From 5d3e0dca60873c87d944b80bd5943a72f0f5b640 Mon Sep 17 00:00:00 2001
From: Sandeep Srinivasa <sss@wootzapp.com>
Date: Sun, 28 Dec 2025 14:55:19 +0530
Subject: [PATCH 1/2] feat: add Google Vertex AI service account JSON
 authentication

Add support for authenticating to Google Vertex AI using service account
JSON credentials, with proper credential separation from regular Google
(Gemini) API keys.

Changes:
- Add service account JSON auth flow in CLI (`opencode auth login`)
- Add TUI dialog for pasting service account JSON with location input
- Update provider loaders to use stored credentials with googleAuthOptions
- Explicitly set `key: undefined` and `apiKey: null` in Vertex loaders to
  prevent credential leakage from other providers
- Rename "Vertex" to "Google Vertex AI" consistently across UI:
  - /connect menu
  - Model selection dialog
  - Status bar below text entry
- Add comprehensive tests verifying credential separation between google,
  google-vertex, and google-vertex-anthropic providers

The three providers (google, google-vertex, google-vertex-anthropic) are
now completely independent and can be configured simultaneously without
credentials leaking between them.
---
 packages/opencode/src/cli/cmd/auth.ts         |  60 ++-
 .../cli/cmd/tui/component/dialog-model.tsx    |  17 +-
 .../cli/cmd/tui/component/dialog-provider.tsx | 178 ++++++-
 .../src/cli/cmd/tui/context/local.tsx         |   6 +-
 packages/opencode/src/provider/provider.ts    |  74 +++
 .../opencode/test/provider/provider.test.ts   | 446 ++++++++++++++++++
 6 files changed, 771 insertions(+), 10 deletions(-)

diff --git a/packages/opencode/src/cli/cmd/auth.ts b/packages/opencode/src/cli/cmd/auth.ts
index 658329fb6ef..eb949ec1c1b 100644
--- a/packages/opencode/src/cli/cmd/auth.ts
+++ b/packages/opencode/src/cli/cmd/auth.ts
@@ -274,8 +274,14 @@ export const AuthLoginCommand = cmd({
           "github-copilot": 2,
           openai: 3,
           google: 4,
-          openrouter: 5,
-          vercel: 6,
+          "google-vertex": 5,
+          "google-vertex-anthropic": 6,
+          openrouter: 7,
+          vercel: 8,
+        }
+        const displayNames: Record<string, string> = {
+          "google-vertex": "Google Vertex AI",
+          "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
         }
         let provider = await prompts.autocomplete({
           message: "Select provider",
@@ -289,11 +295,13 @@ export const AuthLoginCommand = cmd({
                 (x) => x.name ?? x.id,
               ),
               map((x) => ({
-                label: x.name,
+                label: displayNames[x.id] ?? x.name,
                 value: x.id,
                 hint: {
                   opencode: "recommended",
                   anthropic: "Claude Max or API key",
+                  "google-vertex": "Service Account",
+                  "google-vertex-anthropic": "Service Account",
                 }[x.id],
               })),
             ),
@@ -349,6 +357,52 @@ export const AuthLoginCommand = cmd({
           prompts.log.info("You can create an api key at https://vercel.link/ai-gateway-token")
         }
 
+        if (provider === "google-vertex" || provider === "google-vertex-anthropic") {
+          prompts.log.info("Paste your service account JSON below.")
+          prompts.log.info("Download from https://console.cloud.google.com/iam-admin/serviceaccounts")
+
+          const serviceAccountJson = await prompts.text({
+            message: "Service Account JSON",
+            placeholder: '{"type": "service_account", ...}',
+            validate: (x) => {
+              if (!x) return "Required"
+              try {
+                const json = JSON.parse(x)
+                if (json.type !== "service_account") return "Invalid: 'type' must be 'service_account'"
+                if (!json.client_email) return "Invalid: missing 'client_email' field"
+                if (!json.private_key) return "Invalid: missing 'private_key' field"
+                if (!json.project_id) return "Invalid: missing 'project_id' field"
+                return undefined
+              } catch (e) {
+                return `Invalid JSON: ${e instanceof Error ? e.message : "parse error"}`
+              }
+            },
+          })
+          if (prompts.isCancel(serviceAccountJson)) throw new UI.CancelledError()
+
+          const json = JSON.parse(serviceAccountJson)
+
+          const defaultLocation = provider === "google-vertex-anthropic" ? "global" : "us-east5"
+          const location = await prompts.text({
+            message: `Location (default: ${defaultLocation})`,
+            placeholder: defaultLocation,
+          })
+          if (prompts.isCancel(location)) throw new UI.CancelledError()
+
+          await Auth.set(provider, {
+            type: "api",
+            key: JSON.stringify({
+              client_email: json.client_email,
+              private_key: json.private_key,
+              project_id: json.project_id,
+              location: location || defaultLocation,
+            }),
+          })
+
+          prompts.outro("Done")
+          return
+        }
+
         const key = await prompts.password({
           message: "Enter your API key",
           validate: (x) => (x && x.length > 0 ? undefined : "Required"),
diff --git a/packages/opencode/src/cli/cmd/tui/component/dialog-model.tsx b/packages/opencode/src/cli/cmd/tui/component/dialog-model.tsx
index bc90dbb5c6e..3688a5f3832 100644
--- a/packages/opencode/src/cli/cmd/tui/component/dialog-model.tsx
+++ b/packages/opencode/src/cli/cmd/tui/component/dialog-model.tsx
@@ -8,6 +8,15 @@ import { createDialogProviderOptions, DialogProvider } from "./dialog-provider"
 import { Keybind } from "@/util/keybind"
 import * as fuzzysort from "fuzzysort"
 
