The rule is now written down.

Anthropic has published an official legal and compliance page for Claude Code at code.claude.com/docs/en/legal-and-compliance that explicitly prohibits what broke OpenCode, Roo Code, and dozens of other third-party agent frameworks in January: using OAuth tokens from Free, Pro, or Max subscriptions in any product other than Claude Code and Claude.ai itself.

For weeks, developers hitting the block have seen variants of: “This credential is only authorized for use with Claude Code and cannot be used for other API requests.” That enforcement began January 9. The formal policy documentation arrived in February — and it goes further than most developers expected.

For the January enforcement event that preceded this documentation, see our earlier coverage.


What changed: enforcement vs. documentation

This distinction matters. January 9, 2026 was technical enforcement — Anthropic deployed backend safeguards that blocked third-party tools spoofing the Claude Code client. That action broke workflows overnight, before any formal policy existed.

What the February 2026 legal page adds is formalization:

  • The prohibition is now documented, not just enforced through technical measures
  • The Agent SDK is explicitly named — consumer OAuth is blocked even for Anthropic’s own agentic framework. This closes a loophole developers hoped remained open: you cannot route consumer plan tokens through the Agent SDK and call it “officially supported” usage. API keys are the only path.
  • “Without prior notice” is a written contractual reservation, not just an observed pattern from January
  • Third-party developers are explicitly barred from offering “Claude.ai login” or routing requests through consumer-plan credentials on behalf of their users

This shifts the situation from “Anthropic quietly broke third-party tools” to “Anthropic has published a clear rule that third-party tools were violating.” The walled garden is now documented policy, not just enforcement behavior.


The two permitted paths

The document draws a clean line:

Use caseAuth methodPlan
Personal Claude Code or Claude.ai useOAuthFree, Pro, or Max
Building products / Agent SDKAPI keysCommercial (API, Bedrock, Vertex)

If you are building anything — a tool, an integration, an agent loop that routes requests on behalf of users — you need API keys from Claude Console. Consumer OAuth is explicitly out of bounds.

This is the core of what OpenCode, Roo Code, and the broader harness ecosystem were doing: routing consumer subscription tokens through unofficial client integrations to access flat-rate token budgets. The economic incentive was real. As documented in January, a $200/month Max plan used in autonomous agent loops would cost $1,000+ equivalent on metered API pricing. Third-party harnesses removed Claude Code’s rate controls and made those loops viable overnight. Anthropic was absorbing the compute cost.


Why OpenCode and Roo Code Broke: The Backlash vs. Anthropic’s Economics

The frustration is legitimate. OpenCode — 50k+ GitHub stars, the primary open-source Claude Code alternative — had its core value proposition severed in January without warning, and now faces a formal policy that makes the closure permanent. Community discussion on Hacker News split hard between “this is subscription abuse” and “Anthropic is building a walled garden.” On r/ClaudeAI, the dominant framing was blunter: developers who paid $200/month for what they understood as unlimited access felt the terms were retroactively changed mid-workflow.

Specific grievances documented by the ecosystem:

  • No migration path was announced before the block. As JP Caparas detailed on Medium, developers encountered broken workflows first, policy documentation weeks later. The error message came before the explanation.
  • The Agent SDK carve-out stings. The formal policy prohibits OAuth even with Anthropic’s own Agent SDK — meaning there is no flat-rate path for automated agents, full stop. If you’re building agents the “right” way using Anthropic’s own recommended tooling, you’re on metered API pricing regardless.
  • Account false positives happened. Anthropic acknowledged some accounts were incorrectly banned during January enforcement and said those were being reversed. The false positive rate was never publicly quantified — a gap VentureBeat’s coverage noted at the time.
  • The timing was called “customer hostile.” The phrase appeared repeatedly across Hacker News, Reddit, and maintainer posts. The community’s read: Anthropic closed the ecosystem at exactly the moment autonomous coding agents became viable for everyday developers.

Anthropic’s position is economically coherent. The $200/month Max subscription was priced for individual use of Claude Code — not for autonomous agents running overnight loops at frontier model scale. As paddo.dev’s analysis documented, the arbitrage gap ($200 flat vs. $1,000+ API-equivalent for heavy agent use) was not sustainable at any meaningful adoption level. Enforcement was a matter of when, not if.

What is harder to defend is the sequencing. Technical enforcement arrived January 9. Formal documentation arrived weeks later. Developers who built on unofficial behavior carry real responsibility for that architectural choice — but publishing the rule before breaking the behavior would have been better practice.


How to Fix Your Agent Workflows: The Multi-Model Shift

The most consequential outcome isn’t the anger. It’s the architectural response.

OpenCode pivoted immediately. The project launched OpenCode Black ($200/month, routed through an enterprise API gateway instead of consumer OAuth) and added OpenAI Codex integration alongside its Kimi k2.5 Zen tier. Claude moved from “default model” to “one of many supported providers” within weeks of the block.

