> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vexa.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Model credentials & licensing

> Which Anthropic terms your deployment operates under — subscription OAuth vs API key — and the multi-tenant boundary you must not cross.

Vexa agent workers run the official `claude` CLI (interactive turns via the harness, one-shot
completions via `claude -p`). The credential that powers them is chosen per deployment and per
user (**Settings → Models**, resolved user > global > deployment env). Which credential you pick
determines **which Anthropic terms you operate under**.

## The primary sources

| Document                                                                   | Link                                                                                                                  |
| -------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- |
| Claude Code — Legal and compliance (the authentication rules quoted below) | [code.claude.com/docs/en/legal-and-compliance](https://code.claude.com/docs/en/legal-and-compliance)                  |
| Consumer Terms of Service (Free / Pro / Max subscriptions)                 | [anthropic.com/legal/consumer-terms](https://www.anthropic.com/legal/consumer-terms)                                  |
| Commercial Terms of Service (API / Team / Enterprise)                      | [anthropic.com/legal/commercial-terms](https://www.anthropic.com/legal/commercial-terms)                              |
| Anthropic Usage Policy                                                     | [anthropic.com/legal/aup](https://www.anthropic.com/legal/aup)                                                        |
| Use Claude Code with your Pro or Max plan                                  | [Help Center article](https://support.claude.com/en/articles/11145838-use-claude-code-with-your-pro-or-max-plan)      |
| Use the Claude Agent SDK with your Claude plan (Agent SDK credit rules)    | [Help Center article](https://support.claude.com/en/articles/15036540-use-the-claude-agent-sdk-with-your-claude-plan) |

The load-bearing sentences, from the Claude Code legal page (retrieved 2026-07-09):

> **OAuth authentication** is intended exclusively for purchasers of Claude Free, Pro, Max, Team,
> and Enterprise subscription plans and is designed to support ordinary use of Claude Code and
> other native Anthropic applications.

> **Developers** building products or services that interact with Claude's capabilities, including
> those using the Agent SDK, should use API key authentication through Claude Console or a
> supported cloud provider. **Anthropic does not permit third-party developers to offer Claude.ai
> login or to route requests through Free, Pro, or Max plan credentials on behalf of their users.**

> Advertised usage limits for Pro and Max plans assume ordinary, individual usage of Claude Code
> and the Agent SDK.

## How Vexa's credential modes map

**Subscription mode** ("Claude subscription (deployment credentials)"):

* Workers invoke the **official `claude` binary** — never the raw HTTP API with an OAuth token.
  The credential file (`~/.claude/.credentials.json`) is bind-mounted read-only into worker
  containers at the CLI's own standard path; only the official client consumes it. The token is
  never extracted into headers, third-party clients, or proxies.
* `claude -p` completions are plain subprocess calls of the compiled CLI. Per the Agent SDK help
  article, third-party apps authenticating with your subscription through the Agent SDK are a
  **covered, credit-metered use**: programmatic usage draws a per-user monthly **Agent SDK
  credit** (plan-dependent; overage at API rates when enabled). Nothing simulates a terminal to
  disguise programmatic calls as interactive use.

**Custom mode** (API key / OpenAI-compatible gateway):

* Raw-API auth (`ANTHROPIC_BASE_URL`/`ANTHROPIC_AUTH_TOKEN`, or the OpenAI-compatible
  `VEXA_LLM_*` set) is only ever brokered when the deployment or user supplied an **API key** —
  Commercial Terms, no consumer authentication restrictions.

## The boundary: one human, one subscription, one beneficiary

<Warning>
  A consumer subscription is a personal license. The moment a deployment serves **other users'
  turns** on the operator's Pro/Max credential, it becomes "routing requests through plan
  credentials on behalf of their users" — the explicitly disallowed case.
</Warning>

* **Self-host, single user** — your machine, your subscription, your turns: subscription mode as
  the deployment default is ordinary individual use.
* **Any multi-user or hosted deployment** — the deployment default must be an **API key**
  (Settings → Models → Custom endpoint, or `ANTHROPIC_API_KEY` in the deployment env), or each
  user brings their own credential via user-level settings. Never default tenants onto anyone's
  consumer OAuth.

## Operator checklist

1. Exactly **one human** benefits from a mounted subscription credential. If
   `HOST_CLAUDE_CREDENTIALS` is set and more than one active user runs turns, switch the
   deployment default to an API key.
2. Never move the OAuth token out of the credentials file — no proxies, no header injection, no
   gateway re-serving. API-style env vars are for API keys only.
3. Expect `claude -p` usage to draw the Agent SDK credit separately from interactive limits —
   exhaustion is a billing event, not a bug (it surfaces as a model-inference failure in the
   worker).
4. When in doubt for a new topology: **use an API key** — the Commercial Terms path has no
   authentication-shape restrictions.

<Note>
  Terms evolve (the Agent SDK credit rules changed during 2026 and the help article notes pending
  updates). Re-verify the primary sources before relying on this page for a new deployment class.
  This page is engineering compliance guidance, not legal advice.
</Note>
