fix(provider): Enable credential_process and default profile support for Amazon Bedrock

[luqs1]

Description

Amazon Bedrock provider doesn't support credential_process in ~/.aws/config or the default AWS profile when AWS_PROFILE is not explicitly set.

Current Behavior

When using credential_process in ~/.aws/config:

[default]
credential_process = aws-vault exec default --json

Running opencode without setting AWS_PROFILE results in the Bedrock provider not loading. The /models command doesn't show Bedrock models.

Expected Behavior

OpenCode should support all AWS credential sources that the AWS SDK supports, including:

• credential_process in ~/.aws/config
• Default profile when AWS_PROFILE is not set
• All other credential sources that fromNodeProviderChain() discovers

Root Cause

Line 202 in packages/opencode/src/provider/provider.ts has a guard clause that returns early if no explicit credentials are detected:

if (!profile && !awsAccessKeyId && !awsBearerToken && !awsWebIdentityTokenFile) 
  return { autoload: false }

This prevents fromNodeProviderChain() from running, which would otherwise discover credential_process and default profile credentials.

Environment

• OpenCode version: 1.1.20
• Platform: macOS/Linux
• AWS credential method: credential_process in ~/.aws/config

Reproduction

1. Set up ~/.aws/config with credential_process:

   [default]
   credential_process = aws-vault exec default --json
   

2. Run opencode (without setting AWS_PROFILE)
3. Run /models command
4. Observe: Bedrock models are not listed

Related

• Similar to PR #8461 which added AWS_WEB_IDENTITY_TOKEN_FILE support
• The code already imports fromNodeProviderChain() which supports credential_process
• This affects users of aws-vault, saml2aws, granted, and other credential helpers