They’ve blocked OpenCode from accessing the private Claude Code endpoints. These were not advertised or sold as usable with anything else. OpenCode reverse engineered the API and was trying to use it.
The private API isn’t intended for use with other tools. Any tool that used it would get blocked.
Isn't that misleading from Anthropic side? The gist shows that only certain tools are block, not all. They're selectively enforcing their ToS.
That’s a reasonable attempt to enforce the ToS. For OpenCode, they also take the next step of additionally blocking a second line of “You are OpenCode.”
There might be more thorough ways to effect a block (e.g. requiring signed system prompts), but Anthropic is clearly making its preferences known here.
Are those other phrases actually used by any tools? I thought they were just putting phrases into the LLM arbitrarily. Any misuse of the endpoint is detected at scale they probably add more triggers for that abuse.
Expecting it to magically block different phrases is kind of silly.
> They're selectively enforcing their ToS.
Do you have anything to support that? Not a gist of someone putting arbitrary text into the API, but links to another large scale tool that gets away with using the private API?
Seems pretty obvious that they’re just adding triggers for known abusers as they come up.
I reverse engineered this over the past week. Both Claude Code and regular API users hit the same endpoint: https://api.anthropic.com/v1/messages
The only difference is the auth method - OAuth bearer token (sk-ant-oat01-...) vs API key (sk-ant-api03-...). The "blocking" is request body fingerprinting on the server side.
Here's what a working Claude Code request looks like:
{
"model": "claude-sonnet-4-20250514",
"max_tokens": 32000,
"stream": true,
"metadata": {
"user_id": "user_<sha256>_account_<uuid>_session_<uuid>"
},
"system": [
{"type": "text", "text": "You are a Claude agent, built on Anthropic's Claude Agent SDK."},
{"type": "text", "text": "<~12KB of instructions>"}
],
"tools": [
{"name": "Task", ...},
{"name": "Bash", ...},
// 17 tools total, PascalCase names
],
"messages": [...]
}
{
"model": "claude-sonnet-4-20250514",
"max_tokens": 16000,
"temperature": 0, // Claude Code doesn't send this
"stream": true,
// no metadata.user_id - required
"system": [
{"type": "text", "text": "You are OpenCode, an interactive CLI..."}
],
"tools": [
{"name": "bash", ...}, // lowercase, wrong schema
{"name": "edit", ...},
// 11 tools total
],
"messages": [...]
}
(1) system prompt must start with "You are a Claude agent, built on Anthropic's Claude Agent SDK."
(2) tools must match Claude Code's exact 17 tool definitions with PascalCase names
(3) headers must include anthropic-beta, x-app: cli, and claude-cli user-agent
(4) metadata.user_id must be present in a specific format
(5) temperature field must be absent.
Fail any of these:
400 | This credential is only authorized for use with Claude Code
and cannot be used for other API requests.
Same endpoint, same request size, just different templates. Returns 200. OpenCode works with Max subscription again.
It's not endpoint separation, it's request body validation. The OAuth token is tied to an expected request format, but the format can be mimicked.
I get it though, Anthropic has to protect their investment in their work. They are in a position to do that, whereas most of us are not.
They’ve blocked the workaround OpenCode was using to access a private API that was metered differently.
Any tool that used that private endpoint would be blocked. They’re not pushing an agenda. They’re just enforcing their API terms like they would for any use.
Viewed another way, the preferential pricing they're giving to Claude Code (and only Claude Code) is anticompetitive behavior that may be illegal.
They’re not obligated to give other companies access to their services at a discounted rate.
The Claude Code endpoint is a private API. They’re free to control usage of their private API.
The Claude subscription used for Claude Code is to all appearances being sold substantially below the cost to run it, and it certainly seems that this is being done to maintain Claude Code's market dominance and force out competitors who cannot afford to subsidize LLM inference in the same way such as OpenCode.
It's not a matter of there being a public API, I don't believe they are obligated to offer one at all, it's a matter of the Claude Subscription being priced fairly so that OpenCode (on top of, say, gemini) can be competitive.
Yet they have to acquire market dominance in a meaningful market first if you want to prosecute, otherwise it's just a failed business strategy. Like that company selling movie tickets bellow cost.
