User auth plugins cannot override built-in plugins in CLI auth flow

[JosXa]

Problem

When attempting to override the built-in GitHub Copilot auth plugin with a user/external plugin, the override doesn't work for opencode auth login. The built-in plugin always takes precedence in the CLI.

Root Cause

Plugin.list() returns internal plugins first, then user plugins. The CLI auth commands in packages/opencode/src/cli/cmd/auth.ts use .find() which returns the first match. Since internal plugins come first, the built-in plugin always wins.

Meanwhile, ProviderAuth.methods() (used by TUI) uses fromEntries() which is last-wins, so user plugins can override there.

This inconsistency means:

• TUI: User plugins can override built-in auth ✅
• CLI: User plugins cannot override built-in auth ❌

Expected Behavior

User/external plugins should be able to fully override built-in auth behavior (e.g., a company plugin replacing the default GitHub Copilot OAuth flow with a custom enterprise auth).

Reproduction

1. Create a user plugin that registers auth.provider: "github-copilot" with a custom auth method
2. Run opencode auth login github-copilot
3. The built-in OAuth flow runs instead of the custom method

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• bug: Inconsistent Provider/Plugin Selection Between CLI and TUI (.find() vs fromEntries()) #10898: Inconsistent Provider/Plugin Selection Between CLI and TUI (.find() vs fromEntries()) - EXACT ROOT CAUSE MATCH
• Plugin OAuth auth methods silently ignored (shadowed by other plugins) #10063: Plugin OAuth auth methods silently ignored (shadowed by other plugins)
• bug: multiple plugins registering auth for the same provider silently overwrite each other #6261: Multiple plugins registering auth for the same provider silently overwrite each other
• Plugin installation failures are silent, causing OAuth options to disappear #8297: Plugin installation failures are silent, causing OAuth options to disappear
• Github Enterprise authorization #3936: Github Enterprise authorization (enterprise auth customization use case)
• Plugin deduplication incorrectly removes plugins with index.js entry points #11159: Plugin deduplication incorrectly removes plugins with index.js entry points
• [Bug]: Only the last plugin loads in OpenCode 1.1.32 - Multiple plugins not supported #10115: Only the last plugin loads in OpenCode 1.1.32 - Multiple plugins not supported

Feel free to ignore if none of these address your specific case.