A shorter list than recent releases but with quietly significant changes. /config settings finally persist to ~/.claude/settings.json and participate in the override chain. --from-pr and the owner/repo#N shorthand now support GitLab, Bitbucket, GitHub Enterprise, and your git remote's host — first-class non-GitHub support. --print and --agent modes now honor agent frontmatter consistently with interactive. PowerShell tool gains Bash-parity auto-approval. Hooks gain duration_ms. Plus plugin auto-update smarts, a Vim Esc fix, OTEL/status-line enrichments, and a Vertex AI tool-search default change.

/config settings now persist to settings.json with the full override chain

Why: Runtime UI settings like theme, editor mode, and verbose changed with /config didn't survive restarts, and their place in the project/local/policy override precedence was murky.

What: Persists /config settings to ~/.claude/settings.json and participates in project/local/policy override precedence.

How: Automatic — change /config, your choice now sticks and respects higher-scope overrides.

Non-GitHub Git support in --from-pr and owner/repo#N shorthand

Why: Teams on GitLab, Bitbucket, GitHub Enterprise, or self-hosted Git were locked out of --from-pr review and had owner/repo#N links always point to github.com.

What: --from-pr now accepts GitLab merge-request, Bitbucket pull-request, and GitHub Enterprise PR URLs; owner/repo#N shorthand now uses your git remote's host.

How: claude --from-pr <gitlab-or-bitbucket-or-ghe-url>; inline owner/repo#123 resolves to your origin's host automatically.

New UI chrome settings: prUrlTemplate and CLAUDE_CODE_HIDE_CWD

Why: The footer PR badge hard-coded github.com, and the startup logo always showed the working directory — awkward in demos or when recording.

What: Adds prUrlTemplate setting to point the footer PR badge at a custom code-review URL, and CLAUDE_CODE_HIDE_CWD env var to hide the working directory in the startup logo.

How: Set prUrlTemplate in settings.json; export CLAUDE_CODE_HIDE_CWD=1 in your shell.

--print honors agent tools/disallowedTools; --agent honors permissionMode; PowerShell auto-approve

Why: Headless --print mode ignored the agent's tool restrictions, --agent <name> didn't respect the agent's permissionMode, and PowerShell users still hit prompts that Bash had learned to skip.

What: --print mode honors agent tools:/disallowedTools:; --agent <name> honors the agent's permissionMode for built-in agents; PowerShell tool commands can be auto-approved in permission mode (Bash parity).

How: Automatic for --print and --agent; configure PowerShell allow-rules in .claude/settings.json permissions.

Hooks: PostToolUse and PostToolUseFailure include duration_ms

Why: Hook-based observability pipelines had no signal for tool execution time — only that the tool ran.

What: PostToolUse and PostToolUseFailure hook inputs now include duration_ms, measuring tool execution time excluding permission prompts and PreToolUse hooks.

How: Read duration_ms from your hook's stdin JSON; already populated in 2.1.119.

Plugin auto-update respects version constraints + parallel MCP reconfig

Why: A plugin pinned by another plugin's version constraint was stuck at its old version, and subagent/SDK MCP server reconfiguration connected servers serially, slowing startup.

What: Plugins pinned by another plugin's version constraint now auto-update to the highest satisfying git tag; subagent and SDK MCP server reconfiguration now connects servers in parallel.

How: Automatic — auto-update picks the best satisfying tag and MCP reconnects faster across subagent spawns.

Vim: Esc in INSERT no longer pulls queued messages back

Why: Vim users hitting Esc to leave INSERT had a queued message unexpectedly reappear in the input, breaking the mental model.

What: Esc in INSERT mode no longer pulls a queued message back into the input; press Esc again to interrupt.

How: Enable vim mode and press Esc as usual; behavior now matches expectations.

Security: blockedMarketplaces enforces hostPattern/pathPattern + telemetry enrichments

Why: Managed-settings blockedMarketplaces documented hostPattern/pathPattern but didn't enforce them, and OTEL events couldn't be correlated across tool_result/tool_decision without manually threading tool_use_id.