+const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
+  "google-vertex": "Google Vertex AI",
+  "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
+}
+
+function getProviderDisplayName(provider: { id: string; name: string }): string {
+  return PROVIDER_DISPLAY_NAMES[provider.id] ?? provider.name
+}
+
 export function useConnected() {
   const sync = useSync()
   return createMemo(() =>
@@ -55,7 +64,7 @@ export function DialogModel(props: { providerID?: string }) {
             modelID: model.id,
           },
           title: model.name ?? item.modelID,
-          description: provider.name,
+          description: getProviderDisplayName(provider),
           category: "Favorites",
           disabled: provider.id === "opencode" && model.id.includes("-nano"),
           footer: model.cost?.input === 0 && provider.id === "opencode" ? "Free" : undefined,
@@ -86,7 +95,7 @@ export function DialogModel(props: { providerID?: string }) {
             modelID: model.id,
           },
           title: model.name ?? item.modelID,
-          description: provider.name,
+          description: getProviderDisplayName(provider),
           category: "Recent",
           disabled: provider.id === "opencode" && model.id.includes("-nano"),
           footer: model.cost?.input === 0 && provider.id === "opencode" ? "Free" : undefined,
@@ -108,7 +117,7 @@ export function DialogModel(props: { providerID?: string }) {
       sync.data.provider,
       sortBy(
         (provider) => provider.id !== "opencode",
-        (provider) => provider.name,
+        (provider) => getProviderDisplayName(provider),
       ),
       flatMap((provider) =>
         pipe(
@@ -129,7 +138,7 @@ export function DialogModel(props: { providerID?: string }) {
               )
                 ? "(Favorite)"
                 : undefined,
-              category: connected() ? provider.name : undefined,
+              category: connected() ? getProviderDisplayName(provider) : undefined,
               disabled: provider.id === "opencode" && model.includes("-nano"),
               footer: info.cost?.input === 0 && provider.id === "opencode" ? "Free" : undefined,
               onSelect() {
diff --git a/packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx b/packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx
index 5cc114f92f0..5dfaa1c25a9 100644
--- a/packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx
+++ b/packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx
@@ -16,7 +16,14 @@ const PROVIDER_PRIORITY: Record<string, number> = {
   "github-copilot": 2,
   openai: 3,
   google: 4,
-  openrouter: 5,
+  "google-vertex": 5,
+  "google-vertex-anthropic": 6,
+  openrouter: 7,
+}
+
+const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
+  "google-vertex": "Google Vertex AI",
+  "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
 }
 
