1. How Forge Uses Claude — Technical Specifics
The Binary
All Claude calls made by Ralph (the Forge automation engine) go through the official claude binary installed via Anthropic's published npm package (@anthropic-ai/claude-code). No browser automation. No scraped web interface. No reverse-engineered APIs.
The Command Pattern
Ralph invokes Claude using the documented non-interactive (headless) mode:
claude -p "$prompt" --output-format text— standard pipe mode--dangerously-skip-permissions— Anthropic's own named flag for automated/unattended execution, documented in Claude Code's help output
Both of these are documented features of the Claude Code CLI. Anthropic named --dangerously-skip-permissions, documented its purpose, and ships it in every release. Using a flag Anthropic deliberately built and named is not a terms violation.
The Model Routing Cascade
Ralph uses a 4-tier routing system designed to minimize API cost and respect Claude Max's intended primary role:
| Tier | Provider | Model | When Used | Cost |
|---|---|---|---|---|
| T0 | Claude Max CLI | claude-sonnet-4-6 (or latest) | Primary — all tasks when available | $0 (subscription) |
| T1 | Ollama (local) | qwen2.5-coder:7b | When Claude Max rate-limited or unavailable | $0 (self-hosted) |
| T2 | LiteLLM / OpenRouter | DeepSeek, Qwen via API | T0+T1 both unavailable, budget available | ~$0.14/MTok |
| T3 | Poll / wait | — | All providers unavailable or budget exhausted | $0 |
Claude Max is T0 — the primary path. This architecture defers to Claude Max and only falls back to paid API when the subscription tier is rate-limited. It does not circumvent rate limits — it respects them by routing elsewhere.
Rate Limit Handling
When Claude Max rate limits are hit, Ralph's claude-max.sh library:
- Detects the rate limit signal from the CLI
- Sets a 15-minute pause semaphore
- Sends a Telegram alert to the account holder
- Routes subsequent calls to T1/T2 until the pause expires
This is graceful degradation — the exact behavior Anthropic's rate limiting infrastructure is designed to handle. It is not circumvention; it is compliance with the throttling signal.
2. The Compliance Arguments
Claude Code Is Anthropic's Own Product
Claude Code is not a third-party tool or a hack built on top of claude.ai. It is an Anthropic product, maintained by Anthropic engineers, distributed through official Anthropic channels (npm, GitHub), and documented at docs.anthropic.com/claude-code. Using it is not "exploiting" anything — it is using the product as sold.
Claude Max Explicitly Includes Claude Code
Anthropic's pricing page bundles Claude.ai and Claude Code access under the same Max subscription tier. They are not two separate products with separate entitlements — Anthropic has deliberately packaged them together. The Max subscription is sold partly because it includes Claude Code for development and automation use.
The -p Flag Is Documented for Exactly This Use
From Anthropic's Claude Code documentation, the -p (or --print) flag is described as enabling "non-interactive" and "piped" use — output to stdout, no TTY required. The docs explicitly show examples of piping Claude output to other commands and using it in scripts. Ralph's usage is textbook -p mode.
Single Account, Single User, Single Subscription
The TOS concerns around automated use typically target:
- Sharing credentials across multiple users
- Reselling access or sub-licensing
- Scraping responses for competitive model training
- Multi-tenant services where one subscription serves many end users
None of these apply here. One Claude Max account. One human subscriber (Jason MacDonald). All automation runs tasks that benefit only that subscriber. No third-party users are being served by this subscription.
Budget and Rate Governance Are Active
Forge has an explicit cost governance layer that prevents runaway spending:
- Daily API budget cap configured in
config/budget.yaml - Per-task cost cap enforced before each Ralph execution
- Anthropic API calls require explicit approval (not auto-approved)
- Usage logged to
logs/claude-max-usage.jsonlwith full audit trail
This is the behavior of a responsible subscriber, not an actor trying to maximize extraction from a subscription.
3. The Contrast — What Would Actually Violate TOS
| Pattern | Why It Violates | Forge? |
|---|---|---|
| Browser automation against claude.ai web UI | Impersonates a human session; accesses unintended interfaces; reverse-engineers internal APIs | ✓ No |
| Sharing one subscription across multiple users | Credential sharing; one payment covering multiple subscribers | ✓ No |
| Reselling or sub-licensing API access | Explicitly prohibited; commercial redistribution of access | ✓ No |
| Training competing models on Claude outputs | Prohibited use of outputs; competitive model development | ✓ No |
| Circumventing rate limits (retrying immediately, using parallel accounts) | Infrastructure abuse; bypassing controls | ✓ No — 15-min pause + fallback routing |
| Using undocumented internal APIs | Reverse engineering; unstable by design; unintended access | ✓ No — official CLI only |
| Serving end-customer requests under one subscription | One subscription covers many end users = resale equivalent | ✓ No — personal productivity only |
4. Key Distinctions from "Gray Area" Automation Tools
Some third-party tools (e.g., OpenClaw, various browser-based automation scripts) access Claude by:
- Automating a Chromium/browser session against
claude.ai - Intercepting and replaying the internal WebSocket or REST calls that the claude.ai web app makes
- Injecting cookies from a real browser session into automated HTTP requests
These approaches are problematic because they: (a) access an interface designed for humans, not automation; (b) rely on reverse-engineered internal APIs that Anthropic never documented or intended to be stable; (c) impersonate a human browser to bypass controls that are specifically designed to detect automated access.
Ralph does none of this. The claude CLI communicates with Anthropic's servers via officially documented channels. The CLI is Anthropic software. The authentication is Anthropic's own login flow. There is no reverse engineering involved at any layer.
5. Relevant Anthropic Statements & Documentation
Claude Code's Own Documentation
From Anthropic's Claude Code docs, on the -p flag: enables "non-interactive mode" for use in "scripts, CI/CD pipelines, and automated workflows." This is verbatim the use case Ralph is built for.
Claude Code in CI/CD
Anthropic explicitly documents using Claude Code in GitHub Actions, CI/CD pipelines, and automated testing workflows. These are, by definition, non-human, automated, high-frequency invocations. Ralph's pattern is equivalent.
The Max Plan Intent
Claude Max is marketed as the plan for "power users, developers, and teams who use Claude heavily." "Heavily" includes automation. The plan's pricing reflects high-volume use. A subscriber using it heavily, even via automation, is using the product as sold to them.
6. Account & Subscription Summary
| Item | Detail |
|---|---|
| Subscription tier | Claude Max — $200/mo |
| Account holder | Jason MacDonald |
| Account email | jason.macdonald@gmail.com |
| Usage type | Personal productivity automation — single user |
| Claude access method | Official Claude Code CLI (@anthropic-ai/claude-code) |
| Invocation mode | Headless / non-interactive (claude -p) |
| Permission flag used | --dangerously-skip-permissions — Anthropic's documented flag for unattended execution |
| Credential sharing | None — single account, single user |
| Third-party users served | None — personal use only |
| Competing model training | None |
| Rate limit handling | Graceful fallback (15-min pause → Ollama → LiteLLM) — no circumvention |
| Budget governance | Daily cap + per-task cap + full audit log |
Prepared March 16, 2026. Update this page if the architecture or Anthropic's policies change materially.