / WeChat / Feishu)

Ecosystem

  • Qwen Code Desktop — Official desktop app for macOS, Windows, and Linux

  • AionUi — A modern GUI for command-line AI tools including Qwen Code

  • Gemini CLI Desktop — A cross-platform desktop/web/mobile UI for Qwen Code

  • 🦞 Qwen Code Claw — Let other agents (Claude, Codex, etc.) delegate coding tasks to Qwen Code via ACP. Paste this prompt into your agent:

Use Qwen Code as a coding agent. First, fetch and read this skill reference:
https://raw.githubusercontent.com/QwenLM/qwen-code/refs/heads/main/.qwen/skills/qwen-code-claw/SKILL.md
Then follow the instructions inside to install, authenticate, and use Qwen Code via acpx for all coding tasks.

Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines.

Acknowledgments

This project was originally based on Google Gemini CLI v0.8.2. We gratefully acknowledge the Gemini CLI team's excellent work. Starting from Qwen Code v0.1, we stopped syncing with upstream and began independent development as a multi-protocol, multi-platform agent framework with deep integrations for Qwen models and beyond.