From ef3196d732fe90c9465fc5e13d3dd8e65a0e97a9 Mon Sep 17 00:00:00 2001
From: lewis617 <lewis617@163.com>
Date: Mon, 18 May 2026 11:17:52 +0800
Subject: [PATCH 1/5] feat: mask WAVE_API_KEY env var in configuration
 placeholder

Prevent exposing raw API key values in the configuration dialog by masking with asterisks, keeping only first 4 and last 4 characters visible.
---
 src/services/configurationService.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/services/configurationService.ts b/src/services/configurationService.ts
index 3913267..0ad2504 100644
--- a/src/services/configurationService.ts
+++ b/src/services/configurationService.ts
@@ -17,6 +17,12 @@ export interface ConfigurationData {
     envFastModel?: string;
 }
 
+/** Mask a secret value, keeping first 4 and last 4 characters visible */
+function maskSecret(value: string): string {
+    if (value.length <= 10) return '****';
+    return value.slice(0, 4) + '****' + value.slice(-4);
+}
+
 export class ConfigurationService {
     constructor(private context: vscode.ExtensionContext) {}
 
@@ -30,7 +36,7 @@ export class ConfigurationService {
             fastModel: this.context.globalState.get<string>('fastModel') || '',
             language: this.context.globalState.get<string>('language') || 'Chinese',
             envAiUrl: process.env.WAVE_AI_URL || undefined,
-            envApiKey: process.env.WAVE_API_KEY || undefined,
+            envApiKey: process.env.WAVE_API_KEY ? maskSecret(process.env.WAVE_API_KEY) : undefined,
             envHeaders: process.env.WAVE_CUSTOM_HEADERS || undefined,
             envBaseUrl: process.env.WAVE_BASE_URL || undefined,
             envModel: process.env.WAVE_MODEL || undefined,

From 70e0e607a8f2d1ddbfa03aa0e99354176a47cfb0 Mon Sep 17 00:00:00 2001
From: lewis617 <lewis617@163.com>
Date: Mon, 18 May 2026 11:32:51 +0800
Subject: [PATCH 2/5] feat: add auth method radio selection with form coupling

Add three-way radio group (SSO / API Key / Headers) to configuration dialog.
Switching methods clears unrelated fields. Persists authMethod to globalState
and updates documentation.
---
 docs/index.md                                 |  38 ++-
 src/services/configurationService.ts          |   4 +
 .../src/components/ConfigurationDialog.tsx    | 288 ++++++++++++------
 webview/src/types/index.ts                    |   2 +
 4 files changed, 230 insertions(+), 102 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index 7c6d27e..ea177b5 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -9,22 +9,50 @@ title: Wave 代码智聊
 
 [下载最新版本](https://github.com/netease-lcap/wave-vsce/releases) · [查看产品规格](/spec)
 
-## 鉴权配置说明（以下两种方案二选一）
+## 鉴权配置说明（以下三种方案三选一）
 
-### 方案一：OpenAI 兼容格式的 KEY
+插件提供三种认证方式，选择其一即可：
+
+### 方案一：SSO 单点登录（推荐内部使用）
+
+填写 **服务端链接** 后，点击 `SSO 登录` 按钮完成认证。支持网易内部 SSO，无需手动管理密钥。
+
+### 方案二：API Key 鉴权
 
 只要是 OpenAI 兼容格式都可以。网易内部推荐使用互娱服务：[AIGW 文档](https://aigw.doc.nie.netease.com/)。外网可使用 OpenAI 或 DeepSeek 官方服务。
 
-### 方案二：用户维度（网易内部）
+配置项：
+
+| 字段 | 说明 | 示例 |
+| --- | --- | --- |
+| **Base URL** | API 服务地址 | `https://api.openai.com/v1` |
+| **API Key** | 访问密钥 | `sk-xxxxxxxxxxxxxxxx` |
+| **Model** | 主模型名称 | `gpt-4` |
+| **Fast Model** | 快速模型名称 | `gpt-3.5-turbo` |
+
+### 方案三：Headers 自定义鉴权（网易内部 AIGW）
 
