Governance
Session Storage And Retention
How to design Claude transcript storage, SessionStore mirroring, retention windows, and deletion workflows without losing useful evidence.
External storage
append + load
The SessionStore interface centers on appending transcript entries and loading them back for resume.
Retention
Policy before archive
Log retention should be set by risk, compliance, review needs, and privacy obligations, not by disk space accidents.
"mirror session transcripts"
Start With The Local Truth
The default Agent SDK behavior writes session transcripts to local JSONL files. That is convenient for single-user development and local review. It is not enough for multi-host systems, ephemeral containers, CI runners, or teams that need governed retention.
Before building a central archive, decide whether local transcripts are the system of record, a cache, or a staging copy. That decision affects deletion, access review, encryption, and incident response.
When To Use SessionStore
Anthropic documents a SessionStore adapter that can mirror transcripts to S3, Redis, a database, or another backend. The required methods are conceptually simple: append new transcript entries and load them back when a session resumes. Operationally, the hard part is governance.
Use external storage when sessions need to resume across hosts, survive container restarts, meet compliance retention, or support centralized audit. If none of those are true, a local transcript plus project-level review notes may be enough.
Practical Retention Classes
Not every transcript deserves the same lifetime. A one-off exploratory prompt can expire quickly. A transcript that produced a production PR, security decision, migration, incident response action, or customer-facing output may need to live beside the business record it supports.
NIST log-management guidance emphasizes planned infrastructure and processes. Applied to agent transcripts, that means retention windows, access rules, integrity checks, export processes, and disposal workflows should be written before the archive becomes large.
- Ephemeral: personal experiments and abandoned sessions.
- Project evidence: sessions tied to a PR, issue, release, or design decision.
- Audit evidence: sessions tied to security, compliance, customer data, production incidents, or high-risk automation.
Deletion Needs A Ledger Too
Deleting transcripts is sometimes correct. The archive may contain secrets, personal data, customer information, or obsolete local work. But deletion should leave a minimal record: which session ID, which storage key, who approved, when, and under what retention policy.
If a transcript has already been summarized into a PR or incident note, make sure the summary does not preserve sensitive material that deletion was supposed to remove.
Primary sources
Sources behind this page
Anthropic
Persist sessions to external storage
Documents default JSONL transcript storage under ~/.claude/projects/ and the SessionStore mirroring interface.
Anthropic
Work with sessions
Defines sessions as the conversation history accumulated while an agent works, and separates session state from filesystem state.
NIST
NIST SP 800-92
Guide to computer security log management, including infrastructure and process planning.
Anthropic
Claude Code settings
Documents managed, user, project, and local settings scopes.
Cite this page
Claude Logs. "Session Storage And Retention." claudelogs.com, updated 2026-07-06. https://claudelogs.com/session-storage-retention
FAQ
Should transcripts be committed to git?
Usually no. Raw transcripts are sensitive and noisy. Commit curated notes, source links, and reproducible commands instead, unless a repository has an explicit governed archive pattern.
Can SessionStore replace local files?
It can operate against an external store for supported SDK functions, but design around dual-write and mirror behavior documented by Anthropic. Verify the exact SDK behavior in your version before making policy promises.