How to Schedule Claude Code to Run Daily in the Cloud (Routines)
Run Claude Code on a cron schedule in Anthropic cloud, no PC on overnight. How /schedule works, what the sandbox can reach, and the secrets pattern to use.
Claude Code routines are scheduled cloud agents: each one spins up an isolated cloud session on a cron schedule (or once at a set time), clones a GitHub repo you name, runs a prompt you wrote, and can commit results back. Create one by typing /schedule inside Claude Code and describing the job — it walks you through the repo, the schedule (5-field cron, always UTC, minimum interval one hour), and the model. The one rule that shapes everything: the cloud sandbox cannot see your local machine, local files, or local environment variables, so any credential the job needs must arrive some other way — an OAuth'd connector, or a keyed relay service that holds the secret server-side.
Or skip the work: Meta-Prompt + System Prompt Architect does it in seconds →
Everything I run, I eventually want to run without me. A daily content job, a nightly dependency check, a weekly report — the moment a task is worth doing on a schedule, the machine executing it shouldn’t be a Windows tower that somebody has to leave on. Claude Code’s answer is routines: scheduled cloud agents that fire on a cron, do real work in an isolated cloud session, and leave before you wake up. I set my first ones up today; here’s the honest walkthrough.
What a routine actually is
A routine is a stored job: a prompt, a GitHub repo, a model, and a schedule. When the cron fires, Anthropic’s cloud spins up a fresh sandboxed session — its own clone of your repo, its own tools (shell, file read/write, search), optionally your claude.ai MCP connectors — and hands your prompt to the agent as if you’d typed it. The agent works until the job is done, and the whole session is saved so you can read exactly what it did at claude.ai/code/routines.
Two properties define the shape of everything you build with them:
- Isolation. The session starts with zero context. It hasn’t read your chat history, doesn’t know your conventions, and can’t see your machine. The prompt has to carry everything.
- A repo is the world. The git checkout is the filesystem the agent lives in — and also its best output channel, because the agent can commit and push. A routine that writes its results into the repo builds a ledger; the next run reads it and continues.
Creating one with /schedule
Inside Claude Code, type /schedule and describe the job in plain language. It will walk you through the pieces:
- The task. What the agent should do each run, and what “done” looks like.
- The repo. Which GitHub repository gets cloned into the session.
- The schedule. A 5-field cron expression, always in UTC, minimum interval one hour. Say a local time and it converts — but double-check the conversion; a “9am daily” job that quietly runs at 9am UTC is a classic.
- The model. Defaults to Sonnet, which is right for most scheduled work — save the heavier models for jobs where judgment is the product.
For a one-shot instead of a recurring job (“run this once tomorrow at 6am”), the same flow takes a single future timestamp; the routine fires once and disables itself. That one-shot mode is quietly the best feasibility tool in the product — before committing to a daily job, I fire a single probe run whose only task is “try the pipeline and report what breaks.” Today’s probe told me in one run whether a cloud sandbox could render video with native canvas and ffmpeg. Twenty minutes of cloud time answered what could have been a day of guessing.
The prompt is a system prompt — write it like one
Because the session starts cold, routine prompts are a different genre from chat messages. Mine follow a fixed skeleton:
- Identity and mission — one paragraph, including what the deliverable is.
- Numbered steps — where things live in the repo, which scripts to run, in what order.
- Failure policy — diagnose briefly, try one workaround, then record the blocker instead of thrashing.
- The deliverable’s exact shape — if I want JSON, I show the JSON.
This is the same discipline as writing a CLAUDE.md file or a custom subagent: instruction quality is the product. An unattended agent amplifies whatever you wrote — precision compounds, vagueness compounds faster.
The secrets problem (and the pattern that solves it)
Here’s the constraint that shapes real automations: the cloud session cannot access your local environment variables or files. Whatever credential your job needs — an upload token, an API key — has to reach the routine some other way, and committing it to the repo is not that way. Ever.