 1. 打开 [ModelSpace App 管理](https://modelspace.netease.com/model_access/app_manage)，新建 App，生成的 **App Code** 将作为 `X-AIGW-APP`。
 2. 给 App 添加成员。
 3. 每个成员访问 [权限控制台](https://console-auth.nie.netease.com/mymessage/mymessage)，复制 **v2 Token** 内容，作为 `X-Access-Token`。
-4. 在插件配置中添加 Headers（每行一个 `Key: Value`）：
+4. 选择 `Headers` 认证方式，在 Headers 配置中添加（每行一个 `Key: Value`）：
 
 ```
 X-AIGW-APP: your_app_code
 X-Access-Token: your_access_token
 ```
 
-5. 将 **BASE URL** 配置为：`https://aigw.netease.com/v1`
+5. 将 **Base URL** 配置为：`https://aigw.netease.com/v1`
+
+## 环境变量配置（可选）
+
+以上配置项均可通过环境变量预设，表单中会显示为占位符（敏感信息已脱敏）：
+
+| 环境变量 | 对应配置项 |
+| --- | --- |
+| `WAVE_AI_URL` | 服务端链接 |
+| `WAVE_API_KEY` | API Key（占位符中显示为 `****`） |
+| `WAVE_CUSTOM_HEADERS` | Headers |
+| `WAVE_BASE_URL` | Base URL |
+| `WAVE_MODEL` | Model |
+| `WAVE_FAST_MODEL` | Fast Model |
diff --git a/src/services/configurationService.ts b/src/services/configurationService.ts
index 0ad2504..2dc3bc2 100644
--- a/src/services/configurationService.ts
+++ b/src/services/configurationService.ts
@@ -1,6 +1,7 @@
 import * as vscode from 'vscode';
 
 export interface ConfigurationData {
+    authMethod?: 'sso' | 'apiKey' | 'headers';
     aiUrl?: string;
     apiKey?: string;
     headers?: string;
@@ -28,6 +29,7 @@ export class ConfigurationService {
 
     public async loadConfiguration(): Promise<ConfigurationData> {
         return {
+            authMethod: this.context.globalState.get<'sso' | 'apiKey' | 'headers'>('authMethod') || 'sso',
             aiUrl: this.context.globalState.get<string>('aiUrl') || '',
             apiKey: this.context.globalState.get<string>('apiKey') || '',
             headers: this.context.globalState.get<string>('headers') || '',
@@ -46,6 +48,8 @@ export class ConfigurationService {
 
     public async saveConfiguration(configData: Partial<ConfigurationData>): Promise<void> {
         try {
+            if (configData.authMethod !== undefined) await this.context.globalState.update('authMethod', configData.authMethod);
+            if (configData.aiUrl !== undefined) await this.context.globalState.update('aiUrl', configData.aiUrl);
             if (configData.apiKey !== undefined) await this.context.globalState.update('apiKey', configData.apiKey);
             if (configData.headers !== undefined) await this.context.globalState.update('headers', configData.headers);
             if (configData.baseURL !== undefined) await this.context.globalState.update('baseURL', configData.baseURL);
diff --git a/webview/src/components/ConfigurationDialog.tsx b/webview/src/components/ConfigurationDialog.tsx
index 1f011e8..0cab9be 100644
--- a/webview/src/components/ConfigurationDialog.tsx
+++ b/webview/src/components/ConfigurationDialog.tsx
@@ -21,8 +21,12 @@ const ConfigurationDialog: React.FC<ConfigurationDialogProps & { vscode: any }>
 }) => {
   const [activeTab, setActiveTab] = useState<'general' | 'plugins'>('general');
   const [activePluginTab, setActivePluginTab] = useState<'explore' | 'installed' | 'marketplaces'>('explore');
-  
+
+  // Auth method: 'sso' | 'apiKey' | 'headers'
+  const [authMethod, setAuthMethod] = useState<'sso' | 'apiKey' | 'headers'>('sso');
+
   const [formData, setFormData] = useState<ConfigurationData>({
+    authMethod: 'sso',
     aiUrl: '',
     apiKey: '',
     headers: '',
@@ -149,9 +153,32 @@ const ConfigurationDialog: React.FC<ConfigurationDialogProps & { vscode: any }>
   useEffect(() => {
     if (configurationData) {
       setFormData(configurationData);
+      // Derive auth method from existing values or use saved value
+      const savedMethod = configurationData.authMethod;
+      if (savedMethod) {
+        setAuthMethod(savedMethod);
+      } else if (configurationData.apiKey) {
+        setAuthMethod('apiKey');
+      } else if (configurationData.headers) {
+        setAuthMethod('headers');
+      } else {
+        setAuthMethod('sso');
+      }
     }
   }, [configurationData]);
 
