fix: resolve auth from OpenCode auth.json for live provider switching

Read credentials from OpenCode's auth.json (~/.local/share/opencode/)
as highest priority source, so /connect account switches are reflected
immediately in HUD usage data.

Cross-platform: XDG_DATA_HOME > LOCALAPPDATA (win32) > ~/.local/share

Also fixes resolveProviderKey to trust providerID over modelID heuristics,
and triggers forceRefresh on provider/model change in chat.params hook.

Author: ComBba

package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-status-hud",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Real-time usage HUD plugin for OpenCode CLI — shows provider API utilization, context tokens, cost, and agent info",
   "type": "module",
   "main": "dist/src/index.js",

src/auth-resolver-openai.ts

@@ -16,6 +16,7 @@ import { readFile } from "node:fs/promises"
 import { join } from "node:path"
 import { homedir } from "node:os"
 import type { ResolvedOpenAIAuthToken } from "./provider-usage.types.js"
+import { readOpenCodeAuth } from "./opencode-auth.js"
 
 export interface ReadFileFn {
   (path: string, encoding: BufferEncoding): Promise<string>
@@ -110,5 +111,28 @@ export async function resolveOpenAIAuthToken(
 ): Promise<ResolvedOpenAIAuthToken | null> {
   const opts: OpenAIAuthResolverOptions = options ?? {}
 
+  const ocEntry = await readOpenCodeAuth("openai", {
+    readFileFn: opts.readFileFn,
+    env: opts.env ?? undefined,
+  })
+  if (ocEntry !== null) {
+    if (ocEntry.type === "oauth" && typeof ocEntry.access === "string" && ocEntry.access.length > 0) {
+      return {
+        accessToken: ocEntry.access,
+        accountId: typeof ocEntry.accountId === "string" ? ocEntry.accountId : undefined,
+        refreshToken: typeof ocEntry.refresh === "string" ? ocEntry.refresh : undefined,
+        source: "opencode-auth",
+        kind: "jwt",
+      }
+    }
+    if (ocEntry.type === "api" && typeof ocEntry.key === "string" && ocEntry.key.length > 0) {
+      return {
+        accessToken: ocEntry.key,
+        source: "opencode-auth",
+        kind: "api-key",
+      }
+    }
+  }
+
   return resolveFromAuthJson(opts)
 }

src/auth-resolver.ts

@@ -19,6 +19,7 @@ import { join } from "node:path"
 import { homedir } from "node:os"
 import { promisify } from "node:util"
 import type { ResolvedAuthToken, AuthTokenSource } from "./provider-usage.types.js"
+import { readOpenCodeAuth } from "./opencode-auth.js"
 
 const execFileAsync = promisify(execFile)
 
@@ -206,7 +207,20 @@ export async function resolveAuthToken(
 ): Promise<ResolvedAuthToken | null> {
   const opts: AuthResolverOptions = options ?? {}
 
-  // Priority 1: macOS Keychain
+  const ocEntry = await readOpenCodeAuth("anthropic", {
+    readFileFn: opts.readFileFn,
+    env: opts.env ?? undefined,
+    platform: opts.platform ?? undefined,
+  })
+  if (ocEntry !== null) {
+    if (ocEntry.type === "oauth" && typeof ocEntry.access === "string" && ocEntry.access.length > 0) {
+      return { token: ocEntry.access, source: "opencode-auth", kind: "oauth" }
+    }
+    if (ocEntry.type === "api" && typeof ocEntry.key === "string" && ocEntry.key.length > 0) {
+      return { token: ocEntry.key, source: "opencode-auth", kind: "oauth" }
+    }
+  }
+
   const keychainResult = await resolveFromKeychain(opts)
   if (keychainResult !== null) {
     return {

src/opencode-auth.ts

@@ -0,0 +1,87 @@
+import { readFile } from "node:fs/promises"
+import { join } from "node:path"
+import { homedir } from "node:os"
+
+export interface OpenCodeAuthEntry {
+  type: "oauth" | "api" | "wellknown"
+  access?: string | undefined
+  refresh?: string | undefined
+  expires?: number | undefined
+  accountId?: string | undefined
+  key?: string | undefined
+  token?: string | undefined
+  enterpriseUrl?: string | undefined
+}
+
+export interface OpenCodeAuthReaderOptions {
+  readFileFn?: ((path: string, encoding: BufferEncoding) => Promise<string>) | undefined
+  env?: NodeJS.ProcessEnv | undefined
+  platform?: string | undefined
+}
+
+export function resolveOpenCodeDataDir(
+  env?: NodeJS.ProcessEnv,
+  platform?: string
+): string {
+  const e = env ?? process.env
+  const p = platform ?? process.platform
+
+  if (e.XDG_DATA_HOME) {
+    return join(e.XDG_DATA_HOME, "opencode")
+  }
+
+  if (p === "win32" && e.LOCALAPPDATA) {
+    return join(e.LOCALAPPDATA, "opencode")
+  }
+
+  return join(homedir(), ".local", "share", "opencode")
+}
+
+export async function readOpenCodeAuth(
+  providerKey: string,
+  options?: OpenCodeAuthReaderOptions
+): Promise<OpenCodeAuthEntry | null> {
+  const read = options?.readFileFn ?? readFile
+  const dataDir = resolveOpenCodeDataDir(options?.env, options?.platform)
+  const authJsonPath = join(dataDir, "auth.json")
+
+  let content: string
+  try {
+    content = await read(authJsonPath, "utf-8")
+  } catch {
+    return null
+  }
+
+  let parsed: unknown
+  try {
+    parsed = JSON.parse(content)
+  } catch {
+    return null
+  }
+
+  if (typeof parsed !== "object" || parsed === null) {
+    return null
+  }
+
+  const entry = (parsed as Record<string, unknown>)[providerKey]
+  if (typeof entry !== "object" || entry === null) {
+    return null
+  }
+
+  const data = entry as Record<string, unknown>
+  const entryType = data.type
+  if (entryType !== "oauth" && entryType !== "api" && entryType !== "wellknown") {
+    return null
+  }
+
+  return {
+    type: entryType,
+    access: typeof data.access === "string" ? data.access : undefined,
+    refresh: typeof data.refresh === "string" ? data.refresh : undefined,
+    expires: typeof data.expires === "number" ? data.expires : undefined,
+    accountId: typeof data.accountId === "string" ? data.accountId : undefined,
+    key: typeof data.key === "string" ? data.key : undefined,
+    token: typeof data.token === "string" ? data.token : undefined,
+    enterpriseUrl: typeof data.enterpriseUrl === "string" ? data.enterpriseUrl : undefined,
+  }
+}