 export function createDialogProviderOptions() {
@@ -28,11 +35,13 @@ export function createDialogProviderOptions() {
       sync.data.provider_next.all,
       sortBy((x) => PROVIDER_PRIORITY[x.id] ?? 99),
       map((provider) => ({
-        title: provider.name,
+        title: PROVIDER_DISPLAY_NAMES[provider.id] ?? provider.name,
         value: provider.id,
         description: {
           opencode: "(Recommended)",
           anthropic: "(Claude Max or API key)",
+          "google-vertex": "(Service Account)",
+          "google-vertex-anthropic": "(Service Account)",
         }[provider.id],
         category: provider.id in PROVIDER_PRIORITY ? "Popular" : "Other",
         async onSelect() {
@@ -79,6 +88,10 @@ export function createDialogProviderOptions() {
             }
           }
           if (method.type === "api") {
+            // Use ServiceAccountMethod for Vertex AI providers
+            if (provider.id === "google-vertex" || provider.id === "google-vertex-anthropic") {
+              return dialog.replace(() => <ServiceAccountMethod providerID={provider.id} />)
+            }
             return dialog.replace(() => <ApiMethod providerID={provider.id} title={method.label} />)
           }
         },
@@ -222,3 +235,164 @@ function ApiMethod(props: ApiMethodProps) {
     />
   )
 }
+
+interface ServiceAccountMethodProps {
+  providerID: string
+}
+function ServiceAccountMethod(props: ServiceAccountMethodProps) {
+  const dialog = useDialog()
+
+  onMount(() => {
+    dialog.setSize("large")
+  })
+
+  return <ServiceAccountPasteInput providerID={props.providerID} />
+}
+
+function ServiceAccountPasteInput(props: { providerID: string }) {
+  const dialog = useDialog()
+  const { theme } = useTheme()
+  const [error, setError] = createSignal("")
+  let textareaRef: any
+
+  const providerDisplayName = () =>
+    props.providerID === "google-vertex-anthropic" ? "Google Vertex AI (Anthropic)" : "Google Vertex AI"
+
+  const validateJson = (content: string): { valid: boolean; json?: any; error?: string } => {
+    try {
+      const json = JSON.parse(content)
+      if (json.type !== "service_account") {
+        return { valid: false, error: "Invalid: 'type' must be 'service_account'" }
+      }
+      if (!json.client_email) {
+        return { valid: false, error: "Invalid: missing 'client_email' field" }
+      }
+      if (!json.private_key) {
+        return { valid: false, error: "Invalid: missing 'private_key' field" }
+      }
+      if (!json.project_id) {
+        return { valid: false, error: "Invalid: missing 'project_id' field" }
+      }
+      return { valid: true, json }
+    } catch (e) {
+      return { valid: false, error: `Invalid JSON: ${e instanceof Error ? e.message : "parse error"}` }
+    }
+  }
+
+  const handleSubmit = () => {
+    const content = textareaRef?.plainText || ""
+    setError("")
+
+    if (!content || !content.trim()) {
+      setError("Required - paste your service account JSON")
+      return
+    }
+
+    const result = validateJson(content)
+    if (!result.valid) {
+      setError(result.error!)
+      return
+    }
+
+    dialog.replace(() => (
+      <ServiceAccountLocationInput
+        providerID={props.providerID}
+        serviceAccountJson={content}
+      />
+    ))
+  }
+
+  return (
+    <box gap={1} paddingBottom={1}>
+      <box paddingLeft={4} paddingRight={4}>
+        <box flexDirection="row" justifyContent="space-between">
+          <text fg={theme.text} attributes={TextAttributes.BOLD}>
+            {providerDisplayName()}
+          </text>
+          <text fg={theme.textMuted}>esc</text>
+        </box>
+        <box paddingTop={1}>
+          <text fg={theme.textMuted}>Paste your service account JSON below and press Ctrl+S to submit.</text>
+          <text fg={theme.text}>
+            Download from{" "}
+            <span style={{ fg: theme.primary }}>https://console.cloud.google.com/iam-admin/serviceaccounts</span>
+          </text>
+        </box>
+      </box>
+      <box paddingLeft={4} paddingRight={4} paddingTop={1}>
+        <textarea
+          ref={(r: any) => {
+            textareaRef = r
+            setTimeout(() => r.focus(), 1)
+          }}
+          height={15}
+          placeholder='{"type": "service_account", ...}'
+          backgroundColor={theme.backgroundElement}
+          cursorColor={theme.primary}
+          keyBindings={[{ name: "return", action: "submit" }]}
+          onSubmit={handleSubmit}
+        />
+      </box>
+      <box paddingLeft={4} paddingRight={4}>
+        <text fg={theme.textMuted}>Paste JSON and press Enter to submit</text>
+        <Show when={error()}>
+          <text fg={theme.error}>{error()}</text>
+        </Show>
+      </box>
+    </box>
+  )
+}
+
+function ServiceAccountLocationInput(props: { providerID: string; serviceAccountJson: string }) {
+  const dialog = useDialog()
+  const sdk = useSDK()
+  const sync = useSync()
+  const { theme } = useTheme()
+  const [error, setError] = createSignal("")
+
+  const defaultLocation = () => (props.providerID === "google-vertex-anthropic" ? "global" : "us-east5")
+
+  const handleLocationSubmit = async (location: string) => {
+    try {
+      const json = JSON.parse(props.serviceAccountJson)
+      const finalLocation = location || defaultLocation()
+
+      sdk.client.auth.set({
+        providerID: props.providerID,
+        auth: {
+          type: "api",
+          key: JSON.stringify({
+            client_email: json.client_email,
+            private_key: json.private_key,
+            project_id: json.project_id,
+            location: finalLocation,
+          }),
+        },
+      })
+      await sdk.client.instance.dispose()
+      await sync.bootstrap()
+      dialog.replace(() => <DialogModel providerID={props.providerID} />)
+    } catch (e) {
+      setError(`Failed to save credentials: ${e instanceof Error ? e.message : "unknown error"}`)
+    }
+  }
+
+  return (
+    <DialogPrompt
+      title="Location"
+      placeholder={defaultLocation()}
+      description={() => (
+        <box gap={1}>
+          <text fg={theme.textMuted}>Enter the Vertex AI location (region).</text>
+          <text fg={theme.text}>
+            Press enter to use default: <span style={{ fg: theme.primary }}>{defaultLocation()}</span>
+          </text>
+          <Show when={error()}>
+            <text fg={theme.error}>{error()}</text>
+          </Show>
+        </box>
+      )}
+      onConfirm={handleLocationSubmit}
+    />
+  )
+}
diff --git a/packages/opencode/src/cli/cmd/tui/context/local.tsx b/packages/opencode/src/cli/cmd/tui/context/local.tsx
index 55c04621ef3..248fe41f644 100644
--- a/packages/opencode/src/cli/cmd/tui/context/local.tsx
+++ b/packages/opencode/src/cli/cmd/tui/context/local.tsx
@@ -213,6 +213,10 @@ export const { use: useLocal, provider: LocalProvider } = createSimpleContext({
           return modelStore.favorite
         },
         parsed: createMemo(() => {
+          const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
+            "google-vertex": "Google Vertex AI",
+            "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
+          }
           const value = currentModel()
           if (!value) {
             return {
@@ -223,7 +227,7 @@ export const { use: useLocal, provider: LocalProvider } = createSimpleContext({
           const provider = sync.data.provider.find((x) => x.id === value.providerID)
           const info = provider?.models[value.modelID]
           return {
-            provider: provider?.name ?? value.providerID,
+            provider: PROVIDER_DISPLAY_NAMES[value.providerID] ?? provider?.name ?? value.providerID,
             model: info?.name ?? value.modelID,
           }
         }),
diff --git a/packages/opencode/src/provider/provider.ts b/packages/opencode/src/provider/provider.ts
index 0fdf26392f6..f7996e5ec41 100644
--- a/packages/opencode/src/provider/provider.ts
+++ b/packages/opencode/src/provider/provider.ts
@@ -66,6 +66,7 @@ export namespace Provider {
     autoload: boolean
     getModel?: CustomModelLoader
     options?: Record<string, any>
+    key?: string
   }>
 