+  const handleAuthMethodChange = (method: 'sso' | 'apiKey' | 'headers') => {
+    setAuthMethod(method);
+    // Clear fields not relevant to the selected method and update formData.authMethod
+    if (method === 'sso') {
+      setFormData(prev => ({ ...prev, authMethod: 'sso', apiKey: '', headers: '', baseURL: '', model: '', fastModel: '' }));
+    } else if (method === 'apiKey') {
+      setFormData(prev => ({ ...prev, authMethod: 'apiKey', aiUrl: '', headers: '' }));
+    } else {
+      setFormData(prev => ({ ...prev, authMethod: 'headers', aiUrl: '', apiKey: '' }));
+    }
+  };
+
   // Handle clicking outside to close dialog
   useEffect(() => {
     const handleClickOutside = (event: MouseEvent) => {
@@ -225,113 +252,180 @@ const ConfigurationDialog: React.FC<ConfigurationDialogProps & { vscode: any }>
           <form onSubmit={handleSubmit} className="configuration-form">
             <div className="configuration-fields-scroll-area">
               <div className="configuration-field">
-                <label htmlFor="aiUrl">服务端链接:</label>
-                <input
-                  id="aiUrl"
-                  type="url"
-                  value={formData.aiUrl || ''}
-                  onChange={(e) => handleInputChange('aiUrl', e.target.value)}
-                  placeholder={configurationData?.envAiUrl || '请联系管理员获取'}
-                  disabled={isLoading}
-                />
+                <label>认证方式:</label>
+                <div className="auth-method-radio-group">
+                  <label className="radio-label">
+                    <input
+                      type="radio"
+                      name="authMethod"
+                      value="sso"
+                      checked={authMethod === 'sso'}
+                      onChange={() => handleAuthMethodChange('sso')}
+                      disabled={isLoading}
+                    />
+                    SSO 登录
+                  </label>
+                  <label className="radio-label">
+                    <input
+                      type="radio"
+                      name="authMethod"
+                      value="apiKey"
+                      checked={authMethod === 'apiKey'}
+                      onChange={() => handleAuthMethodChange('apiKey')}
+                      disabled={isLoading}
+                    />
+                    API Key
+                  </label>
+                  <label className="radio-label">
+                    <input
+                      type="radio"
+                      name="authMethod"
+                      value="headers"
+                      checked={authMethod === 'headers'}
+                      onChange={() => handleAuthMethodChange('headers')}
+                      disabled={isLoading}
+                    />
+                    Headers
+                  </label>
+                </div>
               </div>
 