I’m surprised they didn’t go with the option of offering opus 4.6 to Claude code only.
The Claude Code plans may not be operating at a loss either. Most people don’t use up 100% of their plan. Few people do. A lot of it goes idle.
Training models cost tens of millions, their revenues from sub + api are well above hundreds of millions.
If you look at minimax IPO data, you can see that they spent 3x their revenue on "cloud bills".
So yes, it's probable that they do subsidize inference through subscriptions in order to capture market.
No inferrence provider is profitable, and most run on VC money to serve customers.
Citing the ToS is circular logic. They set the terms and can change them whenever they want!
Have you seen the "you wouldn't steal a car" ads? Or this video? https://youtu.be/IeTybKL1pM4?si=utZ5KjmK-C2-fFdP
The hard part is that they have an Anthropic-compatible API that’s different than completion/responses.
The moat is Sonnet/Opus not Claude Code it can never be a client side app.
Cost arbitrage like this is short lived, until the org changes pricing.
For example Anthropic could release say an ultra plan at $500-$1000 with these restrictions removed/relaxed that reflects the true cost of the consumption, or get cost of inference down enough that even at $200 it is profitable for them and they will stop caring if higher bracket does not sell well, Then $200 is what market is ready to pay, there will be a % of users who will use it more than the rest as is the case in any software.
Either way the only money here i.e. the $200(or more) is only going to Anthropic.
[1] Perceived or real there is huge gulf in how Sonnet 4.5 is seen versus GPT 5.2-codex .
Are they doing it? No idea, it sounds ridiculously expensive; but they did buy Bun, maybe to facilitate integrating around CC. Cowork, as an example, uses CC almost as an infrastructure layer, and the Claude Agent SDK is basically LiteLLM for your Max subscription - also built on/wrapping the CC app. So who knows, the juice may be worth the RL squeeze if CC is going to be foundational to some enterprise strategy.
Also IMO OpenCode is not better, just different. I’m getting great results with CC, but if I want to use other models like GLM/Qwen (or the new Nvidia stuff) it’s my tool of choice. I am really surprised to see people cancelling their Max subscriptions; it looks performative and I suspect many are not being honest.
The tool calls,reasoning etc are still sent, tracked and used by Anthropic, the model cannot function well without that kind of detail.
OpenCode also get more data if they to train their own model with, however at this point only few companies can attempt to do foundational model training runs so I don't think the likes of Anthropic is worried about a small player also getting their user data.
---
> it looks performative and I suspect many are not being honest.
Quite possible if they were leveraging the cost arbitrage i.e. the fact at the actual per token cost was cheaper because of this loophole. Now their cost is higher, they perhaps don't need/want/value the quality for the price paid, so will go to Kimi K2/ Grok Code/ GLM Air for better pricing, basically if all you value is cost per token this change is reason enough to switch.
These are kind of users Anthropic perhaps doesn't want. Somewhat akin to Apple segmenting and not focusing on the budget market.
Why do you think I'm not being honest? What am I supposedly not being honest about?
If their model was truly ahead of the game, they wouldn't lock down the subsidized API in the same week they ask for 5-year retention on my prompts and permission to use for training. Instead, they would have been focusing on delivering the model more cheaply and broadly, regardless of which client I use to access it.
This is pretty undisputed I think... So if we're going to condemn anthropic for it, it'd be pretty one-sided unless we also took it up with any other companies doing so, like Apple, Google, ... And frankly basically all closed source companies.
It's just coincidentally more obvious with this Claude code API because the only difference between it and the public one is the billing situation...
The only basis we'd have to argue otherwise is that the subscription predates Claude code
https://www.anthropic.com/news/claude-pro (years ago)
But I didn't think we're strangers to companies pivoting the narrative like this
As such, the sentiment in this thread is chilling.
I've seen reports about this bug affecting Firefox users since Q3 2025. They were reported over various channels.
Not a fan of them prioritizing the combat against opencode instead of fixing issues that affect paying users.
I've found several reports about this issue. Seems they don't care about Firefox.
