marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: add Remote Control (§9.22) — mobile access feature documentation

Browse source 
- New section 9.22 in ultimate-guide.md with full Remote Control coverage
- Cheatsheet: dedicated section + Features Méconnues + slash commands
- security-hardening.md: Part 7 Remote Control Security threat model
- machine-readable/reference.yaml: /rc, /remote-control, /mobile, subcommand
- Resource evaluation: 2026-02-25 (score 4/5, community feedback included)

Key original content vs official Anthropic docs:
- Slash commands (/new, /compact) broken in remote UI — undocumented
- tmux multi-session workaround for 1-session limit
- Community security analysis (RCE surface, CISO implications)

Research Preview — Pro/Max plans only (v2.1.51+)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Florian BRUNIAUX 2026-02-25 18:45:41 +01:00
parent 97f9167a61
commit 5e893f3ccd
6 changed files with 527 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

42
guide/cheatsheet.md
View file

@ -32,6 +32,9 @@ tags: [cheatsheet, reference]
| `/teleport` | Teleport session from web |
| `/tasks` | Monitor background tasks |
| `/remote-env` | Configure cloud environment |
| `/remote-control` | Start remote control session (Research Preview, Pro/Max) |
| `/rc` | Alias for /remote-control |
| `/mobile` | Get Claude mobile app download links |
| `/fast` | Toggle fast mode (2.5x speed, 6x cost) |
| `/debug` | Systematic troubleshooting |
| `/exit` | Quit (or Ctrl+D) |
@ -80,6 +83,7 @@ tags: [cheatsheet, reference]
| **Auto-Memories** | v2.1.32 | Automatic cross-session context capture |
| **Session Forking** | v2.1.19 | Rewind + create parallel timeline |
| **LSP Tool** | v2.0.74 | Code intelligence (go-to-def, refs) |
| **Remote Control** | v2.1.51 | Control local session from phone/browser (Research Preview, Pro/Max) |
**Pro tip**: These aren't "secrets"—they're in the [CHANGELOG](https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md). Read it!
@ -381,6 +385,7 @@ VERIFY: Empty email shows error, invalid format shows error
| `-c` / `--continue` | Continue last session |
| `-r` / `--resume <id>` | Resume specific session |
| `--teleport` | Teleport session from web |
| `remote-control` | Subcommand: start remote control session |
| `--model sonnet` | Change model |
| `--add-dir ../lib` | Allow access outside CWD |
| `--permission-mode plan` | Plan mode |
@ -422,6 +427,43 @@ claude -p "fix typos" --dangerously-skip-permissions
---
## Remote Control — Mobile Access (v2.1.51+, Research Preview)
> **Pro/Max only** — not available on Team, Enterprise, or API keys
```bash
# Start from terminal (new session)
claude remote-control
# Or from inside an active session:
/rc # (or /remote-control)
```
**Connect from phone/tablet/browser:**
1. Scan the **QR code** (press spacebar after start)
2. Or open **session URL** in browser / Claude mobile app
3. Or: `/mobile` → shows App Store + Play Store links
| ⚠️ Known Limitation | Detail |
|--------------------|--------|
| 1 session at a time | Only one remote session active |
| Slash commands broken | `/new`, `/compact` = plain text remotely → use from local terminal |
| Terminal must stay open | Closing local terminal ends session |
| Network timeout | ~10 min disconnect → session expires |
**Advanced: tmux multi-session** (bypass 1-session limit)
```bash
tmux new-session -s dev
# Each pane = its own claude session
# Run /rc in the pane you want to control remotely
```
**Auto-enable:** `/config` → toggle "Remote Control: auto-enable"
**Full doc**: [§9.22 Remote Control](ultimate-guide.md#922-remote-control-mobile-access) | [Security notes](security-hardening.md#remote-control-security)
---
## Task Management (v2.1.16+)
**Two systems available:**