-              <div className="sso-auth-section">
-                <label>SSO 认证:</label>
-                {isAuthenticated ? (
-                  <div className="sso-authenticated">
-                    <div className="sso-user-info">
-                      {authUser?.email && <span className="sso-email">{authUser.email}</span>}
-                      <span className="sso-user-id">ID: {authUser?.id}</span>
-                    </div>
-                    <button
-                      type="button"
-                      className="sso-logout-btn"
-                      onClick={handleLogout}
-                      disabled={authLoading}
-                    >
-                      登出
-                    </button>
+              {authMethod === 'sso' && (
+                <>
+                  <div className="configuration-field">
+                    <label htmlFor="aiUrl">服务端链接:</label>
+                    <input
+                      id="aiUrl"
+                      type="url"
+                      value={formData.aiUrl || ''}
+                      onChange={(e) => handleInputChange('aiUrl', e.target.value)}
+                      placeholder={configurationData?.envAiUrl || '请联系管理员获取'}
+                      disabled={isLoading}
+                    />
                   </div>
-                ) : (
-                  <div className="sso-not-authenticated">
-                    <button
-                      type="button"
-                      className="sso-login-btn"
-                      onClick={handleLogin}
-                      disabled={authLoading || (!formData.aiUrl && !configurationData?.envAiUrl)}
-                    >
-                      {authLoading ? '登录中...' : 'SSO 登录'}
-                    </button>
-                    {authMessage && (
-                      <div className={`sso-message ${authMessage.includes('成功') ? 'success' : authMessage.includes('失败') ? 'error' : ''}`}>
-                        {authMessage}
+
+                  <div className="sso-auth-section">
+                    <label>SSO 认证:</label>
+                    {isAuthenticated ? (
+                      <div className="sso-authenticated">
+                        <div className="sso-user-info">
+                          {authUser?.email && <span className="sso-email">{authUser.email}</span>}
+                          <span className="sso-user-id">ID: {authUser?.id}</span>
+                        </div>
+                        <button
+                          type="button"
+                          className="sso-logout-btn"
+                          onClick={handleLogout}
+                          disabled={authLoading}
+                        >
+                          登出
+                        </button>
+                      </div>
+                    ) : (
+                      <div className="sso-not-authenticated">
+                        <button
+                          type="button"
+                          className="sso-login-btn"
+                          onClick={handleLogin}
+                          disabled={authLoading || (!formData.aiUrl && !configurationData?.envAiUrl)}
+                        >
+                          {authLoading ? '登录中...' : 'SSO 登录'}
+                        </button>
+                        {authMessage && (
+                          <div className={`sso-message ${authMessage.includes('成功') ? 'success' : authMessage.includes('失败') ? 'error' : ''}`}>
+                            {authMessage}
+                          </div>
+                        )}
                       </div>
                     )}
                   </div>
-                )}
-              </div>
+                </>
+              )}
 
-              <div className="configuration-field">
-                <label htmlFor="apiKey">API Key:</label>
-                <input
-                  id="apiKey"
-                  type="password"
-                  value={formData.apiKey || ''}
-                  onChange={(e) => handleInputChange('apiKey', e.target.value)}
-                  placeholder={configurationData?.envApiKey || '输入 API Key (或设置 WAVE_API_KEY 环境变量)'}
-                  disabled={isLoading}
-                />
-              </div>
+              {authMethod === 'apiKey' && (
+                <>
+                  <div className="configuration-field">
+                    <label htmlFor="baseURL">Base URL:</label>
+                    <input
+                      id="baseURL"
+                      type="url"
+                      value={formData.baseURL || ''}
+                      onChange={(e) => handleInputChange('baseURL', e.target.value)}
+                      placeholder={configurationData?.envBaseUrl || 'https://api.example.com/v1 (或设置 WAVE_BASE_URL)'}
+                      disabled={isLoading}
+                    />
+                  </div>
 
-              <div className="configuration-field">
-                <label htmlFor="headers">Headers:</label>
-                <textarea
-                  id="headers"
-                  value={formData.headers || ''}
-                  onChange={(e) => handleInputChange('headers', e.target.value)}
-                  placeholder={configurationData?.envHeaders || `Authorization: Bearer ...\nX-AIGW-APP: your_app_code\n(或设置 WAVE_CUSTOM_HEADERS)`}
-                  disabled={isLoading}
-                  className="configuration-textarea"
-                  rows={3}
-                />
-              </div>
+                  <div className="configuration-field">
+                    <label htmlFor="apiKey">API Key:</label>
+                    <input
+                      id="apiKey"
+                      type="password"
+                      value={formData.apiKey || ''}
+                      onChange={(e) => handleInputChange('apiKey', e.target.value)}
+                      placeholder={configurationData?.envApiKey || '输入 API Key (或设置 WAVE_API_KEY 环境变量)'}
+                      disabled={isLoading}
+                    />
+                  </div>
+                </>
+              )}
 