What: blockedMarketplaces now enforces hostPattern and pathPattern; OTEL tool_result/tool_decision include tool_use_id; tool_result also includes tool_input_size_bytes; status-line stdin JSON includes effort.level and thinking.enabled.

How: Existing policy and telemetry pipelines now receive the new fields and enforcement automatically.

Tool search disabled by default on Vertex AI

Why: Vertex AI returned an unsupported beta header error whenever Claude Code tried to enable the tool search tool by default.

What: Disables tool search by default on Vertex AI to avoid the unsupported-beta-header error; opt in explicitly via ENABLE_TOOL_SEARCH.

How: export ENABLE_TOOL_SEARCH=1 on Vertex AI to turn it back on.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - /config now persists to settings.json
• (01:07) - Non-GitHub Git: GitLab, Bitbucket, GHE
• (01:38) - UI chrome: prUrlTemplate + CLAUDE_CODE_HIDE_CWD
• (02:01) - Print/agent/permissions polish
• (02:32) - Hooks: PostToolUse duration_ms
• (02:54) - Plugin auto-update + parallel MCP reconfig
• (03:19) - Vim: Esc no longer pulls queued message
• (03:40) - Security + telemetry enrichments
• (04:17) - Tool search opt-in on Vertex AI

A meaty release. Vim users finally get visual mode (v) and visual-line mode (V) in the prompt editor. Hooks can now invoke MCP tools directly via a new type: "mcp_tool" action — a real declarative-pipeline unlock. /cost and /stats merge into /usage, and there's a real custom theme system that plugins can ship into. Plus a stricter DISABLE_UPDATES env var, WSL inheriting Windows-side managed settings, an auto-mode $defaults sentinel that fixes a common config footgun, a claude plugin tag command for plugin authors, smarter --continue/--resume for monorepo subprojects, /color sync to Remote Control, and gateway model-name overrides honored by /model.

Vim visual mode (v) and visual-line mode (V) land in the prompt editor

Why: Vim-mode users had motions and operators but no selection primitive, so half of vim's real power was missing from the prompt editor.

What: Adds visual mode (v) and visual-line mode (V) with selection, operators, and visual feedback to the built-in vim editor.

How: Enable vim mode, then press v or V in the prompt editor to start a selection.

/usage merges /cost and /stats

Why: Two overlapping commands for billing and session stats made users hunt for the right one.

What: Merges /cost and /stats into a single /usage command; both old names remain as typing shortcuts that open the relevant tab.

How: Type /usage for the consolidated view; /cost and /stats still work and jump straight to their tab.

Named custom themes plus plugin-shipped themes

Why: Theme customization was limited to a fixed set, and plugin authors couldn't ship branded styling.

What: Adds named custom themes via /theme, hand-editable JSON files in ~/.claude/themes/, and a themes/ directory plugins can ship themes from.

How: Run /theme, create a named theme, or drop JSON into ~/.claude/themes/; plugin authors add a themes/ directory.

Hooks can invoke MCP tools directly

Why: Hooks wanting to call an MCP tool had to shell out to a command or HTTP request, breaking declarative hook config.

What: Adds a new hook action type: "mcp_tool" that invokes an MCP tool directly from a hook definition.

How: In your hook config, set type: "mcp_tool" with the target server and tool name.

DISABLE_UPDATES env var blocks all update paths

Why: DISABLE_AUTOUPDATER stopped background updates but claude update could still run, leaving change-controlled environments exposed.

What: Adds a new DISABLE_UPDATES env var that blocks all update paths including manual claude update.

How: export DISABLE_UPDATES=1 in your shell profile or deployment environment.

WSL inherits Windows-side managed settings

Why: Enterprise admins had to apply managed settings twice — once for Windows, once for each WSL distro — doubling policy drift risk.

What: Adds wslInheritsWindowsSettings policy key so WSL on Windows can inherit Windows-side managed settings.

How: Set wslInheritsWindowsSettings: true in the managed-settings policy.