src/plugin.ts

@@ -170,16 +170,27 @@ function parseUsagePromptIntervalMs(value: string | undefined): number | null {
  * Returns null if provider is unknown or doesn't have a usage API.
  */
 function resolveProviderKey(providerID: string, modelID: string): ProviderKey | null {
-  const lowerProvider = providerID.toLowerCase()
+  const lowerProvider = providerID.trim().toLowerCase()
+
+  if (lowerProvider.length > 0) {
+    if (lowerProvider.includes("anthropic")) {
+      return "anthropic"
+    }
+
+    if (lowerProvider.includes("openai")) {
+      return "openai"
+    }
+
+    return null
+  }
+
   const lowerModel = modelID.toLowerCase()
 
-  // Anthropic models
-  if (lowerProvider.includes("anthropic") || lowerModel.includes("claude") || lowerModel.includes("opus") || lowerModel.includes("sonnet") || lowerModel.includes("haiku")) {
+  if (lowerModel.includes("claude") || lowerModel.includes("opus") || lowerModel.includes("sonnet") || lowerModel.includes("haiku")) {
     return "anthropic"
   }
 
-  // OpenAI models
-  if (lowerProvider.includes("openai") || lowerModel.includes("gpt") || lowerModel.includes("codex") || lowerModel.includes("o1") || lowerModel.includes("o3") || lowerModel.includes("o4")) {
+  if (lowerModel.includes("gpt") || lowerModel.includes("codex") || lowerModel.includes("o1") || lowerModel.includes("o3") || lowerModel.includes("o4")) {
     return "openai"
   }
 
@@ -522,6 +533,8 @@ export function createHudPluginHooks(
   const sessionRuntimes = new Map<string, SessionRuntime>()
   const sessionAgentMap = new Map<string, string>()
   let latestSessionKey: string | null = null
+  let lastSeenProviderID: string | null = null
+  let lastSeenModelID: string | null = null
 
   function pruneMap<V>(map: Map<string, V>): void {
     if (map.size <= MAX_SESSION_ENTRIES) return
@@ -938,10 +951,25 @@ export function createHudPluginHooks(
           if (model.id && model.cost && model.limit) {
             registry.updateFromChatParams(model, provider)
           }
+
+          const incomingProviderID = provider.id ?? provider.info?.id ?? ""
+          const incomingModelID = model.id ?? ""
+          const providerChanged = incomingProviderID !== lastSeenProviderID
+          const modelChanged = incomingModelID !== lastSeenModelID
+
+          if (providerChanged || modelChanged) {
+            lastSeenProviderID = incomingProviderID
+            lastSeenModelID = incomingModelID
+
+            const providerKey = resolveProviderKey(incomingProviderID, incomingModelID)
+            if (providerKey === "anthropic") {
+              void anthropicPoller.forceRefresh()
+            } else if (providerKey === "openai") {
+              void openaiPoller.forceRefresh()
+            }
+          }
         }
-      } catch {
-        // Silently ignore chat.params errors — registry is best-effort
-      }
+      } catch { }
     },
 
     "experimental.text.complete": async (input, output) => {

src/provider-usage.types.ts

@@ -47,6 +47,7 @@ export interface ProviderUsageSnapshot {
 
 /** Where the auth token was found */
 export type AuthTokenSource =
+  | "opencode-auth"
   | "keychain"
   | "credentials-file"
   | "env-oauth"
@@ -177,7 +178,7 @@ export interface OpenAIRateWindow {
 }
 
 /** Where the OpenAI auth token was found */
-export type OpenAIAuthTokenSource = "codex-auth-file" | "env-openai-key"
+export type OpenAIAuthTokenSource = "opencode-auth" | "codex-auth-file" | "env-openai-key"
 
 /** Resolved OpenAI auth token with metadata */
 export interface ResolvedOpenAIAuthToken {