A self-hosted Telegram bot that drives the real claude binary on the Pro/Max plan you already pay for. No API key to manage, nothing metered per token.
curl -fsSL claudebot.ve.ke/install.sh | bash
under the hood: claude -p --output-format stream-json — the genuine binary, your login, streamed back live.
It shells out to the genuine claude you already use: the same harness, tools, and login. It's the real binary, not the Agent SDK or an API reimplementation.
Runs on your logged-in Pro/Max subscription. The OAuth token never leaves Claude Code — nothing metered, nothing to expense.
Your own bot process owns Telegram. Switch models, dial effort, send a photo or a PDF, stream replies. No redeploy, no config file — just another message.
Anthropic's “no third-party harness” rule is about where your subscription OAuth token is used: don't feed it to a client that isn't Claude Code — the Agent SDK, Cline, Cursor, raw API calls, an LLM gateway.
claudebot never touches the token. It pipes text into the genuine claude process and reads JSON back; the token stays inside Claude Code, exactly as designed. Anthropic documents claude -p on subscriptions, ships claude setup-token for scripts, and (from 2026-06-15) gives claude -p a dedicated subscription credit.
This is policy, not law — Anthropic can tighten it, and headless/channels are still evolving. Use your own judgement.
Gate it to your own Telegram ID. Don't let others prompt through your plan — that's account sharing.
Let the binary own its auth. No lifting creds to call the API yourself.
Normal interactive-scale chat is fine. Pathological looping isn't.
By default, Claude runs any tool, including Bash, without asking. Run claudebot only on a machine you trust, scoped to a working directory, gated to your own Telegram ID. The bot is the owner's remote shell, not a public service.
Empty list = locked to nobody. DM-only handlers; group & channel traffic ignored.
A default preamble tells Claude to treat attached & fetched content as data, never instructions.
Bot token stripped from the child env; .env & state are chmod 600; chat errors are generic.
Per-turn timeout so nothing wedges; one poller per host via an exclusive lock.
claudebot update runs the test suite before a new build goes live — and auto-rolls-back on failure.
~1.5k lines of readable Python, MIT-licensed. Read every line that touches your machine.
| Approach | Real binary | No API key | You own the UX | Always-alive |
|---|---|---|---|---|
claudebot headless stream-json | ✓ | ✓ | ✓ | ✓ |
Official Telegram plugin claude-plugins-official | ✓ | ✓ | fixed UX | ✓ |
claude-code-telegram RichardAtCT | via SDK | ✓ | ✓ | ✓ |
PTY / TUI scraping | ✓ | ✓ | ✓ | brittle |
The official plugin is genuinely great if you want zero-config and don't need custom UX. claudebot is for when you want to own the conversation loop.
Switch models mid-conversation.
Crank thinking for a hard problem.
Tighten what runs without asking.
Switch projects on the fly.
Send a photo or document — Claude reads it.
Resend, abort, reset, inspect.
Tweaks are saved per-chat and survive restarts. Because claudebot owns Telegram, none of this needs a redeploy.
curl -fsSL claudebot.ve.ke/install.sh | bash
Linux: run loginctl enable-linger $USER once so it survives logout.
No — and that's deliberate. Letting others prompt through your subscription is account sharing (a ban risk), and it hands them a shell on your machine. One subscription, one trusted machine, one Telegram ID. A real multi-user product needs per-user credentials, quotas, and isolation — that's a different project.
No, by design. claudebot runs on your subscription, so there's nothing to host without sharing accounts — which is exactly why there's no per-token bill. Self-host it in 30 seconds instead.
Nothing beyond the Claude plan you already pay for. claudebot is free and MIT-licensed, with no API metering on top and nothing to upgrade to.
macOS (launchd) and Linux (systemd --user). Both keep the bot always-on with auto-restart. You'll need Claude Code installed and logged in, and Python 3.10+.
The risk is in how you use it, not the tool. claudebot keeps the token inside the genuine claude binary — the supported path. Stay single-user, never extract the token, and don't run pathological 24/7 loops. See “Is this allowed?” for the honest detail.