Tools: Deep Dive: How Claude Code Remote Control Actually Works 2026

Posted on Feb 26

• Originally published at tryupskill.app

Two days ago Anthropic shipped a feature: start a Claude Code session on your laptop, pick it up on your phone. No SSH. No port forwarding. Scan a QR code and you're in.

My first reaction was "cool." My second was "wait — how?"

Your laptop sits behind NAT. Your phone is on LTE. No shared network, no VPN. Yet a command typed on your iPhone fires off git diff on a MacBook sitting on your desk at home.

I spent two days going through official docs, GitHub issues, bug reports, a third-party security audit, and Hacker News threads to take this thing apart. Here's what I found.

The whole design rests on one constraint: your machine never opens a listening port. Not one. The docs are blunt about it:

Your local Claude Code session makes outbound HTTPS requests only and never opens inbound ports on your machine.

If you've used Tailscale, you already know this trick. Tailscale's DERP relay servers work the same way — both endpoints connect outbound to a relay, and the relay stitches them together. Claude Code does the same thing, except it relays application messages instead of network packets.

Your machine — the Claude Code CLI process. Full access to your filesystem, SSH keys, .env, git repo. All code execution happens here and nowhere else.

api.anthropic.com — acts as message relay and session router. It forwards chat messages and tool results between endpoints. It does not store your source code. Only conversation messages pass through.

Source: Dev.to