fix(mcp): show auth-required status for streamable HTTP 401

[SergioChan]

Issue for this PR

Closes #16247

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

When a remote MCP server supports Streamable HTTP but requires OAuth, the streamable transport can fail with a plain 401/Unauthorized error that is not typed as UnauthorizedError. We were then falling through to the SSE transport, and /status ended up showing an SSE error (for example 405), which hides the real action needed.

This change treats Streamable HTTP connection errors containing 401 / unauthorized as auth-required (when OAuth is enabled), sets MCP status to needs_auth, and avoids trying SSE after that.

How did you verify your code works?

• Code-path validation by tracing MCP.create() transport fallback logic in packages/opencode/src/mcp/index.ts.
• Verified that auth-style Streamable HTTP failures now enter the same needs_auth status path used for UnauthorizedError, including preserving opencode mcp auth <name> guidance.

Note: I could not run the Bun test suite in this environment because bun is not installed (bun: command not found).

Screenshots / recordings

N/A

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

• Not all checklist items are checked. Please confirm you have tested locally and have not included unrelated changes.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on my search, no duplicate PRs were found. The searches returned PR #16315 (the current PR) and related PRs (#16248 and #15547) that address different MCP OAuth and connection issues, but none that duplicate the specific fix for showing auth-required status for streamable HTTP 401 errors.

No duplicate PRs found

[SergioChan]

Follow-up on the checklist warning: I validated the transport fallback logic manually in packages/opencode/src/mcp/index.ts (ensuring streamable 401/unauthorized now sets needs_auth and avoids SSE fallback), but I still can't run local Bun-based tests in this environment (bun: command not found).

If maintainers prefer, I can update the PR checklist item to checked once I can run Bun tests locally; for now I left it unchecked to avoid claiming unrun tests.

[github-actions]

This pull request has been automatically closed because it was not updated to meet our contributing guidelines within the 2-hour window.

Feel free to open a new pull request that follows our guidelines.