Anthropic OAuth shock

Anthropic broke a lot of people’s AI tooling on Friday, April 4, with a policy switch that looked small on paper and huge in practice. At 12 p.m. Pacific, Claude subscriptions stopped covering use through third-party “harnesses” such as OpenClaw. OpenClaw’s own documentation says Anthropic now treats that route as separate “Extra Usage” billing, even for users who were already logged in with legacy Anthropic tokens. New setups are steered to API keys or a local Claude CLI backend instead. The cutoff was not a crash. It was a billing and access decision. (docs.openclaw.ai) That matters because OpenClaw was built around a simple promise: let developers use frontier models inside their own agent workflows without rebuilding everything around one vendor’s interface. Anthropic’s change hit that design at its weakest point. If your workflow depended on subscription-backed Claude access, the economics changed overnight. Builders who had treated a flat monthly plan as the foundation for long-running agent sessions suddenly had to price those sessions like API traffic. OpenClaw’s docs now warn that Anthropic subscription use outside Claude Code is a “user-choice risk,” which is an unusually blunt sentence to find in infrastructure documentation. (docs.openclaw.ai) The scramble after the cutoff shows what the modern AI stack really looks like. Developers did not stop using Claude. They started rerouting it. OpenClaw now points users toward two workarounds: direct Anthropic API keys, or a local Claude CLI login running on the gateway host, which lets the tool switch its default model path from Anthropic’s API route to a local CLI backend. That is a strange place for the ecosystem to land. A company sells developers on agents and tool use, then pushes many of those same developers into improvising around official access paths when policy changes faster than their products can adapt. (docs.openclaw.ai) The timing made the whole episode worse. Just days earlier, Anthropic had confirmed an accidental Claude Code source exposure through an npm packaging error. Multiple reports say version 2.1.88 of the `@anthropic-ai/claude-code` package shipped with a large source map that revealed roughly 512,000 lines of TypeScript across about 2,000 files. Anthropic said no customer data or API keys were exposed, but the leak still handed outsiders a detailed look at how Claude Code works. (siliconangle.com) That kind of leak is not embarrassing only because competitors can read product code. It is embarrassing because Claude Code is not just a shell around a model. It is a bundle of rules, prompts, tool permissions, safety checks, and orchestration logic. When those internals spill out, the company loses some control over how its system behavior is interpreted, copied, or attacked. The same week Anthropic was tightening who could use Claude through outside tools, it was also dealing with a reminder that control at the packaging layer can fail just as badly as control at the policy layer. (siliconangle.com) That is why the MCP news belongs in the same story. In December 2025, Anthropic donated the Model Context Protocol to the new Agentic AI Foundation under the Linux Foundation, making MCP a founding project alongside Block’s goose and OpenAI’s AGENTS.md. The MCP project says it had already reached more than 97 million monthly SDK downloads, 10,000 active servers, and broad client support across major AI platforms before the move. The point of that transfer was not symbolism. It was governance. MCP’s maintainers kept technical control, while the protocol itself moved into a neutral home meant to outlast any one vendor’s pricing decisions. (blog.modelcontextprotocol.io) That contrast is the real story. The model is closed. The billing path is controlled by one company. The protocol that connects models to tools is being pushed into neutral governance as fast as the industry can manage. Anthropic helped create both sides of that tension. On one side, it can still decide that a third-party harness no longer counts as normal subscription use. On the other, it has already helped build a standard meant to make agent infrastructure less dependent on any single company’s permission. OpenClaw’s latest setup guide captures the contradiction in one line: for Anthropic, the safer recommended path is no longer subscription auth. It is the API key, or the local CLI, or something routed carefully enough not to break next time.