Hacker News new | ask | show | jobs
by jimminyx 142 days ago
OP here. Yes! This was a big motivation for me to try and build this. Nervous Anthropic is gonna shut down my account for using Clawdbot.

This project uses the Agents SDK so it should be kosher in regards to terms of service. I couldn't figure out how to get the SDK running inside the containers to properly use the authenticated session from the host machine so I went with a hacky way of injecting the oauth token into the container environment. It still should be above board for TOS but it's the one security flaw that I know about (malicious person in a WhatsApp group with you can prompt inject the agent to share the oauth key).

If anyone can help out with getting the authenticated session to work properly with the agents running in containers it would be much appreciated.
2 comments
dceddia 142 days ago
I went down this rabbit hole a bit recently trying to use claude inside fence[0] and it seems that on macOS, claude stores this token inside Keychain. I'm not sure there's a way to expose that to a container... my guess would be no, especially since it seems the container is Linux, and also because keeping the Keychain out of reach of containers seems like it would be paramount. But someone might know better!

0: https://github.com/Use-Tusk/fence

link
gronky_ 142 days ago
True. There’s a setting for Claude code though where you can add apiKeyHelper which is a script you add that gets the token for Claude Code. I imagine you can use that but haven’t quite figured out how to wire it up
link
DavideNL 140 days ago
> "I went down this rabbit hole a bit recently trying to use claude inside fence[0]"

Did you get it working in the end? I assume you didn't share your setup/config anywhere?

link
dceddia 140 days ago
Yeah, forgot when I wrote this comment that the thing about keychain was to pass that auth token into a Docker container, which I gave up on (Tauri desktop app needs to compile Rust and link against other stuff, different architecture inside the container blah blah)

More or less what it says in the README:

    fence -t code -- claude --dangerously-skip-permissions
Or wrap it in a function as an alias

    # cat prompt.md | ralph
    function ralph() {
      fence -t code -- \
        claude --verbose --dangerously-skip-permissions --output-format stream-json -p "$@" \
        | jq -r 'select(.type == "assistant") | .message.content[]? | select(.type? == "text") | .text'
    }
link
skerit 141 days ago
Can you do everything via the SDK as via regular API calls? Caching etc all works? You can get reasoning, responses, tool call info, ... ?
link