惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
A
Arctic Wolf
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
C
CERT Recently Published Vulnerability Notes
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
Martin Fowler
Martin Fowler
A
About on SuperTechFans
P
Palo Alto Networks Blog
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
WordPress大学
WordPress大学
Blog — PlanetScale
Blog — PlanetScale
博客园_首页
大猫的无限游戏
大猫的无限游戏
Cisco Talos Blog
Cisco Talos Blog
P
Proofpoint News Feed
D
DataBreaches.Net
Cyberwarzone
Cyberwarzone
T
Tor Project blog
IT之家
IT之家
P
Proofpoint News Feed
Help Net Security
Help Net Security
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
Microsoft Azure Blog
Microsoft Azure Blog
V2EX - 技术
V2EX - 技术
K
Kaspersky official blog
Hugging Face - Blog
Hugging Face - Blog
MongoDB | Blog
MongoDB | Blog
B
Blog
N
News and Events Feed by Topic
The Cloudflare Blog
S
Schneier on Security
P
Privacy & Cybersecurity Law Blog
T
The Blog of Author Tim Ferriss
Recorded Future
Recorded Future
Last Week in AI
Last Week in AI
The Last Watchdog
The Last Watchdog
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
LangChain Blog
I
InfoQ
F
Full Disclosure
The Register - Security
The Register - Security
阮一峰的网络日志
阮一峰的网络日志
H
Hacker News: Front Page
V
V2EX

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
45 MB of Claude Code Sessions You Don't See
Arthur · 2026-05-21 · via DEV Community

A documented user investigation posted in late April 2026 reported, for one Windows machine, the following two numbers: 715 Claude Code sessions on disk, and 69 sessions visible in the Claude Code desktop application's sidebar. Roughly ten percent. The other six hundred and forty-six sessions, totalling about 48 megabytes of local_*.json files, were on the disk, were intact, and were entirely absent from the only program that can natively open them.

I want to take that ten-percent number seriously rather than file it under "user error" or "edge case," because the structural reason it happens is the same reason it will happen to anyone with more than one Anthropic account, and there are now a fair number of people in that category. Anthropic introduced weekly rate limits on its Pro and Max plans on August 28, 2025, which means the response of any sufficiently committed Claude Code user is, eventually, to maintain more than one account and rotate when one of them hits its cap. This is not an exotic workflow. It is the normal response of a tool's power users to a quota policy. The desktop application was not built around it.

Why anyone runs more than one account

The current weekly-limit structure is documented across Anthropic's pricing pages and a year of TechCrunch / Northflank / Portkey coverage. The $200/month Max plan offers, by Anthropic's own published guidance, somewhere in the 240–480 hours of Sonnet and 24–40 hours of Opus per week. The $100 plan is roughly half that. The Pro plan is well below either. For someone using Claude Code as a daily driver on multiple substantial projects, the cap is not theoretical — power users hit it within days of each weekly reset window.

The standard response, visible across half a dozen GitHub-issue threads and a year of community posts, is to maintain two or three accounts and switch when the active one runs out. Anthropic does not document this, does not condone this, and does not make it convenient — but the alternative is that the tool stops working partway through the week, and the calculus, for paying customers who depend on it, is straightforward.

The desktop application's storage layer was designed for one account at a time. The collision between that design and the rotation pattern is the source of every symptom that follows.

Where the sessions actually live

Anthropic does not document on-disk session paths in the official Claude Desktop documentation. The CLI version's ~/.claude/ directory layout is documented; the desktop app's is not. The path users have reverse-engineered, and that the user investigation cited above located at line 771 of the bundled .vite/build/index.js as the constant claude-code-sessions, is:

  • macOS: ~/Library/Application Support/Claude/claude-code-sessions/<accountId>/<orgId>/local_*.json
  • Windows: %APPDATA%\Claude\claude-code-sessions\<accountId>\<orgId>\local_*.json

Each session is one JSON file. Each account gets its own <accountId> directory. Each organisation under that account gets its own <orgId> subdirectory. On a single user's Windows machine, the count of accountId directories was six — the user expected four, but two old accounts were still on disk and forgotten, including the largest one (44 megabytes, 330 sessions, dormant since early April).

The desktop application reads from one of those six directories at any given time — the active account's. The other five are inert, on the same disk, in the same parent folder, holding sessions in the same JSON format, and not displayed. There is no UI affordance to view them, no setting to merge them, no documented way to migrate a session out of one and into another. Sessions do not become invisible because they are corrupted or deleted. They become invisible because the application does not look in their folder.

The GitHub-issue trail

Documentation gaps in a developer tool are usually accompanied by a GitHub paper trail, and Claude Code's is unusually long for a product still under heavy development.