-              <div className="configuration-field">
-                <label htmlFor="baseURL">Base URL:</label>
-                <input
-                  id="baseURL"
-                  type="url"
-                  value={formData.baseURL || ''}
-                  onChange={(e) => handleInputChange('baseURL', e.target.value)}
-                  placeholder={configurationData?.envBaseUrl || 'https://api.example.com/v1 (或设置 WAVE_BASE_URL)'}
-                  disabled={isLoading}
-                />
-              </div>
+              {authMethod === 'headers' && (
+                <>
+                  <div className="configuration-field">
+                    <label htmlFor="baseURL">Base URL:</label>
+                    <input
+                      id="baseURL"
+                      type="url"
+                      value={formData.baseURL || ''}
+                      onChange={(e) => handleInputChange('baseURL', e.target.value)}
+                      placeholder={configurationData?.envBaseUrl || 'https://api.example.com/v1 (或设置 WAVE_BASE_URL)'}
+                      disabled={isLoading}
+                    />
+                  </div>
 
-              <div className="configuration-field">
-                <label htmlFor="model">Model:</label>
-                <input
-                  id="model"
-                  type="text"
-                  value={formData.model || ''}
-                  onChange={(e) => handleInputChange('model', e.target.value)}
-                  placeholder={configurationData?.envModel || '请输入模型名称 (或设置 WAVE_MODEL)'}
-                  disabled={isLoading}
-                />
-              </div>
+                  <div className="configuration-field">
+                    <label htmlFor="headers">Headers:</label>
+                    <textarea
+                      id="headers"
+                      value={formData.headers || ''}
+                      onChange={(e) => handleInputChange('headers', e.target.value)}
+                      placeholder={configurationData?.envHeaders || `Authorization: Bearer ...\nX-AIGW-APP: your_app_code\n(或设置 WAVE_CUSTOM_HEADERS)`}
+                      disabled={isLoading}
+                      className="configuration-textarea"
+                      rows={3}
+                    />
+                  </div>
+                </>
+              )}
 
-              <div className="configuration-field">
-                <label htmlFor="fastModel">Fast Model:</label>
-                <input
-                  id="fastModel"
-                  type="text"
-                  value={formData.fastModel || ''}
-                  onChange={(e) => handleInputChange('fastModel', e.target.value)}
-                  placeholder={configurationData?.envFastModel || '请输入快速模型名称 (或设置 WAVE_FAST_MODEL)'}
-                  disabled={isLoading}
-                />
-              </div>
+              {(authMethod === 'apiKey' || authMethod === 'headers') && (
+                <>
+                  <div className="configuration-field">
+                    <label htmlFor="model">Model:</label>
+                    <input
+                      id="model"
+                      type="text"
+                      value={formData.model || ''}
+                      onChange={(e) => handleInputChange('model', e.target.value)}
+                      placeholder={configurationData?.envModel || '请输入模型名称 (或设置 WAVE_MODEL)'}
+                      disabled={isLoading}
+                    />
+                  </div>
+
+                  <div className="configuration-field">
+                    <label htmlFor="fastModel">Fast Model:</label>
+                    <input
+                      id="fastModel"
+                      type="text"
+                      value={formData.fastModel || ''}
+                      onChange={(e) => handleInputChange('fastModel', e.target.value)}
+                      placeholder={configurationData?.envFastModel || '请输入快速模型名称 (或设置 WAVE_FAST_MODEL)'}
+                      disabled={isLoading}
+                    />
+                  </div>
+                </>
+              )}
 
