Syncing config across machines is one problem. Getting Claudes on different machines to talk to each other — kick off tasks, share state, hand off threads, ping you when finished — is a different problem. This page is the practical guide to that.
Six communication primitives — remote invocation, shared queues, exposed MCP servers, notification routing, managed agents, and session hand-off — with the real commands, the trade-offs, and the patterns that hold up in a fleet of mixed Windows / macOS / Linux / mobile / droplet boxes.
Inter-Claude communication isn't one thing — it's six. Each handles a different question, and most real fleets use four or five of them at once. Recognising which primitive each request is asking for is half the work.
| Primitive | Answers | Latency | State |
|---|---|---|---|
| Remote invocation | "Run a Claude session over there, return the result here." | Sync, seconds–minutes | None (each call fresh) |
| Shared task queue | "Drop work on this list; whichever Claude is free takes it." | Async, seconds–hours | Persistent queue file |
| Cross-host MCP | "Let Claude on PC A reach into PC B's filesystem / DB / mailbox." | Per-tool-call, ms | Lives on the host |
| Notification routing | "Tell me on my phone when the job on the droplet finishes." | Push, seconds | None |
| Managed agents | "Run this in Anthropic's cloud while I close my laptop." | Async, minutes–hours | Stored in claude.ai |
| Thread hand-off | "The conversation I started on the phone should continue on the laptop." | Cloud-sync, seconds | claude.ai threads |
The first three are active — one Claude reaches out and does something on another machine. The last three are passive — they exist as infrastructure that multiple Claudes (and humans) draw from.
The simplest inter-Claude primitive. SSH to a remote host, run claude exec (or codex exec for the other agent), get the result back. Same model you've used for decades to run anything else on a remote box — Claude is just another command.
# from your laptop, run a one-shot Claude task on the droplet $ ssh root@wholetech.com "cd /var/www/codex.wholetech.com && claude --print 'summarise the recent commits in this site repo'"
That's the whole thing. The flag is --print (or the older alias -p) — it tells Claude Code to run non-interactively, print the answer, and exit. The remote host needs to have Claude Code installed and authenticated.
Server boxes don't have a browser, so the usual claude login OAuth flow doesn't work directly. Three options:
ANTHROPIC_API_KEY in the server's environment (or /etc/environment for system-wide). The CLI picks it up automatically. Cleanest for a server.claude login --no-browser prints a URL; open it on a laptop, paste the resulting code back. One-time.~/.claude/auth.json from a logged-in machine. Works but ties the server's identity to a specific browser session — refresh tokens expire, and you've duplicated a sensitive credential.echo 'ANTHROPIC_API_KEY=sk-ant-...' >> /etc/environment, then any SSH session inherits it. Don't put the key in ~/.bashrc — that doesn't fire for non-interactive SSH.
The laptop has the repo; the droplet has the running nginx and the real cert. ssh root@wholetech.com 'claude -p "what's wrong with the cert renewal log at /var/log/letsencrypt/letsencrypt.log"' gets you Claude's read of the actual server state, not your stale local copy.
Gated version. ssh root@wholetech.com 'claude --dangerously-skip-permissions -p "add a security_headers.conf snippet to /etc/nginx/snippets and include it from sites-available/wholetech.com"' — only if you trust the prompt and the host.
A shell loop over your hosts file: for h in pc1 pc2 droplet; do ssh "$h" 'claude -p "what'\''s the disk usage warning level?"'; done. Each Claude sees its own machine's state; you collect the answers.
Cron job on the droplet at 03:00: 0 3 * * * claude -p "scan /var/log/nginx/error.log from the last 24h and write a summary to /var/log/claude-nightly.md". The droplet does the read in the small hours; you see the summary in the morning.
Anything you pipe into claude -p becomes the input. Useful for sending another command's output through Claude before printing.
$ ssh root@wholetech.com "journalctl -u nginx --since yesterday | claude -p 'find the request patterns that look like scrapers'"
claude -p uploads the prompt + context to Anthropic's API. Piping a 100 MB log file in is expensive and slow. If you're scanning logs, pre-filter with grep or awk first.
Where remote invocation is "do this now, return the answer," a shared queue is "drop this on a list; whoever's free will pick it up." It decouples the producer from the consumer in time. Useful when the work is bursty, when the machine doing the work isn't always on, or when you want a record of what was asked.
Pick a shared location — NAS mount, a directory on the droplet, a synced OneDrive folder. Each task is a file. The producer writes a file; a consumer picks it up, runs Claude, writes the result alongside.