Auto mode $defaults sentinel

Why: Adding a single custom rule to autoMode.allow/soft_deny/environment silently replaced the entire built-in list — a common footgun.

What: Adds a "$defaults" sentinel you can include in autoMode.allow, autoMode.soft_deny, or autoMode.environment to preserve the built-in list alongside your custom rules.

How: Include "$defaults" in the array to keep built-ins; omit it to replace them.

"Don't ask again" on the auto mode opt-in prompt

Why: Users re-approving auto mode on every launch got prompt fatigue.

What: Adds a "Don't ask again" option to the auto mode opt-in prompt.

How: Check "Don't ask again" when prompted.

claude plugin tag for plugin authors

Why: Plugin authors had to create release tags manually, and version validation was ad-hoc.

What: Adds claude plugin tag which creates release git tags for plugins with version validation.

How: Run claude plugin tag in the plugin directory.

--continue / --resume finds sessions added via /add-dir

Why: Monorepo users pulling subprojects with /add-dir couldn't resume those sessions from elsewhere in the tree.

What: --continue and --resume now find sessions that added the current directory via /add-dir, not only sessions natively rooted there.

How: claude --continue or claude --resume from any directory that was added to a prior session via /add-dir.

/color syncs accent color to Remote Control

Why: Remote Control sessions on mobile/web didn't match the accent color set in the terminal.

What: /color now syncs the session accent color to claude.ai/code when Remote Control is connected.

How: Run /color in a Remote Control-connected session; the color propagates to the web/mobile view.

/model picker honors gateway default overrides

Why: Enterprise users on a custom ANTHROPIC_BASE_URL gateway had the default model names/descriptions show as upstream defaults instead of their overrides.

What: /model picker now honors ANTHROPIC_DEFAULT_*_MODEL_NAME and ANTHROPIC_DEFAULT_*_MODEL_DESCRIPTION overrides when using a custom ANTHROPIC_BASE_URL.

How: Set the env vars alongside ANTHROPIC_BASE_URL; /model reflects them.

Plugin auto-update skips surface in /doctor and /plugin Errors

Why: When auto-update skipped a plugin because another plugin's version constraint blocked it, users had no way to see what got held back.

What: When auto-update skips a plugin due to another plugin's version constraint, the skip now appears in /doctor and the /plugin Errors tab.

How: Check /doctor or the /plugin Errors tab to see skip reasons.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - Vim visual mode lands in the prompt editor
• (00:57) - /usage merges /cost and /stats
• (01:18) - Custom themes plus plugin theme surface
• (01:43) - Hooks can invoke MCP tools...

A dense release. The headline fix: Opus 4.7 finally computes /context against its 1M window instead of 200K, so sessions stop autocompacting prematurely. Pro and Max subscribers get a default effort bump from medium to high on Opus 4.6 and Sonnet 4.6. Plugin ecosystem gets a real overhaul across dependencies, errors, and marketplace auto-resolve — plus managed-settings marketplace enforcement applied uniformly. Native macOS and Linux builds replace Glob and Grep with embedded bfs and ugrep. Forked subagents and agent mcpServers expand to external builds and --agent main-thread sessions. Plus /model persistence, /resume stale-session summarize, Advisor Tool labeling, broader cleanupPeriodDays sweep, and OpenTelemetry enrichments.

Opus 4.7 /context now computed against 1M window

Why: Opus 4.7 shipped with a 1M context window, but Claude Code was still computing /context percentages against 200K, causing premature autocompact warnings.

What: Fixes /context on Opus 4.7 to compute against the native 1M window, eliminating inflated percentages and premature autocompact.

How: Automatic — upgrade to v2.1.117 and Opus 4.7 sessions use 1M as the denominator.

Default effort bumped to high on Opus 4.6 / Sonnet 4.6 for Pro/Max

Why: Pro and Max subscribers were defaulting to medium effort on Opus 4.6 and Sonnet 4.6, under-using available quality on flat-rate plans.

What: Bumps default effort from medium to high for Pro/Max subscribers on Claude Opus 4.6 and Sonnet 4.6.

