Advanced Claude Code: Remote Sessions, Architecture, and Power User Features

Beyond the Basics

If you've read the Zero to Hero guide, you know how to use Claude Code for building projects. This post goes deeper - into the architecture, the security model, and the power-user features that unlock new workflows.

What we'll cover:

• Remote sessions: Start on your laptop, monitor from your phone
• The security architecture: How your credentials stay safe
• Custom commands: Build your own slash commands
• Hooks: Automate responses to Claude's actions
• MCP servers: Extend Claude with external tools
• Sandboxing: How Claude Code protects your system

---

Remote Sessions: Claude Code from Anywhere

The Use Case

You're at your desk, you start a complex refactoring task. Then you need to leave - pick up kids, walk the dog, grab lunch. With remote sessions, Claude keeps working in the cloud while you monitor from your phone.

Requirements

• Pro ($20/mo) or Max ($200/mo) subscription
• GitHub connected to claude.ai/code
• One-time setup with /remote-env

The Workflow

1. Fire off a task to the cloud:

# The & prefix sends work to a cloud VM
& Refactor the authentication module to use JWT tokens

Or explicitly:

claude --remote "Refactor the authentication module to use JWT tokens"

2. Monitor from anywhere:

Open claude.ai on your phone (or the Claude iOS app). Watch Claude work, ask questions, provide feedback - all while Claude executes autonomously in the cloud.

3. Pull it back when ready:

/teleport

This fetches the branch Claude created, loads the full conversation history, and you continue exactly where Claude left off.

Parallel Execution

Fire off multiple tasks simultaneously:

& Fix the flaky test in auth.spec.ts
& Update the API documentation
& Refactor the logger to use structured output

Each gets its own isolated VM. Check progress with /tasks. Press t to teleport into any completed session.

---

The Architecture: How Remote Sessions Actually Work

This is where it gets interesting. Anthropic built a sophisticated security model that lets Claude Code run autonomously without exposing your credentials.

Isolated VMs Per Session

When you send a task with &:

1. Anthropic spins up a dedicated VM for your task
2. The VM runs a universal image with pre-installed toolchains:
   • Python, Node.js, Ruby, Go, Rust, Java, PHP
   • PostgreSQL 16, Redis 7.0
   • All major package managers and build tools
3. Your repo is cloned into this isolated environment
4. Claude works autonomously until complete
5. Results are pushed to a new branch

Key insight: Your session doesn't share infrastructure with anyone else's. Complete isolation.

The Credential Security Model

Here's the clever part - your GitHub credentials never enter the sandbox:

┌─────────────────────────────────────────────────────────┐
│                    SANDBOX VM                           │
│  ┌─────────────┐                                        │
│  │ Claude Code │ ──→ Scoped Credential (limited token)  │
│  └─────────────┘              │                         │
└───────────────────────────────│─────────────────────────┘
                                ↓
                    ┌───────────────────┐
                    │   GitHub Proxy    │  ← Translates scoped
                    │   (Anthropic)     │    credential to real token
                    └─────────┬─────────┘
                              ↓
                    ┌───────────────────┐
                    │    GitHub.com     │
                    └───────────────────┘

How it works:

1. Claude Code in the sandbox only has a scoped credential - a limited token that can't do much on its own
2. All git operations route through Anthropic's GitHub proxy
3. The proxy verifies the scoped credential, then makes the real API call with your actual token
4. Git push is restricted to the current branch only - Claude can't accidentally push to main

Why this matters: Even if the sandbox were compromised, an attacker couldn't exfiltrate your credentials. They never exist inside the sandbox.

Network Isolation

The sandbox can't talk to arbitrary internet hosts. All traffic routes through a proxy with:

Domain allowlist (~200 approved domains):

• Package managers: npm, PyPI, crates.io, RubyGems
• Git hosts: GitHub, GitLab, Bitbucket
• Cloud providers: AWS, GCP, Azure
• Container registries: Docker Hub, ECR, GCR

Everything else is blocked unless you explicitly allow it via /remote-env.

