How to Sync Claude Config Across Machines P2P
# How to Sync Claude Config Across Machines P2P Without Cloud Uploads
Most people treat their .claude folder as a local artifact they can just toss onto Dropbox or Google Drive without thinking twice. That works fine until you realize the third-party cloud provider has logged your access patterns, stripped your metadata, or worse, stored your prompt history in a jurisdiction that isn't yours. Traditional methods require uploading your config to a central server, which fundamentally breaks the privacy model of local LLMs. Public file-sharing services often strip metadata or log access patterns, creating a dependency on intermediaries you don't trust with your system instructions.
You need a method that keeps your configuration strictly on your devices without introducing a new central server dependency. If you want to know how to sync claude config across machines p2p, the answer isn't a cloud bucket; it's a direct tunnel between your hardware. This guide walks through using WebRTC to bridge two machines and verifying the transfer integrity with our inspection tools.
## The Privacy Problem with Centralized Config Sync
The standard workflow assumes a central node is necessary to move data from point A to point B. You log into your cloud provider, navigate to the folder, download it on the destination machine, and repeat. This introduces three specific vectors of compromise: network eavesdropping (unless you use SFTP/HTTPS), storage exposure (the files sit on a disk you don't own), and metadata leakage (who downloaded what, when, and from where).
Traditional methods require uploading your .claude folder to third-party cloud storage, exposing prompt history and system instructions. Even if you encrypt the file itself, the act of uploading it often requires authentication tokens that could be compromised. Public file-sharing services often strip metadata or log access patterns, breaking the privacy model of local LLMs.
You need a method that keeps your configuration strictly on your devices without introducing a new central server dependency. The goal is zero-knowledge transfer: the data moves only while in transit and never rests on an intermediary disk. This requires establishing a peer-to-peer (P2P) connection that functions like a virtual cable between your machines, bypassing the internet entirely if possible, or at least masking your traffic from public networks.
## CrabTalk: The Private WebRTC Bridge for Local Data
CrabTalk is designed specifically for this architecture. It leverages browser-based WebRTC to establish direct peer-to-peer connections between your machines. This architecture creates a server-less bridge, meaning no intermediary node touches or stores your .claude folder data. The connection is encrypted end-to-end using DTLS and SRTP, ensuring that sensitive prompts and model paths remain invisible to external networks.
Think of CrabTalk as a virtual Ethernet cable that appears when you open the application on both endpoints. Once the handshake completes, the two machines see each other as if they are on the same local network segment. This is distinct from standard file-sharing protocols because the tunnel itself does not terminate at a server; the data stream goes directly from your source machine's disk to your destination machine's disk.
To start the process, you open CrabTalk on both machines. You initiate the connection by sharing the temporary session ID generated on the source machine (e.g., your Windows PC) with the destination machine (e.g., your Linux laptop). Once the bridge is established, you can run standard file copy commands or use a tool like scp over the tunnel to move the directory. The key here is that the .claude folder never touches a public IP address owned by a cloud provider.
## Securely Migrating Your .claude Folder via Direct Peering
The transfer itself is straightforward once the WebRTC bridge is active, but the execution requires care. Establish a local network tunnel using CrabTalk to connect your source machine (e.g., Windows) to your destination (e.g., Linux). You can then use standard file system commands to stream the entire .claude directory directly from one disk to another without intermediate buffering.
For example, if you are moving from a Windows host to a Linux client:
# On the Windows source machine, establish the CrabTalk session and get the tunnel IP
crabtalk connect --id <SESSION_ID>
# Stream the folder to the destination.
# Note: This assumes the tunnel interface is available as 'tun0' or similar
scp -r /path/to/.claude user@<TUNNEL_IP>:~/.claude
The command streams the data over the encrypted channel. Because WebRTC handles the encryption natively, you do not need to manage keys or certificates manually; the browser-based nature of the tool abstracts that complexity away while maintaining strict security boundaries.
Verify the transfer integrity by comparing checksums immediately after the sync completes to ensure no data corruption occurred. Large model files can be sensitive to bit rot during transfers, especially over wireless connections where packet loss might trigger retransmission errors. If you are moving massive .gguf or .safetensors files within your config directory, a simple diff isn't enough; you need cryptographic verification.
## Validating Model Artifacts with CHKDSK Labs L-BOM
Once synced, use l-bom to inspect the new .claude/models directory and verify file identity against your local inventory. This is where our CLI tool shines. We've seen cases where a transfer completes successfully by byte count but corrupts a specific tensor header due to a fleeting network glitch that went unnoticed until inference failed.
Run a quick scan on specific .gguf or .safetensors files to generate a lightweight Software Bill of Materials (SBOM) with SHA256 hashes. Compare the metadata output from L-BOM on both machines to confirm that model architecture, quantization, and parameter counts match exactly. This step is critical for ensuring your local stack remains consistent.
Use the --format spdx or --format hf-readme flags in L-BOM to generate standardized documentation for your synced model library. This allows you to generate a manifest that proves the integrity of every file in the directory tree. For instance, running the scan on the destination machine:
l-bom scan ~/.claude/models --format spdx > /tmp/sync-manifest.spdx
You can then run the same command on the source machine and use diff to compare the outputs. If the SHA256 hashes in the SPDX manifest match, the data is identical. If they differ, you have a corruption issue that needs to be re-synced immediately.
Maintain a consistent, auditable record of your AI infrastructure using the CLI tools available at https://github.com/CHKDSKLabs/l-bom. The tool is small, Python-based, and requires no installation beyond pip install. It parses the file headers directly to extract architecture details like context length and vocab size, providing a detailed report that goes beyond simple file sizes.
## Automation and Future-Proofing Your Local AI Stack
The real value of this workflow comes when you automate the verification step. Integrate l-bom into your sync verification script to automatically flag any mismatched models or corrupted files after a CrabTalk transfer. You can write a simple shell script that runs the scan, compares the JSON/SPDX output against a baseline, and fails the process if discrepancies are found.
#!/bin/bash
# Sync Verification Script
SOURCE_BASE="~/.claude/models"
DEST_BASE="$HOME/.claude/models"
echo "Scanning source for SBOM..."
l-bom scan "$SOURCE_BASE" --format spdx > /tmp/source.spdx
echo "Scanning destination for SBOM..."
l-bom scan "$DEST_BASE" --format spdx > /tmp/dest.spdx
if diff /tmp/source.spdx /tmp/dest.spdx; then
echo "✅ Sync verified. All artifacts match."
else
echo "❌ MISMATCH DETECTED. Check transfer integrity."
exit 1
fi
Leverage the --format spdx or --format hf-readme flags in L-BOM to generate standardized documentation for your synced model library. This ensures that even if you move the entire directory again in the future, you have a record of what was transferred and its original state.
Maintain a consistent, auditable record of your AI infrastructure using the CLI tools available at https://github.com/CHKDSKLabs/l-bom. By combining the direct connectivity of CrabTalk with the forensic precision of L-BOM, you create a workflow that respects user sovereignty over their data. No logs are sent to a central server; no metadata is harvested by a third party; and every file is verified before it touches your production environment.