Herald
The self-hosted MCP bridge between Claude Chat and Claude Code.
README
<p align="center"> <h1 align="center">Herald</h1> <p align="center"> <strong>Code from your phone. Seriously.</strong> <br /> <em>The self-hosted MCP bridge between Claude Chat and Claude Code.</em> </p> </p>
<p align="center"> <a href="https://go.dev"><img src="https://img.shields.io/badge/Go-1.26+-00ADD8?logo=go&logoColor=white" alt="Go 1.26+"></a> <a href="LICENSE"><img src="https://img.shields.io/badge/License-AGPL--3.0-blue.svg" alt="AGPL-3.0 License"></a> <a href="https://github.com/btouchard/herald/stargazers"><img src="https://img.shields.io/github/stars/btouchard/herald?style=social" alt="GitHub Stars"></a> </p>
<p align="center"> <a href="https://btouchard.github.io/herald/">Documentation</a> · <a href="#quick-start">Quick Start</a> · <a href="#how-it-works">How It Works</a> · <a href="#features">Features</a> · <a href="#security">Security</a> · <a href="#roadmap">Roadmap</a> <br /> 🇫🇷 <a href="README_FR.md">Version française</a> </p>
<img src="/assets/herald-hero.svg">
You're on the couch. On your phone. You open Claude Chat and type:
"Refactor the auth middleware in my-api to use JWT instead of session cookies. Run the tests."
Four minutes later, it's done. Branch created, code refactored, tests passing, changes committed. Your workstation did all the work. You never opened your laptop.
That's Herald.
The Problem
Claude Chat and Claude Code are two brilliant tools that live in completely separate worlds.
| Claude Chat | Claude Code | |
|---|---|---|
| Where | Browser, phone, anywhere | Your terminal |
| What | Conversations, analysis, thinking | Reads, writes, and ships actual code |
| Gap | Can't touch your codebase | Can't leave your desk |
You've been copy-pasting between them. Or worse — you've been waiting until you're back at your desk. That's over.
The Solution
Herald is a self-hosted MCP server that bridges Claude Chat to Claude Code using Anthropic's official Custom Connectors protocol. One Go binary. Zero hacks.
You (phone/tablet/browser)
│
│ "Add rate limiting to the API"
▼
Claude Chat ──── MCP over HTTPS ────► Herald (your workstation)
│
▼
Claude Code
├── reads your codebase
├── writes the code
├── runs the tests
└── commits to a branch
You (terminal)
│
│ Claude Code calls herald_push
▼
Claude Code ──── MCP ────► Herald ────► Claude Chat picks it up
└── session context, summary,
files modified, git branch
The bridge is bidirectional. Claude Chat dispatches tasks to Claude Code, and Claude Code can push session context back to Herald for remote monitoring and continuation from another device.
Your code never leaves your machine. Herald just orchestrates.
How It Works
You (Claude Chat) Herald Claude Code
───────────────── ────── ───────────
"Refactor auth..." ──► start_task
→ creates branch
→ spawns Claude Code ──► reads codebase
refactors code
runs tests
commits changes
◄── task_id: herald-a1b2c3d4
"How's it going?" ──► check_task
◄── ✅ Completed (4m 12s)
4 files changed (+127/-23)
"Show me the diff" ──► get_diff
◄── auth/middleware.go
+func ValidateJWT(...)
-func CheckSession(...)
Three tools. That's the core loop. Start, check, get results — all from wherever you are.
Reverse flow: Claude Code → Herald
Working in your terminal and want to continue from your phone? Claude Code pushes its session to Herald:
You (terminal) Claude Code Herald
────────────── ─────────── ──────
"Push this to Herald" ──► herald_push
→ session_id, summary,
files, branch ──► linked task created
🔗 visible in list_tasks
You (phone, later) Claude Chat Herald
────────────────── ─────────── ──────
"What sessions are list_tasks
waiting for me?" ──► (status: linked) ──► 🔗 herald-a1b2c3d4
my-api / feat/auth
"Resume that session" ──► start_task
(session_id) ──► picks up where you left off
Features
Core
- Native MCP bridge — Uses Anthropic's official Custom Connectors protocol. Not a hack, not a wrapper, not a proxy.
- Async task execution — Start tasks, check progress, get results. Claude Code runs in the background while you do other things.
- Git branch isolation — Each task runs on its own branch. Your main branch stays untouched.
- Session resumption — Multi-turn Claude Code conversations. Pick up where you left off.
- Bidirectional bridge — Claude Code can push session context to Herald via
herald_pushfor remote monitoring and continuation from another device.
Multi-Project
- Multiple projects — Configure as many projects as you need, each with its own settings.
- Per-project tool restrictions — Control exactly which tools Claude Code can use. Full sandboxing per project.
Operations
- MCP push notifications — Herald pushes task updates directly to Claude Chat via MCP server notifications. No polling needed.
- SQLite persistence — Tasks survive server restarts. Full history, fully searchable.
Engineering
- Single binary — One Go executable, ~15MB. No Docker, no runtime, no node_modules.