How: Automatic — set /effort medium explicitly to restore the old default.

Plugin dependency UX overhaul

Why: plugin install bailed with "already installed" when a plugin had unmet deps, errors were cryptic, and adding a marketplace didn't resolve missing deps.

What: plugin install now installs missing deps on already-installed plugins; errors say "not installed" with install hint; plugin marketplace add auto-resolves from configured marketplaces.

How: Re-run plugin install <name> to backfill deps; claude plugin marketplace add <url> now fills in anything missing.

Managed-settings marketplace enforcement

Why: blockedMarketplaces and strictKnownMarketplaces were only enforced on some plugin operations — a policy gap for IT-managed fleets.

What: Enforces blockedMarketplaces and strictKnownMarketplaces on plugin install, update, refresh, and autoupdate operations.

How: Existing managed-settings keys now apply uniformly; no config change needed.

Native builds: Glob and Grep replaced by embedded bfs and ugrep

Why: Separate Glob and Grep tools incurred a per-call round-trip and lacked ugrep's richer pattern features.

What: On native macOS and Linux builds, Glob and Grep are replaced by embedded bfs and ugrep invoked through the Bash tool — faster and more capable.

How: Automatic on native builds; Windows and npm-installed builds unchanged.

Forked subagents opt-in for external builds

Why: Forked subagents were gated behind internal flags, blocking external builds and SDK users from using them.

What: Enables forked subagents on external builds via the CLAUDE_CODE_FORK_SUBAGENT=1 environment variable.

How: export CLAUDE_CODE_FORK_SUBAGENT=1 before launching Claude Code or your SDK session.

Agent mcpServers frontmatter now fires under --agent

Why: Agent-level mcpServers in frontmatter only loaded for subagent invocations, leaving main-thread --agent sessions without agent-specific MCP.

What: Loads agent frontmatter mcpServers for main-thread agent sessions launched via --agent, not only subagents.

How: Add mcpServers: to your agent frontmatter; now applies under claude --agent <name> and subagent launches both.

/model persists across restarts + startup header shows pin source

Why: /model selections could be silently overridden by project pins on restart, and users had no signal about where a pinned model came from.

What: /model selections now persist across restarts even when a project pins a different model, and the startup header shows when the active model comes from a project or managed-settings pin.

How: Automatic — your /model choice sticks; the startup header tells you when a pin is overriding.

/resume offers to summarize stale, large sessions

Why: Re-reading a huge stale session on /resume was slow and dumped a massive context on the model, whereas --resume already offered a summarize path.

What: Adds a summarize-before-re-read prompt to /resume on stale large sessions, matching the existing --resume flag behavior.

How: Run /resume — when a stale large session is detected, accept the summarize offer.

Advisor Tool: experimental label and stuck-error fix

Why: Advisor Tool was preview-quality but lacked that signal, and sessions were getting stuck with "Advisor tool result content could not be processed" on every prompt and /compact.

What: Adds "experimental" label, learn-more link, and startup notification to the Advisor Tool dialog; fixes the persistent result-processing error.

How: Automatic — existing Advisor Tool users get both the labeling and the fix.

cleanupPeriodDays retention extends to more directories

Why: Long-running installs accumulated untracked state in ~/.claude/tasks/, ~/.claude/shell-snapshots/, and ~/.claude/backups/ that retention sweeps didn't touch.

What: cleanupPeriodDays retention sweep now also covers ~/.claude/tasks/, ~/.claude/shell-snapshots/, and ~/.claude/backups/.

How: Automatic on next sweep; existing cleanupPeriodDays setting applies.

OpenTelemetry enrichments

Why: OTEL events lacked signal about which slash command fired and at what effort level, making it hard to attribute cost and latency to code paths.

What: Adds command_name and command_source to user_prompt events; adds effort attribute to cost.usage, token.usage, api_request, and api_error when supported.