72
guide/security-hardening.md
View file

@ -833,4 +833,74 @@ Beyond securing Claude Code itself, Anthropic offers a dedicated vulnerability s
---
*Version 1.1.0 | February 2026 | Part of [Claude Code Ultimate Guide](../README.md)*
## Part 7: Remote Control Security {#remote-control-security}
> **Feature context**: Remote Control (Research Preview, Feb 2026) allows controlling a local Claude Code session from a phone, tablet, or browser. Available on Pro and Max plans only.
### Architecture
```
Local terminal ──HTTPS outbound──► Anthropic relay ──► Mobile/Browser
(execution) (relay only) (control UI)
```
**Security properties:**
- Zero inbound ports (reduces attack surface vs SSH tunnels or ngrok)
- HTTPS only (encrypted in transit)
- Session URL = short-lived authentication token
- Execution stays 100% local
### Threat Model
| Threat | Risk | Mitigation |
|--------|------|------------|
| **Session URL leak** | Full terminal access for whoever holds the URL | Treat URL as password — don't share in Slack/logs/screenshots |
| **RCE via remote commands** | Attacker who gets the URL can run commands if they approve tool calls | Per-command approval prompts on mobile (not foolproof against active attacker) |
| **Corporate policy violation** | Personal Claude account on corporate machine routes traffic through Anthropic relay | Verify policy before enabling, even on personal plans |
| **Persistent session exposure** | Long-running sessions increase window of exposure | Close sessions when done; ~10min auto-timeout on disconnect |
| **Shared/untrusted workstation** | Session URL valid while session is open | Never run remote-control on shared machines |
> **Community perspective**: Senior devs immediately noted: "C'est une sacrée RCE qu'ils introduisent là." The session URL is effectively a live key to an executing terminal. The per-command approval mechanism limits accidental execution but does not protect against a determined attacker who holds the URL and approves all prompts.
### Best Practices
```bash
# 1. Don't auto-enable — activate only when needed
# Avoid: /config → auto-enable remote-control
# 2. Use on a dedicated, hardened workstation
# Not on machines with access to production credentials or secrets
# 3. Close the session when done
# Ctrl+C on local terminal, or dismiss from the mobile app
# 4. Never share session URLs in team chats, tickets, or logs
# They are live access tokens while the session is active
# 5. Prefer use on personal dev machines
# Not on corporate machines with elevated privileges
```
### Enterprise Considerations
Remote Control is **not available** on Team or Enterprise plans. However:
- Developers on personal Pro/Max accounts may use it on corporate hardware
- The relay traffic (your commands and Claude's responses) passes through Anthropic infrastructure
- If your organization has strict data residency requirements, treat Remote Control like any cloud-routed tool
- Recommended: use only on a dedicated "sandbox" workstation without access to production systems
### Comparison: Remote Control vs Alternatives
| Method | Inbound ports | Data path | Risk level |
|--------|---------------|-----------|------------|
| **Remote Control** | None (outbound HTTPS) | Anthropic relay | Low-Medium |
| **SSH + mobile terminal** | Yes (port 22) | Direct | Medium |
| **ngrok tunnel** | None (outbound) | ngrok relay | Medium |
| **VPN + SSH** | Yes (behind VPN) | VPN + direct | Low |
For the highest security: prefer SSH over VPN rather than Remote Control, especially on sensitive environments.
---
*Version 1.2.0 | February 2026 | Part of [Claude Code Ultimate Guide](../README.md)*

