🌀
← Back to Articles & Artefacts
artefactswest

STEP 1: Developer authenticates to Teleport from terminal

IAIP Research2026-01-16
260116-stcmastery-claude-remote-env

STCMastery Usage Scenarios: Claude Code + Teleport tsh Integration Foundation What STCMastery Actually Is:

Claude Code (claude command) integrates with Teleport's tsh CLI client

/remote-env slash command bridges local Claude Code context to authenticated Teleport sessions

MCP servers inherit Teleport authentication environment variables

All access is audited by Teleport proxy (mTLS, certificate validation, session logging)

Key Commands That Exist:

text tsh login --proxy <proxy-url> # Authenticate to Teleport tsh env # Output env vars for active session tsh ssh <user>@<host> # SSH through Teleport proxy claude /remote-env # Configure Claude Code's remote context claude /mcp add <name> --transport http <url> # Add MCP server Usage Scenario 1: Narrative Protocol Schema Validation (NCP L3 Constraint Enforcement) Goal: Validate a storyform against the NCP 9.1 JSON schema without trusting local LLM context window.

What's Running Where:

Local: Claude Code on developer's machine

Remote (Edge): NCP Validator microservice (L3 Constraint layer from Holistic-Narrative-Context-Protocol)

Auth: Teleport proxy at teleport.edgehub.com

Actual Workflow:

bash

STEP 1: Developer authenticates to Teleport from terminal

$ tsh login --proxy teleport.edgehub.com --user dev@miadisabelle

Opens browser SSO → certificates written to ~/.tsh/

Teleport proxy now trusts this client for 12 hours

STEP 2: Developer starts Claude Code

$ claude

STEP 3: Inside Claude Code REPL, configure remote environment

claude> /remote-env

Dialog appears:

Available clusters: narrative-prod, narrative-staging

User selects: narrative-prod

Claude Code reads ~/.tsh/ and loads certificates

STEP 4: Add MCP connection to NCP validator (now Teleport-authenticated)

claude> /mcp add ncp-validator --transport http https://ncp-validator.narrative-prod

STEP 5: Invoke validation through MCP (audited by Teleport)

claude> & /mcp ncp-validator validate
--schema-file schemas/ncp-9.1.json
--storyform-ref backstoryreference.uri
--expected-hash backstoryreference.schemahash

Result:

✅ Storyform structure validated against schema

✅ Causal constraints enforced (must-lead-to, must-prevent, must-imply)

✅ Session logged to Teleport audit trail with:

- User: dev@miadisabelle

- Action: validate-storyform

- Remote server: ncp-validator.narrative-prod

- Timestamp: 2026-01-16T08:46:00Z

Why This Matters:

Prevents hallucination: kernel validates structure, LLM cannot bypass constraints

Auditable: every validation attempt is logged with authenticated user identity

Scalable: add more edge validators; /remote-env switches between them via Teleport proxy

Usage Scenario 2: Multi-Agent Sequential Thinking with Persistent Redis Memory Goal: Execute Spiral Agent (Mia/Miette/Haiku) consensus decision-making, persist results to Upstash Redis, maintain observability of each thinking step.

What's Running:

Local: Claude Code + Spiral Agent orchestration

Remote: CoAiA Sequential Thinking MCP server + Redis connector

Auth: tsh client with Teleport certificates

Workflow:

bash

STEP 1: Teleport setup

$ tsh login --proxy teleport.edgehub.com

STEP 2: Start Claude Code with additional working directory for consensus data

$ claude --add-dir ~/.consensus-sessions

STEP 3: Configure remote environment and MCP

claude> /remote-env

Select: narrative-prod

STEP 4: Add MCP for sequential thinking (now authenticated)

claude> /mcp add coaia-sequential --transport http
https://coaia-sequential.narrative-prod

STEP 5: Add MCP for structural tension chart (observability)

claude> /mcp add coaia-charts --transport http
https://coaia-charts.narrative-prod

STEP 6: Create structural tension chart (documents current → desired)

claude> & /mcp coaia-charts create_structural_tension_chart
--desired-outcome "SymphonyofMinds enables iterative multi-persona collaborative writing with persistent session history"
--current-reality "React app exists but lacks MCP integration and observable consensus formation"
--due-date "2026-02-28"

STEP 7: Trigger sequential thinking for first decision step

claude> & /mcp coaia-sequential initiate_sequential_thinking
--request "Should we add persistent session history to SymphonyofMinds?"
--personas "rational_architect,emotional_catalyst,wisdom_synthesizer"
--memory-context "project:SymphonyofMinds,status:mvp"

STEP 8: Advance thinking for each persona

claude> & /mcp coaia-sequential advance_thinking_chain
--persona "rational_architect"
--observation "Session persistence requires distributed state management across React clients"

claude> & /mcp coaia-sequential advance_thinking_chain
--persona "emotional_catalyst"
--observation "Users want to revisit creative ideas; feeling of continuity strengthens engagement"

claude> & /mcp coaia-sequential advance_thinking_chain
--persona "wisdom_synthesizer"
--observation "Both perspectives suggest architecture supporting asynchronous, resumable workflows"