   const CUSTOM_LOADERS: Record<string, CustomLoader> = {
@@ -272,13 +273,48 @@ export namespace Provider {
       }
     },
     "google-vertex": async () => {
+      // Check for stored auth credentials first (service account JSON)
+      const auth = await Auth.get("google-vertex")
+      if (auth?.type === "api") {
+        try {
+          const creds = JSON.parse(auth.key)
+          if (creds.client_email && creds.private_key && creds.project_id) {
+            return {
+              autoload: true,
+              // Set key to undefined to prevent it from being used as apiKey
+              key: undefined,
+              options: {
+                // Explicitly set apiKey to null to prevent fallback to provider.key
+                apiKey: null,
+                project: creds.project_id,
+                location: creds.location || "us-east5",
+                googleAuthOptions: {
+                  credentials: {
+                    client_email: creds.client_email,
+                    private_key: creds.private_key,
+                  },
+                },
+              },
+              async getModel(sdk: any, modelID: string) {
+                const id = String(modelID).trim()
+                return sdk.languageModel(id)
+              },
+            }
+          }
+        } catch {
+          // Fall through to env var check
+        }
+      }
+      // Fall back to environment variables (uses ADC or GOOGLE_APPLICATION_CREDENTIALS)
       const project = Env.get("GOOGLE_CLOUD_PROJECT") ?? Env.get("GCP_PROJECT") ?? Env.get("GCLOUD_PROJECT")
       const location = Env.get("GOOGLE_CLOUD_LOCATION") ?? Env.get("VERTEX_LOCATION") ?? "us-east5"
       const autoload = Boolean(project)
       if (!autoload) return { autoload: false }
       return {
         autoload: true,
+        key: undefined,
         options: {
+          apiKey: null,
           project,
           location,
         },
@@ -289,13 +325,48 @@ export namespace Provider {
       }
     },
     "google-vertex-anthropic": async () => {
+      // Check for stored auth credentials first (service account JSON)
+      const auth = await Auth.get("google-vertex-anthropic")
+      if (auth?.type === "api") {
+        try {
+          const creds = JSON.parse(auth.key)
+          if (creds.client_email && creds.private_key && creds.project_id) {
+            return {
+              autoload: true,
+              // Set key to undefined to prevent it from being used as apiKey
+              key: undefined,
+              options: {
+                // Explicitly set apiKey to null to prevent fallback to provider.key
+                apiKey: null,
+                project: creds.project_id,
+                location: creds.location || "global",
+                googleAuthOptions: {
+                  credentials: {
+                    client_email: creds.client_email,
+                    private_key: creds.private_key,
+                  },
+                },
+              },
+              async getModel(sdk: any, modelID: string) {
+                const id = String(modelID).trim()
+                return sdk.languageModel(id)
+              },
+            }
+          }
+        } catch {
+          // Fall through to env var check
+        }
+      }
+      // Fall back to environment variables (uses ADC or GOOGLE_APPLICATION_CREDENTIALS)
       const project = Env.get("GOOGLE_CLOUD_PROJECT") ?? Env.get("GCP_PROJECT") ?? Env.get("GCLOUD_PROJECT")
       const location = Env.get("GOOGLE_CLOUD_LOCATION") ?? Env.get("VERTEX_LOCATION") ?? "global"
       const autoload = Boolean(project)
       if (!autoload) return { autoload: false }
       return {
         autoload: true,
+        key: undefined,
         options: {
+          apiKey: null,
           project,
           location,
         },
@@ -749,6 +820,9 @@ export namespace Provider {
         mergeProvider(providerID, {
           source: "custom",
           options: result.options,
+          // Pass key from custom loader if explicitly set (e.g., undefined for google-vertex)
+          // to override any key previously set from Auth storage
+          ...(result.key !== undefined ? { key: result.key } : "key" in result ? { key: undefined } : {}),
         })
       }
     }
diff --git a/packages/opencode/test/provider/provider.test.ts b/packages/opencode/test/provider/provider.test.ts
index c6c6924f01f..3225a387384 100644
--- a/packages/opencode/test/provider/provider.test.ts
+++ b/packages/opencode/test/provider/provider.test.ts
@@ -4,6 +4,7 @@ import { tmpdir } from "../fixture/fixture"
 import { Instance } from "../../src/project/instance"
 import { Provider } from "../../src/provider/provider"
 import { Env } from "../../src/env"
+import { Auth } from "../../src/auth"
 