               <div className="configuration-field">
                 <label htmlFor="language">语言 (Language):</label>
diff --git a/webview/src/types/index.ts b/webview/src/types/index.ts
index ab39b0a..c35a829 100644
--- a/webview/src/types/index.ts
+++ b/webview/src/types/index.ts
@@ -287,6 +287,8 @@ export interface ConfirmationDialogProps {
  * Maps to VS Code global state
  */
 export interface ConfigurationData {
+  /** Authentication method: 'sso' | 'apiKey' | 'headers' */
+  authMethod?: 'sso' | 'apiKey' | 'headers';
   /** Wave AI URL for SSO authentication (user-configured value) */
   aiUrl?: string;
   /** API key for authentication */

From c38578fb77363803bbd7af90c87661702f936bb8 Mon Sep 17 00:00:00 2001
From: lewis617 <lewis617@163.com>
Date: Mon, 18 May 2026 18:55:16 +0800
Subject: [PATCH 3/5] chore: upgrade SDK to v0.16.4 and rename WAVE_AI_URL to
 WAVE_SERVER_URL

---
 docs/index.md                        | 2 +-
 docs/spec.md                         | 2 +-
 package-lock.json                    | 8 ++++----
 package.json                         | 2 +-
 src/services/configurationService.ts | 2 +-
 src/session/chatSession.ts           | 4 ++--
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index ea177b5..f9b5c4c 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -50,7 +50,7 @@ X-Access-Token: your_access_token
 
 | 环境变量 | 对应配置项 |
 | --- | --- |
-| `WAVE_AI_URL` | 服务端链接 |
+| `WAVE_SERVER_URL` | 服务端链接 |
 | `WAVE_API_KEY` | API Key（占位符中显示为 `****`） |
 | `WAVE_CUSTOM_HEADERS` | Headers |
 | `WAVE_BASE_URL` | Base URL |
diff --git a/docs/spec.md b/docs/spec.md
index dc26df1..2566a1b 100644
--- a/docs/spec.md
+++ b/docs/spec.md
@@ -594,7 +594,7 @@ Wave 在后台自动维护项目记忆，帮助 AI 持续了解项目演变：
 