How: Automatic; custom/MCP command names are redacted unless OTEL_LOG_TOOL_DETAILS=1 is set.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs:

Performance, security, and developer-UX wins. /resume is up to 67% faster on 40MB+ sessions, MCP startup defers template listing until the first @-mention, /doctor works mid-response, and sandbox auto-allow stops bypassing the dangerous-path safety check. Plus /terminal-setup tuning for fullscreen editor scroll, /reload-plugins auto-installing missing dependencies, the Bash tool surfacing GitHub rate-limit hints, and agent hooks firing under main-thread --agent.

67% faster /resume on large sessions

Why: Users with 40MB+ session files waited noticeable seconds for /resume to load, especially when sessions accumulated many dead-fork entries over time.

What: Makes /resume up to 67% faster on 40MB+ sessions and handles dead-fork-heavy sessions more efficiently during load.

How: Automatic — upgrade to v2.1.116 and run /resume as usual; no config changes needed.

Faster MCP startup, lazy template listing

Why: Sessions with many stdio MCP servers paid a long startup penalty as each server exhaustively listed its resource templates up front.

What: Defers resources/templates/list to the first @-mention, cutting MCP startup time when multiple stdio servers are configured.

How: Automatic on upgrade — the first @-mention in a session triggers template fetches lazily.

/terminal-setup now tunes editor fullscreen scroll

Why: Fullscreen mode in VS Code, Cursor, and Windsurf terminals felt jerky because the editor's built-in scroll sensitivity overrode Claude Code's own.

What: /terminal-setup now configures the editor's terminal scroll sensitivity for smoother fullscreen scrolling across VS Code, Cursor, and Windsurf.

How: Run /terminal-setup once inside each editor; it writes the scroll-sensitivity settings into the editor config for you.

/doctor now works mid-response

Why: You couldn't open /doctor to diagnose a stuck or pathological turn — the slash command was blocked until the current turn finished.

What: Lets /doctor be invoked while Claude is still responding, without waiting for the turn to complete.

How: Type /doctor at any time, even during a running turn; no flags or extra config needed.

/reload-plugins auto-installs missing dependencies

Why: Plugin reloads and background auto-updates would fail or stall when a plugin referenced a dependency from a marketplace you hadn't yet added.

What: /reload-plugins and background plugin auto-update now auto-install missing plugin dependencies from marketplaces you've already added.

How: Run /reload-plugins — missing deps now resolve automatically from known marketplaces; no manual install step needed.

Bash tool surfaces GitHub API rate-limit hints

Why: Agents running gh commands against GitHub would blindly retry on rate-limit, wasting turns and sometimes triggering stricter secondary limits.

What: Bash tool now surfaces a hint when gh commands hit GitHub's API rate limit, so agents can back off instead of retrying.

How: Automatic — agents see the rate-limit hint in tool output and can choose to pause or switch strategies.

Agent hooks: frontmatter now fires under --agent

Why: Agent-level hooks: frontmatter only fired for subagent invocations, leaving main-thread --agent runs without any pre/post hook coverage.

What: Fires the agent's hooks: frontmatter when the agent runs as a main-thread agent via --agent, not only as a subagent.

How: Add hooks: to your agent frontmatter; it now activates under claude --agent <name> as well as subagent launches.

Sandbox auto-allow no longer bypasses dangerous-path safety

Why: A permissive sandbox auto-allow rule could bypass the existing dangerous-path safety check, letting rm hit /, $HOME, or critical system directories.

What: Prevents sandbox auto-allow from bypassing the dangerous-path safety check for rm/rmdir targeting /, $HOME, or other critical system directories.

