Over the past few months you’ve probably relied on this:
claude -p "review this PR" wired into GitHub Actions for
code review, or claude -p "generate release notes"
triggered by cron to produce weekly changelogs. With a Pro subscription,
these calls went against your subscription usage limits at no extra
cost.
After June 15, the rules changed. Anthropic moved
claude -p, Agent SDK, and GitHub Actions calls out of
subscription usage limits and into a new per-user monthly credit pool.
Interactive Claude Code — the kind you use manually in a terminal or IDE
— keeps the original subscription billing and is unaffected.
The numbers: Pro gets $20/month in credits, Max 5x gets $100, Max 20x gets $200. Credits are priced at API token rates (Sonnet 3.5 is roughly $3/M input, $15/M output), refresh automatically each month upon billing, and expire at month-end. If you run out and have usage credits enabled, requests continue at standard API rates; otherwise they stop.
Anthropic’s support page lays it out clearly: Use the Claude Agent SDK with your Claude plan. Their assessment: credits are enough for personal automation, large-scale production automation should switch to a Claude Platform API key for pay-as-you-go. The article mentions no workarounds and no account-banning language.
claude -p in cron jobs or CI pipelines → affected,
calls now consume creditsIf you fall into any of the bottom three categories, here are the two main community approaches.
When you type claude manually in a terminal, it goes
against your subscription. When your script calls
claude -p, it goes against API credits. Anthropic
distinguishes the two by checking who launched the process: sessions
launched by a person in a terminal count as interactive, sessions
launched programmatically count as automated calls.
The PTY approach exploits this distinction. Instead of calling
claude -p directly, your script opens a simulated terminal
(a PTY), launches interactive claude inside it, then
programmatically simulates keystrokes to submit prompts. The server sees
what looks like a person using Claude Code normally in a terminal, so
the call goes against your subscription. The whole thing uses your real
subscription credentials — nothing is forged.
Two representative projects implement this approach.
toll-free-harness
(npm,
Apache-2.0), by Reddit u/Yolo-8848. Usage: change your command to
npx toll-free-harness claude -- -p "prompt". It handles the
interactive Claude Code steps that normally require a person: submitting
prompts, approving tool calls, confirming plans. You tell it what to do,
and it translates your instructions into keyboard events sent to Claude
Code. Temporary plugins are created and discarded — your global config
stays untouched. The author’s post
on r/ClaudeCode shows that the change is a single command-line
tweak.
clarp
(npm, MIT), by
GitHub user dn00. Positioned as a drop-in replacement for
claude -p: replace claude with
clarp — clarp -p "explain this function". It
goes one step further than toll-free-harness: it runs a local proxy that
intercepts Claude Code’s communication, forwarding requests to Anthropic
while copying responses. This gives your script the same structured
output as claude -p (assistant messages, tool call results,
etc.), making downstream parsing straightforward. toll-free-harness only
gives you terminal screen text, which is harder to parse.
Similar projects include claude-pty-wrapper, jinn, and Open Claude Proxy / OCP — same technical approach.
How long these tools last depends on what Claude Code’s terminal UI
looks like. Where dialog buttons are positioned, what the prompt text
says, how plan mode steps are structured — these are all internal
implementation details. Every Claude Code CLI update can change these,
and simulated keystrokes stop landing in the right places. Failures are
also hard to debug: the program appears to run normally, but the keys
are hitting the wrong targets and the output is silently corrupted.
clarp carries an additional risk: its README openly acknowledges that if
Claude Code drops support for the ANTHROPIC_BASE_URL
environment variable, the entire proxy scheme breaks.
ToS risk is something the community worries about, but hard evidence is scarce. Anthropic’s official docs don’t name these tools and don’t mention account bans. The claim circulating online — “clearly violates ToS, possible permanent ban” — comes from community speculation and LLM aggregation, not from any Anthropic source. There are also no publicly documented cases of anyone being banned for using these tools. The real risk is uncertainty around ToS interpretation: the classification rules at the session-entry layer are opaque, and there’s no way to predict when or how policy might tighten.
ACP (Agent Client Protocol) is an open protocol started by Zed Industries. What LSP is to language servers, ACP is to coding agents: LSP lets any language server plug into any editor, ACP lets any coding agent plug into any editor.