 **主要特性：**
 
-- **服务端链接**：配置 Wave AI 服务端地址，用于 SSO 认证。支持环境变量 `WAVE_AI_URL` 作为 fallback，默认 placeholder 提示"请联系管理员获取"。
+- **服务端链接**：配置 Wave AI 服务端地址，用于 SSO 认证。支持环境变量 `WAVE_SERVER_URL` 作为 fallback，默认 placeholder 提示"请联系管理员获取"。
 - **SSO 登录/登出**：当配置了服务端链接后，用户可通过 SSO 认证进行登录，无需手动配置 API Key。登录后所有 API 请求自动通过 Wave AI 代理路由。
   - **浏览器登录**：点击"SSO 登录"后自动打开浏览器，用户在 Wave AI 登录页完成认证（支持 SSO 企业身份提供商或账号密码登录），授权码通过 localhost 回调自动交换为 JWT 并保存。VS Code Remote SSH 环境会自动转发端口，远程服务器体验与本地一致。
   - **登录状态显示**：已认证时显示用户邮箱/ID 和登出按钮；登出后自动恢复为直接 LLM API 模式。
diff --git a/package-lock.json b/package-lock.json
index fae4cba..d9596ac 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,7 +13,7 @@
         "dompurify": "^3.3.0",
         "marked": "^9.1.6",
         "mermaid": "^11.12.2",
-        "wave-agent-sdk": "^0.16.3"
+        "wave-agent-sdk": "^0.16.4"
       },
       "devDependencies": {
         "@playwright/test": "^1.58.2",
@@ -12439,9 +12439,9 @@
       }
     },
     "node_modules/wave-agent-sdk": {
-      "version": "0.16.3",
-      "resolved": "https://registry.npmjs.org/wave-agent-sdk/-/wave-agent-sdk-0.16.3.tgz",
-      "integrity": "sha512-s0O/Xt8CVj2oHK8Dynxbba5B0FpJnmQCyxWLI7sQAp439yMFviHOhTQQnRuobpRfwyfB+0ew3L4OiNCNZ0Golg==",
+      "version": "0.16.4",
+      "resolved": "https://registry.npmjs.org/wave-agent-sdk/-/wave-agent-sdk-0.16.4.tgz",
+      "integrity": "sha512-a2uusD38lR1EzPBw9uWdb9UexbZzLChZdKoC7LkQRct9/430bSImql2g9FndARTkVKnyOpLOukJl8cKdu/53Ig==",
       "hasInstallScript": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index 7d6c5c9..eaa96bb 100644
--- a/package.json
+++ b/package.json
@@ -127,6 +127,6 @@
     "dompurify": "^3.3.0",
     "marked": "^9.1.6",
     "mermaid": "^11.12.2",
-    "wave-agent-sdk": "^0.16.3"
+    "wave-agent-sdk": "^0.16.4"
   }
 }
diff --git a/src/services/configurationService.ts b/src/services/configurationService.ts
index 2dc3bc2..279cdee 100644
--- a/src/services/configurationService.ts
+++ b/src/services/configurationService.ts
@@ -37,7 +37,7 @@ export class ConfigurationService {
             model: this.context.globalState.get<string>('model') || '',
             fastModel: this.context.globalState.get<string>('fastModel') || '',
             language: this.context.globalState.get<string>('language') || 'Chinese',
-            envAiUrl: process.env.WAVE_AI_URL || undefined,
+            envAiUrl: process.env.WAVE_SERVER_URL || undefined,
             envApiKey: process.env.WAVE_API_KEY ? maskSecret(process.env.WAVE_API_KEY) : undefined,
             envHeaders: process.env.WAVE_CUSTOM_HEADERS || undefined,
             envBaseUrl: process.env.WAVE_BASE_URL || undefined,
diff --git a/src/session/chatSession.ts b/src/session/chatSession.ts
index 50e9060..f6ea7d8 100644
--- a/src/session/chatSession.ts
+++ b/src/session/chatSession.ts
@@ -63,8 +63,8 @@ export class ChatSession {
             
             const isAuthValid = (!!config.apiKey || !!process.env.WAVE_API_KEY) 
                 || (!!config.headers || !!process.env.WAVE_CUSTOM_HEADERS)
-                || (!!config.aiUrl || !!process.env.WAVE_AI_URL);
-            const isBaseURLValid = !!config.baseURL || !!process.env.WAVE_BASE_URL || !!config.aiUrl || !!process.env.WAVE_AI_URL;
+                || (!!config.aiUrl || !!process.env.WAVE_SERVER_URL);
+            const isBaseURLValid = !!config.baseURL || !!process.env.WAVE_BASE_URL || !!config.aiUrl || !!process.env.WAVE_SERVER_URL;
 
             const agentCallbacks: AgentCallbacks = {
                 onMessagesChange: (messages: Message[]) => {

From fe0c53360030b3bfe88e75e963a6a563be8eb166 Mon Sep 17 00:00:00 2001
From: lewis617 <lewis617@163.com>
Date: Mon, 18 May 2026 18:57:24 +0800
Subject: [PATCH 4/5] feat: add model and fast model fields to SSO auth mode in
 configuration dialog

---
 docs/spec.md                                  |  1 +
 .../src/components/ConfigurationDialog.tsx    | 30 ++++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/docs/spec.md b/docs/spec.md
index 2566a1b..3bdbe69 100644
--- a/docs/spec.md
+++ b/docs/spec.md
@@ -595,6 +595,7 @@ Wave 在后台自动维护项目记忆，帮助 AI 持续了解项目演变：
 **主要特性：**
 
