Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gck1 3 hours ago

> Using third-party software, tools, or services to harvest or piggyback on Gemini CLI's OAuth authentication to access our backend services is a direct violation of Gemini CLI’s applicable terms and policies.

It's been 2 months since these bans have started, first Anthropic, then Google. And their wording is still so confusing that I can't get a simple answer to a simple question:

Is piggybacking on headless 'gemini-cli -p' or 'claude -p' a TOS violation? Because there's really no reason why you can't do exactly what these tools did that caused these two companies to start giving out bans.

Unless you're in for a very specific configuration of models for some niche concern, CLIs give you nearly exact same access to the backend that snatching an OAuth token from them does. They give you JSONL for stdin, JSONL for stdout, and if you spin up a local proxy, you even get the same exact API contract in responses that you get from public APIs.

In fact, I already built a small tool for myself that does exactly that, to allow usage of alternative harnesses I prefer. Once I release it to the public, will -p be banned too?

blainm 3 hours ago | parent | next [-]

I think the issue is people are using tools in an automated fashion and running up a compute bill for free when they were only meant to be used by humans in a more limited capacity (for companies to gather data on how to improve their products for humans). I think the correct way to use these models in an automated fashion is via the APIs and even then they might also worry about things like abuse/distillation type attacks still if the volume is too high. I think the lack of transparency might actually be by design so that people abusing their services don't figure out what triggers them losing their accounts. I could be wrong of course, this is just speculation on my part.

gck1 3 hours ago | parent [-]

> I think the issue is people are using tools in an automated fashion

But that's the sole reason why all of the tools have headless modes. Headless mode is textbook definition of supporting automation.

From gemini docs: [1]

> Headless mode allows you to run Gemini CLI programmatically from command line scripts and automation tools without any interactive UI.

And claude code:

> Use the Agent SDK to run Claude Code programmatically from the CLI, Python, or TypeScript

Why does headless mode exist if using it is a bannable offense?

[1] https://google-gemini.github.io/gemini-cli/docs/cli/headless...

[2] https://code.claude.com/docs/en/headless

szmarczak an hour ago | parent [-]

Headless is fine as long as there's a human in the loop. Remove the human, their bills skyrocket.

NewsaHackO 2 hours ago | parent | prev [-]

Have you read the website? https://platform.claude.com/docs/en/agent-sdk/overview

>Unless previously approved, Anthropic does not allow third party developers to offer claude.ai login or rate limits for their products, including agents built on the Claude Agent SDK. Please use the API key authentication methods described in this document instead.

Seems clear-cut to me.

gck1 an hour ago | parent [-]

Yes, I have. And it's obvious that restriction was put there for a reason. The most obvious possible reason is that snatching OAuth made it possible for third party tools to utilize subscription to the fullest - like OpenClaw.

But these tools, including openclaw, didn't have to snatch the OAuth tokens, they could have used claude code built in headless stdio and consequences for Anthropic would be exactly the same. OAuth was just faster to plug in.

So if I open source my solution that allows opencode & openclaw to go through claude cli's headless mode, is this allowed? Is this a product that allows claude.ai login?

What if I open source a 1 line bash loop (e.g. ralph loop) that does the same?

What if I build a more complex bash loop that goes through my tasks in a text file, and calls claude cli for each?

I don't know at which point this becomes "offering claude.ai login" or a "product", or "building agents".

Here's my product:

while :; do cat PROMPT.md | claude ; done

Am I blacklisted now?

szmarczak an hour ago | parent | next [-]

They just want people to pay more via API. Technically, your example would violate ToS, because the purpose matters. Like a license file may allow personal use and prohibit commercial use (unless you obtain a commercial license).

NewsaHackO an hour ago | parent | prev [-]

Before I use time responding, I want to ask again: Did you actually read the website, especially the "Compare the Agent SDK to other Claude tools" section? It answers your question pretty thoroughly.

gck1 10 minutes ago | parent [-]

For the second time, yes. And it's still not clear at what point does a wrapper around claude cli running in headless mode become a 'product' that is going to get my account banned.

My guess is, and others have said this as well in the thread: "when you start utilizing your weekly quotas fully".

But obviously, they can't put "you can't use your weekly allocated quota fully". That would be way too honest and we can't accept that.