The difference from the PTY approach was best summarized by Reddit user Deep_Ad1959 in a comment under the toll-free-harness announcement post:
the pty + keyboard-events path works until the next claude code release moves a dialog button or changes the bypass prompt copy, then every harness in the wild silently breaks for a day. ACP exists for exactly this. JSON-RPC against claude code / codex with prompt submission, tool approval, and plan approval as actual protocol messages instead of screen scraping.
The PTY approach depends on Claude Code’s terminal UI and can break
with any CLI update. ACP depends on a public message specification: your
program sends a session/prompt, the agent responds with an
agent_message_chunk, and the format is written into the
protocol — UI redesigns don’t touch it. An ACP client, once written, can
drive any ACP-compatible agent (Claude Code, Codex CLI, Gemini CLI, Grok
Build, etc.), while a PTY harness is Claude Code-specific.
The ACP website is at agentclientprotocol.com, and the registry currently lists over 40 ACP-implementing agents. Editors with ACP support include Zed, JetBrains 2026.1, Xcode 27, and Neovim (via community plugin).
Some known limitations: interactive mid-plan editing is missing — plan reporting works through session updates, but modifying a plan mid-flight isn’t yet possible. In Xcode 27, skills and model switching are restricted when connecting to an agent via ACP. WSL is not supported.
The case for subscription billing: Zed’s official subscription
comparison table maps Claude Pro/Max to “External Agent via ACP →
Claude Agent,” with a note that you should “Use Claude Agent or Claude
Code where supported if you want subscription-backed Claude behavior.”
Mechanically, claude --acp launches a persistent
interactive process, which looks more like a subscription session.
The case for metered billing: in a Hacker News discussion, user unshavedyak argues that Anthropic is disabling all subscription-based SDK usage and that ACP will be included. Deep_Ad1959 also explicitly states that ACP “doesn’t solve the subscription-vs-API pricing question.”
The core issue is how the server classifies session origin, not the
protocol layer. If Anthropic’s server detects that a session comes from
non-interactive agentic calls, it may force metered billing regardless
of whether the call arrived via -p, SDK, or
--acp. Available public information is insufficient to
confirm that claude --acp always goes against your
subscription. If you plan to use ACP for automation and rely on
subscription pricing, test the current version’s behavior and expect it
might change as policy evolves.
Three usage scenarios, three choices.
First, personal automation or toy-level projects: cron-based linting,
occasional batch processing, personal PR review bots. The PTY approach
is enough. clarp is closer to a direct claude -p
replacement than toll-free-harness, and its structured output integrates
better with downstream tools. The trade-off is accepting that it will
break with Claude Code CLI updates. Debugging is also more involved than
typical scripting.
Second, cross-agent orchestration or long-term stability: ACP is the only sustainable direction. Even if Claude Code’s ACP pricing eventually goes metered, ACP’s protocol stability is far ahead of the PTY hack. An ACP client, once written, can drive multiple agents, so you’re not locked into the Claude Code ecosystem.
Third, production-grade, no tolerance for interruptions: use an API key directly. This is also Anthropic’s own recommendation — large-scale production automation should use a Claude Platform API key for pay-as-you-go. There’s no uncertainty here: you pay per use, with no dependency on any session-classification rules.
At bottom, this is about Anthropic distinguishing human interaction from automated calls. The PTY approach mimics the former; ACP standardizes the latter. As long as Anthropic subsidizes human users via subscriptions while collecting API revenue from automated calls, this tension will persist. The PTY hack is a transitional workaround; ACP is long-term infrastructure. What’s missing is a reasonably priced automation tier — if one existed, the urgency of both workarounds would drop significantly.
On the same day this article was published, Anthropic emailed all subscribers with the subject “We’re pausing the Agent SDK credit change.” Key points:
We’re not making this change today. We’re working to update the plan to better support how users build with Claude subscriptions.
Nothing changes for now. Agent SDK, claude -p, and third-party app usage continues to work with your subscription exactly as it did before today, and there’s no credit to claim.
claude -p, Agent SDK, and third-party apps continue to
draw from subscription rate limits, exactly as before June 15. The PTY
simulation and ACP approaches described in this article are not urgently
needed right now, but Anthropic said they’re revising the plan and will
give advance notice before any future change. Community discussion on r/ClaudeAI.
The analysis in this article still holds: as long as Anthropic maintains different pricing for interactive vs. programmatic use, the PTY hack and ACP protocol discussion won’t go away. This pause is a timing adjustment, not a change in direction.