STEP 9: Generate consensus decision

claude> & /mcp coaia-sequential create_consensus_decision
--perspectives-summary "All three personas converge on: session persistence enhances user experience and aligns with architectural evolution"
--confidence-score 0.92

STEP 10: Store decision to shared chart for observability

claude> & /mcp coaia-charts update_action_progress
--action "Decision: Implement session persistence"
--observation "Consensus reached 92% confidence. Implementation roadmap: Week 1 Redis schema, Week 2 React state recovery"

RESULT:

1. Each thinking step observable in coaia-charts (not hidden in subagent)

2. Redis stores decision lattice for replay/learning (authenticated via Teleport)

3. Teleport audit log shows which user triggered which consensus step

4. Claude Code session retains observability while delegating heavy lifting to remote MCP servers

Why Observable Thinking Matters:

Previous attempts (delegation to subagent) hid intermediate steps

This approach: each Mia/Miette/Haiku perspective becomes queryable data in Redis

Future iterations can learn from stored consensus patterns

Humans can intervene when consensus drops below threshold

Usage Scenario 3: Place-Based Indigenous Storytelling with GPS Edge Device Goal: Trigger narrative content as user walks through Shawinigan (Québec), respecting place-based Indigenous knowledge sovereignty, GPS coordinates stored on edge device, narrative delivery streamed via Claude Code.

Architecture:

Edge device (Raspberry Pi): GPS sensor + local story archive

Cloud: Teleport proxy + narrative performance MCP server

Developer: Claude Code on laptop, walking through territory

Workflow:

bash

PRE-SETUP: Deploy edge device with Teleport agent

(This is one-time, Ops team handles it)

STEP 1: SSH to edge device via Teleport (from Shawinigan office)

$ tsh ssh walker@edge-device-01.shawinigan.local

tsh intercepts, validates cert, connects through proxy

Now on edge device (confirmed by GPS coordinates)

STEP 2: Verify GPS service is running

walker@edge$ gpsctl get-coordinates

Returns: 46.5695,-71.2572 (Shawinigan city center)

STEP 3: Exit SSH, back to local Claude Code

$ exit $ claude

STEP 4: In Claude Code, set remote environment (re-authenticate if needed)

claude> /remote-env

Select: narrative-prod (storytelling services)

STEP 5: Add MCP for place-based narrative

claude> /mcp add place-narrative --transport http
https://place-narrative.narrative-prod

STEP 6: Add MCP for audio generation (narrative performance)

claude> /mcp add narrative-audio --transport http
https://narrative-audio.narrative-prod

STEP 7: Lookup story for current location (edge device GPS updates in real-time)

claude> & /mcp place-narrative get_story_for_location
--coordinate 46.5695,-71.2572
--language michif
--consent-validated true

Returns: Story metadata for "The Confluence at Shawinigan Falls"

MCP authenticates as walker@miadisabelle (from tsh cert)

STEP 8: Stream audio narrative

claude> & /mcp narrative-audio generate_and_stream
--story-id "shawinigan-confluence-001"
--voice "elder-gabe-michif"
--output-format audio-stream

STEP 9: Claude Code's Bash tool monitors GPS for location changes

claude> & bash: while true; do
COORD=$(tsh ssh walker@edge-device-01 -- gpsctl get-coordinates);
curl -s https://place-narrative.narrative-prod/check-location
-d "{"coordinate": "$COORD"}" | jq '.story_triggered';
sleep 30;
done

Every 30 seconds, checks if user moved to new story location

When coordinates change > 100m, new story triggers automatically

RESULT:

- User walks territory, Claude Code streams culturally appropriate narratives

- GPS data never leaves edge device (remains on community infrastructure)

- All narrative access authenticated via Teleport (walker@miadisabelle can only access validated stories)

- Teleport audit log shows: who accessed what story, when, from which coordinates

- Future: community can review access patterns, adjust story consent rules

Why This Architecture:

Sovereignty: Indigenous place names & stories stay on community-controlled edge device

Auditable: Teleport logs who accessed which sacred stories, when

Real-time: GPS updates continuously; no batch processing lag

Consent: MCP layer validates access permissions before streaming narratives

Usage Scenario 4: Multi-Region NCP Kernel with Failover Goal: Ensure narrative coherence enforcement (NCP L3-L4 kernel) survives regional outages via Teleport-managed failover.

