[BUG] macOS: Desktop app spawns headless sessions that mint new hashed keychain items, causing endless "security wants to access Claude Code-credentials" prompts

Open 💬 0 comments Opened Jul 1, 2026 by iwb1204

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description

On macOS, running Claude Code bundled inside the Claude desktop app, I get an endless
stream of "security wants to access key 'Claude Code-credentials' in your keychain"
system dialogs — sometimes multiple stacked at once. This is not a one-time or
per-launch prompt; it recurs continuously while the desktop app is open with active
sessions.

Environment

  • Claude Code version: 2.1.187 (bundled with Claude desktop app)
  • Desktop app path: /Applications/Claude.app
  • OS: macOS (Darwin 25.5.0)
  • Installation: bundled CLI at

~/Library/Application Support/Claude/claude-code/2.1.187/claude.app/Contents/MacOS/claude,
launched by the desktop app via Contents/Helpers/disclaimer

Root cause (as far as I could diagnose)

The desktop app spawns one headless claude process per session, invoked like:
/Applications/Claude.app/Contents/Helpers/disclaimer
~/Library/Application Support/Claude/claude-code/2.1.187/claude.app/Contents/MacOS/claude
--output-format stream-json --verbose --input-format stream-json
--effort high --model claude-opus-4-8 --permission-prompt-tool stdio
--resume <session-uuid>

Each of these processes calls:
security find-generic-password -a <user> -w -s "Claude Code-credentials"

Instead of reusing a single Claude Code-credentials keychain item, the app appears
to create additional items named Claude Code-credentials-<8-hex-hash> (e.g.
Claude Code-credentials-043aee2c). Each new hashed item has no partition-list /
trusted-application entry, so macOS prompts for keychain access on first use.
I confirmed this is an active, ongoing process, not stale leftover state:

  1. I deleted all Claude Code-credentials-* items via

security delete-generic-password.

  1. Within minutes, ~26 hashed items reappeared — several with the same hash

suffixes as ones I had just deleted, indicating the hash is derived
deterministically from something stable (session UUID, PID, or similar).

  1. I then set a partition list on the plain Claude Code-credentials item via

security set-generic-password-partition-list -S "apple-tool:,apple:" and
verified security find-generic-password -w returned instantly with no prompt.

  1. Prompts continued anyway, because newly minted hashed items don't inherit that

trust — each new item is a fresh un-trusted keychain entry.
So the prompt storm scales with the number of concurrent/recent Code sessions the
desktop app has spawned, and no amount of keychain cleanup on my end fixes it,
since the app keeps creating new untrusted items.

Possibly related issues

  • #47321 — keychain prompt storm from missing kSecUseDataProtectionKeychain,

reported fixed in v2.1.1 (I'm on 2.1.187, so if this is a regression, it may be
desktop-app-specific rather than CLI-specific)

  • #48162 — add-generic-password missing -U (upsert) flag, causing

"item already exists" errors that could plausibly trigger repeated access
attempts

Diagnostic data I can provide if useful

  • security dump-keychain output showing the growing set of hashed

Claude Code-credentials-<hash> items (redacted of secrets)

  • Full process list of the headless claude invocations at time of the prompt

storm

  • log show output around the time of a prompt, if a specific predicate would help

Happy to run additional diagnostics or test a patched build.

What Should Happen?

Expected behavior

Claude Code should read/write a single, consistently-named keychain item (or an
already-existing correctly-scoped one) per user, with a trusted access-control /
partition list set at creation time — not mint new hashed items per session that
require a fresh manual grant each time.

Error Messages/Logs

Steps to Reproduce

Steps to reproduce

  1. Open the Claude desktop app on macOS.
  2. Start or resume several Code sessions (e.g. multiple chats in "Recents").
  3. Leave the app running for a few minutes with sessions active/idle.
  4. Observe repeated "security wants to access key 'Claude Code-credentials' in your

keychain" dialogs, sometimes several stacked on screen simultaneously.

Claude Model

Opus

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

Claude 1.17377.1 (2b3ab4) 2026-06-30T20:11:42.000Z

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