OpenCode Zen was the free path at the time. If you were using OpenCode with a Claude subscription, OpenCode Zen offered Kimi k2.5 at no cost.

Open weights are gaining ground fast. Kimi k2.5’s timing was notable: Moonshot AI open-weighted a highly competitive model at nearly the same moment the Claude harnesses broke. For agent loops where flat-rate economics matter most, open weights plus hosted inference is becoming a genuine alternative to subscription arbitrage. At $3/1M tokens (Kimi API) vs. $25/1M (Claude Opus API), the math increasingly favors diversification.

Model-agnosticism is now a design default. New agent frameworks launching in 2026 lead with “any OpenAI-compatible API” as table stakes. This is a direct architectural response to January — the Claude harness episode demonstrated what single-vendor dependency costs when enforcement arrives without notice. For a full comparison of where the tools stand now, see Codex vs Claude Code vs Kimi k2.5.

Practical fixes by workflow:

If you were using OpenCode or Roo Code with a Claude Pro/Max subscription:

  • Use NVIDIA NIM — Free Kimi k2.5 API, no Claude dependency
  • Or try OpenCode Zen — Limited-time free models; verify the live roster and data terms
  • Or self-host with your own Anthropic API key — commercial terms, metered, compliant

If you’re building an agent or product on Claude:

If you want Claude-free options at no cost:


The compliance requirements, precisely

The February documentation creates explicit requirements for developers:

  1. Any product routing Claude requests on behalf of users → API keys, not OAuth
  2. Agent SDK usage → API keys from Claude Console, Bedrock, or Vertex
  3. OAuth is personal-use only → Claude Code and Claude.ai, nothing else
  4. Enforcement is unilateral and contractually without required notice — plan for it

This is not unique to Anthropic. OpenAI, Google Cloud, and AWS all maintain equivalent unilateral enforcement rights. The combination of flat-rate consumer plans and high-value agentic use created an unusually large economic gap — but the enforcement posture itself is standard.

For current risk ratings on third-party Claude setups, see third-party access risk and account ban risk.


April 2026 Update: From Ban to Billing Separation

As of April 4, 2026, Anthropic has significantly softened its stance. The company shifted from an outright ban on OAuth tokens in third-party tools to a pay-as-you-go billing model.

What Changed

AspectFebruary 2026April 2026
PolicyExplicit ban on OAuth in third-party toolsSubscription limits don’t cover third-party usage
OptionsAPI keys onlyUsage bundles OR API keys
Cost$200-1000+/month (API)Usage bundles at “discount” vs API
StatusEffectively bannedAllowed with separate billing

The New Path: Usage Bundles

Anthropic is now offering:

  • “Discounted usage bundles” for third-party tool access
  • One-time credit equal to monthly plan cost (automatic for subscribers)
  • Pay-as-you-go rather than unlimited subscription coverage

The negotiation: OpenClaw creator Peter Steinberger (now employed by OpenAI) and board member Dave Morin attempted to dissuade Anthropic. Steinberger noted: “tried to talk sense into Anthropic, best we managed was delaying this for a week.”

Why the shift? Rather than driving users to competitors (OpenAI, Kimi) with an outright ban, Anthropic chose to monetize third-party usage. This preserves the revenue from high-volume users while maintaining platform control.

Current status: Third-party OAuth is no longer “banned” but it’s no longer “free with subscription” either. Users must choose between usage bundles (convenience, unclear pricing) or API keys (transparent pricing, metered).


The bigger pattern

This episode is one of three Anthropic enforcement actions against ecosystem tools in the past year:

  • June 2025: Windsurf’s first-party Claude capacity cut with less than a week’s notice
  • August 2025: OpenAI’s Claude API access revoked for competitive benchmarking
  • January–February 2026: Third-party OAuth harnesses blocked; walled garden formalized in writing

Each action was economically or competitively motivated. None required advance notice under Anthropic’s terms. Platform concentration is a risk regardless of which vendor you’re concentrated on. For the Codex equivalent of this analysis — cloud dependency, vendor lock-in, and the ChatGPT credits trap — see Codex cloud dependency risk.


Our take

Anthropic’s position is correct on the economics and murky on the execution. The arbitrage gap was real and the enforcement was overdue. Publishing the rule after the block, not before, cost more goodwill than it needed to.

The deeper issue: the most capable AI coding model in the world has no flat-rate path for developers building autonomous agents. That is a genuine gap in Anthropic’s commercial offering, and the OSS ecosystem’s anger partly reflects unmet demand that no product currently addresses cleanly. “Walled garden” is the community’s shorthand for this problem — and the February documentation confirms the wall is intentional.

If you’re evaluating alternatives: the Free Frontier Stack covers Claude-free options at $0. If you’re staying with Claude on commercial terms, the Smart Spend Guide breaks down when API pricing becomes preferable to Max.



Sources


Policy pages change. Verify current terms at the official source before making architectural decisions.