/mnt/queue/ pending/ 2026-05-18T14:22-summarise-pr-1234.md # input prompt 2026-05-18T14:25-bump-tailwind-v4.md running/ 2026-05-18T14:01-investigate-cron-fail.md.host-droplet done/ 2026-05-18T13:42-find-unused-deps.md 2026-05-18T13:42-find-unused-deps.md.result
One Claude per host runs a tiny loop. Pull a file from pending/, move to running/ (atomically, with a hostname suffix so two workers don't grab the same one), run Claude on the contents, write the result to done/.
#!/usr/bin/env bash # queue-worker.sh — minimal, idempotent, runs on any host set -euo pipefail QUEUE="/mnt/queue" HOST="$(hostname -s)" while true; do # atomic claim: find one pending, mv to running with our host suffix for f in "$QUEUE/pending"/*.md; do [[ -e "$f" ]] || continue target="$QUEUE/running/$(basename "$f").host-$HOST" if mv -n "$f" "$target" 2>/dev/null; then # we won the race — run it claude --print < "$target" > "${target}.result" mv "$target" "$QUEUE/done/$(basename "$target" .host-$HOST)" mv "${target}.result" "$QUEUE/done/" fi done sleep 5 done
/var/spool/claude-queue/ on the droplet, mount it on each Windows PC via SFTP or rclone-mount, and run the worker loop on whichever machine has the right local tools. The Windows PCs see the queue as a normal drive; the droplet sees it as a directory it owns. Conflicts handled by the atomic mv -n.
MCP (Model Context Protocol) lets Claude call tools that aren't built in — filesystem access, GitHub, Postgres, custom services. By default the MCP server runs as a local subprocess on the same machine as Claude. But MCP also speaks over network transports: SSE and stdio-over-SSH. That means Claude on PC A can invoke MCP tools that run on PC B.
| Transport | How it works | Use when |
|---|---|---|
stdio | Claude launches the MCP server as a subprocess; talks over stdin/stdout. The default for local servers. | The MCP server and Claude live on the same machine. |
sse / HTTP | Claude opens an HTTP/SSE connection to a running server. The server is a long-lived process you operate separately. | Many Claudes need the same MCP tool; the tool is expensive to spin up; the server is on a different host. |
stdio over SSH | Same as local stdio but Claude launches the subprocess via ssh on a remote host. | You want a server-on-another-box without standing up an HTTP service. |
Your laptop runs Claude. You want Claude to read live files from /var/www/ on the droplet. Configure an MCP server in ~/.claude/settings.json that runs over SSH:
"mcpServers": { "droplet-www": { "command": "ssh", "args": [ "root@wholetech.com", "npx -y @modelcontextprotocol/server-filesystem /var/www" ] } }
Now Claude on the laptop can list, read, and (with permission) write files inside /var/www/ on the droplet, as if they were local — but every tool call routes through the SSH tunnel to the remote process. The remote MCP server speaks stdio; SSH bridges stdio across the network.
For something heavier — say, a database connection pool or a connector that takes 10 seconds to warm up — you don't want a fresh subprocess per session. Run the MCP server as a systemd unit on the droplet, exposed on a local socket, and have Claude connect via the SSE transport over an SSH-forwarded port.
// on the droplet: systemd unit running an MCP HTTP server on 127.0.0.1:3050 // from the laptop: forward the port $ ssh -fNL 3050:127.0.0.1:3050 root@wholetech.com // settings.json on the laptop "mcpServers": { "droplet-postgres": { "transport": "sse", "url": "http://localhost:3050/mcp" } }
The high-leverage move for a multi-machine setup: run a small MCP server on the droplet that exposes "tools" representing the rest of your network — sitemap data, nginx config snippets, scheduled-task status. Now any Claude that mounts this server can ask questions about the whole fleet without having to SSH to each box.
Half of inter-Claude communication is the Claudes talking to each other. The other half is the network telling you when something happened. Three transports, each with a different lag and a different reach.
Free service. Subscribe to a topic from the ntfy app on your phone; any HTTP POST to https://ntfy.sh/<your-topic> arrives as a push notification. No account needed. Used as the Stop hook in the settings page, but the real power is firing it from any machine — droplet cron jobs, scheduled tasks, queue worker results — not just from Claude itself.
$ curl -d "droplet cron finished — 247 changes in today's sitemap" https://ntfy.sh/walhus-claude
$5 lifetime per platform. Better delivery reliability, sound priorities, per-device routing (laptop vs phone vs tablet). Use when ntfy's "best effort" isn't reliable enough.