How: Automatic — existing sandbox config still works; the dangerous-path check now always runs before auto-allowing destructive commands.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - 67% faster /resume on large sessions
• (00:57) - MCP startup rework: lazy template listing
• (01:23) - /terminal-setup tunes editor fullscreen scroll
• (01:51) - /doctor now works mid-response
• (02:15) - /reload-plugins auto-installs missing deps
• (02:40) - Bash tool surfaces gh rate-limit hints
• (03:06) - Agent hooks fire under --agent
• (03:29) - Sandbox dangerous-path safety

Two announcements for API developers. Claude Opus 4.7 is generally available at Opus 4.6 pricing, but ships with breaking API changes: thinking budgets removed, temperature/top_p/top_k now 400s on non-default values, thinking silently omitted by default, and a new tokenizer. Separately, Claude in Amazon Bedrock opens to every Bedrock customer across 27 AWS regions through a new Messages API endpoint at /anthropic/v1/messages — zero operator access from Anthropic, AWS-managed infrastructure.

Claude Opus 4.7 GA with breaking API changes

Why: Developers running complex agentic coding and vision workloads needed better reasoning without paying more, but thinking and sampling APIs required a migration.

What: Launches claude-opus-4-7 generally available at Opus 4.6 pricing ($5/$25 per MTok), with a new tokenizer, high-resolution image support, and breaking API changes.

How: Set model: "claude-opus-4-7", drop temperature/top_p/top_k, switch thinking to {"type": "adaptive"}, and review the migration guide before cutting over.

Claude in Amazon Bedrock — open to all customers

Why: AWS-heavy customers needed Claude running entirely inside their security boundary with AWS billing, but Bedrock access was gated and API-shape-divergent.

What: Opens Claude Opus 4.7 and Claude Haiku 4.5 self-serve to all Amazon Bedrock customers via the Messages API endpoint at /anthropic/v1/messages, across 27 AWS regions.

How: Call POST https://bedrock-mantle.{region}.api.aws/anthropic/v1/messages with model ID anthropic.claude-opus-4-7, or install pip install -U "anthropic[bedrock]".

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Platform release notes.

Full release notes: platform.claude.com/docs/en/release-notes/api

Claude API docs: platform.claude.com/docs/en/api

• (00:00) - Claude Opus 4.7 GA with breaking API changes
• (01:39) - Claude in Amazon Bedrock GA

A structural change under the hood (native binary CLI) combined with five genuine security hardenings — deny-rule wrapper matching, find flag scoping, macOS /private path protection, the dangerouslyDisableSandbox permission prompt, and a real Bash UI-spoofing fix. Plus sandbox network deny-lists, faster /ultrareview, Remote Control parity for /extra-usage and @-file autocomplete, and a subagent stall timeout.

Native Claude Code binary

Why: The bundled-JavaScript CLI paid a Node startup cost on every invocation and pulled a full runtime into every install.

What: The CLI now spawns a native Claude Code binary via per-platform optional dependencies. No JS runtime needed at launch — faster starts, smaller footprint.

How: Automatic on upgrade. claude picks the right platform binary; no configuration required.

sandbox.network.deniedDomains

Why: A broad allowedDomains wildcard couldn't carve out a hostile subdomain you still wanted blocked.

What: New sandbox.network.deniedDomains setting blocks specific domains even when a broader wildcard would otherwise permit them. Deny wins.

How: Add "deniedDomains": ["evil.example.com"] under sandbox.network in settings.json.

/loop improvements

Why: Queued /loop wakeups couldn't be cancelled cleanly, and generic "Claude woke up" labels confused users.

What: Esc now cancels pending /loop wakeups; wakeups display as "Claude resuming /loop wakeup" for clarity.

How: Hit Esc during a wakeup wait to cancel.

/extra-usage on Remote Control

Why: Mobile/web Remote Control clients couldn't check plan usage without jumping back to the terminal.

What: /extra-usage now works from Remote Control sessions.

How: Type /extra-usage in any Remote Control session.

Remote Control @-file autocomplete

Why: Typing file paths blind on mobile was painful — no discovery, no completion.

What: Remote Control clients can now query @-file autocomplete suggestions, matching the local CLI.

How: Type @ in a Remote Control session.

Faster /ultrareview launch

Why: Sequential cold-launch checks and no progress signal made /ultrareview feel slow before any feedback.

What: Parallelized launch checks, a diffstat in the launch dialog, and an animated launching state.

How: /ultrareview or /ultrareview <PR#>.