 test("provider loaded from env variable", async () => {
   await using tmp = await tmpdir({
@@ -1807,3 +1808,448 @@ test("custom model inherits api.url from models.dev provider", async () => {
     },
   })
 })
+
+// Google Vertex AI Service Account Authentication Tests
+
+test("google-vertex loads from stored service account credentials", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Store service account credentials
+      await Auth.set("google-vertex", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "test@project.iam.gserviceaccount.com",
+          private_key: "-----BEGIN PRIVATE KEY-----\nMIItest\n-----END PRIVATE KEY-----\n",
+          project_id: "my-gcp-project",
+          location: "us-central1",
+        }),
+      })
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex"]).toBeDefined()
+      expect(providers["google-vertex"].options.project).toBe("my-gcp-project")
+      expect(providers["google-vertex"].options.location).toBe("us-central1")
+      expect(providers["google-vertex"].options.googleAuthOptions).toBeDefined()
+      expect(providers["google-vertex"].options.googleAuthOptions.credentials.client_email).toBe(
+        "test@project.iam.gserviceaccount.com",
+      )
+      // Ensure apiKey is null (not set from service account JSON)
+      expect(providers["google-vertex"].options.apiKey).toBeNull()
+      // Ensure key is undefined (service account JSON should not be exposed as key)
+      expect(providers["google-vertex"].key).toBeUndefined()
+    },
+  })
+})
+
+test("google-vertex-anthropic loads from stored service account credentials", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Store service account credentials
+      await Auth.set("google-vertex-anthropic", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "anthropic-sa@project.iam.gserviceaccount.com",
+          private_key: "-----BEGIN PRIVATE KEY-----\nMIItest\n-----END PRIVATE KEY-----\n",
+          project_id: "my-anthropic-project",
+          location: "global",
+        }),
+      })
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex-anthropic"]).toBeDefined()
+      expect(providers["google-vertex-anthropic"].options.project).toBe("my-anthropic-project")
+      expect(providers["google-vertex-anthropic"].options.location).toBe("global")
+      expect(providers["google-vertex-anthropic"].options.googleAuthOptions).toBeDefined()
+      expect(providers["google-vertex-anthropic"].options.googleAuthOptions.credentials.client_email).toBe(
+        "anthropic-sa@project.iam.gserviceaccount.com",
+      )
+      // Ensure apiKey is null (not set from service account JSON)
+      expect(providers["google-vertex-anthropic"].options.apiKey).toBeNull()
+      // Ensure key is undefined (service account JSON should not be exposed as key)
+      expect(providers["google-vertex-anthropic"].key).toBeUndefined()
+    },
+  })
+})
+
+test("google-vertex uses default location when not specified in credentials", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Store service account credentials without location
+      await Auth.set("google-vertex", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "test@project.iam.gserviceaccount.com",
+          private_key: "-----BEGIN PRIVATE KEY-----\nMIItest\n-----END PRIVATE KEY-----\n",
+          project_id: "my-gcp-project",
+          // no location specified
+        }),
+      })
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex"]).toBeDefined()
+      expect(providers["google-vertex"].options.location).toBe("us-east5") // default location
+      expect(providers["google-vertex"].options.apiKey).toBeNull()
+      expect(providers["google-vertex"].key).toBeUndefined()
+    },
+  })
+})
+
+test("google-vertex-anthropic uses default location 'global' when not specified", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Store service account credentials without location
+      await Auth.set("google-vertex-anthropic", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "test@project.iam.gserviceaccount.com",
+          private_key: "-----BEGIN PRIVATE KEY-----\nMIItest\n-----END PRIVATE KEY-----\n",
+          project_id: "my-gcp-project",
+          // no location specified
+        }),
+      })
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex-anthropic"]).toBeDefined()
+      expect(providers["google-vertex-anthropic"].options.location).toBe("global") // default location for anthropic
+      expect(providers["google-vertex-anthropic"].options.apiKey).toBeNull()
+      expect(providers["google-vertex-anthropic"].key).toBeUndefined()
+    },
+  })
+})
+
+test("google-vertex falls back to env vars when no stored credentials", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Remove any existing auth
+      await Auth.remove("google-vertex")
+      // Set env vars instead of stored credentials
+      Env.set("GOOGLE_CLOUD_PROJECT", "env-project")
+      Env.set("VERTEX_LOCATION", "europe-west1")
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex"]).toBeDefined()
+      expect(providers["google-vertex"].options.project).toBe("env-project")
+      expect(providers["google-vertex"].options.location).toBe("europe-west1")
+      // No googleAuthOptions when using env vars
+      expect(providers["google-vertex"].options.googleAuthOptions).toBeUndefined()
+      // apiKey should still be null to prevent fallback to other API keys
+      expect(providers["google-vertex"].options.apiKey).toBeNull()
+      expect(providers["google-vertex"].key).toBeUndefined()
+    },
+  })
+})
+
+test("google-vertex not loaded when neither credentials nor env vars set", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Clean up any existing auth and env vars
+      await Auth.remove("google-vertex")
+      Env.set("GOOGLE_CLOUD_PROJECT", "")
+      Env.set("GCP_PROJECT", "")
+      Env.set("GCLOUD_PROJECT", "")
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex"]).toBeUndefined()
+    },
+  })
+})
+
+test("google-vertex ignores incomplete stored credentials", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Store incomplete credentials (missing private_key)
+      await Auth.set("google-vertex", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "test@project.iam.gserviceaccount.com",
+          // missing private_key
+          project_id: "my-gcp-project",
+        }),
+      })
+      // Also set env vars as fallback
+      Env.set("GOOGLE_CLOUD_PROJECT", "fallback-project")
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex"]).toBeDefined()
+      // Should fall back to env vars
+      expect(providers["google-vertex"].options.project).toBe("fallback-project")
+      expect(providers["google-vertex"].options.googleAuthOptions).toBeUndefined()
+    },
+  })
+})
+
+test("google-vertex ignores invalid JSON in stored credentials", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Store invalid JSON
+      await Auth.set("google-vertex", {
+        type: "api",
+        key: "not valid json",
+      })
+      // Also set env vars as fallback
+      Env.set("GOOGLE_CLOUD_PROJECT", "fallback-project")
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex"]).toBeDefined()
+      // Should fall back to env vars
+      expect(providers["google-vertex"].options.project).toBe("fallback-project")
+    },
+  })
+})
+
+test("google-vertex stored credentials take priority over env vars", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Store service account credentials
+      await Auth.set("google-vertex", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "stored@project.iam.gserviceaccount.com",
+          private_key: "-----BEGIN PRIVATE KEY-----\nMIItest\n-----END PRIVATE KEY-----\n",
+          project_id: "stored-project",
+          location: "stored-location",
+        }),
+      })
+      // Also set env vars
+      Env.set("GOOGLE_CLOUD_PROJECT", "env-project")
+      Env.set("VERTEX_LOCATION", "env-location")
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+      expect(providers["google-vertex"]).toBeDefined()
+      // Stored credentials should take priority
+      expect(providers["google-vertex"].options.project).toBe("stored-project")
+      expect(providers["google-vertex"].options.location).toBe("stored-location")
+      expect(providers["google-vertex"].options.googleAuthOptions).toBeDefined()
+      // Ensure apiKey is null even when env vars are set
+      expect(providers["google-vertex"].options.apiKey).toBeNull()
+      expect(providers["google-vertex"].key).toBeUndefined()
+    },
+  })
+})
+
+test("google-vertex and google (Gemini) providers are completely separate", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Set up google (Gemini) with API key
+      Env.set("GOOGLE_GENERATIVE_AI_API_KEY", "my-gemini-api-key")
+
+      // Set up google-vertex with service account credentials
+      await Auth.set("google-vertex", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "vertex@project.iam.gserviceaccount.com",
+          private_key: "-----BEGIN PRIVATE KEY-----\nMIItest\n-----END PRIVATE KEY-----\n",
+          project_id: "vertex-project",
+          location: "us-central1",
+        }),
+      })
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+
+      // Both providers should be loaded
+      expect(providers["google"]).toBeDefined()
+      expect(providers["google-vertex"]).toBeDefined()
+
+      // google (Gemini) is loaded from env var (google has multiple env vars so key isn't stored directly)
+      expect(providers["google"].source).toBe("env")
+
+      // google-vertex should NOT use the Gemini API key
+      expect(providers["google-vertex"].key).toBeUndefined()
+      expect(providers["google-vertex"].options.apiKey).toBeNull()
+
+      // google-vertex should use service account auth
+      expect(providers["google-vertex"].options.project).toBe("vertex-project")
+      expect(providers["google-vertex"].options.googleAuthOptions).toBeDefined()
+      expect(providers["google-vertex"].options.googleAuthOptions.credentials.client_email).toBe(
+        "vertex@project.iam.gserviceaccount.com",
+      )
+    },
+  })
+})
+
+test("google-vertex-anthropic is separate from google and google-vertex", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+        }),
+      )
+    },
+  })
+  await Instance.provide({
+    directory: tmp.path,
+    init: async () => {
+      // Set up all three providers
+      Env.set("GOOGLE_GENERATIVE_AI_API_KEY", "gemini-key")
+
+      await Auth.set("google-vertex", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "vertex@project.iam.gserviceaccount.com",
+          private_key: "-----BEGIN PRIVATE KEY-----\nMIItest\n-----END PRIVATE KEY-----\n",
+          project_id: "vertex-project",
+          location: "us-central1",
+        }),
+      })
+
+      await Auth.set("google-vertex-anthropic", {
+        type: "api",
+        key: JSON.stringify({
+          client_email: "anthropic@project.iam.gserviceaccount.com",
+          private_key: "-----BEGIN PRIVATE KEY-----\nMIItest2\n-----END PRIVATE KEY-----\n",
+          project_id: "anthropic-project",
+          location: "global",
+        }),
+      })
+    },
+    fn: async () => {
+      const providers = await Provider.list()
+
+      // All three should be separate
+      expect(providers["google"]).toBeDefined()
+      expect(providers["google-vertex"]).toBeDefined()
+      expect(providers["google-vertex-anthropic"]).toBeDefined()
+
+      // google is loaded from env var (google has multiple env vars so key isn't stored directly)
+      expect(providers["google"].source).toBe("env")
+
+      // google-vertex uses its own service account
+      expect(providers["google-vertex"].options.project).toBe("vertex-project")
+      expect(providers["google-vertex"].options.googleAuthOptions.credentials.client_email).toBe(
+        "vertex@project.iam.gserviceaccount.com",
+      )
+      expect(providers["google-vertex"].key).toBeUndefined()
+      expect(providers["google-vertex"].options.apiKey).toBeNull()
+
+      // google-vertex-anthropic uses its own separate service account
+      expect(providers["google-vertex-anthropic"].options.project).toBe("anthropic-project")
+      expect(providers["google-vertex-anthropic"].options.googleAuthOptions.credentials.client_email).toBe(
+        "anthropic@project.iam.gserviceaccount.com",
+      )
+      expect(providers["google-vertex-anthropic"].key).toBeUndefined()
+      expect(providers["google-vertex-anthropic"].options.apiKey).toBeNull()
+    },
+  })
+})