$ curl -s "https://api.pushover.net/1/messages.json" \ -F "token=$PUSHOVER_TOKEN" -F "user=$PUSHOVER_USER" \ -F "message=Claude on droplet just touched nginx" \ -F "priority=1"
Webhook URL per channel. Post into a Slack #claude-fleet channel and now every team member sees what each Claude is doing. Pairs well with managed agents: kick off a cloud agent, get a Slack notification when its PR is ready.
$ curl -X POST -H 'Content-Type: application/json' \ -d '{"text":"droplet Claude: cert renewal succeeded for codex.wholetech.com"}' \ https://hooks.slack.com/services/T.../B.../...
Set a single environment variable on every machine — CLAUDE_NOTIFY_URL — pointing at one of the three transports above. Every Claude on every machine fires its Stop hook against that one URL. Now you have:
$(hostname) in the message body).# in ~/.claude/settings.json on every machine "hooks": { "Stop": [{ "matcher": "", "hooks": [{ "type": "command", "command": "curl -s -d \"[$HOSTNAME] claude finished\" $CLAUDE_NOTIFY_URL" }] }] }
Anthropic's Managed Agents (sometimes called "agent SDK in the cloud" or referenced via /managed-agents) are persistent Claude sessions running in Anthropic's infrastructure. You kick one off; it spins up a fresh container with your repo cloned; it works for hours; you check back. From a fleet perspective they're "another Claude, but the host is the cloud."
Spin up five managed agents for five different framings of the same refactor. Walk away. Two land clean, two need follow-ups, one fails. That ratio is the whole point — you're paying for exploration.
A 90-minute dependency upgrade, a full test-suite repair, a multi-file refactor. Your laptop would suspend during the run; the managed agent doesn't.
From GitHub: mention the agent on an issue, it kicks off, comes back with a PR. You read the PR when you read PRs.
Sketchy code, untrusted dependency, a refactor with potential for chaos. Managed agents run in disposable containers — if it goes sideways, the container dies, your machines are untouched.
From the fleet's point of view a managed agent is reachable in three ways:
@claude in a comment; that's a managed agent picking it up.The other primitive that hides in plain sight: claude.ai threads themselves act as persistent state across machines. Start a conversation on your phone walking to lunch; sit down at the laptop; the same thread is there in your browser. This isn't "communication between Claudes" in the agent-to-agent sense, but it's the most-used form of it in practice.
| Surface | Threads | Projects | Files | Tools |
|---|---|---|---|---|
| Web (claude.ai) | ✓ | ✓ | ✓ | All |
| iOS / Android app | ✓ | ✓ | ✓ via Share | Voice, camera, share |
| Claude Code (CLI) | Separate | No | Local fs | Bash, Edit, etc. |
| Managed agent | ✓ as Project task | ✓ | Container | Container |
The split that matters: claude.ai-family surfaces (web, mobile apps, managed agents) all share threads. Claude Code sessions are independent — they don't appear in your claude.ai history. That's an intentional separation: CLI sessions touch your local filesystem, where threads are noisier; cloud surfaces are about the conversation itself.
Voice-mode walk; sit down; open claude.ai; the thread is there. Now type a refined follow-up. Pattern works because the conversation persists, not because it was transmitted.
The web thread is great for "what should we do." The CLI is great for actually doing it. Copy the plan out of the web thread; paste it into claude on the laptop; let the CLI session execute against your local filesystem.
After a long local Claude Code session, open claude.ai and start a fresh thread to write the PR description, the changelog entry, or the team update. The CLI session focused on the code; the web thread focuses on the words.
Kick off a managed agent on the train; when its PR appears in the GitHub app, switch surfaces to the laptop CLI for the diff review. Three Claudes, one task.
Once you have three or more Claudes and a couple of these primitives, the question becomes "who's in charge." The cleanest answer for a small fleet is to pick one machine as the orchestrator — the place where decisions happen and tasks fan out from — and treat the others as workers.
A mesh — every Claude talks to every other Claude — sounds elegant but produces hard-to-debug behaviour. Two Claudes both edit the same file. Two notifications fire for the same event. Pick a primary, route through it. If the orchestrator dies, you promote a worker. /settings/architecture goes deeper on this.