- Zero CGO — Pure Go. Cross-compiles to Linux, macOS, Windows, ARM.
- 6 dependencies — chi, mcp-go, modernc/sqlite, uuid, yaml, testify. That's the entire dependency tree.
Quick Start
Prerequisites: Claude Code CLI installed, HTTPS via ngrok (built-in) or a domain with reverse proxy.
1. Install
curl -fsSL https://raw.githubusercontent.com/btouchard/herald/main/install.sh | sh
<details> <summary>Or build from source (requires Go 1.26+)</summary>
git clone https://github.com/btouchard/herald.git
cd herald && make build
# Binary is in ./bin/herald
</details>
2. Configure
mkdir -p ~/.config/herald
cp configs/herald.example.yaml ~/.config/herald/herald.yaml
# Edit with your domain and projects (see below)
3. Run
herald serve
# Client secret is auto-generated on first start and displayed in the console
Edit ~/.config/herald/herald.yaml with your domain and projects:
server:
host: "127.0.0.1"
port: 8420
public_url: "https://herald.yourdomain.com"
auth:
client_id: "herald-claude-chat"
projects:
my-api:
path: "/home/you/projects/my-api"
description: "Main backend API"
default: true
allowed_tools:
- "Read"
- "Write"
- "Edit"
- "Bash(git *)"
- "Bash(go *)"
- "Bash(make *)"
git:
auto_branch: true
branch_prefix: "herald/"
Then connect from Claude Chat:
- Claude Chat → Settings → Custom Connectors
- Add connector:
https://herald.yourdomain.com/mcp - Authenticate via OAuth
- Done — Claude Chat now has 10 new tools to control your workstation
Quick Start with ngrok (No Reverse Proxy Needed)
Don't have a domain or reverse proxy? Use ngrok to expose Herald instantly over HTTPS:
1. Get ngrok auth token
Sign up at ngrok.com (free plan works) and grab your auth token from the dashboard.
2. Enable tunnel in config
Edit ~/.config/herald/herald.yaml:
tunnel:
enabled: true
provider: "ngrok"
authtoken: "2abc..." # or set HERALD_NGROK_AUTHTOKEN env var
# domain: "my-herald.ngrok-free.app" # optional: fixed domain (paid plans)
3. Run Herald
herald serve
# Tunnel URL appears in the banner:
# Tunnel: https://abc123.ngrok-free.app (ngrok)
Connect from Claude Chat using the ngrok URL shown in the banner. That's it — no Traefik, Caddy, or DNS setup required.
Note: The ngrok tunnel is optional. If you already have a reverse proxy (Traefik/Caddy), leave
tunnel.enabled: falseand use your domain as usual.
<details> <summary><strong>Full configuration reference</strong></summary>
server:
host: "127.0.0.1" # Always localhost — reverse proxy handles external
port: 8420
public_url: "https://herald.yourdomain.com"
log_level: "info" # debug, info, warn, error
log_file: "" # Optional file path for log output
auth:
client_id: "herald-claude-chat"
# client_secret is auto-generated — override with HERALD_CLIENT_SECRET env var if needed
access_token_ttl: 1h
refresh_token_ttl: 720h # 30 days
redirect_uris:
- "https://claude.ai/oauth/callback"
- "https://claude.ai/api/oauth/callback"
- "https://claude.ai/api/mcp/auth_callback"
database:
path: "~/.config/herald/herald.db"
retention_days: 90
execution:
claude_path: "claude"
model: "claude-sonnet-4-5-20250929" # Default model for tasks
default_timeout: 30m
max_timeout: 2h
work_dir: "~/.config/herald/work"
max_concurrent: 3
max_prompt_size: 102400 # 100KB
max_output_size: 1048576 # 1MB
env:
CLAUDE_CODE_ENTRYPOINT: "herald"
CLAUDE_CODE_DISABLE_AUTO_UPDATE: "1"
projects:
my-api:
path: "/home/you/projects/my-api"
description: "Main backend API"
default: true
allowed_tools:
- "Read"
- "Write"
- "Edit"
- "Bash(git *)"
- "Bash(go *)"
- "Bash(make *)"
max_concurrent_tasks: 1
git:
auto_branch: true
auto_stash: true
auto_commit: true
branch_prefix: "herald/"
tunnel:
enabled: false # Set to true to enable ngrok tunnel
provider: "ngrok"
authtoken: "" # or set HERALD_NGROK_AUTHTOKEN env var
# domain: "" # optional: fixed domain (paid ngrok plans)
rate_limit:
requests_per_minute: 200
burst: 100
</details>
MCP Tools
Herald exposes 10 tools that Claude Chat discovers automatically via the MCP protocol:
| Tool | What it does |
|---|---|
start_task |
Launch a Claude Code task. Returns an ID immediately. Supports priority, timeout, session resumption, and Git branch options. |
check_task |
Check status and progress. Optionally include recent output. |
get_result |
Get the full result of a completed task (summary, full, or json). |
list_tasks |
List tasks with filters — status, project, time range. |
cancel_task |
Cancel a running or queued task. Optionally revert Git changes. |
get_diff |
Git diff for a task's branch or uncommitted changes. |
list_projects |
List configured projects with Git status. |
read_file |
Read a file from a project (path-safe — cannot escape project root). |
herald_push |
Push a Claude Code session to Herald for remote monitoring and continuation from another device. |
get_logs |
View logs and activity history. |
Security
Herald exposes Claude Code to the network. We take that seriously.
