I believe LLM providers should ultimately be utilities from a consumer perspective, like water suppliers. I own the faucet, washer, bathtub, and can switch suppliers at will. I’ve been working on a FOSS client for them for nearly three years.
I hope that why the following is purely a factual distinction, not an excuse or an attempt to empathize.
The difference between the other entities named and OpenCode is this:
OpenCode uses people’s Claude Code subscriptions. The other entities use the API.
Specifically, OpenCode reverse‑engineers Claude Code’s OAuth endpoints and API, then uses them. This is harmful from Anthropic's perspective because Claude Code is subsidized relative to the API.
Edit: I’m getting “You’re posting too fast” when replying to mr_mitm. For clarity, there is no separate API subscription. Anthropic wants you to use one of two funnels for coding with their LLMs:
1. The API (through any frontend), or
2. A subscription through an Anthropic‑owned frontend.
i've been on claude code since before they even HAD subscriptions (api only) and since getting max from day 1 - I haven't once have assumed that access was allowed outside of CC. anyone who thinks otherwise is leaning into that cognitive dissonance
It’ll be interesting to see how far they take this cat and mouse game. Will “model attestation” become a new mechanism for enforcing tight coupling between client and inference endpoint? It could get weird, with secret shibboleths inserted into model weights…
Cat and mouse indeed... such is the way of the internet nomad
There ain't no client validation mechanism you can't fake with enough time, patience, reverse-engineering, and good-old-fashioned stubborn hacker ethos.
Have had max for awhile, funny thing opencode still sorta works with my cc max subscription. That said after awhile open code just hangs. My workflow involves saving state frequently. I cancel open back up and continue then it’s performant for maybe 2-3 token context windows, repeat
When using their web UI with Firefox and ublock origin it regularly freezes the tab when the answer is written out. Someone at Anthropic had to create a letter-by-letter typing animation with GIF image and sentry callbacks every five seconds, which ends up in an infinite loop.
I've seen reports about this bug affecting Firefox users since Q3 2025. They were reported over various channels.
Not a fan of them prioritizing the combat against opencode instead of fixing issues that affect paying users.
you can get around this by making an agent in opencode and that agent should not mention opencode at all, e.g. "You're an agent that uses Claude Opus..." and it will just work.
Please stop spreading this nonsense. Anthropic is not blocking Opencode. You can use all their models within Opencode using API. Anthropic simply let Dax and team use unlimited plans for the past year or so. I don’t even know if it was official. I find this a bit comical and immature. You want to use the models, just pay for it. Why are people trying to nickel and dime on tools that they use day in day out?
While Anthropic can choose whatever tool uses their api or subscription but I never fully understood what they gain from having the subscription explicitly only work for claude code. Is the issue that it disincentivizes the use of their API?
Obviously Anthropic are within their rights to do this, but I don’t think their moat is as big as they think it is. I’ve cancelled my max subscription and have gone over to ChatGPT pro, which is now explicitly supporting this use case.
I do not understand the stubbornness with wanting to use the auth part. On local, just call the claude code from your harness, or better there is a claude agent sdk, both of which have clear auth and are permitted acc to anthropic. But to say that they want to use this auth as a substitution for API is a different issue altogether.
This is definitely Barbara Streisanding right now. I had never heard of OpenCode. But I sure have now! Will have to check it out. Doubt I’ll end up immediately canceling Claude Code Max, but we’ll see.
The title is misleading if you don’t read the whole text: Anthropic is not blocking OpenCode from the API that they sell.
They’ve blocked OpenCode from accessing the private Claude Code endpoints. These were not advertised or sold as usable with anything else. OpenCode reverse engineered the API and was trying to use it.
The private API isn’t intended for use with other tools. Any tool that used it would get blocked.
The only difference is the auth method - OAuth bearer token (sk-ant-oat01-...) vs API key (sk-ant-api03-...). The "blocking" is request body fingerprinting on the server side.
Here's what a working Claude Code request looks like:
{
"model": "claude-sonnet-4-20250514",
"max_tokens": 32000,
"stream": true,
"metadata": {
"user_id": "user_<sha256>_account_<uuid>_session_<uuid>"
},
"system": [
{"type": "text", "text": "You are a Claude agent, built on Anthropic's Claude Agent SDK."},
{"type": "text", "text": "<~12KB of instructions>"}
],
"tools": [
{"name": "Task", ...},
{"name": "Bash", ...},
// 17 tools total, PascalCase names
],
"messages": [...]
}
And here's what OpenCode sends (blocked):
{
"model": "claude-sonnet-4-20250514",
"max_tokens": 16000,
"temperature": 0, // Claude Code doesn't send this
"stream": true,
// no metadata.user_id - required
"system": [
{"type": "text", "text": "You are OpenCode, an interactive CLI..."}
],
"tools": [
{"name": "bash", ...}, // lowercase, wrong schema
{"name": "edit", ...},
// 11 tools total
],
"messages": [...]