OpenCode is an interesting tool but if this is your first time hearing of it you should probably be aware of their recent unauthenticated RCE issues and the slow response they’ve had to fixing it: https://news.ycombinator.com/item?id=46581095 They say they’re going to do better in the future but it’s currently on my list of projects to keep isolated until their security situation improves.
All of these tools are either
- created by companies powered by VC money that never face consequences for mishandling your data
- community vibecoded with questionable security practices
These tools also need to have a substantial amount of access to be useful so it is really hard to secure even if you try. Constantly prompting for approval leads to alert fatigue and eventually a mistake leading to exfiltration.
I suggest just stick to LXC or VM. Desktop (including linux) userland security is just bad in general. I try to keep most random code I download for one off tasks to containers.
I used OpenCode to vibe code the shell script I use to manage it.
I actually use VMs rather than LXC, which makes it easier to run e.g. docker.
I immediately reached for VMs because I just didn't want any question about the full level of isolation, but the cool thing about incus is that it should be easy to switch between them.
Absolutely all coding agents should be run in sandboxed containers, 24/7, if you do otherwise, please don't cry when you're pwned.
Claude Code’s creator has also said that CC is 100% AI generated these days.
I really would like further clarification on those points as I would be pretty interested for a product I'm building if it was indeed made possible.
Asked Minimax 2.1 that question. 0.008$
At some point it stops making sense. You cannot use "the good model" just for the hard bits without basically hand writing you own harness. Even then, it will need full, uncached context.
Feels like consulting a premium lawyer to ask how much time is it.
Cliff posted a show hn earlier today here: https://news.ycombinator.com/item?id=46616562
There ain't no client validation mechanism you can't fake with enough time, patience, reverse-engineering, and good-old-fashioned stubborn hacker ethos.
A simple example: can you arbitrarily manipulate the historical context of a given request to the LLM? It's useful to do that sometimes. Another one: can you create a programmatic flow that tries 3 different LLM requests, then uses an LLM judge to contrast and combine into a best final answer? Sure, you could write a prompt that says do that, but that won't yield equivalent results.
These are just examples, the point is you don't get fine control.
> Unless previously approved, we do not allow third party developers to offer Claude.ai login or rate limits for their products, including agents built on the Claude Agent SDK. Please use the API key authentication methods described in this document instead.
I wonder if Opencode could use ACP protocol as well. ACP seems to be a good abstraction, I should probably learn more about it. Any TLDR's on how it works?
—-
1. ACP Servers Expect IDE-like Clients The ACP server interface in Claude Code is designed for: ∙ Receiving file context from an IDE ∙ Sending back edits, diagnostics, suggestions ∙ Managing a workspace-scoped session It’s not designed for another autonomous agent to connect and say “go solve this problem for me.”
2. No Delegation/Orchestration Semantics in ACP ACP (at least the current spec) handles: ∙ Code completions ∙ Chat interactions scoped to a workspace ∙ Tool invocations It doesn’t have primitives for: ∙ “Here’s a task, go figure it out autonomously” ∙ Spawning sub-agents ∙ Returning when a multi-step task completes
3. Session & Context Ownership Both tools assume they own the agentic loop. If OpenCode connects to Claude Code via ACP, who’s driving? You’d have two agents both trying to: ∙ Decide what tool to call next ∙ Maintain conversation state ∙ Handle user approval flows
Edit: I may have been rude previously but I was feeling beyond angry because I have tried to be a part of the community and I don't even know what to say
I genuinely am speechless. I think its so sad to see HN community be unable to trust and how you accuse me man which is so sad to see.
I genuinely just don't know what to say? I hope you are (jokng or something?) but what sort ofjoke is this?
I hope that why the following is purely a factual distinction, not an excuse or an attempt to empathize.
The difference between the other entities named and OpenCode is this:
OpenCode uses people’s Claude Code subscriptions. The other entities use the API.
Specifically, OpenCode reverse‑engineers Claude Code’s OAuth endpoints and API, then uses them. This is harmful from Anthropic's perspective because Claude Code is subsidized relative to the API.
Edit: I’m getting “You’re posting too fast” when replying to mr_mitm. For clarity, there is no separate API subscription. Anthropic wants you to use one of two funnels for coding with their LLMs: 1. The API (through any frontend), or 2. A subscription through an Anthropic‑owned frontend.
