[FEATURE] Local password lock for Claude Code conversations (like Telegram)
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Anyone with physical access to a logged-in computer can open Claude Code and immediately read all past conversations across every project. The conversation history is stored as plaintext JSON at ~/.claude/projects/ with no in-app authentication gate.
This is a privacy gap for users who:
- Share a computer with family members
- Step away from their desk frequently
- Work with sensitive client data, code, or business context in their conversations
- Want defense-in-depth beyond the OS login
The OS login alone is not enough — once the user is logged in (which is most of the time on a personal/family machine), all Claude Code history is exposed to anyone walking up to the screen.
Proposed Solution
Add an optional local password feature, similar to Telegram Desktop's "Local Passcode":
- Opt-in setting (off by default) to set a local password
- On launch, prompt for the password before loading any project context or conversation history
- Optional auto-lock after N minutes of inactivity (Telegram offers 1h / 5h / 1 day / 1 week)
- Optional biometric unlock (Windows Hello / Touch ID) after the password is set once
- Ideally, encrypt the conversation files at rest with a key derived from the password — otherwise the protection can be bypassed by reading the JSON files directly from disk
<img width="737" height="452" alt="Image" src="https://github.com/user-attachments/assets/93478d72-5210-4e2b-994a-39c15c701274" />
<img width="506" height="531" alt="Image" src="https://github.com/user-attachments/assets/1c5c8411-bbc3-4b15-b062-34b548f957e1" />
Alternative Solutions
- Relying on the OS login: not enough, since the user is usually already logged in.
- Manually blocking ~/.claude/ via Windows file permissions: breaks Claude Code (it can't read its own history).
- Using full-disk encryption (BitLocker): protects against device theft but not against someone else using the same logged-in session.
- Telegram Desktop already implements exactly this pattern and it works very well as a UX reference.
Priority
High - Significant impact on productivity
Feature Category
Configuration and settings
Use Case Example
_No response_
Additional Context
Scenario: Family/shared computer
- I use Claude Code on a Windows 11 machine that I share with family members.
- My Claude Code conversations contain context about projects, business decisions, and sensitive information I don't want others to read.
- I step away from the computer (kitchen, another room) without logging out of Windows.
- Today: anyone can walk up, open Claude Code, and read everything in /resume or just by opening any project folder.
- With this feature: I would set a local password once. After N minutes of inactivity (or manually triggered), Claude Code would lock. The next person opening it would see only a password prompt — no conversation history, no project context — until the correct password is entered.
- This matches the exact UX Telegram Desktop offers, which is already familiar to many users.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