}
The API validates at least 5 things:
(1) system prompt must start with "You are a Claude agent, built on Anthropic's Claude Agent SDK."
(2) tools must match Claude Code's exact 17 tool definitions with PascalCase names
(3) headers must include anthropic-beta, x-app: cli, and claude-cli user-agent
(4) metadata.user_id must be present in a specific format
(5) temperature field must be absent.
Fail any of these:
400 | This credential is only authorized for use with Claude Code
and cannot be used for other API requests.
It's bypassable though. I wrote a local proxy that lets OpenCode (and other third-party clients) work with a Max subscription. The approach: run legit Claude Code through the proxy once to capture its exact request format - the full system prompt, all 17 tool schemas, headers. Cache that. Then when OpenCode sends a request, the proxy swaps its templates with Claude Code's cached ones, adds the required headers/metadata, and strips temperature. The OAuth token is already on disk at ~/.claude/.credentials.json (written by "claude login") - the proxy just reads it for each request.
Same endpoint, same request size, just different templates. Returns 200. OpenCode works with Max subscription again.
It's not endpoint separation, it's request body validation. The OAuth token is tied to an expected request format, but the format can be mimicked.
Soft plug: the team at nori just announced our own CLI today. Most people build on top of the provider layer, but we build on top of the agent layer. This means that you can use your subscriptions, and you get the benefit of getting the best system prompts and tools that the base models were fine tuned with.
38 comments
[ 2.9 ms ] story [ 61.7 ms ] threadI hope that why the following is purely a factual distinction, not an excuse or an attempt to empathize.
The difference between the other entities named and OpenCode is this:
OpenCode uses people’s Claude Code subscriptions. The other entities use the API.
Specifically, OpenCode reverse‑engineers Claude Code’s OAuth endpoints and API, then uses them. This is harmful from Anthropic's perspective because Claude Code is subsidized relative to the API.
Edit: I’m getting “You’re posting too fast” when replying to mr_mitm. For clarity, there is no separate API subscription. Anthropic wants you to use one of two funnels for coding with their LLMs: 1. The API (through any frontend), or 2. A subscription through an Anthropic‑owned frontend.
I get it though, Anthropic has to protect their investment in their work. They are in a position to do that, whereas most of us are not.
There ain't no client validation mechanism you can't fake with enough time, patience, reverse-engineering, and good-old-fashioned stubborn hacker ethos.
I've seen reports about this bug affecting Firefox users since Q3 2025. They were reported over various channels.
Not a fan of them prioritizing the combat against opencode instead of fixing issues that affect paying users.
"The open source AI coding agent
Free models included or connect any model from any provider, including Claude, GPT, Gemini and more."
I don't like it too, but it is what it is.
If I gave free water refils if you used my brand XYZ water bottle, you should not cry that you don't get free refills to your ABC branded bottle.
It may be scummy, but it does make sense.
Anthropic blocks third-party use of Claude Code subscriptions
https://news.ycombinator.com/item?id=46549823
They’ve blocked OpenCode from accessing the private Claude Code endpoints. These were not advertised or sold as usable with anything else. OpenCode reverse engineered the API and was trying to use it.
The private API isn’t intended for use with other tools. Any tool that used it would get blocked.
I reverse engineered this over the past week. Both Claude Code and regular API users hit the same endpoint: https://api.anthropic.com/v1/messages
The only difference is the auth method - OAuth bearer token (sk-ant-oat01-...) vs API key (sk-ant-api03-...). The "blocking" is request body fingerprinting on the server side.
Here's what a working Claude Code request looks like:
And here's what OpenCode sends (blocked): The API validates at least 5 things:(1) system prompt must start with "You are a Claude agent, built on Anthropic's Claude Agent SDK."
(2) tools must match Claude Code's exact 17 tool definitions with PascalCase names
(3) headers must include anthropic-beta, x-app: cli, and claude-cli user-agent
(4) metadata.user_id must be present in a specific format
(5) temperature field must be absent.
Fail any of these:
It's bypassable though. I wrote a local proxy that lets OpenCode (and other third-party clients) work with a Max subscription. The approach: run legit Claude Code through the proxy once to capture its exact request format - the full system prompt, all 17 tool schemas, headers. Cache that. Then when OpenCode sends a request, the proxy swaps its templates with Claude Code's cached ones, adds the required headers/metadata, and strips temperature. The OAuth token is already on disk at ~/.claude/.credentials.json (written by "claude login") - the proxy just reads it for each request.Same endpoint, same request size, just different templates. Returns 200. OpenCode works with Max subscription again.
It's not endpoint separation, it's request body validation. The OAuth token is tied to an expected request format, but the format can be mimicked.
Cliff posted a show hn earlier today here: https://news.ycombinator.com/item?id=46616562