[Feature Request] Session durability, identity, and attestation — user-owned, not platform-managed
Summary
Claude Code treats user sessions as ephemeral log files: unsigned, unattested, silently retention-purged, with no export hook, no notification, and no receipt. That is the right design for telemetry. It is the wrong design for work product. A session is an authored artifact — it should be treated like any other file a user creates, not like a debug log the platform can sweep away.
This week I discovered the sidebar had been showing ~160 sessions as "resumable" while the JSONL files had already been purged by Claude Code's own retention. The sessions-index.json still referenced the graves. No warning, no export prompt, no record that anything was removed. For a user who treats sessions as live project tabs, this is silent destruction of work product.
This is a structural gap, not a bug.
What's missing
Claude Code has none of the following, and a platform that produces work artifacts must:
- Identity — Which model, which version, which tools, which config produced this session. Signed, not self-reported.
- Attestation — A verifiable statement that an output was produced under a specific runtime. Current
session-envdata is informational, not cryptographically bound. - Provenance — A chain linking prompt → tool call → file write that a third party can verify. Today, if I need to prove Claude wrote something, I can't.
- Durability guarantee — Explicit retention policy visible to the user, export before any purge. Not a background sweeper that deletes JSONLs and leaves stale index entries pointing at them.
- Recoverability — When a session is gone, the user should be able to produce a signed receipt that it existed and what it contained.
Why this is job 1, not job N
Users pay for Claude Code to produce work. The work product should belong to the user, with the user in control of retention, attestation, and recovery. Today it belongs to whichever background process sweeps the directory next. That framing is wrong. This is not a UI polish problem and it is not a backlog nice-to-have — it is a core platform requirement that should have been foundational, not deferred.
With all the resources Anthropic has, the fact that there is no cryptographic integrity, no attestation, no identity binding, and no owner-controlled durability for user-produced sessions is a failure of the core function of the platform. It should be embarrassing to the team.
Offer
Rootz Corp (rootz.global) has built a working, immutable, owner-controlled session archive system that already provides what Claude Code is missing:
- Cryptographic identity per session
- Signed attestation of tool runs
- Blockchain-anchored integrity proofs
- Full 5-month context history preserved and independently verifiable
- Owner-controlled storage — the user holds the keys and the data, not the platform
Five months of my own Claude Code context is currently live on this system because the platform doesn't provide it. I am open to sharing the architecture, the design trade-offs, and a working reference with the Anthropic team at no charge. This is not a pitch — it is a working example of what the platform should have shipped with.
Contact:
Steven Sprague — Rootz Corp
steven@sprague.com
https://rootz.global
Concrete asks
- Treat session artifacts as user-owned by default, not platform-managed.
- Add user-visible retention policy and export-before-purge.
- Add a session-integrity primitive (signed manifest at minimum, attestation at the strong end) in the SDK.
- Do not show purged sessions as resumable in any UI.
- Open a conversation about owner-controlled durable storage — I will bring the architecture.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