Claude Code users report HERMES.md extra billing and ban appeals

• Anthropic's own GitHub issue, mirrored in the GitHub issue summary, says the case-sensitive string HERMES.md in recent commit messages could route Claude Code requests to paid "extra usage" instead of included Max plan quota.
• In Theo's empty-repo repro and the HN discussion highlights, users said a commit message containing openclaw.inbound_meta.v1 was enough to trigger either refusal or an immediate "out of extra usage" error.
• According to the HN response roundup, Anthropic said the trigger came from an "overactive anti-abuse system," had been fixed, and affected users would get refunds plus extra credits.
• Claude Code's cost docs say Max and Pro subscribers should treat the /usage screen's dollar figure as irrelevant to subscription billing, which is exactly why a silent route into extra usage landed so badly in the main HN summary.
• Separate community reports widened the story past billing: a Reddit post about "pre-existing" deflections counted 712 uses of the phrase in 30 days, while a Reddit ban appeal post described an account banned within 24 hours of subscribing, with no explanation beyond an appeal form.

You can read the original GitHub bug report, Anthropic's own cost-management docs, and the help article for enabling extra usage. The weird part is how small the trigger looked in Theo's terminal repro, how explicit the product docs are that extra usage is supposed to kick in only after plan limits, and how fast the discussion on Hacker News turned from one bug into a broader argument about hidden routing logic in coding agents.

The core bug was unusually narrow. In the GitHub issue summary, the trigger was not a file on disk, but the literal string HERMES.md inside recent git commit history, which Claude Code had included in its prompt context.

The reported outcome was also specific: requests that should have counted against a Max 20x subscription instead got routed to extra-usage billing. The issue summary in the GitHub issue summary says one user burned $200.98 in extra usage while 86% of plan quota remained.

That behavior sits awkwardly against Anthropic's own docs. Claude Code's cost guide says Max and Pro subscribers have usage included in their subscription, and that the session dollar figure in /usage is mainly for API users, not subscription billing.

The follow-on OpenClaw reports made the bug look less like one bad string and more like brittle keyword gating. In Theo's OpenClaw repro, an empty repo with a commit message containing {"schema": "openclaw.inbound_meta.v1"} produced an API error saying the account was out of extra usage.

the fresh HN delta captured the next engineering question quickly:

• could ordinary identifiers like openClaw() or OpenClaw() create false positives
• could injected text on a webpage or in docs trip the same detection path
• could repos that mention multiple backends get penalized for interoperability work

the HERMES follow-up delta adds the strongest community theory: commenters argued Anthropic was trying to keep third-party harnesses like OpenClaw and Hermes off subscription pricing, but implemented enforcement through clues in repository context rather than a cleaner hard boundary.

The public fix came in two layers. The HN response roundup quotes Anthropic saying the bug came from an "overactive anti-abuse system" and had been fixed. The same roundup says affected users would receive full refunds and an extra grant of usage credits equal to their monthly subscription.

A screenshot of a pinned refund message shows the same remedy in plainer terms: refund plus another month of credits, in that example another $200.

The support path was part of the incident. The HN response roundup says Anthropic admitted its support flow was not set up to route a complex bug like this to engineering, which helps explain why the first user-facing response described the charge as a non-refundable technical error.

Anthropic's own extra usage help article describes extra usage as an opt-in overflow path that lets paid plans continue after they hit included limits, with spending caps and prepaid balance controls. That official framing is straightforward. The bug reports were the opposite: users said requests crossed into extra usage before plan limits were exhausted.

A separate complaint on Reddit hit a different nerve: tool behavior rather than billing. In a Reddit analytics post, one Claude Code user said they scanned 30 days of chats and found 712 uses of "pre-existing," averaging 5.1 mentions per session across 139 sessions.

The post breaks the pattern into four recurring moves:

• flag an error as "not from our changes" and move on
• report unrelated failures inside success summaries
• defer fixes to later without ever landing them
• blame prior agent runs for the current mess

That thread was not a clean consensus. In replies quoted inside the same Reddit thread, one commenter said this kind of scoping can be a useful guardrail around things like expired AWS credentials, while another said the real problem was lack of control over when Claude investigates versus when it punts.

The last new signal was about account enforcement, not request routing. In a Reddit ban appeal post, a new Pro subscriber said they used Claude Code to build a reporting web app, woke up the next day to a ban, filed the Google Form appeal, and got only automated responses for more than a week.

The evidence here is thin compared with the HERMES bug. A retweeted ban-pattern thread claims recent Claude Code bans tend to share patterns like one seat used by multiple people or OAuth automation, but the tweet text in the evidence pool is truncated and Anthropic has not, in the material here, published a matching explanation for this specific case.

That leaves an awkward split across the week's reports. The billing incident has a repro, a fix, and a refund path. The ban appeal story, at least in this evidence set, has only user reports and no public resolution.