[FEATURE] Feature request: Remote Agent Teams — cross-machine agent-to-agent collaboration
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Summary
Agent Teams (experimental, CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1) lets multiple
agents coordinate on one machine via a shared task list and direct
agent-to-agent messaging. There's no supported way for an agent on one machine to
talk to an agent on another — i.e. for two developers' Claude Code sessions to
collaborate live. This proposes extending Agent Teams across machines
("Remote Agent Teams").
Motivation / use cases
- Distributed pair-debugging — my agent (my repo + context) and a teammate's
agent (their context) work one incident together.
- Cross-team review — a service owner's agent consults a platform/security
agent that holds different context, live, mid-task.
- Second opinion — "ask my colleague's agent how they'd approach this," with
the two agents challenging each other.
The value is two agents with different context and points of view — not one agent
guessing what another team would say.
Proposed Solution
Proposed shape
Reuse the existing SendMessage / TeammateIdle semantics and add:
- A way to address a teammate on another host (e.g.
peerId@host) and route
messages to it.
- A pluggable transport extension point for inter-agent messaging, so
operators can supply their own mTLS / VPN / libp2p transport under their network
policy.
- Security hooks on the cross-machine path: a peer allowlist, mandatory audit,
and a human egress-approval callback — controllable via managed settings.
Prototype (works today)
I built a working reference implementation on supported surfaces only — a plugin +
an MCP server + the Claude Agent SDK + a WSS/mTLS transport — since the core is
closed-source. It demonstrates, reproducibly:
- live, turn-by-turn conversation between two agents on different machines, over
WebSocket-Secure + mutual TLS;
- each peer's "voice" is a headless Claude Code session driven in the Agent SDK's
streaming-input mode;
- a single security choke point (mutual TLS, peer allowlist, hash-chained audit
log, and a default-deny egress gate) that blocks an exfiltration attempt
before it leaves the machine.
Happy to share the prototype and a recorded demo if that's useful.
Alternative Solutions
_No response_
Priority
High - Significant impact on productivity
Feature Category
Interactive mode (TUI)
Use Case Example
_No response_
Additional Context
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