Additional protections:

• Rate limiting prevents abuse
• Content filtering for security
• All child processes inherit the same restrictions

OS-Level Sandboxing

Even locally, Claude Code runs in a sandbox:

On Linux: Uses bubblewrap for containerization On macOS: Uses Seatbelt (Apple's sandbox framework)

Write access:  Current directory + subdirectories only
Read access:   Broader, but with exclusions
Blocked:       ~/.bashrc, system files, sensitive paths

Claude can't modify your shell config, read your SSH keys, or touch files outside your project.

Teleport State Transfer

When you /teleport a session back to your terminal:

1. Verifies clean git state - prompts to stash if you have uncommitted changes
2. Fetches the remote branch Claude created
3. Checks out that branch locally
4. Transfers full conversation history - every message, every decision
5. Resumes seamlessly - continue exactly where cloud Claude left off

One-way transfer: You can pull web→terminal, but can't push terminal→web. The & prefix creates a new cloud session with your current context.

---

Custom Slash Commands

You can create your own commands that expand into prompts.

Project Commands (Shared with Team)

Create .claude/commands/ in your repo:

<!-- .claude/commands/deploy.md -->
---
description: Deploy to staging environment
allowed-tools: Bash, Read
---

Deploy the current branch to staging:

1. Run the test suite first
2. Build the production bundle
3. Deploy using our deploy script: `./scripts/deploy-staging.sh`
4. Verify the deployment is healthy
5. Report the staging URL

Now anyone on your team can run /deploy.

Personal Commands (All Your Projects)

Create ~/.claude/commands/ for commands available everywhere:

<!-- ~/.claude/commands/morning.md -->
---
description: Morning standup prep
---

Help me prepare for standup:

1. Show git log for my commits since yesterday
2. List any open PRs I created
3. Check for PRs where I&apos;m requested as reviewer
4. Summarize what I should mention in standup

Run /morning in any project.

Command Features

Arguments: Use $ARGUMENTS or $1, $2 for positional args:

<!-- .claude/commands/review-file.md -->
Review the file $1 for:
- Security vulnerabilities
- Performance issues
- Code style violations

Usage: /review-file src/auth/login.ts

Bash execution: Use ! prefix to include command output:

Current branch: !git branch --show-current
Recent commits: !git log --oneline -5

File references: Use @ prefix:

Follow the patterns in @src/components/Button.tsx

---

Hooks: Automated Responses

Hooks let you run commands automatically when Claude does certain things.

Configuration

Add to .claude/settings.json:

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [
          {
            "type": "command",
            "command": "npm run lint:fix $CLAUDE_FILE_PATH"
          }
        ]
      }
    ]
  }
}

This runs the linter automatically every time Claude writes or edits a file.

Available Hook Points

Hook	When It Fires
SessionStart	When Claude Code session begins
PreToolUse	Before Claude uses a tool (can block)
PostToolUse	After Claude uses a tool
PostMessage	After Claude sends a message

Practical Examples

Auto-format on save:

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Write",
        "hooks": [
          {
            "type": "command",
            "command": "prettier --write $CLAUDE_FILE_PATH"
          }
        ]
      }
    ]
  }
}

Install dependencies on session start:

{
  "hooks": {
    "SessionStart": [
      {
        "matcher": "startup",
        "hooks": [
          {
            "type": "command",
            "command": "npm install"
          }
        ]
      }
    ]
  }
}

Run tests after code changes:

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [
          {
            "type": "command",
            "command": "npm test -- --related $CLAUDE_FILE_PATH"
          }
        ]
      }
    ]
  }
}

---

MCP Servers: Extending Claude's Capabilities

MCP (Model Context Protocol) lets you connect Claude Code to external tools and data sources.

