You're out, working on the Claude Code on your home computer from your phone
Use a single Telegram bot to send commands to Claude Code on your home computer — read files, edit code, and deploy from your phone, anywhere. No open ports, no NAT traversal. From the architecture and setup steps to secure authorization with Microsoft Authenticator's time-based codes, it's all here — plus a comparison of other ways to run Claude remotely.
Your development environment lives on that computer at home: the projects are there, the keys are there, the commands that actually run are there. But you've stepped out, and suddenly you want Claude to fix something, check a log, or ship a build — and you can't exactly rush home and boot up your computer for a single command.
This piece covers one approach:use a single Telegram bot to turn the text you type on your phone into Claude Code commands on your home computer. It does the work, and the results come back to Telegram.
A few key benefits:
- No open ports, no ngrok or NAT traversal — your computer actively asks Telegram "any new messages?", so the firewall never has to change.
- Works on your phone from any network— 4G, someone else's Wi-Fi, whatever, because the connection runs "your computer → Telegram," not someone connecting to you.
- Two-tier permissions: by default it can only read (safe); writing files or running commands requires unlocking (full), and access is revoked automatically when you're done.
- Time-based code authorization: it uses the kind of 6-digit code that rotates every 30 seconds in Microsoft Authenticator, not a fixed password.
⚠ This is a sharp blade. It effectively lets "your Telegram account" act on "your computer."Please read the "Security notes" at the end first, and be sure to set up two-factor as described.
How it works
In a sentence: a small program runs continuously on your computer, constantly asking Telegram whether you've sent any new messages; when you have, it hands them to Claude Code on the local machine, then sends the results back to Telegram.
手機 Telegram → 你的 bot → 家裡電腦的小程式 → 本機 Claude Code → 結果回傳
Because "pulling messages" is initiated by your computer, nothing on the outside ever needs to be able to connect into it.
First, a comparison: a few ways to "use Claude while you're out"
Before diving in, let's be clear about where this approach fits — it isn't the only option, just one particular set of trade-offs.
| Approach | Where Claude runs | Can it reach your local files / keys / deployment? | Phone experience | Open ports / VPN required? | Setup | Security responsibility |
|---|---|---|---|---|---|---|
| This approach: Telegram bot → local Claude | Your computer | ✅ Full | ✅ Command it right from chat | ❌ No | Medium (one-time) | You (high) |
| Claude's official web remote (claude.ai/code) | Your computer (via the official channel) | ✅ | 🆗 Browser-based | ❌ | Low | Shared with Anthropic |
| Claude cloud agent (runs in Anthropic's cloud) | Anthropic's cloud | ❌ Can't reach your files / can't deploy your server | ✅ | ❌ | Low | Anthropic |
| SSH / Tailscale + terminal (tmux) | Your computer | ✅ | ❌ Typing in a terminal on your phone is painful | Yes (VPN or open SSH) | Medium | You |
| The same bridge built on another chat platform (Slack / Discord) | Your computer | ✅ | ✅ | ❌ | Medium | You |
How to read this table:
- If you want to work "inside your real development environment"(with your files, your keys, the ability to deploy to your server) — only the options that "run on your computer" can do it. Claude's cloud agent is handy, but it's in a sandbox and can't touch your things.
- Among the options that also run on your computer,the phone experiencevaries wildly: SSHing into a terminal and typing on your phone is nearly unusable;chat messagesare the smoothest interface on a phone.
- The official web remote is the most worry-free (Anthropic shoulders part of the security for you); if it's enough for your situation, you might as well start there.This approach's value lies in being fully local, with zero external exposure, pure chat operation — and every link in the chain is yours to control and customize(for example, custom safe/full two-tier permissions and time-based code authorization).
The bottom line:for "official and worry-free," choose the web remote; for "full control, custom security, and operating your own environment from pure phone chat," use this approach.
Let's build it (six steps)
What follows covers only "what actions to take." The actual bridge program is a single standalone file — leave it running as a resident process; you don't need to know how to code.
Step 1 — Create a Telegram bot
In Telegram, find @BotFather, send /newbot, follow the prompts to name it, and you'll get a bot token(the bot's password — don't leak it, don't put it anywhere public).
Step 2 — Get your own account ID First, send any message to the bot you just created, so it can "see you." You'll need your Telegram account ID during setup — it's what the allowlist relies on, and it holds only you.
Step 3 — Add the configuration On your computer, create a config file with three things: the bot token, your account ID, and the default working directory (which project folder). Set this file's permissions so that only you can read it.
Step 4 — Install the bridge program and set it to run resident Put the small bridge program on your computer and set it to "start automatically at boot, restart automatically if it crashes" (launchd on Mac, systemd on Linux). Once configured, it keeps watch in the background.
