fix(TUI): complete auth fix for TUI with server password (HTTP mode)

[LeonMueller-OneAndOnly]

Summary

Completes the TUI authentication fix for when OPENCODE_SERVER_PASSWORD is set and TUI starts an HTTP server, due to the --port flag being set.

Problem

PR #8179 fixed TUI authentication when using direct RPC communication, but didn't handle the case where TUI starts an HTTP server (when --port flag is used). In this scenario, the TUI would fail to authenticate against its own server.

Solution

• Extracted getAuthorizationHeader() to a shared module packages/opencode/src/cli/cmd/tui/auth.ts
• Modified packages/opencode/src/cli/cmd/tui/thread.ts to use a custom fetch function that includes the Authorization header when an HTTP server is started with password protection
• The fix ensures the TUI can authenticate to the HTTP server it spawns when password is set

Testing

Verified with:

OPENCODE_SERVER_PASSWORD="test" bun dev . --hostname 127.0.0.1 --port 4096

Previously this would fail with Unauthorized errors. Now the TUI successfully authenticates and works as expected.

Related

• Completes #8179 (previous partial fix)
• Fixes #8173 (original issue)
• Fixes #9066 (same root issue)
• Fixes #8676 (duplicate issue)
• Fixes #8458 (same root cause)

This PR completes the authentication flow that was partially addressed in #8179. The previous PR only fixed the RPC communication path, while this PR fixes the HTTP server path.