[FEATURE] Local password lock for Claude Code conversations (like Telegram)

Resolved 💬 3 comments Opened Apr 27, 2026 by jessica-preveni Closed Jun 5, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Anyone with physical access to a logged-in computer can open Claude Code and immediately read all past conversations across every project. The conversation history is stored as plaintext JSON at ~/.claude/projects/ with no in-app authentication gate.

This is a privacy gap for users who:

  • Share a computer with family members
  • Step away from their desk frequently
  • Work with sensitive client data, code, or business context in their conversations
  • Want defense-in-depth beyond the OS login

The OS login alone is not enough — once the user is logged in (which is most of the time on a personal/family machine), all Claude Code history is exposed to anyone walking up to the screen.

Proposed Solution

Add an optional local password feature, similar to Telegram Desktop's "Local Passcode":

  • Opt-in setting (off by default) to set a local password
  • On launch, prompt for the password before loading any project context or conversation history
  • Optional auto-lock after N minutes of inactivity (Telegram offers 1h / 5h / 1 day / 1 week)
  • Optional biometric unlock (Windows Hello / Touch ID) after the password is set once
  • Ideally, encrypt the conversation files at rest with a key derived from the password — otherwise the protection can be bypassed by reading the JSON files directly from disk

<img width="737" height="452" alt="Image" src="https://github.com/user-attachments/assets/93478d72-5210-4e2b-994a-39c15c701274" />
<img width="506" height="531" alt="Image" src="https://github.com/user-attachments/assets/1c5c8411-bbc3-4b15-b062-34b548f957e1" />

Alternative Solutions

  • Relying on the OS login: not enough, since the user is usually already logged in.
  • Manually blocking ~/.claude/ via Windows file permissions: breaks Claude Code (it can't read its own history).
  • Using full-disk encryption (BitLocker): protects against device theft but not against someone else using the same logged-in session.
  • Telegram Desktop already implements exactly this pattern and it works very well as a UX reference.

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

_No response_

Additional Context

Scenario: Family/shared computer

  1. I use Claude Code on a Windows 11 machine that I share with family members.
  2. My Claude Code conversations contain context about projects, business decisions, and sensitive information I don't want others to read.
  3. I step away from the computer (kitchen, another room) without logging out of Windows.
  4. Today: anyone can walk up, open Claude Code, and read everything in /resume or just by opening any project folder.
  5. With this feature: I would set a local password once. After N minutes of inactivity (or manually triggered), Claude Code would lock. The next person opening it would see only a password prompt — no conversation history, no project context — until the correct password is entered.
  6. This matches the exact UX Telegram Desktop offers, which is already familiar to many users.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