Comment by bazhand
1 day ago
FWIW this isn’t new, using a Claude/Max subscription auth token as a general-purpose “API key” has been known (and blocked) for ages. OpenCode basically had to impersonate the official Claude Code client to make that work, and it always felt like a loophole that would get patched eventually.
This is exactly why (when OpenCode and Charm/Crush started diverging) Charm chose not to support “use your Claude subscription” auth and went in a different direction (BYOK / multi-provider / etc). They didn’t want to build a product on top of a fragile, unofficial auth path.
And I think there’s a privacy/policy reason tightening this now too: the recent Claude Code update (2.1-ish) pops a “Help improve Claude” prompt in the terminal. If you turn that ON, retention jumps from 30 days to up to 5 years for new/resumed chats/coding sessions (and data can be used for model improvement). If you keep it OFF, you stay on the default 30-day retention. You can also delete data anytime in settings. That consent + retention toggle is hard to enforce cleanly if you’re not in an official client flow, so it makes sense they’re drawing a harder line.
Yea exactly, I’m surprised people are calling this “drama”. It was from the beginning against the ToS, all the stuff supporting it just reverse engineered what Claude Code is doing and spoof being a client.
I tried something similar few months back and Claude already has restrictions against this in place. You had to very specifically pretend to be real Claude Code (through copying system prompts etc) to get around it, not just a header.