The Day Everything Broke

January 9, 2026, 02:20 UTC. Anthropic flipped a switch.

Thousands of developers woke up to a new error message: “This credential is only authorized for use with Claude Code.”

Third-party tools using Claude Pro/Max subscriptions—including OpenCode with its 56,000+ GitHub stars—stopped working overnight. No warning. No migration path.

What happened?

The Spoofing Scheme

Here’s what was actually going on behind the scenes.

The Setup:

  • Claude Max subscription costs $200/month for “unlimited” usage
  • But Anthropic intended this for their official Claude Code CLI only
  • The CLI has built-in speed limits and telemetry

The Exploit:

  • OpenCode (and similar tools) spoofed the Claude Code client identity
  • They sent fake headers (User-Agent: ClaudeCode/1.0) to appear as the official client
  • Users got unlimited Opus 4.5 access at flat-rate pricing
  • What would cost $1,000+ via API now cost $200

The Problem:

  • Third-party tools removed speed limits
  • Developers ran overnight autonomous loops—coding, testing, fixing errors for 8-10 hours unattended
  • This was never what the Max subscription was designed for

DHH (creator of Rails) called the sudden block “very customer hostile.” And he wasn’t wrong about the execution. But the underlying situation was messier than it appeared.

Who’s Actually Wrong Here?

Let’s be honest about all sides.

OpenCode’s fault:

  • If you have to “pretend to be the official client,” you already know it’s not clean
  • Spoofing headers to bypass restrictions is a ToS violation, full stop
  • They enabled an arbitrage that was never sustainable

Users’ situation:

  • Many genuinely thought OAuth login was legitimate
  • Most people see OAuth and assume it’s authorized usage
  • Some knowingly exploited the loophole for cheap API access

Anthropic’s fault:

  • Zero-notice enforcement was brutal
  • Abuse filters mass-banned innocent accounts
  • No grace period or migration path offered

As one commenter put it: “ToS violations don’t justify zero-notice lockouts. Zero-notice lockouts don’t make ToS violations acceptable.”

The Aftermath

Within hours of the block, OpenCode shipped alternatives:

  1. ChatGPT Plus/Pro support (v1.1.11) - /connect for OpenAI OAuth
  2. OpenCode Black - New $200/month tier routing through enterprise API gateway
  3. API key authentication - Always worked, always will

The developer Dax Raad’s message was clear: if Anthropic doesn’t want OpenCode users, OpenAI does. He announced the pivot with a Gladiator GIF—an unsubtle nod to the spectacle.

Meanwhile, George Hotz (geohot) wrote:

“You will not convert people back to Claude Code, you will convert people to other model providers.”

And he’s been proving it, publicly switching to alternative models.

So What is Oh My OpenCode, Actually?

Strip away the controversy, and Oh My OpenCode is genuinely impressive software.

Created by YeonGyu Kim, it’s a plugin for OpenCode that transforms a single AI assistant into a multi-agent orchestration system. The flagship agent is called Sisyphus—named after the Greek king condemned to roll a boulder uphill forever.

The philosophy: “Humans roll their boulder every day. So do you. Your code should be indistinguishable from a senior engineer’s.”

The Agent Team (Verified from DeepWiki)

AgentModelRole
Sisyphusclaude-opus-4-5 (32k thinking)Primary orchestrator—plans, delegates, tracks
Oracleopenai/gpt-5.2Architecture review, complex debugging
Exploreopencode/grok-codeFast codebase exploration (read-only)
Librarianclaude-sonnet-4-5External docs, GitHub search, Context7
Frontend Engineergoogle/gemini-3-pro-previewUI/UX implementation
Document Writergoogle/gemini-3-pro-previewREADME, API docs, guides
Multimodal Lookergoogle/gemini-2.5-flashPDF/image analysis

What Makes It Different

1. Parallel Background Execution

While you work on one thing, agents research in parallel:

1
2
3
4
5
6

You: "Search for auth patterns while I work on the database"

Sisyphus:
├── Background: Librarian (searching docs)
├── Background: Explore (mapping codebase)
└── Foreground: Your current task

2. Strict Engineering Standards

Sisyphus refuses to:

  • Suppress type errors with as any or @ts-ignore
  • Leave empty catch blocks
  • Delete failing tests to make them “pass”
  • Shotgun debug (random changes hoping something works)

3. Smart Delegation

Frontend visual changes? Automatically delegated to Frontend Engineer. Complex architecture questions? Oracle gets consulted. Need library documentation? Librarian handles it.

4. TODO-Driven Workflow

Every non-trivial task becomes a tracked TODO list. Items marked in_progress when started, completed immediately when done. No “forgetting” mid-task.

How to Use It Properly (Post-Controversy)

The legitimate paths that work today:

1
2
3
4
5
6
7
8

# Set environment variables
export ANTHROPIC_API_KEY="sk-ant-..."
export OPENAI_API_KEY="sk-..."
export GOOGLE_API_KEY="..."

# Install
bun install -g oh-my-opencode
bunx oh-my-opencode install --no-tui --claude=no --chatgpt=no --gemini=no

The --claude=no flags mean “no subscription auth”—you’ll use API keys instead.

Cost estimate for heavy usage: $200-400/month depending on intensity. Similar to Max subscription, but legitimate and multi-model.

Option 2: OpenAI OAuth (ChatGPT Plus/Pro)

Since v1.1.11, OpenCode supports OpenAI subscription authentication:

1

bunx oh-my-opencode install --no-tui --claude=no --chatgpt=yes --gemini=no

Option 3: Google Gemini (Antigravity OAuth)

1

bunx oh-my-opencode install --no-tui --claude=no --chatgpt=no --gemini=yes

What NOT to Do

  • ❌ Don’t try to spoof Claude Code headers
  • ❌ Don’t use workarounds that mimic official client identity
  • ❌ Don’t assume OAuth login = legitimate usage

The Bigger Picture

This controversy exposed a fundamental tension in AI tooling:

Closed ecosystems offer polish but vendor lock-in. Open alternatives offer freedom but sometimes cut corners.

The spoofing wasn’t a gray area—it was a clear ToS violation dressed up as “interoperability.” But Anthropic’s nuclear response—mass bans with no warning—showed how fragile these relationships are.

What’s clear now:

  • If you want Claude models, use API keys or Claude Code
  • If you want flexibility, Oh My OpenCode with legitimate authentication is excellent
  • Multi-model support isn’t just a feature—it’s insurance against exactly this kind of lockout

Should You Use Oh My OpenCode?

Yes, if:

  • You want multi-agent orchestration with specialized agents
  • You’re okay paying API costs (or using OpenAI/Google OAuth)
  • You want vendor independence and multi-model flexibility
  • You value strict engineering standards enforced by the agent

No, if:

  • You want the cheapest possible path (Claude Code with Max is cheaper for heavy usage if you stay within their rules)
  • You’re uncomfortable with API cost variability
  • You prefer an official, supported tool with guaranteed access

Resources

Conclusion

Oh My OpenCode got famous for the wrong reasons. The spoofing scandal put it in the spotlight, but the substance underneath is legitimately good software.

With proper authentication—API keys or alternative OAuth providers—you get a multi-agent coding system that enforces engineering discipline, runs research in parallel, and delegates to specialists automatically.

The boulder keeps rolling. Just make sure you’re rolling it on legitimate ground.

The author uses Oh My OpenCode with API keys. This guide does not endorse subscription spoofing or ToS violations.