 - **服务端链接**：配置 Wave AI 服务端地址，用于 SSO 认证。支持环境变量 `WAVE_SERVER_URL` 作为 fallback，默认 placeholder 提示"请联系管理员获取"。
+- **Model / Fast Model**：SSO 模式下也可配置主模型和快速模型名称，支持环境变量 `WAVE_MODEL` / `WAVE_FAST_MODEL` 作为 placeholder 提示。
 - **SSO 登录/登出**：当配置了服务端链接后，用户可通过 SSO 认证进行登录，无需手动配置 API Key。登录后所有 API 请求自动通过 Wave AI 代理路由。
   - **浏览器登录**：点击"SSO 登录"后自动打开浏览器，用户在 Wave AI 登录页完成认证（支持 SSO 企业身份提供商或账号密码登录），授权码通过 localhost 回调自动交换为 JWT 并保存。VS Code Remote SSH 环境会自动转发端口，远程服务器体验与本地一致。
   - **登录状态显示**：已认证时显示用户邮箱/ID 和登出按钮；登出后自动恢复为直接 LLM API 模式。
diff --git a/webview/src/components/ConfigurationDialog.tsx b/webview/src/components/ConfigurationDialog.tsx
index 0cab9be..7648dbd 100644
--- a/webview/src/components/ConfigurationDialog.tsx
+++ b/webview/src/components/ConfigurationDialog.tsx
@@ -171,7 +171,7 @@ const ConfigurationDialog: React.FC<ConfigurationDialogProps & { vscode: any }>
     setAuthMethod(method);
     // Clear fields not relevant to the selected method and update formData.authMethod
     if (method === 'sso') {
-      setFormData(prev => ({ ...prev, authMethod: 'sso', apiKey: '', headers: '', baseURL: '', model: '', fastModel: '' }));
+      setFormData(prev => ({ ...prev, authMethod: 'sso', apiKey: '', headers: '', baseURL: '' }));
     } else if (method === 'apiKey') {
       setFormData(prev => ({ ...prev, authMethod: 'apiKey', aiUrl: '', headers: '' }));
     } else {
@@ -342,6 +342,34 @@ const ConfigurationDialog: React.FC<ConfigurationDialogProps & { vscode: any }>
                 </>
               )}
 
+              {authMethod === 'sso' && (
+                <>
+                  <div className="configuration-field">
+                    <label htmlFor="model">Model:</label>
+                    <input
+                      id="model"
+                      type="text"
+                      value={formData.model || ''}
+                      onChange={(e) => handleInputChange('model', e.target.value)}
+                      placeholder={configurationData?.envModel || '请输入模型名称 (或设置 WAVE_MODEL)'}
+                      disabled={isLoading}
+                    />
+                  </div>
+
+                  <div className="configuration-field">
+                    <label htmlFor="fastModel">Fast Model:</label>
+                    <input
+                      id="fastModel"
+                      type="text"
+                      value={formData.fastModel || ''}
+                      onChange={(e) => handleInputChange('fastModel', e.target.value)}
+                      placeholder={configurationData?.envFastModel || '请输入快速模型名称 (或设置 WAVE_FAST_MODEL)'}
+                      disabled={isLoading}
+                    />
+                  </div>
+                </>
+              )}
+
               {authMethod === 'apiKey' && (
                 <>
                   <div className="configuration-field">

From 11ceab27db4e05c497848ffa1be1ead769e19271 Mon Sep 17 00:00:00 2001
From: lewis617 <lewis617@163.com>
Date: Mon, 18 May 2026 18:58:09 +0800
Subject: [PATCH 5/5] 0.4.7

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d9596ac..6f04d60 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "wave-vscode-chat",
-  "version": "0.4.6",
+  "version": "0.4.7",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "wave-vscode-chat",
-      "version": "0.4.6",
+      "version": "0.4.7",
       "dependencies": {
         "@vscode/codicons": "^0.0.43",
         "diff": "^8.0.2",
diff --git a/package.json b/package.json
index eaa96bb..c9d040f 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "name": "wave-vscode-chat",
   "displayName": "Wave 代码智聊",
   "description": "Wave code for VS Code",
-  "version": "0.4.6",
+  "version": "0.4.7",
   "publisher": "wave-code",
   "icon": "LOGO.png",
   "repository": {