C:\Users\walhu\websites\codex.wholetech.com\. Runs /diff, eyeballs.scp to push the new index.html to the droplet. Then ssh root@wholetech.com 'claude -p "scan the new /var/www/codex.wholetech.com/index.html for any external URLs that 404"'.curl -sI on each link, reports back.curl ntfy.sh/walhus-claude. Phone buzzes "deploy clean."/mnt/queue/pending/ via the NAS mount. Each one is a small refactor of a different site in the WholeTech network.claude --print < task.md, commits the result to a feature branch, opens a GitHub PR.@claude review). The agent comments inline on any concerns.claude.ai on the browser — the same thread is there, still in voice mode's transcript.ssh root@wholetech.com 'journalctl -u nginx --since 13:30 --until 14:30 | claude -p "find requests matching pattern X"'.Three Claudes, three transports, one investigation. None of the individual pieces are hard; the value is the choreography.
A fleet without logging is a fleet you can't trust. Three logging layers, each catching different things.
Every Claude Code session writes to ~/.claude/projects/<slug>/history.jsonl. Don't sync these (they're huge and machine-specific) — but do keep them on the host for forensics. jq can grep them when something looks wrong.
If every Claude's Stop hook fires through a single ntfy/Pushover/Slack channel, that channel is your aggregate event log. Scroll back to see what happened across the fleet in the last week.
The orchestrator (see §8) writes a line to ~/.claude/fleet.log for every cross-machine action it takes: "dispatched task X to droplet at 14:22; received result at 14:24." That log is the spine — pair it with the per-machine transcripts when you need to reconstruct a complex run.
# minimal logging wrapper around remote invocation function ssh-claude { local host="$1"; shift local msg="$*" echo "$(date -Iseconds) dispatch host=$host msg=$msg" >> ~/.claude/fleet.log ssh "$host" "claude --print" <<< "$msg" | tee -a ~/.claude/fleet.log }
Every primitive above moves data, instructions, or credentials between machines. Each one needs a moment of thought about who can do what to whom.
| Primitive | Auth | What an attacker who compromised one host could do |
|---|---|---|
| Remote invocation | SSH key | Run arbitrary commands on the remote (it's SSH). Worth using SSH keys with limited scope (force-command, no agent forwarding). |
| Shared queue | Filesystem perms | Inject malicious task files. Always validate the queue producer; never run untrusted prompts in --dangerously-skip-permissions mode. |
| Cross-host MCP (stdio over SSH) | SSH key | Same as remote invocation — the tunnel is SSH. |
| Cross-host MCP (HTTP/SSE) | Bearer token / IP allowlist | Call MCP tools the server exposes. Don't expose a filesystem MCP server on a public port without auth. |
| Notification routes | Topic / token | Spam your notification channel. Keep ntfy topics private; rotate Pushover tokens occasionally. |
| Managed agents | Anthropic auth | Read/write the connected repo. Use per-repo install of the GitHub app, not org-wide. |
ed25519 keys. Smaller, faster, modern. ssh-keygen -t ed25519 -C "laptop@wholetech-fleet".~/.ssh/authorized_keys on the droplet: command="/usr/local/bin/claude-runner",no-agent-forwarding,no-port-forwarding ssh-ed25519 AAAA... to lock the key to a single wrapper script.~/.ssh/config defines Host droplet → HostName wholetech.com, User root, IdentityFile ~/.ssh/wholetech. Now everything in this guide uses ssh droplet instead of ssh root@wholetech.com, which means rotating a key is editing one file.--dangerously-skip-permissions remote Claude on a prompt you didn't write yourself, and (2) using the same SSH key on every machine in the fleet. The first lets a prompt-injection compromise your droplet; the second turns one stolen laptop into the whole network.
Claude A pings Claude B; Claude B's Stop hook pings the channel; Claude A reads the channel and triggers again. Always make the notification one-way (or include a "from" tag so a downstream Claude knows to ignore self-originated events).
Laptop Claude assumes the droplet has the latest deploy; droplet was rolled back; laptop's plan is now wrong. Verify state on the remote before acting on it (cheap remote invocation: ssh droplet 'cat /var/www/foo/index.html | head').
SSH tunnel drops; Claude on the laptop keeps calling the MCP tool and getting timeouts. Set short timeouts in the MCP client config and surface the error loudly — don't let Claude paper over a dead tunnel.
Five managed agents in parallel = five API bills. Set a hard spend cap on the API account and budget for the parallel-exploration pattern explicitly.
The worker on the droplet crashed three hours ago. Your tasks pile up. Add a heartbeat — write $(date) $HOSTNAME alive to /mnt/queue/.heartbeats/$HOSTNAME every loop; alert when a heartbeat is >5 minutes stale.
Cross-host MCP exposes a filesystem; an attacker writes a malicious instruction in a file Claude reads. Treat the contents of any file the model touches as untrusted user input; never let the model execute arbitrary commands based on file content without a confirmation gate.