It's up to operating systems to offer a content consumption experience for end users which reverses the role of platforms back to their original, most basic offers. They all try to force you into their applications which are full of tracking, advertisements, upsells, and anti-consumer interface design decisions.
Ideally the operating system would untangle the content from these applications and allow the end user to consume the content in a way that they want. For example Youtube offers search, video and comments. The operating system should extract these three things and create a good UI around it, while discarding the rest. Playlists and viewing history can all be managed in the offline part of the application. Spotify offers music, search and lyrics but they want you to watch videos and use social media components in their very opinionated UIs, while actively fighting you to create local backup of your music library.
Software like adblockers, yt-dlp and streamlink are already solving parts of these issues by untangling content from providers for local consumption in a trusted environment. For me the fight by Anthropic against OpenCode fits into this picture.
These companies are acting hostile even towards paying customers, each of them trying to build their walled gardens.
That's why we are supposed to have legislation to regulate that utilities and common carriers can't behave that way.
Internet + shitty "security" software that only runs on their hardware + modem rental is cheaper than internet only + bring your own equipment. You can't buy the cheaper internet+security package without their hardware (or so they claimed).
Maybe try the style where you start off with your position in a self-contained sentence, and then write a paragraph elaborating on it.
It means that even though the cost depends on usage, you are billed at least a fixed minimum amount, regardless of how little water you actually use.
Claude Code as a product doesn’t use their pay per call API, but they’ve never sold the Claude Code endpoint as a cheaper way to access their API without paying for the normal API
They gave Claude Code a discount to make it work as a product.
The API is priced for all general purpose usage.
They never sold the Claude Code endpoint as a cheaper general purpose API. The stories about “blocking OpenCode” are getting kind of out of hand because they’d block any use of the Claude Code endpoint that wasn’t coming from their Claude Code tool.
It also perhaps tries to preserve some moat around their product/service.
re the whole unused capacity is the nature of inference on GPUs. In any cluster, you can batch inputs (ie takes same time for say 1 query or 100 as they can be parallelized) and now continuous batching[1] exists. With API and bursty nature of requests, clusters would be at 40%-50% of peak API capacity. Makes sense to divert them to subscriptions. Reduces api costs in future, and gives anthropic a way to monetize unused capacity. But if everyone does it, then there is no unused capacity to manage and everyone loses.
> it uses API's unused capacity
I see no waiting or scheduling on my usage - it runs, what appears to be, full speed till I hit my 4 hour / 7 day limit and then it stops.
Claude code is cheap (via a subscription) because it is burning piles of investor cash, while making a bit back on API / pay per token users.
With continuous batching, you don't wait for entire previous batch to finish. The request goes in as one finishes. Hence the wait time is negligible.
Anthropic blocks third-party use of Claude Code subscriptions
some of them worked around it, but it looked like they added something specifically for OpenCode today, which seems to have been worked around again after the OpenCode-specific block: https://github.com/anomalyco/opencode-anthropic-auth/commits...
Then they get angry when their use is blocked.
Only in this case they can 100% use the service via a paid API.
"The open source AI coding agent
Free models included or connect any model from any provider, including Claude, GPT, Gemini and more."
> the phrase "You are OpenCode" in system prompts
I don't like it too, but it is what it is.
If I gave free water refils if you used my brand XYZ water bottle, you should not cry that you don't get free refills to your ABC branded bottle.
It may be scummy, but it does make sense.
The root cause is and remains their pricing: the delta between their token billing and their flat fee is just screaming to be exploited by a gray market.
Edit: or should I say, the subscription is artificially cheap
Cry me a river - I never stop hearing how developers think their time is so valuable that no amount of AI use could possibly not be worth it. Yet suddenly, paying for what you use is "too expensive".
I'm getting sick of costs being distorted. It's resulting in dysfunctional methodologies where people are spinning up ridiculous number agents in the background, burning tokens to grind out solutions where a modicum of oversight or direction from a human would result in 10x less compute. At very least the costs should be realised by the people doing this.
Yeah, I noticed it. I use Claude, but I use it responsibly. I wonder how many "green" people run these instances in parallel. :D