From c3c730cdb57b219a871775ccf3a0d8f320b9d163 Mon Sep 17 00:00:00 2001
From: Sandeep Srinivasa <sss@wootzapp.com>
Date: Mon, 5 Jan 2026 19:38:35 +0530
Subject: [PATCH 2/2] style: address GitHub Actions style guide suggestions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Fix textareaRef any type in dialog-provider.tsx
- Extract PROVIDER_DISPLAY_NAMES to shared display-names.ts module
- Extract createGoogleVertexLoader helper to reduce code duplication
- Fix test to clear all Google env vars that could affect provider loading

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 packages/opencode/src/cli/cmd/auth.ts         |   7 +-
 .../cli/cmd/tui/component/dialog-model.tsx    |  10 +-
 .../cli/cmd/tui/component/dialog-provider.tsx |  10 +-
 .../src/cli/cmd/tui/context/local.tsx         |   5 +-
 .../opencode/src/provider/display-names.ts    |  15 ++
 packages/opencode/src/provider/provider.ts    | 159 ++++++------------
 .../opencode/test/provider/provider.test.ts   |   5 +
 7 files changed, 82 insertions(+), 129 deletions(-)
 create mode 100644 packages/opencode/src/provider/display-names.ts

diff --git a/packages/opencode/src/cli/cmd/auth.ts b/packages/opencode/src/cli/cmd/auth.ts
index eb949ec1c1b..6aeab04170b 100644
--- a/packages/opencode/src/cli/cmd/auth.ts
+++ b/packages/opencode/src/cli/cmd/auth.ts
@@ -10,6 +10,7 @@ import { Config } from "../../config/config"
 import { Global } from "../../global"
 import { Plugin } from "../../plugin"
 import { Instance } from "../../project/instance"
+import { PROVIDER_DISPLAY_NAMES } from "../../provider/display-names"
 import type { Hooks } from "@opencode-ai/plugin"
 
 type PluginAuth = NonNullable<Hooks["auth"]>
@@ -279,10 +280,6 @@ export const AuthLoginCommand = cmd({
           openrouter: 7,
           vercel: 8,
         }
-        const displayNames: Record<string, string> = {
-          "google-vertex": "Google Vertex AI",
-          "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
-        }
         let provider = await prompts.autocomplete({
           message: "Select provider",
           maxItems: 8,
@@ -295,7 +292,7 @@ export const AuthLoginCommand = cmd({
                 (x) => x.name ?? x.id,
               ),
               map((x) => ({
-                label: displayNames[x.id] ?? x.name,
+                label: PROVIDER_DISPLAY_NAMES[x.id] ?? x.name,
                 value: x.id,
                 hint: {
                   opencode: "recommended",
diff --git a/packages/opencode/src/cli/cmd/tui/component/dialog-model.tsx b/packages/opencode/src/cli/cmd/tui/component/dialog-model.tsx
index 3688a5f3832..6e46ceac875 100644
--- a/packages/opencode/src/cli/cmd/tui/component/dialog-model.tsx
+++ b/packages/opencode/src/cli/cmd/tui/component/dialog-model.tsx
@@ -7,15 +7,7 @@ import { useDialog } from "@tui/ui/dialog"
 import { createDialogProviderOptions, DialogProvider } from "./dialog-provider"
 import { Keybind } from "@/util/keybind"
 import * as fuzzysort from "fuzzysort"
-
-const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
-  "google-vertex": "Google Vertex AI",
-  "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
-}
-
-function getProviderDisplayName(provider: { id: string; name: string }): string {
-  return PROVIDER_DISPLAY_NAMES[provider.id] ?? provider.name
-}
+import { getProviderDisplayName } from "@/provider/display-names"
 
