April 4, 2026. Every Claude subscriber got the same email. Third-party harnesses, starting with OpenClaw, can no longer use your subscription. You can still use them, but they require “extra usage”: pay-as-you-go billing, separate from your plan.

Here’s a one-time credit equal to your monthly subscription. Here’s up to 30% off if you pre-buy usage bundles. Here’s a refund option if you’d rather walk.

Compare that to January 9, when Anthropic silently killed OpenCode at 2:20 AM UTC. No email. No credit. No migration path. Just a new error message and a flood of GitHub issues.

Same outcome. Completely different delivery.

Four Months, Four Moves

The arc makes more sense in retrospect than it did in real time:

  • January 9: Technical block. OAuth tokens from subscriptions stop working in third-party tools. Silent, overnight, hostile. DHH calls it “very customer hostile.” OpenCode ships ChatGPT Plus support within hours.
  • January 27 - February 19: Legal pressure. C&D against OpenClaw’s name. ToS updated to explicitly ban subscription OAuth in third-party tools. OpenCode removes all Claude OAuth code citing “Anthropic legal requests.” Steinberger joins OpenAI.
  • March 31: Source code leak. A Bun bug ships 512,000 lines of TypeScript via npm. The cryptographic attestation mechanism that verified “this is really Claude Code” is exposed in full. Technical blocks become trivially bypassable.
  • April 4: Billing enforcement. The email. Use whatever client you want. Pay API rates for it.

Each move was forced by the failure of the previous one. Technical blocks got spoofed. Legal pressure radicalized the community. The source leak made detection futile. Billing enforcement is the only lever left.

The attestation problem

Claude Code verified its identity via a cryptographic hash computed in Bun’s Zig layer (the cch header). Third-party clients couldn’t replicate it because they couldn’t see the mechanism. After March 31, everyone could see it. The entire technical enforcement strategy collapsed in a single npm publish.

Why This One Feels Different

The January crackdown was punitive. No warning, no alternatives, no empathy. It read like an infrastructure team plugging an exploit, not a company communicating with paying customers.

The April version reads like product management. Advance notice. Transition credits. Discount bundles. A refund offer arriving tomorrow. Even the framing shifted: “capacity is a resource we manage carefully” instead of “these tools are prohibited by our Terms of Service.”

Anthropic learned something between January and April. Not about pricing or infrastructure. About delivery. The January backlash wasn’t primarily about the policy. It was about the execution.

Both me and @davemorin tried to talk sense into Anthropic, best we managed was delaying this for a week.

— Peter Steinberger, OpenClaw creator

That delay matters. It’s the difference between “we flipped a switch at 2am” and “we sent an email a week early.” Same wall. Door instead of a cliff.

The Leak Forced the Pivot

This is the part that connects the arc. Without the March 31 source leak, Anthropic could have kept playing whack-a-mole: detect third-party clients via binary attestation, block them, update the attestation when someone reverse-engineers it.

The leak ended that game. 512,000 lines of source code, mirrored everywhere, DMCA’d into the Streisand effect. Claw-code hit 136K stars. The attestation logic is public knowledge. Any developer can build a client that passes verification.

So Anthropic did the rational thing: stop trying to detect which client is calling and start metering what matters. Your subscription covers Claude’s products. Everything else bills at API rates. It doesn’t matter if the request comes from OpenClaw, claw-code, NanoClaw, or a curl command. The billing layer doesn’t care about the client. It cares about the account.

The strategic shift

Technical enforcement asks “who is calling?” Billing enforcement asks “how much are they using?” The second question is harder to game and doesn’t require an arms race with open-source developers.

The Honest Case for Anthropic

I’ve been critical of the crackdown from the start. But the billing enforcement deserves a fairer read than the January block got.

The economics were never sustainable. A $200/month Max subscription delivering $1,000+ in API-equivalent value only works if usage stays human-scale. Third-party harnesses removed Claude Code’s rate limits. Autonomous overnight loops turned a consumer subscription into enterprise-grade throughput. The Ralph Wiggum technique running through OpenClaw at 3am doesn’t look like a human typing.

Anthropic isn’t killing third-party harnesses. They’re killing the pricing arbitrage. Use OpenClaw. Use claw-code. Use whatever client you want. But pay for the compute you consume.

That’s a defensible position. The January version of this policy was indefensible because it offered no alternative. The April version says: here’s the alternative, here’s a credit to try it, here’s a discount if you commit.

Anthropic crackdown on people abusing the subscription auth is the gentlest it could’ve been.

— @banteg on X

What It Actually Costs

The transition isn’t free. “Extra usage” means API-rate billing for every third-party tool interaction. For casual users, the one-time credit covers the transition. For developers running autonomous loops through OpenClaw, the math changes dramatically.

A heavy Claude Code session burns through tokens that would cost $30-50 at API rates. Run that overnight, unattended, through a third-party harness? The $200 subscription was subsidizing hundreds of dollars in compute. The credit is a gesture. The 30% bundle discount helps. But the economics of “set it and forget it” agent loops just shifted permanently.

The developers who’ll feel this most are exactly the ones who drove the subscription arbitrage in the first place. Power users who chose Claude specifically because the flat rate made autonomous workflows economically viable.

The Arc in Retrospect

Four months ago I wrote that subscription arbitrage was over and ended with “I’m building exits.” Three weeks ago I wrote that the source leak meant “controlling distribution becomes the only lever.” Two weeks ago I documented Anthropic absorbing OpenClaw’s features into native Channels.

Today’s email is the epilogue. The arc completes:

  1. Block the tools (January)
  2. Absorb the features (February - March)
  3. Lose the source code (March 31)
  4. Charge for the compute (April 4)

Each step made the next one inevitable. You can’t maintain technical blocks when the source is public. You can’t justify blocking tools you’ve already absorbed the best features from. You can charge for compute because that’s the one thing open-source clients can’t replicate: access to the model itself.

The moat shifted

I wrote earlier today that the harness layer was where the product moat lived. That was true before March 31. The leak commoditized the harness overnight: 512,000 lines of architecture, public forever. What’s left? The model itself. OpenClaw can replicate the harness. Claw-code can replicate the architecture. Nobody can replicate Opus 4.6. The moat moved from harness to model the moment the source went public. The billing layer is the gate to what remains.

What This Means

The subscription arbitrage era is over. Not with a silent kill switch at 2am, but with an email, a credit, and a refund offer. Anthropic figured out that the policy wasn’t the problem in January. The delivery was.

For developers using third-party harnesses: your tools still work. Your wallet takes the hit. Budget accordingly.

For Anthropic: this is the right policy delivered the right way, four months too late. The community you needed most is already at OpenAI. The source code you needed private is already public. The trust you needed intact is already cracked.

The exits I started building in January? Still building them. Not because today’s email is hostile. Because the pattern that produced January’s crackdown hasn’t changed. Only the packaging has.

Related Posts