The pattern I use: a keyed relay. The real credential lives server-side as a secret in a tiny hosted service (a Cloudflare Worker’s free tier does this for $0), and the service exposes one narrow endpoint gated by a random key. The routine’s prompt carries only that key. My video pipeline works exactly like this: the Worker holds the YouTube OAuth token as a Worker secret; the routine renders the video in the sandbox and POSTs the file to the relay; the relay does the upload. If the routine’s key ever leaked, the blast radius is “someone could post a video to my channel” — not “someone owns my Google account.” Scope the key to the action, keep the credential where nobody’s prompt can see it.
OAuth’d MCP connectors attached to the routine solve the same problem for supported services (mail, drives, and similar) without any hosting at all.
What runs well on a schedule
The jobs that have earned a cron in my setup, all on the theme of building while you sleep:
- Content generation — a nightly drafter that stocks a queue for a human-or-stronger-model gate to review in the morning. Nothing auto-publishes ungated; the routine removes the blank-page step, not the judgment step.
- Feasibility probes — one-shot runs that answer “can this environment do X” with facts.
- Repo hygiene — dependency bumps, dead-link checks, stale-issue triage, committed as a report or a PR.
- Ledger updates — pull yesterday’s numbers from an API, append to a data file, push.
Cost note, disclosed as always: routine runs consume your plan’s usage like any session, so the economics of daily automation depend on what your tokens cost. I keep the heavy drafting lanes on the z.ai GLM Coding Plan — that’s a referral link, it helps fund our compute, and the plan costs the same with or without it; the setup is in how to set up Claude Code with the GLM API. Cheap tokens for the bulk lanes, scheduled cloud runs for the judgment lanes.
Where this fits
Routines are the last piece of a stack where each layer removes one manual step. CLAUDE.md encodes your standing rules, hooks enforce them mechanically, subagents parallelize the work — and a routine removes the final human act of showing up to start it. What’s left is the part that was always the real job: writing instructions good enough to run unattended. That’s the exact muscle Meta-Prompt Architect trains — turning rough intent into the tight, reusable, failure-aware instructions that a 6am cloud session with zero context and nobody watching can actually execute. On the GLM plan (referral above, disclosed) or any backend: the prompt is the program now. Write it like one.
Frequently asked
Does my computer need to be on for a routine to run?
No — that's the entire point. Routines run in Anthropic's cloud infrastructure, not on your machine. Each scheduled firing spawns a fresh, isolated cloud session with its own checkout of the GitHub repo you configured. Your laptop can be closed, off, or in a backpack; the routine fires anyway. The flip side is that the cloud session also can't reach anything on your machine — local files, local databases, local environment variables are all invisible to it.
How often can a routine run?
The schedule is a standard 5-field cron expression, and the minimum interval is one hour — something like */30 * * * * gets rejected. Cron times are always UTC, so convert from your local timezone (9am Eastern is 13:00 or 14:00 UTC depending on daylight saving). For a one-time run instead of a recurring one, you can schedule a single future timestamp; it fires once and then disables itself.
How do I give a routine API keys or credentials safely?
Never by committing them to the repo — the clone is the only filesystem the routine gets, and secrets in git are a standing security hole. Two patterns work: OAuth'd MCP connectors attached to the routine (Gmail, Drive, and similar claude.ai connectors), or a relay you host that keeps the real credential server-side — the routine's prompt carries only a narrow key whose worst-case misuse is small. A Cloudflare Worker holding an API token as a Worker secret, gated by a random key, costs $0 and takes an afternoon.
How does a routine report its results?
Each run is a full session you can open and read at claude.ai/code/routines. For machine-readable output, remember the routine has push access to its repo — the durable pattern is to have the prompt end with committing a small result file or appending to a ledger, so every run leaves state the next run (or you) can read. A routine that only prints its findings to the session works; a routine that commits them builds a history.
Some links may be referral links, always marked. Full disclosure →