Comment by merlindru
2 days ago
claude -p is allowed as far as I'm aware.
if i understand correctly, they even have a wrapper around it to make it easier to use: the Claude Agent SDK
the thing that's disallowed is pretending you're the claude binary, logging in through OAuth
in other words, if you use some product thats not Claude Code, and your browser opens asking you to "give Claude Code access to your account", you're in hot water
as for how they detect it: they say they use heuristics and usage patterns. if something falls wildly out of the distribution it's a ban.
my take is that the problem is not the means of detection. that's fine and seems to work well. the problem is that its an instant outright ban. they should give you a couple warning emails, then a timeout, etc.
The Claude Agent SDK is explicitly disallowed from subscription use, as of a few days ago.
No it's not. You can't offer OAuth + the Claude Agent SDK in your own product, but you can use Claude Agent SDK locally by signing in through Claude Code.
It's no different than using Claude Code directly.
I’m aware of the tweet that says otherwise, but until they update their legal documentation, it’s still not allowed.
> OAuth authentication (used with Free, Pro, and Max plans) is intended exclusively for Claude Code and Claude.ai. Using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service — including the Agent SDK — is not permitted and constitutes a violation of the Consumer Terms of Service.
https://code.claude.com/docs/en/legal-and-compliance#authent...
3 replies →
Why a couple warnings and timeout? 1 warning that the next incident will lead to a ban should be enough. Treat people like adults, not kids.
adults make mistakes and the situation was murky without clear guidance.
this was the experience for some claude subscribers just a couple weeks ago:
1. download opencode
2. select claude as a model
3. browser window opens, asking you to sign in. typical oauth screen.
4. everything works, prompt away
5. some days/weeks pass
6. you get permanently banned
now if you add one warning email just before step (6.) then that doesn't really help. what if it bounces? what if people don't check their emails? put a big flashy red warning into claude code? sure, but what if users accidentally dismiss it or simply do not understand it (non tech folks, non native english speakers)
its just the friendly and correct thing to do, in my opinion
> they say they use heuristics and usage patterns.
cache hit rate alone would stand out
Why do you mean by this? What cache?
Generally speaking, there's prompt caching that can be enabled in the API with things like this: https://platform.claude.com/docs/en/build-with-claude/prompt...
For a specific harness, they've all found ways to optimize to get higher cache hit rates with their harness. Common system prompts and all, and more and more users hitting cache really makes the cost of inference go down dramatically.
What bothers me about a lot of the discussion about providers disallowing other harnesses with the subscription plans around here is the complete lack of awareness of how economies of scale from common caching practices across more users can enable the higher, cheaper quotas subscriptions give you.
3 replies →
prompt caching - big part of the reason why they can economically offer claude code plans. one of the ant team explain it here:
https://x.com/trq212/status/2024574133011673516
The heuristic detection approach is fine. The penalty ladder is broken.
Reasonable progression: warning email → quota throttle → AI Pro subscription suspended → Google account suspended.
They skipped to step 4 on a first offense, paid account, no appeal. That's not a terms enforcement system, that's a hostage situation. "Comply or lose your digital life."
The real lesson isn't "don't use OpenClaw." It's: never let one company own your primary identity infrastructure.
Is OpenClaw a product though? It's more like a system/framework.