Step 5 — Test safe mode Send the bot a message: "list the files in the working directory." It should read them and return a list. At this point itcan only read— telling it to write a file or run a command will be blocked. This is the default safety net.
Step 6 — When you need to act, unlock full mode When you want it to edit files, run tests, or deploy, unlock with a single command (see the next section). Revoke when you're done.
Safe mode vs. full mode
The two tiers are intentional by design, to keep the damage from "a stolen account" to a minimum:
| Safe mode (default) | Full mode (30 minutes after unlocking) | |
|---|---|---|
| What it can do | Read files, search, look things up | All of the above + write files, run commands, deploy |
| How to enter | Automatic | Send /arm <動態碼> |
| How to revoke | — | Send /safe, or it expires automatically after 30 minutes |
Normally it stays read-only, and only youactively, with a time limit,unlock full mode. Why so fussy? Because full mode means it can do anything on your computer, and this gate keeps the risk behind a closed door.
Using Microsoft Authenticator for time-based code authorization
The most intuitive way to unlock is to type a fixed password. But there's a hidden risk:
the password you type stays in your Telegram chat history. If someone gets into your Telegram one day, they just scroll up, find the password, and reuse it. A fixed password can't protect against the very scenario it should protect against most.
The solution is to switch to time-based codes (TOTP)— the 6-digit code that rotates every 30 seconds in an authenticator app. Even if it's seen, it expires in seconds; and that secret lives only on your phone and in your computer's config,never transmitted in the conversation。
Setup steps
- Generate a secret and a QR code on your computer(just run the setup step once; it writes into the config automatically and outputs a QR image).
- Open Microsoft Authenticator → top right "+" to add an account → choose "Other account (Google, Facebook, etc.)" (not "Work or school," and not "Personal Microsoft account").
- Scan that QR. When done, an item appears in the app, showing a new 6-digit code every 30 seconds.
- Restart the bridge program onceso the secret takes effect. After that, unlock with
/arm <App 上的 6 位數>.
🔐 That QR contains the secret (effectively a master key) —delete the image file immediately after scanning; don't keep a screenshot. We recommend turning on cloud backup within Authenticator (linked to your Apple or Microsoft account, free), so that if you lose your phone you don't lose this code along with it.
Using Microsoft Authenticator is completely free, requires no Microsoft account login, and needs no cloud setup — it simply stores the secret locally on your phone and computes the time-based code. Google Authenticator, 1Password, and others work the same way, with the same steps.
Two built-in safeguards (in the bridge program)
- Unlock messages auto-deleted: the
/armmessage you send, right or wrong, is deleted on receipt, leaving no trace in the conversation. - Cooldown on wrong attempts: 3 wrong attempts in a row triggers a 60-second cooldown, blocking brute-force guessing.
Everyday operation
| Command | Effect |
|---|---|
| Just type | Send a command to Claude (read-only in safe mode) |
/arm <動態碼> |
Unlock full mode for 30 minutes (write / run / deploy) |
/safe |
Revoke full mode immediately |
/status |
Check whether you're in safe or full mode, and the working directory |
/new |
Clear the conversation and start a fresh round |
/cd <路徑> |
Switch the working directory |
Typical rhythm: normally just ask (read files, check logs); when it's time to act /arm 472913 → send the command → done /safe。
Source code (open source, MIT)
The bridge program, config examples, the TOTP setup tool, and resident-process templates for macOS launchd and Linux systemd are all open source on GitHub:
👉 https://github.com/saomin0317/tg-claude-bridge
Zero dependencies (a single ~270-line Python script using only the standard library), with a full six-step install and security notes in the README. MIT licensed — help yourself, modify it, file issues.
Security notes (please read)
The power of this setup = your Telegram account can act on your computer, and in full mode it can write files, delete files, run any program — even connect to other machines you hold keys to. So:
- You must set the allowlist, and put only your own account ID in it. Anything not on the allowlist is ignored — this is the first and most important line of defense.
- You must use time-based codes as the second factor; don't cut corners with a fixed password. Only both together can withstand "a stolen phone or Telegram."
- Never leak the token and the secret, never put them anywhere public; set the config file's permissions so only you can read it.
- Revoke full mode as soon as you're done— don't leave it open the whole time (it expires automatically after 30 minutes anyway, but doing it manually
/safeis better). - Keep the computer itself secure: boot password, disk encryption. Whatever it can reach is whatever an attacker can reach.
- Want to go stricter: narrow the scope of what full mode can run, or add a separate confirmation for high-risk actions like deleting files or deploying.
Get these six points right and it's a remote work channel that's both convenient and controllable. If you can't, don't enable full mode yet.
This site uses this approach itself; in real-world testing, a phone out and about can reliably control the local Claude Code to read files, edit code, and deploy. As for the security part, treat it as required, not optional.
Source code is open at github.com/saomin0317/tg-claude-bridge(MIT)。