v1.2.0

Added

• CI also runs on Python 3.14 and macOS, with pip caching; the PyPI classifiers list the supported Python versions.

Changed

• Import verifies all SHA-256 checksums before writing anything, so a corrupted archive can no longer leave a half-restored tree behind; an entry listed in the manifest but missing from the ZIP also aborts the import.
• Exports are written atomically (temporary .part file renamed into place, unique per process), so an interrupted or concurrent export never leaves a truncated ZIP behind.
• Exports hash and compress each file in a single read, halving export I/O; a file modified mid-export can no longer produce an archive that fails checksum verification on import.
• On Windows, import backups prefix the drive letter (C/Users/...) so identical paths on different drives cannot collide inside a backup.

Fixed

• Restored files keep their permissions, so hook scripts no longer lose their executable bit on the target machine.
• The overwrite-vs-create decision (and the pre-overwrite backup) is re-checked at write time, so a destination file that appeared or vanished after the preview is still handled safely.
• A failed or backup-free import no longer leaves an empty backup directory behind, and rapid successive imports get distinct backup directories.
• Handing the CLI a file that is not a ZIP, or an archive from a newer format version, prints a clean error instead of a traceback.
• Web UI: pressing Enter in a preview's filter box no longer triggers the export/restore action.
• Web UI: a preview is hidden as soon as the root, scope or archive it was computed from changes, so a stale file selection can no longer be applied to different inputs.
• Web UI: dropping a file outside the dropzone no longer navigates the page away (losing the typed passwords).
• The local server answers a malformed Content-Length header with a clean HTTP 400 instead of resetting the connection.
• Drag-and-dropped archive names are percent-decoded, so files with spaces or accents keep their original name.
• CLI runs no longer create an empty upload temp directory.
• The PyInstaller spec resolves the web UI assets relative to the spec file, so building from outside the repo root no longer produces a binary without the UI.

Security

• Symlinked project directories, project .claude/ directories and global include directories are excluded from the scan, as documented; previously only symlinked subdirectories were excluded, so a symlinked scan root could export files from outside the scanned tree.
• The local server rejects DNS-rebinding requests on GET endpoints too (Host must be local), and API responses carry X-Content-Type-Options: nosniff plus Cache-Control: no-store.

v1.1.0

Added

• scripts/: companion shell and batch helpers — update-repos (fast-forward every Git repo), status-repos (read-only repo status), clean-backups (prune import backups), and backup-export (unattended encrypted export with retention).
• Backups tab in the web UI (and backups core module) to list and prune the import backups under ~/.claude-code-sync-backups/, with new endpoints GET /api/backups and POST /api/backups/prune.
• Export retention: an optional Keep newest archives field in the UI and --keep N on the CLI delete older claude-code-sync-*.zip in the output folder after a successful export. POST /api/export accepts keep and reports pruned.

Fixed

• run.sh / run.bat report a clear error when neither python3/py nor python is on PATH, and exec the interpreter so Ctrl-C reaches it directly.

v1.0.0

The first public release of Claude Code Sync — offline, encrypted export/import of your Claude Code configuration across machines. No account, no telemetry, no network calls at runtime.

Highlights

• Encrypted, portable archives. Password-protected WinZip-AES (AES-256) ZIPs you can also open with 7-Zip or any AES-capable tool using the same password.
• Two scopes. Per-project config (CLAUDE.md at any depth and the project .claude/) and the global ~/.claude/ (settings.json, keybindings.json, CLAUDE.md, and the skills/, agents/, commands/, hooks/, plugins/ directories).
• Web UI and CLI. A local, claude.ai-flavoured UI (light/dark themes, drag-and-drop, native file pickers) plus headless export / import subcommands for scripts and cron.
• Safe imports. Dry-run preview, SHA-256 integrity verification, and automatic backups before any file is overwritten.
• Hardened. A strict allow-list keeps secrets out of archives; plus path-traversal rejection, size-bounded extraction, and a local-only server that blocks cross-origin / DNS-rebinding requests.

One runtime dependency (pyzipper); the web server is pure standard library. Requires Python 3.11+.

Full usage in the README and docs/.