Plugin auth hook crashes TUI worker with 'Expected string, got undefined'

[marcusquinn]

Description

When a plugin returns an auth key in its export (even an empty array auth: []), the TUI worker crashes on startup with:

{
  "name": "UnknownError",
  "data": {
    "message": "Error: Expected string, got undefined\n    at <anonymous> (/$bunfs/root/src/cli/cmd/tui/worker.js:40673:82)\n    at <anonymous> (/$bunfs/root/src/cli/cmd/tui/worker.js:32469:22)\n    at <anonymous> (/$bunfs/root/src/cli/cmd/tui/worker.js:40673:35)\n    at <anonymous> (/$bunfs/root/src/cli/cmd/tui/worker.js:276732:45)\n    at processTicksAndRejections (native:7:39)"
  }
}

Steps to Reproduce

1. Create a minimal plugin that returns auth: []:

export async function MyPlugin({ directory, client }) {
  return {
    auth: [],
  };
}

2. Register the plugin in opencode.json
3. Run opencode
4. TUI crashes immediately after plugin loads

Expected Behavior

The TUI should start normally. An empty auth array should be a no-op.

Actual Behavior

Crash with Zod validation error Expected string, got undefined in the TUI worker.

Environment

• OpenCode version: 1.2.27
• OS: macOS (darwin arm64)
• Plugin: Custom plugin with auth hooks for OAuth account management

Workaround

Commenting out the auth key from the plugin export allows OpenCode to start. The auth hooks were working in a previous version (confirmed working before, exact version unknown).

Notes

This also affects plugins that return populated auth arrays with valid AuthHook objects. The crash occurs regardless of the auth hook content — even auth: [] triggers it.

[marcusquinn]

Correction on root cause: After further investigation, the crash is specifically with auth as an array — not with auth hooks in general.

• auth: singleHookObject — works (confirmed, been working since Mar 19)
• auth: [arrayOfHooks] — crashes with Expected string, got undefined
• auth: [] — my earlier test was confounded by a second crashing plugin (opencode-cursor-oauth). Empty arrays may or may not crash on their own — I can't isolate it cleanly.

The practical impact: plugins can only register one auth provider. Multiple providers require multiple plugins (one auth hook each), which works. But a single plugin can't register auth for multiple providers via an array.

This is a lower severity than originally reported — single auth hooks work fine. The array limitation is a feature gap rather than a regression.