I've been running some tests with Claude Code on a few ARM-based dev boards (Cortex-M33 with TrustZone) to see how it handles persistent agent-like behavior. The core question that came up during my firmware analysis session was: when I close the chat, does the access I granted it actually terminate?
From what I can see in the activity logs and by monitoring the processes on my edge device, Claude Code's access appears to be strictly session-bound. Once the session ends, there's no lingering daemon or background process that maintains the SSH connection or file system access I granted. The access tokens or temporary credentials generated for the session should be invalidated.
However, there's an important nuance when you're working with embedded systems or deployment scripts. If Claude Code *writes* a script or config file during the session that contains credentials, or modifies a service to auto-start, that change persists on *your system*. The access itself is gone, but any artifacts left behind certainly remain.
For example, if you let it write a deployment script:
```bash
#!/bin/bash
# Deployment script created during Claude Code session
REMOTE_HOST="192.168.1.105"
SSH_KEY_PATH="/home/user/.ssh/deploy_key"
scp -i $SSH_KEY_PATH firmware.bin user@$REMOTE_HOST:/tmp/
```
That file stays on your machine after the session closes. The key (`deploy_key`) would also persist if it was created and saved to disk. So while Claude Code's active access drops, the environmental modifications it made do not roll back.
I'm curious if others have done deeper testing—especially around cached credentials in development environments. Has anyone monitored network connections or process trees after a session ends to confirm there are no orphaned connections?