Worth noting that OpenCode 1.3.0 had to remove the Claude Max plugin after Anthropic sent lawyers. The core issue was that OpenCode built its own OAuth flow to obtain subscription tokens and managed the auth themselves.
Anthropic considers that a violation because third parties aren't allowed to offer Claude.ai login for their products.
HolyCode uses a lighter approach, I think? It seems that it reads from the local credentials file that Claude Code already stores on the host. But unfortunately the underlying tension is the same.
Anthropic subsidizes $5k of compute on a $200 sub, but only wants you to use it through their own surfaces. Third-party tools that tap into those subsidized tokens, whether via custom OAuth or local credential files, are all in a gray area until Anthropic actually clarifies their policy.
Which, as of today, they still haven't...unfortunately.
The core challenge with agent credentials isn't storage. It is the handoff.
How does a user securely give their OAuth token or API key to an agent that is running somewhere?
Most solutions I've seen either require the agent to run
inside a specific platform, or they punt on the trust problem entirely by
storing credentials centrally in plaintext.
The device authorization grant (RFC 8628) pattern is interesting here because
it decouples the agent from the users browser session entirely.
Anthropic considers that a violation because third parties aren't allowed to offer Claude.ai login for their products.
HolyCode uses a lighter approach, I think? It seems that it reads from the local credentials file that Claude Code already stores on the host. But unfortunately the underlying tension is the same.
Anthropic subsidizes $5k of compute on a $200 sub, but only wants you to use it through their own surfaces. Third-party tools that tap into those subsidized tokens, whether via custom OAuth or local credential files, are all in a gray area until Anthropic actually clarifies their policy.
Which, as of today, they still haven't...unfortunately.