 export function useConnected() {
   const sync = useSync()
diff --git a/packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx b/packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx
index 5dfaa1c25a9..3e5192aeac2 100644
--- a/packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx
+++ b/packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx
@@ -9,6 +9,7 @@ import { useTheme } from "../context/theme"
 import { TextAttributes } from "@opentui/core"
 import type { ProviderAuthAuthorization } from "@opencode-ai/sdk/v2"
 import { DialogModel } from "./dialog-model"
+import { PROVIDER_DISPLAY_NAMES } from "@/provider/display-names"
 
 const PROVIDER_PRIORITY: Record<string, number> = {
   opencode: 0,
@@ -21,11 +22,6 @@ const PROVIDER_PRIORITY: Record<string, number> = {
   openrouter: 7,
 }
 
-const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
-  "google-vertex": "Google Vertex AI",
-  "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
-}
-
 export function createDialogProviderOptions() {
   const sync = useSync()
   const dialog = useDialog()
@@ -253,7 +249,7 @@ function ServiceAccountPasteInput(props: { providerID: string }) {
   const dialog = useDialog()
   const { theme } = useTheme()
   const [error, setError] = createSignal("")
-  let textareaRef: any
+  let textareaRef: { plainText: string; focus: () => void } | undefined
 
   const providerDisplayName = () =>
     props.providerID === "google-vertex-anthropic" ? "Google Vertex AI (Anthropic)" : "Google Vertex AI"
@@ -321,7 +317,7 @@ function ServiceAccountPasteInput(props: { providerID: string }) {
       </box>
       <box paddingLeft={4} paddingRight={4} paddingTop={1}>
         <textarea
-          ref={(r: any) => {
+          ref={(r: { plainText: string; focus: () => void }) => {
             textareaRef = r
             setTimeout(() => r.focus(), 1)
           }}
diff --git a/packages/opencode/src/cli/cmd/tui/context/local.tsx b/packages/opencode/src/cli/cmd/tui/context/local.tsx
index 248fe41f644..60756f968b6 100644
--- a/packages/opencode/src/cli/cmd/tui/context/local.tsx
+++ b/packages/opencode/src/cli/cmd/tui/context/local.tsx
@@ -9,6 +9,7 @@ import { iife } from "@/util/iife"
 import { createSimpleContext } from "./helper"
 import { useToast } from "../ui/toast"
 import { Provider } from "@/provider/provider"
+import { PROVIDER_DISPLAY_NAMES } from "@/provider/display-names"
 import { useArgs } from "./args"
 import { useSDK } from "./sdk"
 import { RGBA } from "@opentui/core"
@@ -213,10 +214,6 @@ export const { use: useLocal, provider: LocalProvider } = createSimpleContext({
           return modelStore.favorite
         },
         parsed: createMemo(() => {
-          const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
-            "google-vertex": "Google Vertex AI",
-            "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
-          }
           const value = currentModel()
           if (!value) {
             return {
diff --git a/packages/opencode/src/provider/display-names.ts b/packages/opencode/src/provider/display-names.ts
new file mode 100644
index 00000000000..cb9d6091ec1
--- /dev/null
+++ b/packages/opencode/src/provider/display-names.ts
@@ -0,0 +1,15 @@
+/**
+ * Display name overrides for providers.
+ * Used to show user-friendly names instead of provider IDs.
+ */
+export const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
+  "google-vertex": "Google Vertex AI",
+  "google-vertex-anthropic": "Google Vertex AI (Anthropic)",
+}
+
+/**
+ * Get the display name for a provider, falling back to the provider's name or ID.
+ */
+export function getProviderDisplayName(provider: { id: string; name?: string }): string {
+  return PROVIDER_DISPLAY_NAMES[provider.id] ?? provider.name ?? provider.id
+}
diff --git a/packages/opencode/src/provider/provider.ts b/packages/opencode/src/provider/provider.ts
index f7996e5ec41..73801545c29 100644
--- a/packages/opencode/src/provider/provider.ts
+++ b/packages/opencode/src/provider/provider.ts
@@ -69,6 +69,59 @@ export namespace Provider {
     key?: string
   }>
 
