Run Claude Code 24/7 on Your Subscription Without the April 4 Ban
If you tried to run a 24/7 Claude Code automation on your subscription around April 4, 2026, you may have hit a wall. Anthropic updated their terms to restrict using subscription OAuth tokens outside the official Claude Code CLI — locking out a class of third-party harnesses that had been piggybacking on subscription credentials through unofficial pipelines.
Here is the part most posts get wrong: running the official claude CLI binary on your own machine is still compliant. The ban targets credential extraction and reuse in third-party code — not the CLI itself doing its job in a persistent session or scheduled run. The way to run Claude Code agents 24/7 on your subscription without the ban is to stay inside the official CLI. This post covers what changed, what broke, and the concrete stack that still works.
What the April 4 restriction actually covers
The restriction targets one specific pattern: taking the OAuth token that Claude Code stores in your local config and presenting it to Anthropic’s API from your own code — custom scripts, third-party frameworks, or anything that extracts the credential and replays it outside the CLI. Setups built on that pattern stopped working.
What is still allowed is narrower: the official claude binary, operating under your Claude account, in the ways the product is designed to work. That includes:
- Your interactive Claude Code session at the terminal
claude -pone-shots fired through the official CLI binary- Long-lived CLI sessions held open in a persistent process (a tmux window, a supervised shell)
- Scheduled tasks that invoke the CLI binary — as long as the binary is doing the talking, not downstream code you wrote
The dividing line: the CLI binary presents the credential to Anthropic, not your code. If you are on the right side of that line, nothing changed on April 4.
What broke vs. what still works
| Setup | Status after April 4 | Why |
|---|---|---|
Interactive claude session in your terminal | ✅ Works | Official use case, unchanged |
| Persistent Claude Code session in tmux | ✅ Works | Same session, just long-lived |
Scheduled claude -p via cron or launchd | ✅ Works | Official CLI binary; see Agent SDK credit note below |
Custom script extracting the OAuth token and calling api.anthropic.com directly | ❌ Restricted | Non-CLI credential reuse — this is what the ban covers |
| Third-party harnesses that proxied subscription credentials through their own stack | ❌ Restricted | Same; the credential belongs to the CLI, not third-party code |
Running Claude Code agents 24/7 on your subscription: the compliant stack
The setup has three moving parts: a persistent session, scheduled one-shots, and credential hygiene.
Persistent session: launchd + tmux
launchd handles auto-start at login and crash recovery on macOS. tmux gives the Claude Code session a durable tty that survives your shell session ending. Together they form the always-on layer.
<!-- ~/Library/LaunchAgents/com.youragent.agent.plist -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.youragent.agent</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>-c</string>
<string>tmux new-session -d -s agent 'claude --dangerously-skip-permissions'</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>StandardOutPath</key>
<string>/tmp/agent.log</string>
<key>StandardErrorPath</key>
<string>/tmp/agent-err.log</string>
</dict>
</plist>
launchctl load ~/Library/LaunchAgents/com.youragent.agent.plist
This boots a Claude Code session inside tmux at login and restarts it on crash. The session stays alive; attach anytime with tmux attach -t agent. The --dangerously-skip-permissions flag removes the interactive approval gate — required for unattended operation, and the reason your agent needs a separate approval channel (Telegram, email, or a webhook) for any sensitive tool calls.
Scheduled one-shots: claude -p via launchd
For timed tasks — nightly summaries, scheduled data pulls, recurring reports — fire claude -p through a launchd timer. This calls the official CLI binary directly; it is not credential extraction.
<!-- ~/Library/LaunchAgents/com.youragent.nightly.plist -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.youragent.nightly</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/claude</string>
<string>-p</string>
<string>Run the nightly summary task.</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>22</integer>
<key>Minute</key>
<integer>0</integer>
</dict>
<key>StandardOutPath</key>
<string>/tmp/nightly.log</string>
<key>StandardErrorPath</key>
<string>/tmp/nightly-err.log</string>
</dict>
</plist>
Note if you’re reading after June 15, 2026:
claude -pruns now bill to the per-user Agent SDK credit, not your main subscription usage limit. The two pools are separate and the Agent SDK credit is finite — jobs stop silently when it’s exhausted. See Before June 15: Which Claude Code Jobs Now Bill to the Agent SDK Credit for the full breakdown.
Credential hygiene: OAuth vs. API key
The persistent session authenticates with your Claude account’s OAuth token. That token will eventually need refreshing — and a headless, unattended session will stall on the browser-based re-auth prompt without warning.
Two approaches:
Option A: API key for scheduled work. Set ANTHROPIC_API_KEY in the environment for your claude -p launchd jobs. The CLI uses the key directly; no OAuth expiry, no re-auth prompt. The trade-off: this bills to your API account, not your subscription credit.
# In the plist EnvironmentVariables block:
<key>EnvironmentVariables</key>
<dict>
<key>ANTHROPIC_API_KEY</key>
<string>sk-ant-...</string>
</dict>
Option B: Monitor the session for stalled auth. A lightweight probe checks the tmux session output every few minutes and alerts (Telegram, webhook, email) if it sees an auth prompt. You re-auth once from a terminal; the session resumes. More setup, but keeps everything on the subscription.
Fleet uses Option B for the persistent session (subscription billing) and the API key for heavy scheduled work (predictable per-token cost). Pick based on your usage shape: subscription-heavy interactive use, or automation-heavy scheduled load.
How this works in Fleet
Fleet is the open-source, self-hosted platform for running persistent Claude Code agents on a Mac. Its persistence layer is exactly this stack: a launchd-managed tmux session for the live agent, launchd timers for scheduled claude -p one-shots, and Telegram as the out-of-band alert channel for credential and liveness issues. The credential boundary — official CLI binary does the talking — is the same boundary Fleet has operated within since launch, which is why the April 4 change did not break it.
The full setup is on GitHub, including the setup guide for the launchd + tmux persistence pattern.
What this does not solve
Two gaps worth naming:
OAuth token expiry in headless sessions. A stalled auth prompt in an unattended tmux session looks identical, from the outside, to a crashed agent. You need a liveness probe that can tell the difference — and a channel to tell you about it. Without one, the agent silently stops until you notice.
Channels permission relay. Claude Code Channels is a research preview; the permission relay (approve a tool call from your phone) has known reliability issues in always-on setups. Channels is not the same thing as the persistent-session stack described above — it is an additional layer, with its own gaps.
Bottom line
The April 4 OAuth restriction removed a workaround, not a capability. Third-party harnesses that extracted subscription credentials broke. The official claude CLI binary — persistent tmux session, claude -p one-shots, launchd supervision — is still compliant and still works.
If you’re building or auditing a persistent agent setup, the next piece to read is the billing half of the picture: Before June 15: Which Claude Code Jobs Now Bill to the Agent SDK Credit. The compliance question and the billing question are separate; you need both answers.
Or explore Fleet to see the full self-hosted stack — source on GitHub, setup guide in the docs.
Always verify your setup against Anthropic’s current usage policy and Claude Code terms before relying on any specific pattern described here. Terms change; the general principle — the CLI binary presents the credential, not your code — is the durable guide.