> Using third-party software, tools, or services to harvest or piggyback on Gemini CLI's OAuth authentication to access our backend services is a direct violation of Gemini CLI’s applicable terms and policies.
It's been 2 months since these bans have started, first Anthropic, then Google. And their wording is still so confusing that I can't get a simple answer to a simple question:
Is piggybacking on headless 'gemini-cli -p' or 'claude -p' a TOS violation? Because there's really no reason why you can't do exactly what these tools did that caused these two companies to start giving out bans.
Unless you're in for a very specific configuration of models for some niche concern, CLIs give you nearly exact same access to the backend that snatching an OAuth token from them does. They give you JSONL for stdin, JSONL for stdout, and if you spin up a local proxy, you even get the same exact API contract in responses that you get from public APIs.
In fact, I already built a small tool for myself that does exactly that, to allow usage of alternative harnesses I prefer. Once I release it to the public, will -p be banned too?
I think the issue is people are using tools in an automated fashion and running up a compute bill for free when they were only meant to be used by humans in a more limited capacity (for companies to gather data on how to improve their products for humans). I think the correct way to use these models in an automated fashion is via the APIs and even then they might also worry about things like abuse/distillation type attacks still if the volume is too high. I think the lack of transparency might actually be by design so that people abusing their services don't figure out what triggers them losing their accounts. I could be wrong of course, this is just speculation on my part.
> I think the issue is people are using tools in an automated fashion
But that's the sole reason why all of the tools have headless modes. Headless mode is textbook definition of supporting automation.
From gemini docs: [1]
> Headless mode allows you to run Gemini CLI programmatically from command line scripts and automation tools without any interactive UI.
And claude code:
> Use the Agent SDK to run Claude Code programmatically from the CLI, Python, or TypeScript
Why does headless mode exist if using it is a bannable offense?
[1] https://google-gemini.github.io/gemini-cli/docs/cli/headless...
[2] https://code.claude.com/docs/en/headless
Headless is fine as long as there's a human in the loop. Remove the human, their bills skyrocket.
Have you read the website? https://platform.claude.com/docs/en/agent-sdk/overview
>Unless previously approved, Anthropic does not allow third party developers to offer claude.ai login or rate limits for their products, including agents built on the Claude Agent SDK. Please use the API key authentication methods described in this document instead.
Seems clear-cut to me.
Yes, I have. And it's obvious that restriction was put there for a reason. The most obvious possible reason is that snatching OAuth made it possible for third party tools to utilize subscription to the fullest - like OpenClaw.
But these tools, including openclaw, didn't have to snatch the OAuth tokens, they could have used claude code built in headless stdio and consequences for Anthropic would be exactly the same. OAuth was just faster to plug in.
So if I open source my solution that allows opencode & openclaw to go through claude cli's headless mode, is this allowed? Is this a product that allows claude.ai login?
What if I open source a 1 line bash loop (e.g. ralph loop) that does the same?
What if I build a more complex bash loop that goes through my tasks in a text file, and calls claude cli for each?
I don't know at which point this becomes "offering claude.ai login" or a "product", or "building agents".
Here's my product:
while :; do cat PROMPT.md | claude ; done
Am I blacklisted now?
They just want people to pay more via API. Technically, your example would violate ToS, because the purpose matters. Like a license file may allow personal use and prohibit commercial use (unless you obtain a commercial license).
Before I use time responding, I want to ask again: Did you actually read the website, especially the "Compare the Agent SDK to other Claude tools" section? It answers your question pretty thoroughly.
For the second time, yes. And it's still not clear at what point does a wrapper around claude cli running in headless mode become a 'product' that is going to get my account banned.
My guess is, and others have said this as well in the thread: "when you start utilizing your weekly quotas fully".
But obviously, they can't put "you can't use your weekly allocated quota fully". That would be way too honest and we can't accept that.
No, the link clearly says that if you are not using the harness provided by Claude for the Agent SDK (such as for making tool calls), you have to use the Client SDK. So attempting to prompt the Agent SDK with a third-party app so that the third-party app can then call a tool with the output is not allowed in the Agent SDK. You have to use the Client SDK (API).It even gives an example in the section I asked you to read, which is why I am seriously doubting whether or not you read it.
> the link clearly says that if you are not using the harness provided by Claude for the Agent SDK (such as for making tool calls), you have to use the Client SDK
But you just made this up? There's no text on the page that says this. What the linked page does is explain technical differences between Agent SDK and Client SDK, and Agent SDK and cli (Agent SDK is just a wrapper around cli anyway).
Neither tab says anything remotely like "if a third-party app prompts the Agent SDK and uses the output for tool calls, that's not allowed." You entirely fabricated this from the comparisons.
And your assumption is wrong on another level. The Agent SDK specifically exists so that you can write your own harness and give it custom tools - that's its entire purpose. It's even documented in their custom tools guide [1]. So not only "using a third-party harness with the Agent SDK" isn't forbidden, it's the product's primary use case. There's no such thing as "harness provided by claude for the agent SDK" - you bring the harness.
The only policy statement on that page is this:
> Unless previously approved, Anthropic does not allow third party developers to offer claude.ai login or rate limits for their products..
But I've already addressed this, so it seems we're going in circles.
[1] https://platform.claude.com/docs/en/agent-sdk/custom-tools
>And your assumption is wrong on another level. The Agent SDK specifically exists so that you can write your own harness and give it custom tools - that's its entire purpose. It's even documented in their custom tools guide [1].
Yea, you don't seem to even understand what you are writing. This in no way contradicts any statement I or Anthopic has said.
>Neither tab says anything remotely like "if a third-party app prompts the Agent SDK and uses the output for tool calls, that's not allowed." You entirely fabricated this from the comparisons.
From: https://platform.claude.com/docs/en/agent-sdk/overview#agent...
>The Anthropic Client SDK gives you direct API access: you send prompts and implement tool execution yourself. The Agent SDK gives you Claude with built-in tool execution.
>With the Client SDK, you implement a tool loop. With the Agent SDK, Claude handles it:
Python
At this point, it's clear that you either have questionable reading comprehension skills, are being willfully ignorant, or are arguing in bad faith because it even says that tool calls outside of the Agent SDK harness has to use the Client SDK as the comments to the code used in the examples.