Claude Code Remote Control: Start a Refactor at Your Desk, Finish It From Your Phone
You are 45 minutes into a complex refactor. Claude Code is mid-flight, reading your codebase, writing tests, restructuring modules. Then your kid needs a ride to practice. Before Remote Control, you had two options: kill the session or hope your laptop does not sleep before you get back.
Remote Control is Anthropic's answer to that problem. It connects claude.ai/code or the Claude mobile app to a Claude Code session running on your local machine. The session stays local. Your filesystem, Model Context Protocol (MCP) servers, tools, and project configuration all remain on your hardware. The phone or browser is just a window into the local session.
It shipped as a research preview for Pro and Max plan subscribers. Not available on Team or Enterprise yet.
What Remote Control Actually Does
The core idea is simple: your terminal keeps running Claude Code locally, and a web or mobile interface connects to it remotely. The conversation stays in sync across all connected devices. You can send messages from your terminal, browser, and phone interchangeably.
When you start a Remote Control session, your local Claude Code process makes outbound HTTPS requests to the Anthropic API and polls for work. It never opens inbound ports on your machine. When you connect from another device, the server routes messages between the web or mobile client and your local session over a streaming connection. All traffic travels through the Anthropic API over Transport Layer Security (TLS), using multiple short-lived credentials scoped to a single purpose and expiring independently.
If your laptop sleeps or your network drops, the session reconnects automatically when your machine comes back online. If your machine stays disconnected for more than roughly 10 minutes, the session times out and exits.
Setting It Up
There are two ways to start a Remote Control session.
Option 1: Start a new session from scratch.
claude remote-control
This launches Claude Code in Remote Control mode. The terminal displays a session URL and you can press spacebar to toggle a QR code for quick phone access.
Two optional flags are available here:
# Show detailed connection and session logs
claude remote-control --verbose
# Enable filesystem and network sandboxing
claude remote-control --sandbox
Option 2: Connect a session that is already running.
If you are in the middle of a Claude Code conversation and decide you want to continue it from your phone, use the slash command:
/remote-control
Or the shorthand:
/rc
This carries over your current conversation history. The --verbose and --sandbox flags are not available when using the slash command.
Pro tip: name your session first. Before going remote, give it a descriptive name so you can find it easily across devices:
/rename "auth-refactor-sprint"
/rc
Connecting From Another Device
Once the session is active, you have three ways in:
Open the session URL displayed in your terminal in any browser. It goes directly to the session on claude.ai/code.
Scan the QR code with your phone to open it in the Claude app. Press spacebar to toggle the QR code display.
Or just open claude.ai/code or the Claude app and find the session by name in the session list. Remote Control sessions show a computer icon with a green status dot when online.
If you do not have the Claude app yet, run /mobile inside Claude Code to get a download QR code for iOS or Android.
Making It Automatic
If you want every session to be Remote Control enabled by default:
/config
Set "Enable Remote Control for all sessions" to true. Each Claude Code instance supports one remote session at a time. If you run multiple instances, each gets its own environment and session.
Seven Ways This Changes the Workflow
1. The Walk-Away Refactor
Kick off a major codebase change at your desk. Claude is restructuring modules, updating imports, writing tests. You need to leave. Pull out your phone, scan the QR code, and keep steering from wherever you end up. The session reconnects automatically if your laptop sleeps or your network hiccups. When you get back to your desk, the terminal is still in sync.
This is the most obvious use case, but it is also the one that shifts your mental model. Development stops being a place and becomes a sequence of decisions you make from wherever you happen to be.
2. On-Call Incident Response From Anywhere
You get paged at 2 AM. Instead of dragging yourself to your desk, start a Remote Control session from your phone. Claude has access to your local security tooling repo, your MCP servers, your Security Information and Event Management (SIEM) integrations, and your playbook scripts. Triage from bed. If the fix is straightforward, guide Claude through it from the couch. Deploy before your coffee is cold.
For security teams that maintain custom tooling and automation, the fact that Remote Control uses your local environment is the key differentiator. Your integrations and credentials stay on your machine where they belong.
3. Multi-Device Code Review
Start reviewing a Pull Request (PR) on your desktop during the workday. You have asked Claude to trace through the changes, explain the architecture decisions, and flag potential issues. Need to leave for an appointment? Continue the review on your tablet in the waiting room. The conversation context follows you. Every file Claude has read, every question you have asked, every concern you have flagged is all there.
4. Security Automation Development on the Go
You are building TORQ or n8n automation workflows. Claude Code is working through your local project with access to your custom MCP servers and security tool integrations. Remote Control means you can monitor progress, approve tool calls, and steer the automation design from your phone while handling other tasks. The local execution model is especially important here since your security integrations and API keys never leave your machine.