+  /**
+   * Helper to create Google Vertex AI loaders for both standard and Anthropic variants.
+   * Reduces duplication between google-vertex and google-vertex-anthropic loaders.
+   */
+  async function createGoogleVertexLoader(providerID: string, defaultLocation: string) {
+    // Check for stored auth credentials first (service account JSON)
+    const auth = await Auth.get(providerID)
+    if (auth?.type === "api") {
+      try {
+        const creds = JSON.parse(auth.key)
+        if (creds.client_email && creds.private_key && creds.project_id) {
+          return {
+            autoload: true,
+            key: undefined,
+            options: {
+              apiKey: null,
+              project: creds.project_id,
+              location: creds.location || defaultLocation,
+              googleAuthOptions: {
+                credentials: {
+                  client_email: creds.client_email,
+                  private_key: creds.private_key,
+                },
+              },
+            },
+            async getModel(sdk: { languageModel: (id: string) => unknown }, modelID: string) {
+              return sdk.languageModel(String(modelID).trim())
+            },
+          }
+        }
+      } catch {
+        // Invalid JSON in stored credentials, fall through to env var check
+      }
+    }
+    // Fall back to environment variables (uses ADC or GOOGLE_APPLICATION_CREDENTIALS)
+    const project = Env.get("GOOGLE_CLOUD_PROJECT") ?? Env.get("GCP_PROJECT") ?? Env.get("GCLOUD_PROJECT")
+    const location = Env.get("GOOGLE_CLOUD_LOCATION") ?? Env.get("VERTEX_LOCATION") ?? defaultLocation
+    const autoload = Boolean(project)
+    if (!autoload) return { autoload: false }
+    return {
+      autoload: true,
+      key: undefined,
+      options: {
+        apiKey: null,
+        project,
+        location,
+      },
+      async getModel(sdk: { languageModel: (id: string) => unknown }, modelID: string) {
+        return sdk.languageModel(String(modelID).trim())
+      },
+    }
+  }
+
   const CUSTOM_LOADERS: Record<string, CustomLoader> = {
     async anthropic() {
       return {
@@ -272,110 +325,8 @@ export namespace Provider {
         },
       }
     },
-    "google-vertex": async () => {
-      // Check for stored auth credentials first (service account JSON)
-      const auth = await Auth.get("google-vertex")
-      if (auth?.type === "api") {
-        try {
-          const creds = JSON.parse(auth.key)
-          if (creds.client_email && creds.private_key && creds.project_id) {
-            return {
-              autoload: true,
-              // Set key to undefined to prevent it from being used as apiKey
-              key: undefined,
-              options: {
-                // Explicitly set apiKey to null to prevent fallback to provider.key
-                apiKey: null,
-                project: creds.project_id,
-                location: creds.location || "us-east5",
-                googleAuthOptions: {
-                  credentials: {
-                    client_email: creds.client_email,
-                    private_key: creds.private_key,
-                  },
-                },
-              },
-              async getModel(sdk: any, modelID: string) {
-                const id = String(modelID).trim()
-                return sdk.languageModel(id)
-              },
-            }
-          }
-        } catch {
-          // Fall through to env var check
-        }
-      }
-      // Fall back to environment variables (uses ADC or GOOGLE_APPLICATION_CREDENTIALS)
-      const project = Env.get("GOOGLE_CLOUD_PROJECT") ?? Env.get("GCP_PROJECT") ?? Env.get("GCLOUD_PROJECT")
-      const location = Env.get("GOOGLE_CLOUD_LOCATION") ?? Env.get("VERTEX_LOCATION") ?? "us-east5"
-      const autoload = Boolean(project)
-      if (!autoload) return { autoload: false }
-      return {
-        autoload: true,
-        key: undefined,
-        options: {
-          apiKey: null,
-          project,
-          location,
-        },
-        async getModel(sdk: any, modelID: string) {
-          const id = String(modelID).trim()
-          return sdk.languageModel(id)
-        },
-      }
-    },
-    "google-vertex-anthropic": async () => {
-      // Check for stored auth credentials first (service account JSON)
-      const auth = await Auth.get("google-vertex-anthropic")
-      if (auth?.type === "api") {
-        try {
-          const creds = JSON.parse(auth.key)
-          if (creds.client_email && creds.private_key && creds.project_id) {
-            return {
-              autoload: true,
-              // Set key to undefined to prevent it from being used as apiKey
-              key: undefined,
-              options: {
-                // Explicitly set apiKey to null to prevent fallback to provider.key
-                apiKey: null,
-                project: creds.project_id,
-                location: creds.location || "global",
-                googleAuthOptions: {
-                  credentials: {
-                    client_email: creds.client_email,
-                    private_key: creds.private_key,
-                  },
-                },
-              },
-              async getModel(sdk: any, modelID: string) {
-                const id = String(modelID).trim()
-                return sdk.languageModel(id)
-              },
-            }
-          }
-        } catch {
-          // Fall through to env var check
-        }
-      }
-      // Fall back to environment variables (uses ADC or GOOGLE_APPLICATION_CREDENTIALS)
-      const project = Env.get("GOOGLE_CLOUD_PROJECT") ?? Env.get("GCP_PROJECT") ?? Env.get("GCLOUD_PROJECT")
-      const location = Env.get("GOOGLE_CLOUD_LOCATION") ?? Env.get("VERTEX_LOCATION") ?? "global"
-      const autoload = Boolean(project)
-      if (!autoload) return { autoload: false }
-      return {
-        autoload: true,
-        key: undefined,
-        options: {
-          apiKey: null,
-          project,
-          location,
-        },
-        async getModel(sdk: any, modelID) {
-          const id = String(modelID).trim()
-          return sdk.languageModel(id)
-        },
-      }
-    },
+    "google-vertex": () => createGoogleVertexLoader("google-vertex", "us-east5"),
+    "google-vertex-anthropic": () => createGoogleVertexLoader("google-vertex-anthropic", "global"),
     "sap-ai-core": async () => {
       const auth = await Auth.get("sap-ai-core")
       const envServiceKey = iife(() => {
diff --git a/packages/opencode/test/provider/provider.test.ts b/packages/opencode/test/provider/provider.test.ts
index 3225a387384..5549b7d3364 100644
--- a/packages/opencode/test/provider/provider.test.ts
+++ b/packages/opencode/test/provider/provider.test.ts
@@ -2015,9 +2015,14 @@ test("google-vertex not loaded when neither credentials nor env vars set", async
     init: async () => {
       // Clean up any existing auth and env vars
       await Auth.remove("google-vertex")
+      // Clear the env vars that the custom loader checks
       Env.set("GOOGLE_CLOUD_PROJECT", "")
       Env.set("GCP_PROJECT", "")
       Env.set("GCLOUD_PROJECT", "")
+      // Also clear the env vars that the database env loader checks
+      Env.set("GOOGLE_VERTEX_PROJECT", "")
+      Env.set("GOOGLE_VERTEX_LOCATION", "")
+      Env.set("GOOGLE_APPLICATION_CREDENTIALS", "")
     },
     fn: async () => {
       const providers = await Provider.list()