[FEATURE] `/insights` aggregates sessions across all accounts/organizations — no data isolation between personal and enterprise contexts

Resolved 💬 3 comments Opened Feb 17, 2026 by BartoszBilejczyk Closed Feb 20, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

I use Claude Code with both a personal (Pro) account and a company (Team/Enterprise) account on the same machine. When I run /insights, it analyzes all session transcripts from ~/.claude/projects/ regardless of which account created them, mixing personal and corporate data into a single report.

This is a problem because:

  1. No account boundary awareness/insights treats all local sessions as one pool. There's no filtering by the account or organization that was active during each session. A report generated under my company account includes behavioral patterns, project names, file paths, and workflow details from my personal projects (and vice versa).
  1. Data leaves the machine — The analysis isn't purely local. Session transcripts are sent to Anthropic's API (Haiku model) for facet extraction. When personal and corporate sessions are mixed, it's unclear which data handling terms (Consumer vs. Commercial ToS) govern the transmitted data.
  1. No disclosure or opt-out — There is no warning before /insights runs that it will aggregate across all projects and accounts. Users have no way to scope the analysis or exclude specific projects.

For enterprise environments where data isolation between personal and corporate contexts is a baseline expectation, this is a significant gap.

Proposed Solution

Account-scoped analysis by default: /insights should only analyze sessions that belong to the currently authenticated account/organization. If I'm logged in with my company account, only company sessions should be included.

Project-level filtering: Allow scoping the analysis to specific projects:

/insights --project ./my-project
/insights --exclude ./personal-stuff

Opt-out configuration: A setting in .claude/settings.json (global or per-project) to exclude specific projects from /insights aggregation permanently.

Transparent disclosure: Before running the analysis, briefly indicate how many sessions and from which scope will be analyzed — so users can make an informed decision.

Alternative Solutions

  • Separate OS user accounts for personal vs. work — functional but impractical for daily use and shouldn't be necessary.
  • Setting a custom CLAUDE_CONFIG_DIR per context — adds friction and is easy to forget, leading to accidental data mixing.
  • Manually pruning ~/.claude/projects/ before running /insights — not realistic as a workflow.

None of these are real solutions — they're workarounds for missing account-level scoping in the /insights pipeline.

Priority

Medium - Would be very helpful

Feature Category

Configuration and settings

Use Case Example

I'm a developer who uses Claude Code for both personal side projects (on a Pro account) and professional work at my company (on a Team account), on the same MacBook.

  1. Morning — I log in with my company Team account and spend the dayworking on our internal product: refactoring authentication, reviewing API endpoints, discussing proprietary business logic with Claude.
  1. Evening — I switch to my personal Pro account and spend an hour on a personal open-source project.
  1. End of week — I run /insights while logged into my company account to understand my team workflow patterns.
  1. Result — The generated report includes facets extracted from both contexts. My company's internal file paths, architecture decisions, and proprietary feature names appear alongside my personal project data. All of this was sent to the Haiku API for analysis — under ambiguous data handling terms since the sessions span two different account types.
  1. The problem — My company's IT/security team expects that corporate data stays within the boundaries of our Team account and its Commercial ToS. Meanwhile, my personal sessions (governed by Consumer ToS) are being co-analyzed. Neither side consented to this mixing.

Expected behavior: When I run /insights under my company Team account, it should only analyze sessions created under that account. My personal Pro account sessions should not be visible or transmitted.

Additional Context

Additional Context

How /insights currently works under the hood (based on this deep dive):

  • Reads all sessions from ~/.claude/projects/ — no account filtering
  • Sends transcripts to Anthropic's API (Haiku model) for facet extraction (up to 50 sessions per run)
  • Caches results at ~/.claude/usage-data/facets/
  • Generates a local HTML report

Technical consideration: Session metadata likely already contains the account/org context from authentication. The fix may be as straightforward as filtering sessions by the currently active account ID before passing them to the analysis pipeline.

Similar patterns in other tools:

  • GitHub CLI (gh) scopes all operations to the currently authenticated account — you can't accidentally query repos from a different org
  • AWS CLI profiles enforce strict credential/account boundaries per command
  • VS Code with multiple GitHub accounts keeps activity and telemetry separated per profile

Relevant privacy docs:

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