| Layer | Protection |
|---|---|
| Network | Binds to 127.0.0.1 only. HTTPS via built-in ngrok tunnel or reverse proxy (Traefik/Caddy). |
| Auth | OAuth 2.1 with PKCE. Every request needs a valid Bearer token. |
| Tokens | Access tokens: 1h. Refresh tokens: 30d, rotated on each use. |
| Filesystem | Path traversal protection on all file operations. Symlink escapes blocked. |
| Execution | Per-project tool restrictions. No blanket --dangerously-skip-permissions. |
| Rate limiting | 200 req/min per token (configurable). |
| Timeouts | Every task has a deadline (default: 30min). No runaway processes. |
| Prompts | Passed to Claude Code unmodified. No injection, no enrichment, no rewriting. |
| Audit | Every action logged with timestamp and identity. |
Architecture
Claude Chat (mobile/web)
→ HTTPS (MCP Streamable HTTP + OAuth 2.1)
→ Traefik / Caddy (TLS termination)
→ Herald (Go binary, port 8420)
├── MCP Handler (/mcp)
├── OAuth 2.1 Server (PKCE, token rotation)
├── Task Manager (goroutine pool, priority queue)
├── Executor Registry (pluggable backends, default: Claude Code)
├── SQLite (persistence)
└── MCP Notifications (server push via SSE)
Design principles: single binary (everything compiled into one Go executable), async-first (each task is a goroutine), stateless MCP with stateful backend, fail-safe (Herald crash doesn't kill running Claude Code processes).
<details> <summary><strong>Tech stack</strong></summary>
| Component | Choice | Why |
|---|---|---|
| Language | Go 1.26 | Single binary, cross-compilation, goroutines |
| MCP | mcp-go | Streamable HTTP, official protocol support |
| Router | chi | Lightweight, stdlib-compatible |
| Database | modernc.org/sqlite | Pure Go, zero CGO |
| Logging | log/slog |
Go stdlib, structured |
| Config | gopkg.in/yaml.v3 |
Standard YAML |
6 direct dependencies. No ORM. No logging framework. No build toolchain.
</details>
Deployment
Herald runs best as a native binary (direct access to Claude Code and your files). Docker is available as an option.
<details> <summary><strong>Docker Compose with Traefik</strong></summary>
services:
traefik:
image: traefik:v3
command:
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.le.acme.email=you@example.com"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
ports:
- "443:443"
volumes:
- "./letsencrypt:/letsencrypt"
herald:
build: .
network_mode: host
volumes:
- "~/.config/herald:/root/.config/herald"
- "~/projects:/root/projects:ro"
labels:
- "traefik.http.routers.herald.rule=Host(`herald.yourdomain.com`)"
- "traefik.http.routers.herald.tls.certresolver=le"
- "traefik.http.services.herald.loadbalancer.server.port=8420"
</details>
Roadmap
| Version | Status | Focus |
|---|---|---|
| v0.1 | ✅ Done | Core MCP server, async tasks, Git integration, OAuth 2.1, SQLite |
| v0.2 | 🚧 In progress | Shared memory — bidirectional context between Claude Chat and Claude Code |
| v0.3 | 🚀 Future | Stable API, plugin system |
Have an idea? Open an issue. We build what users need.
Contributing
Herald is in early alpha — the best time to shape a project.
# Get started
git clone https://github.com/btouchard/herald.git
cd herald
make build && make test
# Create your branch
git checkout -b feat/your-feature
# Code, test, lint
make lint && make test
# Open a PR
Commit messages follow Conventional Commits (feat:, fix:, refactor:, docs:).
Whether it's a bug fix, a new notification backend, or a documentation improvement — all contributions are welcome.
Why Herald?
| Herald | Copy-paste workflow | Other tools | |
|---|---|---|---|
| Official protocol | MCP Custom Connectors | N/A | Custom APIs, fragile |
| Your code stays local | Always | Yes | Depends |
| Works from phone | Native | No | Rarely |
| Self-hosted | 100% | N/A | Often SaaS |
| Dependencies | 6 | N/A | 50-200+ |
| Setup time | ~5 minutes | N/A | 30min+ |
| CGO required | No | N/A | Often |
Herald uses the same protocol Anthropic built for their own integrations. No reverse engineering, no unofficial APIs, no hacks that break on the next update.
<p align="center"> <a href="LICENSE"><strong>AGPL-3.0 License</strong></a> — Built by <a href="https://kolapsis.com"><strong>Benjamin Touchard</strong></a> <br /><br /> If Herald saves you time, <a href="https://github.com/btouchard/herald">leave a star</a>. It helps others find the project. </p>
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。