166
guide/ultimate-guide.md
View file

@ -186,6 +186,7 @@ Context full → /compact or /clear
- [9.19 Permutation Frameworks](#919-permutation-frameworks)
- [9.20 Agent Teams (Multi-Agent Coordination)](#920-agent-teams-multi-agent-coordination)
- [9.21 Legacy Codebase Modernization](#921-legacy-codebase-modernization)
- [9.22 Remote Control (Mobile Access)](#922-remote-control-mobile-access)
- [10. Reference](#10-reference)
- [10.1 Commands Table](#101-commands-table)
- [10.2 Keyboard Shortcuts](#102-keyboard-shortcuts)
@ -18768,6 +18769,170 @@ The average gains are real and significant. The headline numbers require favorab
---
## 9.22 Remote Control (Mobile Access)
**Reading time**: 7 minutes
**Skill level**: Week 2+
**Status**: Research Preview (as of February 2026)
**Availability**: Pro and Max plans only — not available on Team, Enterprise, or API keys
Remote Control lets you monitor and control a local Claude Code session from a phone, tablet, or web browser — without migrating anything to the cloud. Your terminal keeps running locally; the mobile/web interface is a remote window onto that session.
> **Key difference from Session Teleportation (§9.16)**: Teleportation *migrates* a session (web → local). Remote Control *mirrors* a local session to a remote viewer. Execution always stays on your local machine.
### How It Works
```
Local terminal (running claude)
│ HTTPS outbound only (no inbound ports)
Anthropic relay
Phone / tablet / browser (claude.ai/code or Claude app)
```
- **Execution**: 100% local — your terminal does all the work
- **Security**: HTTPS outbound only, zero inbound ports, short-lived scoped credentials
- **What you can do remotely**: Send messages, approve/deny tool calls, read responses
### Setup
**Requirements:**
- Claude Code v2.1.51+
- Active Pro or Max subscription (not Team/Enterprise)
- Logged in (`/login`)
### Two Ways to Start
**Option A — From the command line (start a new session):**
```bash
claude remote-control
# Optional flags:
# --verbose Show detailed connection logs
# --sandbox Restrict to sandbox mode
```
**Option B — From inside an active session:**
```
/remote-control
# or the shorter alias:
/rc
```
### Connecting from Your Device
Once started, Claude Code displays:
1. A **session URL** (open in any browser)
2. Press **spacebar** to show a **QR code** (scan with your phone)
3. Or open the **Claude app** (iOS / Android) — your active session appears automatically
To enable remote control on every session by default:
```
/config → toggle "Remote Control: auto-enable"
```
### Download the Mobile App
```
/mobile # Shows App Store + Google Play download links
```
### Known Limitations (Research Preview)
| Limitation | Detail |
|------------|--------|
| **1 session at a time** | Only one active remote control session |
| **Terminal must stay open** | Closing the local terminal ends the session |
| **Network timeout** | ~10 min before session expires on disconnect |
| **Slash commands don't work remotely** | `/new`, `/compact`, etc. are treated as plain text in the remote UI |
| **Pro/Max only** | Not available on Team, Enterprise, or API keys |
> **⚠️ Slash commands limitation**: When you type `/new`, `/compact`, or any slash command in the remote interface (mobile app or browser), they are treated as plain text messages — not forwarded as commands to the local CLI. Use slash commands from your local terminal instead.
### Advanced Patterns (Community-Validated)
#### Multi-Session via tmux (Workaround for 1-Session Limit)
```bash
# Start a tmux session with multiple panes
tmux new-session -s dev
# Each tmux pane can run its own claude session:
# Pane 1: claude → run /rc → share URL with your phone
# Pane 2: claude (local only)
# Pane 3: claude (local only)
# To switch which session you're controlling remotely:
# → Go to pane 2, run /rc (disconnects pane 1's remote, connects pane 2)
```
Each tmux pane hosts its own Claude session. Only one can use remote-control at a time, but you can switch between sessions by running `/rc` in different panes.
#### Persistent Server Architecture (VM/Cloud)
Remote Control works on remote machines (VMs, cloud servers) running in tmux:
```bash
# On your cloud server (e.g., Clever Cloud, AWS, etc.):
tmux new-session -s claude-server
claude remote-control
# → Scan QR code from your phone
# → Control a cloud-hosted Claude session from mobile
# → Sessions survive laptop reboots (tmux keeps them alive)
```
This gives you persistent sessions that survive closing your laptop. Combine 6-8 Claude sessions in tmux for continuous uninterrupted work while traveling.
### Alternatives (Pre-Remote Control)
| Alternative | How it worked | Status |
|-------------|---------------|--------|
| [happy.engineering](https://happy.engineering) | Open-source remote access for Claude Code | Community-declared obsolete post-RC |
| OpenClaw | Alternative Claude Code remote interface | Community-declared obsolete post-RC |
| SSH + mobile terminal | SSH into dev machine, run claude | Still valid for Team/Enterprise users |
| VS Code Remote | Remote SSH extension + Claude Code | Still valid, more complex setup |
### Security Considerations
> **Full threat model**: [Security Hardening Guide: Remote Control Security](./security-hardening.md#remote-control-security)
**Quick summary:**
- The session URL is a **live access key** — treat it like a password
- Anyone with the URL can send commands to your local Claude session while active
- Short-lived credentials + HTTPS outbound-only limits the exposure window
- Per-command approval prompts on mobile guard against accidental execution (not against active attackers)
- **Not recommended** on shared or untrusted workstations
- Corporate machines: verify your security policy even on personal Pro/Max accounts
### Troubleshooting
| Issue | Solution |
|-------|----------|
| Session not appearing on phone | Ensure same Claude account, refresh app |
| QR code not showing | Press spacebar after starting remote-control |
| Slash commands not working | Type them in your local terminal instead |
| Session expired | Reconnect: run `/rc` again |
| Corporate firewall blocking | HTTPS outbound (port 443) must be allowed |
| "Not available" error | Verify Pro or Max subscription (not Team/Enterprise) |
### Evolution Timeline
| Version | Feature |
|---------|---------|
| **2.1.51** | Initial Remote Control feature (Research Preview) |
| **2.1.53** | Stability improvements and bug fixes |
---
## 🎯 Section 9 Recap: Pattern Mastery Checklist
Before moving to Section 10 (Reference), verify you understand:
@ -18797,6 +18962,7 @@ Before moving to Section 10 (Reference), verify you understand:
**Advanced Workflows**:
- [ ] **Session Teleportation**: Migrate sessions between cloud and local environments
- [ ] **Remote Control**: Monitor/control local sessions from mobile or browser (Research Preview, Pro/Max)
- [ ] **Background Tasks**: Run tasks in cloud while working locally (`%` prefix)
- [ ] **Multi-Instance Scaling**: Understand when/how to orchestrate parallel Claude instances (advanced teams only)
- [ ] **Agent Teams**: Multi-agent coordination for read-heavy tasks (experimental, Opus 4.6+)