Issue #26452, opened February 18, 2026, by a Max subscriber on macOS reporting that sessions disappeared after logout and reappeared only on the disk. Bug label, Open status, dozens of community comments, no MEMBER/OWNER replies as of late April. Issue #48511, opened April 15, 2026: same symptom, fresh report, again open with no engineering response. Issue #29373 — closed — is where the community located the path constant in the bundled JavaScript, by literally diffing build artefacts. Issue #48362 reports that Microsoft Store / MSIX builds break entirely, because the atomic-rename step from local_<sid>.json.tmp to local_<sid>.json fails with EXDEV inside the MSIX virtual file system, treating source and target as different devices. Issue #18645 — closed as a feature request — is where one user hypothesises that version 2.1.9 introduced a stricter check that prevents copying sessions between machines, on the basis of regression testing rather than any documented Anthropic announcement. Issue #54428, opened April 28, 2026, reports that on Claude Desktop 1.4758.0 for some macOS users, an entirely different storage format has begun rolling out: ~/Library/Application Support/Claude/vm_bundles/claudevm.bundle/, containing rootfs.img, sessiondata.img, and efivars.fd. A disk image, not a directory of JSONs.

The combination paints a clear picture. The session-storage layer is in active churn. Users are filing precise, well-instrumented bug reports and, on the most active thread, getting no MEMBER or OWNER reply at all. The community has been building its own discovery and migration tooling for at least three months, against a target that is currently moving.

The format keeps changing

Three storage formats in twelve months is the pattern.

The first format, used through 2025, was local-agent-mode-sessions/. It was renamed to claude-code-sessions/ in early 2026 — issue #29373, closed without comment, is the only public trace of the rename. Some user-built tools still parse for the old name as a fallback. The second format, the current claude-code-sessions/ layout, is the one all the user reverse-engineering above maps. The third format, the in-flight VM-bundle architecture from issue #54428, replaces the directory of JSON files with a single mounted disk image. Anything that reads local_*.json will stop working when the bundle migration completes.

There are good reasons a developer tool might consolidate session storage into a sandboxed image — Anthropic's published positioning around agent isolation suggests one motive — but the consequence for users running custom tooling is that any tool which targets the on-disk format has, by construction, a short life. A migration script written against the current paths becomes a dead asset the moment the next storage format reaches general availability. Users who have built workflows around the JSON files are pre-emptively building the next workaround for the next migration.

CLI versus desktop

The same product family ships in two flavours, and only one of them has this problem.

The CLI version of Claude Code stores sessions in ~/.claude/projects/<slug>/, keyed by project rather than by account. Switching accounts on the CLI updates .credentials.json and nothing else; the project's session history is shared across whatever account is currently authenticated. The CLI's storage layout survives the multi-account rotation pattern without any of the desktop application's pathology — sessions remain where they were, accessible to any account that opens the same project folder.

The desktop application's choice to scope sessions by <accountId>/<orgId>/ is the structural source of the invisible-sessions symptom. If the storage path were project-keyed instead, a session opened under one account would still be visible to the next account on the same project. The desktop app's design treats the account as the primary key for the data; the rotation workflow treats the project as the primary key. The difference is invisible until you look at where the JSON files end up.

This is not a bug that will be fixed by adding a "show sessions from other accounts" toggle to the sidebar. It is a schema choice that has not been reconciled with how the tool gets used.

State in your storage, not theirs

Chasing the on-disk format is, on the evidence of the last twelve months, a losing game. Three storage formats in twelve months, no documentation, no engineering response on the open issues, a fourth format already shipping. Any user-built migration tool is a stopgap with a measurable shelf life. The right architectural answer is to stop relying on the application's storage for state that needs to survive a format change.

The pattern that does survive is per-project handoff files. At the end of each long Claude Code session, the agent writes a short markdown file into the project's own repository, in something like .claude/handoffs/<date>_<session-id>.md. The file is short and structured: the session's goal in one sentence; what was actually done, with file names; what didn't work — the most valuable section, the hypotheses checked and discarded, with reasons; the current state of the work; one specific next step; and a small read-only check-list of things the next session should verify before resuming. The next session opens in the same project folder, reads the most recent handoff, and picks up the thread, regardless of which account is logged in, regardless of which storage format Anthropic shipped this morning.

The handoff file lives in your repo. Anthropic cannot reformat it. Switching machines does not lose it. Switching accounts does not hide it. The session-storage layer Anthropic owns is allowed to churn — it will keep churning, on the evidence — and the project state that the developer actually cares about lives somewhere churn cannot reach.

This is not a Claude-specific architectural pattern. It is the standard advice for any tool you do not own: the persistent state of work needs to live in storage you control. A migration tool that reads someone else's storage is, by definition, a temporary measure. A handoff file written by the agent into your own repo is the permanent measure.

What the ten-percent number is actually showing

The 90% invisible-sessions number is not a bug in Claude Code. It is the predictable consequence of a per-account storage schema meeting a multi-account usage pattern that exists because of weekly rate limits the storage schema was not designed around. The weekly limits are a real product constraint. The multi-account rotation is a rational user response. The per-account <accountId>/<orgId>/ directory layout is a rational design decision. Each piece is locally sensible; the combination produces a state where most of one user's session history is unreachable from the application that wrote it.

The fix the user community is converging on is not to chase the storage layer, because the storage layer is not stable enough to chase. The fix is to keep the project state outside the application entirely. That move has the additional property of making the user's work portable across versions, across machines, across accounts, and across the storage formats Anthropic has not yet shipped. The session files Anthropic owns are going to get reformatted. The handoff file in your repo is not. That is the difference, and it is the part the ten-percent number is really showing — that the visible part of any external tool's storage is the part you can lose, and the only state worth depending on is the state you wrote yourself.