alt Hacker News> Using third-party software, tools, or services to harvest or piggyback on Gemini CLI's OAuth authentication to access our backend services is a direct violation of Gemini CLI’s applicable terms and policies.
It's been 2 months since these bans have started, first Anthropic, then Google. And their wording is still so confusing that I can't get a simple answer to a simple question:
Is piggybacking on headless 'gemini-cli -p' or 'claude -p' a TOS violation? Because there's really no reason why you can't do exactly what these tools did that caused these two companies to start giving out bans.
Unless you're in for a very specific configuration of models for some niche concern, CLIs give you nearly exact same access to the backend that snatching an OAuth token from them does. They give you JSONL for stdin, JSONL for stdout, and if you spin up a local proxy, you even get the same exact API contract in responses that you get from public APIs.
In fact, I already built a small tool for myself that does exactly that, to allow usage of alternative harnesses I prefer. Once I release it to the public, will -p be banned too?
Replies
Have you read the website? https://platform.claude.com/docs/en/agent-sdk/overview
>Unless previously approved, Anthropic does not allow third party developers to offer claude.ai login or rate limits for their products, including agents built on the Claude Agent SDK. Please use the API key authentication methods described in this document instead.
Seems clear-cut to me.
I think the issue is people are using tools in an automated fashion and running up a compute bill for free when they were only meant to be used by humans in a more limited capacity (for companies to gather data on how to improve their products for humans). I think the correct way to use these models in an automated fashion is via the APIs and even then they might also worry about things like abuse/distillation type attacks still if the volume is too high. I think the lack of transparency might actually be by design so that people abusing their services don't figure out what triggers them losing their accounts. I could be wrong of course, this is just speculation on my part.