[BUG] macOS: Desktop app spawns headless sessions that mint new hashed keychain items, causing endless "security wants to access Claude Code-credentials" prompts
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Description
On macOS, running Claude Code bundled inside the Claude desktop app, I get an endless
stream of "security wants to access key 'Claude Code-credentials' in your keychain"
system dialogs — sometimes multiple stacked at once. This is not a one-time or
per-launch prompt; it recurs continuously while the desktop app is open with active
sessions.
Environment
- Claude Code version: 2.1.187 (bundled with Claude desktop app)
- Desktop app path: /Applications/Claude.app
- OS: macOS (Darwin 25.5.0)
- Installation: bundled CLI at
~/Library/Application Support/Claude/claude-code/2.1.187/claude.app/Contents/MacOS/claude,
launched by the desktop app via Contents/Helpers/disclaimer
Root cause (as far as I could diagnose)
The desktop app spawns one headless claude process per session, invoked like:
/Applications/Claude.app/Contents/Helpers/disclaimer
~/Library/Application Support/Claude/claude-code/2.1.187/claude.app/Contents/MacOS/claude
--output-format stream-json --verbose --input-format stream-json
--effort high --model claude-opus-4-8 --permission-prompt-tool stdio
--resume <session-uuid>
Each of these processes calls:
security find-generic-password -a <user> -w -s "Claude Code-credentials"
Instead of reusing a single Claude Code-credentials keychain item, the app appears
to create additional items named Claude Code-credentials-<8-hex-hash> (e.g.Claude Code-credentials-043aee2c). Each new hashed item has no partition-list /
trusted-application entry, so macOS prompts for keychain access on first use.
I confirmed this is an active, ongoing process, not stale leftover state:
- I deleted all
Claude Code-credentials-*items via
security delete-generic-password.
- Within minutes, ~26 hashed items reappeared — several with the same hash
suffixes as ones I had just deleted, indicating the hash is derived
deterministically from something stable (session UUID, PID, or similar).
- I then set a partition list on the plain
Claude Code-credentialsitem via
security set-generic-password-partition-list -S "apple-tool:,apple:" and
verified security find-generic-password -w returned instantly with no prompt.
- Prompts continued anyway, because newly minted hashed items don't inherit that
trust — each new item is a fresh un-trusted keychain entry.
So the prompt storm scales with the number of concurrent/recent Code sessions the
desktop app has spawned, and no amount of keychain cleanup on my end fixes it,
since the app keeps creating new untrusted items.
Possibly related issues
- #47321 — keychain prompt storm from missing
kSecUseDataProtectionKeychain,
reported fixed in v2.1.1 (I'm on 2.1.187, so if this is a regression, it may be
desktop-app-specific rather than CLI-specific)
- #48162 —
add-generic-passwordmissing-U(upsert) flag, causing
"item already exists" errors that could plausibly trigger repeated access
attempts
Diagnostic data I can provide if useful
security dump-keychainoutput showing the growing set of hashed
Claude Code-credentials-<hash> items (redacted of secrets)
- Full process list of the headless
claudeinvocations at time of the prompt
storm
log showoutput around the time of a prompt, if a specific predicate would help
Happy to run additional diagnostics or test a patched build.
What Should Happen?
Expected behavior
Claude Code should read/write a single, consistently-named keychain item (or an
already-existing correctly-scoped one) per user, with a trusted access-control /
partition list set at creation time — not mint new hashed items per session that
require a fresh manual grant each time.
Error Messages/Logs
Steps to Reproduce
Steps to reproduce
- Open the Claude desktop app on macOS.
- Start or resume several Code sessions (e.g. multiple chats in "Recents").
- Leave the app running for a few minutes with sessions active/idle.
- Observe repeated "security wants to access key 'Claude Code-credentials' in your
keychain" dialogs, sometimes several stacked on screen simultaneously.
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
Claude 1.17377.1 (2b3ab4) 2026-06-30T20:11:42.000Z
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_