What MCP Enables

• Database access: Query your Postgres/MySQL directly
• API integrations: Connect to Jira, Linear, Slack
• Custom tools: Build your own integrations
• File systems: Access remote file systems
• Search: Connect to Elasticsearch, Algolia

Configuration

Add to .claude/settings.json:

{
  "mcpServers": {
    "postgres": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-postgres"],
      "env": {
        "DATABASE_URL": "postgresql://user:pass@localhost/mydb"
      }
    },
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/allowed/dir"]
    }
  }
}

Using MCP Tools

Once configured, Claude can use MCP tools naturally:

Claude will use the postgres MCP server to run the query.

Available MCP Servers

The ecosystem is growing. Some popular ones:

• @modelcontextprotocol/server-postgres - PostgreSQL access
• @modelcontextprotocol/server-filesystem - File system access
• @modelcontextprotocol/server-github - GitHub API
• @modelcontextprotocol/server-slack - Slack integration
• @modelcontextprotocol/server-memory - Persistent memory

Check modelcontextprotocol.io for the full list.

MCP Slash Commands

MCP servers can expose their own slash commands:

/mcp__postgres__query SELECT * FROM users LIMIT 10

Or if there's no conflict, just:

/query SELECT * FROM users LIMIT 10

---

Agents: Specialized Sub-Agents

Claude Code can spawn specialized agents for specific tasks.

Built-in Agent Types

Agent	Purpose
Explore	Fast codebase exploration and search
Plan	Architecture design and implementation planning
Bash	Command execution specialist

Custom Agents

You can define custom agents in .claude/agents/:

<!-- .claude/agents/security-reviewer.md -->
---
name: Security Reviewer
description: Reviews code for security vulnerabilities
tools: Read, Grep, Glob
model: opus
---

You are a security expert. When asked to review code:

1. Check for injection vulnerabilities (SQL, command, XSS)
2. Look for authentication/authorization issues
3. Identify sensitive data exposure
4. Check for insecure dependencies
5. Review cryptographic implementations

Always cite specific line numbers and provide remediation steps.

Using Agents

Claude automatically uses appropriate agents, or you can be explicit:

---

Plan Mode: Design Before Building

For complex tasks, plan mode lets you design the approach before writing code.

Entering Plan Mode

/plan

Or start Claude Code in plan mode:

claude --permission-mode plan

How It Works

In plan mode:

• Claude can read files but not write
• You discuss architecture, trade-offs, approaches
• Claude creates a detailed implementation plan
• Once approved, you exit plan mode and Claude executes

The Workflow

1. Enter plan mode: /plan
       ↓
2. Describe what you want to build
       ↓
3. Claude explores codebase, asks questions
       ↓
4. Claude proposes implementation plan
       ↓
5. You refine, ask questions, adjust
       ↓
6. Approve the plan
       ↓
7. Claude implements (now with write access)

When to Use Plan Mode

• Complex features spanning multiple files
• Architectural decisions with trade-offs
• Refactoring that touches many components
• Unfamiliar codebases where you want to understand before changing

---

The CLAUDE.md File: Project Memory

The CLAUDE.md file gives Claude persistent context about your project.

Creating One

/init

Or manually create CLAUDE.md in your project root.

What to Include

# CLAUDE.md

## Project Overview
This is a Next.js e-commerce application with Stripe integration.

## Tech Stack
- Next.js 14 with App Router
- TypeScript (strict mode)
- Tailwind CSS
- PostgreSQL with Prisma ORM
- Stripe for payments

## Key Patterns
- All API routes use Zod for validation
- Use the `api` instance from ApiContext for authenticated requests
- Components go in `src/components/`, pages in `src/app/`

## Commands
- `pnpm dev` - Start development server
- `pnpm test` - Run tests
- `pnpm db:migrate` - Run database migrations

## Important Notes
- Never commit .env files
- All prices are stored in cents
- Use `formatPrice()` helper for display

Memory Hierarchy

Claude reads CLAUDE.md files from multiple locations:

1. ~/.claude/CLAUDE.md - Global, all projects
2. Project root CLAUDE.md - This project
3. .claude/CLAUDE.md - Additional project config

---

Practical Patterns

Pattern: Plan Remotely, Execute Remotely

# Start planning session in cloud
& I need to add user authentication. Let's discuss the approach first.

Monitor from phone, have the architecture discussion, then:

# From phone/web, tell Claude to execute
Now implement the plan we discussed.

Teleport back when complete to review and test.