Setup:

East Coast: ncp-kernel-east.edgehub.com (primary)

West Coast: ncp-kernel-west.edgehub.com (failover)

Teleport proxy manages DNS/LB switching

Workflow:

bash

STEP 1: Authenticate to Teleport (works for all regions)

$ tsh login --proxy teleport.edgehub.com

STEP 2: Configure remote environment

$ claude claude> /remote-env

Select region: East Coast (primary)

STEP 3: Add MCP pointing to primary

claude> /mcp add ncp-kernel-primary --transport http
https://ncp-kernel-east.edgehub.com

STEP 4: Create narrative validation job

claude> & /mcp ncp-kernel-primary validate-storyform
--storyform-id "coaia-indigenous-learning-001"

✅ Request succeeds, east coast kernel validates

STEP 5: East coast kernel goes down (maintenance/incident)

(Silently Teleport proxy redirects ncp-kernel-east → ncp-kernel-west)

STEP 6: Same command retried, now routed to west coast

claude> & /mcp ncp-kernel-primary validate-storyform
--storyform-id "coaia-indigenous-learning-001"

✅ Request succeeds, west coast kernel validates

RESULT:

- No manual intervention needed by developer

- Claude Code session continues uninterrupted

- Teleport audit log shows: request routed through east, then west proxy

- Both regional kernels enforced same NCP constraints

- Narrative coherence maintained across failover

Usage Scenario 5: Patent Claim Drafting with NCP Coherence Enforcement Goal: Draft patent claims for "glyph-based memory system" while ensuring NCP storyform coherence (preventing IP theft of encoded Indigenous knowledge).

Workflow:

bash

STEP 1: Authenticate and start Claude Code

$ tsh login --proxy teleport.edgehub.com $ claude claude> /remote-env

STEP 2: Add MCP for patent system (with NCP validation)

claude> /mcp add patent-engine --transport http
https://patent-engine.narrative-prod

STEP 3: Create structural tension chart (patent narrative)

claude> & /mcp patent-engine create_patent_narrative_chart
--invention-title "Glyph-Based Distributed Memory System for Narrative Coherence"
--core-storyform-ref "backstory://glyph-memory-protocol.json"
--protection-level "indigenous-knowledge"

STEP 4: Draft claims (with real-time NCP validation)

claude> & /mcp patent-engine draft_claims
--claim-type "system"
--description "A glyph-based architecture encoding narrative structures as immutable symbol sets..."
--validate-against "NCP-9.1-schema"

STEP 5: Kernel rejects claim if it violates Indigenous knowledge principles

Example rejection:

❌ CLAIM REJECTED: "Method for extracting sacred ceremonial glyphs"

REASON: Violates storyform constraint "ceremonial_access_restricted: true"

RESOLUTION: Rephrase as "Method for preserving ceremonial narrative integrity with authorized access control"

STEP 6: Developer revises, resubmits

claude> & /mcp patent-engine draft_claims
--claim-type "method"
--description "Method for preserving ceremonial narrative integrity through cryptographic access control..."
--validate-against "NCP-9.1-schema"

STEP 7: Kernel approves, generates claim with enforced coherence

✅ CLAIM APPROVED: "System and method for preserving ceremonial narrative integrity with authorized access control"

COHERENCE_SCORE: 0.94 (Aligns with storyform intent: spiritual_authenticity + technical_rigor)

STEP 8: Generate consensus opinion from Mia/Miette/Haiku personas

claude> & /mcp patent-engine request_persona_review
--claim-id "patent-2026-glyph-memory-001"
--request-types "technical_feasibility,cultural_authenticity,legal_defensibility"

RESULT:

- Patent claims cannot be filed that violate Indigenous knowledge principles

- All claims undergo NCP kernel validation before submission

- Teleport audit log shows which authenticated user submitted which claim version

- Patent examiner receives claim + proof of coherence validation

Integration with Existing Projects Project Teleport Cluster MCP Servers Purpose Miadi-18 miadi.edgehub.com ncp-validator, coaia-sequential Spiral Agent + audio generation with narrative coherence COAIA coaia.edgehub.com place-narrative, music-glyphs, ceremonial-validator Place-based learning + cultural authenticity gates STCMastery Patents patents.edgehub.com patent-engine, ncp-consensus-review Patent claims validated against NCP storyform SymphonyofMinds symphony.edgehub.com coaia-sequential, structural-tension-charts Multi-persona collaborative writing with persistent state Why /remote-env + tsh Together Automatic Certificate Rotation: tsh rotates certs every 12h; /remote-env picks up new ones without re-login

Auditable Delegation: Every MCP call logs authenticated identity + action via Teleport proxy

Regional Flexibility: Switch regions via /remote-env → Teleport transparently reroutes all traffic

Observable AI: MCP servers are separate processes; Claude Code can query their logs/state independently

Decoupled State: Narrative kernels live remotely, unreachable by direct LLM prompting (prevents hallucination attacks)

References Claude Code Documentation - Slash Commands: https://code.claude.com/docs/en/slash-commands Teleport tsh Setup Guide: https://www.youtube.com/watch?v=UoGn76AmfB4 Teleport tsh env command: https://fig.io/manual/tsh/env Holistic Narrative Context Protocol NCP 9.1: Core storyform validation patterns Model Context Protocol (MCP): https://modelcontextprotocol.io Claude Code MCP Integration: https://code.claude.com/docs/en/mcp