[CRITICAL BUG] Desktop auto-update wipes ~/.claude/projects/ — 1 month of sessions permanently deleted, no warning

Open 💬 0 comments Opened Jun 10, 2026 by ivanshiuan

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Claude Code Desktop App's built-in Sparkle auto-updater silently upgraded from 1.10628.01.11187.4 overnight on 2026-06-09 at ~00:49 AM local time, without any authorization, warning, or consent.

The update's initialization logic wiped the entire ~/.claude/projects/ directory, destroying ALL .jsonl session files — approximately 1 month of accumulated conversations (2026-05-09 through 2026-06-08). No warning. No backup. No rollback. Nothing.

Critical design flaws:

  1. autoUpdates: false in ~/.claude/settings.json does NOT apply to the Desktop App — only the CLI. Undocumented.
  2. 2. No default backup of ~/.claude/projects/
  3. 3. No pre-update snapshot or rollback mechanism
  4. 4. Update ran silently at 00:49 AM with no user consent

Log evidence (~/Library/Logs/Claude/main.log):

[updater] Version changed since last launch: 1.10628.0 → 1.11187.4

Recovery path for affected users (undocumented!):
Session data also exists in:

~/Library/Application Support/Claude/local-agent-mode-sessions/<org>/<session>/local_<id>/audit.jsonl

This directory survived the update. Users can recover conversations from audit.jsonl files. Anthropic should communicate this immediately to all affected users.

What Should Happen?

  1. autoUpdates: false MUST disable Desktop App auto-updates (or be clearly documented that it doesn't)
  2. 2. Add a UI toggle to disable Desktop App auto-updates
  3. 3. Enable local auto-backup of ~/.claude/projects/ by default (daily snapshots, 30-day retention)
  4. 4. Mandatory pre-update snapshot of ~/.claude/projects/ before ANY update
  5. 5. Implement rollback mechanism if update causes data loss
  6. 6. Require explicit user consent before updating — prohibit silent overnight updates
  7. 7. Publicly document the local-agent-mode-sessions/audit.jsonl recovery path
  8. 8. Proactively notify all users w[updater] Version changed since last launch: 1.10628.0 → 1.11187.4
  9. From: ~/Library/Logs/Claude/main.log
  10. Timestamp: 2026-06-09 14:11 UTC
  11. ~/.claude/projects/ directory rebuild timestamp: 2026-06-09 00:49 AM local time
  12. All .jsonl files from prior month: DELETED
  13. Affected versions: Desktop App 1.10628.0 → 1.11187.4, CLI 2.1.165
  14. Platform: macOS Apple Silicon
  15. User UUID: 251a9628-3209-4a87-bc2b-cd045f19e334ho may have been affected by this update

Error Messages/Logs

[updater] Version changed since last launch: 1.10628.0 -> 1.11187.4
File: ~/Library/Logs/Claude/main.log
Timestamp: 2026-06-09 14:11 UTC
~/.claude/projects/ rebuilt: 2026-06-09 00:49 AM local
All .jsonl session files: PERMANENTLY DELETED

Steps to Reproduce

  1. Install Claude Code Desktop App and use it for several weeks
  2. 2. Accumulate session files in ~/.claude/projects/
  3. 3. Set autoUpdates: false in ~/.claude/settings.json (thinking this disables all updates)
  4. 4. Leave the app closed overnight
  5. 5. Wake up the next morning and open Claude Code Desktop

Expected: All previous sessions intact
Actual: ~/.claude/projects/ recreated empty; all .jsonl session files gone

Note: The autoUpdates: false flag only controls CLI updates. The Desktop App's Sparkle updater ignores it completely and runs independently. There is no documented way to disable it.

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

1.10628.0

Claude Code Version

2.1.165 (Desktop App 1.11187.4)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

Full incident report filed to: support@anthropic.com + privacy@anthropic.com
Account: ivanshiuan@gmail.com

IMPORTANT for all affected users: Session data survives in audit.jsonl files at:
~/Library/Application Support/Claude/local-agent-mode-sessions/<org-uuid>/<cowork-session-uuid>/local_<id>/audit.jsonl

This recovery path is completely undocumented. Anthropic must communicate this to all users affected by recent Desktop App auto-updates.

View original on GitHub ↗