Channels reference - Claude Code Docs

Detailed Analysis

Claude Code's channel system represents a significant architectural extension of the AI coding assistant, enabling external systems to push real-time events into an active Claude session via a standardized Model Context Protocol (MCP) server interface. A channel operates as a subprocess spawned by Claude Code itself, communicating over stdio transport, which means no external URLs or cloud infrastructure are required. The design supports both one-way channels — which can receive webhooks, CI pipeline alerts, or monitoring events — and two-way channels, which additionally expose a reply tool allowing Claude to send messages back to the originating platform. Existing integrations for Telegram, Discord, iMessage, and a development tool called "fakechat" ship with the research preview, signaling Anthropic's intent to make Claude a participant in ambient, asynchronous workflows rather than solely a synchronously invoked assistant.

The technical requirements for building a custom channel are deliberately minimal: a Node.js-compatible runtime (Bun, Node, or Deno), the `@modelcontextprotocol/sdk` package, and a server that declares the `claude/channel` experimental capability. Channels surface in Claude's context via a structured `<channel>` XML tag, and server authors can inject instructions directly into Claude's system prompt to shape how it interprets and responds to incoming events. An optional `claude/channel/permission` capability extends this further, enabling remote approval or denial of tool-use permission prompts — a notable feature that could allow human operators to supervise Claude's autonomous actions from outside the terminal environment entirely.

The permission relay mechanism is particularly consequential from a safety and governance standpoint. By allowing a remote channel to intercept and respond to tool approval prompts, Anthropic is building a pathway for supervised autonomy: Claude can operate on long-running tasks while a human or automated system retains a veto point over consequential actions. This design reflects a broader pattern in Anthropic's approach to agentic AI — structuring systems so that human oversight can be preserved even as the degree of autonomy increases. The explicit warning against prompt injection through sender-gating recommendations further illustrates awareness that expanding Claude's input surface introduces new attack vectors that developers must actively mitigate.

During the research preview period, all channels must appear on an Anthropic-curated allowlist or be explicitly loaded via a `--dangerously-load-development-channels` flag, a friction point that signals Anthropic's caution about third-party code executing in the context of an agentic system. This gating mirrors patterns seen in other AI platform ecosystems where capability expansion is staged to allow for security review. The webhook receiver walkthrough and the fakechat reference implementation suggest Anthropic is providing scaffolding to encourage a developer ecosystem around channels while maintaining centralized trust controls. As this feature matures beyond the research preview, the allowlist policy will be a key lever determining how openly the channel ecosystem can grow and how much third-party innovation Anthropic is willing to absorb into Claude Code's operational environment.