5. Pair Programming Without the Pairing Station
Instead of sharing a screen or setting up a remote session, your teammate starts a Claude Code session with Remote Control enabled. You connect from your own browser and contribute to the same conversation. Both surfaces stay in sync. Terminal, browser, and phone can all send messages interchangeably. It is not a replacement for full pair programming, but for async collaboration on a specific problem it removes a surprising amount of friction.
6. Long-Running Tasks With Steering
Some jobs take 30 minutes or more: full codebase audits, large-scale test generation, documentation overhauls. Fire these off and periodically check in from any device to approve decisions, redirect focus, or provide context Claude needs to continue. The key insight is that many of these tasks do not need constant attention, but they do need occasional human judgment. Remote Control makes that judgment available without tying you to your desk.
7. The Always-On Dev Machine
For security professionals who maintain home labs or dedicated workstations, Remote Control turns your always-on machine into a persistent AI workspace you can tap into from anywhere. Your MCP servers stay hot. Your filesystem stays available. Claude keeps running locally. You just need a browser or the Claude app to connect.
The Security Model
This is where Remote Control gets interesting from a threat modeling perspective.
Nothing moves to the cloud. The session runs locally. The web and mobile interfaces are a remote view, not a cloud migration. Your code, your files, and your MCP server connections all stay on your hardware. This is a meaningful architectural choice from a data security standpoint.
Outbound only, no listening ports. Your machine makes outbound HTTPS requests to the Anthropic API. It never opens inbound ports. This is a fundamentally different attack surface than SSH or VPN-based remote access where you are exposing a listener on your machine.
Authentication through plan accounts, not API keys. API keys are not supported for Remote Control. Only authenticated Pro and Max accounts work. This prevents programmatic abuse and ensures session ownership is tied to a real user identity with a billing relationship.
Short-lived, purpose-scoped credentials. The connection uses multiple short-lived credentials, each scoped to a single purpose and expiring independently. This limits the blast radius if any single credential is compromised.
Network resilience without data caching. If your laptop sleeps or your network drops, the session reconnects automatically when your machine comes back. The data does not get cached in some intermediate cloud buffer.
Worth watching: attack surface questions. Any remote access mechanism introduces questions. How is the session authenticated end-to-end? What happens if someone intercepts the session URL or QR code? How does Anthropic handle session token rotation? The outbound-only model is a strong starting point, but these are worth tracking as the feature moves beyond research preview. The fact that it is not available on Team or Enterprise yet suggests Anthropic is still hardening the security model for organizational use.
How It Compares
| Approach | Runs Locally? | Mobile UI? | Session Sync? | Setup |
|---|---|---|---|---|
/remote-control | Yes | Yes (native app) | Real-time | Zero config |
| SSH + tmux | Yes | Terminal only | Manual | Moderate |
| Depot cloud sandboxes | No (cloud) | Web UI | Yes | Config required |
| Claude Remote (third-party) | Yes | Browser | Yes | App + Cloudflare |
| Claude Code on the Web | No (cloud) | Yes | N/A | GitHub app install |
The key differentiator: Remote Control is the only option that keeps everything local while giving you a native mobile and web UI with zero additional tooling. SSH + tmux gets you local execution but the mobile experience is painful. Claude Code on the Web gives you a great UI but runs in Anthropic's cloud infrastructure, not on your machine. Depot gives you managed cloud sandboxes, which is the opposite tradeoff.
If you want your local MCP servers, your filesystem, and your project config available remotely, with a real mobile app and not a terminal emulator on a phone screen, Remote Control is currently the only option that checks all the boxes.
Limitations to Know About
One remote session per instance. Each Claude Code session supports one remote connection. If you need multiple remote sessions, run multiple Claude Code instances.
Terminal must stay open. Remote Control runs as a local process. If you close the terminal or stop Claude, the session ends. This is not a background daemon.
10-minute network timeout. If your machine is awake but unable to reach the network for more than roughly 10 minutes, the session times out and the process exits. You will need to start a new session.
No Team or Enterprise plans yet. For organizations with strict data governance and centralized administration, this is the biggest gap. Research preview status means the feature is still being validated for enterprise deployment.
The Bottom Line
The best thing about Remote Control is not the QR code or the mobile app. It is the mental shift. When your AI coding partner is not tethered to your desk, neither are you. And for those of us who spend half our day in meetings, on calls, or putting out fires, that changes what is possible in the time between.
The security model is thoughtful: outbound only, no cloud migration of your code, purpose-scoped credentials, and plan-level authentication. It is not a finished product for enterprise use yet, but the architecture is headed in the right direction.
Try it: run /rc in your next Claude Code session, scan the QR code with your phone, and see what happens. That is the entire setup.