Pattern: Parallel Feature Development

Working on multiple independent features:

& Add dark mode support to the settings page
& Implement the export-to-CSV feature
& Write integration tests for the checkout flow

All three run simultaneously. Check /tasks, teleport the ones that finish, review and merge.

Pattern: Security Review Pipeline

Set up a pre-commit hook:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Write",
        "hooks": [
          {
            "type": "command",
            "command": "node scripts/security-check.js $CLAUDE_FILE_PATH"
          }
        ]
      }
    ]
  }
}

Every file Claude writes gets security-scanned before it's saved.

Pattern: Database-Aware Development

With MCP postgres server configured:

Claude queries the actual database, sees the real schema, generates accurate types.

---

Debugging Tips

Check What Claude Sees

/context

Shows a visual grid of context usage - helpful when Claude seems to be "forgetting" things.

View Active Tasks

/tasks

Lists all running and completed web sessions.

Health Check

/doctor

Verifies Claude Code installation, shows available updates.

Export for Analysis

/export conversation.md

Saves the full conversation to a file for review or sharing.

---

Summary

Claude Code's advanced features enable workflows that weren't possible before:

• Remote sessions let you start work anywhere, finish anywhere
• The security architecture keeps your credentials safe even in autonomous execution
• Custom commands encode your team's workflows
• Hooks automate quality gates
• MCP servers extend Claude's reach to databases, APIs, and tools
• Plan mode separates design from implementation

The underlying philosophy: Give Claude Code the access it needs to be useful, but contain it securely so it can't cause damage. The proxy-based credential model, OS-level sandboxing, and network isolation all work together to make autonomous AI coding safe.

---

For Enterprise: Beyond Claude Code

Claude Code is powerful for individual developers and small teams. But enterprise environments often need more:

Multi-Model Flexibility

What if your security team mandates AWS-only infrastructure? Or your legal team requires specific model providers? Claude Code is Claude-only. Enterprise teams need flexibility.

Compliance Requirements

SOC 2? HIPAA? FedRAMP? Claude Code's security model is solid, but enterprises need complete audit trails, data sovereignty guarantees, and deployment in their own infrastructure.

Team Collaboration

Remote sessions are great for individual work. But what about:

• Shared prompt libraries across a team?
• Real-time collaboration on AI sessions?
• Permission controls for who can access what?

B4M CLI: Enterprise AI CLI

This is why my team built B4M CLI - bringing enterprise capabilities to the command line.

What it adds:

Capability	Claude Code	B4M CLI
AI Models	Claude only	90+ models (OpenAI, Anthropic, Google, Meta, etc.)
Memory	Session-based	Persistent mementos across sessions
Deployment	Anthropic infrastructure	Your AWS account (optional)
Compliance	Anthropic's policies	SOC 2, HIPAA, FedRAMP (coming)
Collaboration	Remote sessions	Team workspaces, shared sessions, permissions
Autonomous Tasks	Background execution	Quest Master with multi-step planning

The workflow is similar - you still work in your terminal, you still write prompts, you still build software. But with enterprise-grade infrastructure underneath.

Learn more at Bike4Mind Enterprise or try the B4M CLI.

---

This is a companion to the Zero to Hero: Building with Claude Code beginner's guide.

Have questions about advanced Claude Code usage? Reach out: erik at bike4mind dot com