AWS Bedrock credential provider fails in 1.16.0: "E is not a function"

[paweldrozd]

Description

After upgrading OpenCode from 1.15.13 to 1.16.0, AWS Bedrock authentication is broken when using SSO. Attempting to use a Bedrock model throws a runtime error related to the credential provider. It is highly likely that this is a minification/bundling error affecting the AWS SDK introduced in the 1.16.0 release.

Authentication Setup

Per company requirements, AWS authentication is handled via SSO. An Okta client connects to AWS and generates a temporary token, placing it directly into a specific profile within ~/.aws/credentials.

The generated [claude] profile in the credentials file looks like this (keys and tokens redacted):

[claude]
region                   = us-east-1
aws_access_key_id        = ASI...
aws_secret_access_key    = lpY...
aws_session_token        = Fwo...
x_security_token_expires = 2026-06-05T19:56:04+02:00

The following environment variables are exported before running OpenCode:

export CLAUDE_CODE_USE_BEDROCK=1
export AWS_REGION=us-east-1
export AWS_PROFILE=claude

Error message

AWS credential provider failed: E is not a function. (In 'E(e)', 'E' is a Symbol). Please ensure your credential provider returns valid AWS credentials with accessKeyId and secretAccessKey properties.

Expected behavior

OpenCode should correctly resolve the AWS credential provider chain for the specified SSO profile (parsing the access key, secret key, and session token) and authenticate with Bedrock, exactly as it did in the previous version.

Additional context

The error E is not a function. (In 'E(e)', 'E' is a Symbol) strongly suggests that the @aws-sdk/credential-providers package (or its dependencies handling SSO/temporary profile resolution) got mangled during the build step for 1.16.0.

Downgrading back to 1.15.13 immediately resolves the issue and the SSO authentication with temporary tokens works perfectly again.

Plugins

No response

OpenCode version

1.16.0

Steps to reproduce

1. Configure AWS SSO credentials to ~/.aws/credentials under a specific profile, including an aws_session_token.
2. Export the environment variables (CLAUDE_CODE_USE_BEDROCK, AWS_REGION, AWS_PROFILE).
3. Update OpenCode to version 1.16.0.
4. Run OpenCode and attempt to interact with a Bedrock model.
5. Observe the runtime minification error.

Screenshot and/or share link

No response

Operating System

Manjaro Linux, kernel: 6.12.85-1-MANJARO

Terminal

Ghostty

[emamimohsen]

I can reproduce this on Windows with opencode 1.16.0.

Setup:

• opencode-ai@1.16.0 installed globally via npm
• Windows 11
• AWS_PROFILE=
• AWS_REGION=
• AWS SSO/profile credentials resolve successfully with:
  aws sts get-caller-identity --profile <aws-profile>

Observed:
opencode run "Say hi" --model amazon-bedrock/<bedrock-model-id> --print-logs --log-level DEBUG

Fails with:
AWS credential provider failed: E is not a function. (In 'E(e)', 'E' is a Symbol).

The opencode stack points into bundled Bun chunks:
B:/~BUN/root/chunk-ja0279j6.js

Additional checks:

• fromNodeProviderChain({ profile: "<aws-profile>" })() works directly in Node.
• It also works directly in Bun.
• A small compiled Bun executable using @ai-sdk/amazon-bedrock@4.0.112 and @aws-sdk/credential-providers@3.1057.0 also signs successfully.
• The failure seems specific to the opencode 1.16.0 bundled runtime/path.

This started after the 1.16.0 dependency bump from PR #30464:

• @ai-sdk/amazon-bedrock: 4.0.107 -> 4.0.112
• @aws-sdk/credential-providers: 3.993.0 -> 3.1057.0

[DerJacques]

Curious if this will be fixed by #30873.

[rekram1-node]

Sorry everyone investigating will release a fix soon, for now u can downgrade and set "autoupdate": false in ur opencode config

[rekram1-node]

should be fixed by this:
1e216e1

Started the release pipeline

[ntoporcov]

Can confirm working in 1.16.1! Thanks!