Subagent stall timeout

Why: A subagent that stalled mid-stream left the parent session waiting silently with no signal.

What: Stalls now fail with a clear error after 10 minutes instead of hanging indefinitely.

How: Automatic.

Bash multi-line comment fix (UI-spoofing)

Why: A multi-line Bash command whose first line was a comment only showed the comment in the transcript — a UI-spoofing vector for prompt injection.

What: The Bash tool now shows the full multi-line command in the transcript regardless of whether the first line is a comment.

How: No action. Upgrade to v2.1.113 and transcripts render full command bodies.

cd no-op + git no prompt

Why: cd <cwd> && git status redundantly prompted because the compound-command rule treated the no-op cd as a separate step.

What: cd <cwd> && git … no longer prompts when the cd is a no-op. Real directory changes still prompt.

How: Automatic.

macOS /private paths dangerous under Bash(rm:*)

Why: macOS maps /private/{etc,var,tmp,home} to /etc, /var, etc. An rm -rf /private/etc under Bash(rm:*) wouldn't trigger dangerous-path protection.

What: Both /etc and /private/etc spellings now treated as dangerous removal targets.

How: Automatic whenever Bash(rm:*) is allowed.

Exec-wrapper deny-rule matching

Why: Deny rules missed sudo rm, env FOO=1 rm, watch rm, and similar wrapped invocations — a bypass path for attackers or confused agents.

What: Bash deny rules now match commands wrapped in env, sudo, watch, ionice, setsid, and similar wrappers. Symmetric with allow-side stripping.

How: No action. Existing deny rules automatically cover wrapped variants.

find -exec / -delete no auto-approve

Why: Bash(find:*) allow rules auto-approved find . -exec rm -rf {} \; and find . -delete — destructive flags weren't inspected.

What: Bash(find:*) no longer auto-approves find -exec or -delete; those fall back to the prompt.

How: Approve explicitly when legitimately needed, or add a narrower allow rule.

dangerouslyDisableSandbox permission fix

Why: Commands using dangerouslyDisableSandbox could execute outside the sandbox without a permission prompt — a silent security-contract break.

What: Every dangerouslyDisableSandbox invocation now triggers the standard permission prompt.

How: Automatic. Lock the escape hatch entirely with "sandbox": { "allowUnsandboxedCommands": false }.

Session recap composing-text fix

Why: Session recap auto-fired while you had unsent text in the prompt, interrupting mid-thought.

What: Session recap now waits until the prompt buffer is empty or submitted.

How: Automatic. Force one manually with /recap.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - Native Claude Code binary
• (01:08) - sandbox.network.deniedDomains
• (01:45) - /loop improvements
• (02:08) - /extra-usage on Remote Control
• (02:25) - Remote Control @-file autocomplete
• (02:43) - Faster /ultrareview launch
• (03:08) - Subagent stall timeout
• (03:40) - Bash multi-line comment fix
• (04:32) - cd no-op + git no prompt
• (04:57) - macOS /private paths dangerous
• (05:39) - Exec-wrapper deny-rule matching
• (06:21) - find -exec / -delete no auto-approve
• (06:59) - dangerouslyDisableSandbox permission fix
• (07:45) - Session recap composing-text fix

A dense release — Opus 4.7 becomes the default flagship, a brand-new xhigh effort level lands between high and max, and two cloud-backed skills ship simultaneously. Plus a native Windows PowerShell tool, Auto mode as a first-class permission mode, and a handful of DX wins.

Opus 4.7 + Auto mode for Max

Why: Max subscribers juggled plans and manual model switches when they wanted the strongest reasoning during complex agentic work.

What: Opus 4.7 is now the default opus alias on the Anthropic API, and Auto mode is available to Max subscribers when Opus 4.7 is active.

How: claude --model opus, then /permissions to set defaultMode: auto.

New xhigh effort level

Why: high was starting to feel thin on Opus 4.7's harder tasks; max is uncapped and burns tokens on routine prompts.

What: A new Opus-4.7-only level between high and max. It's the default effort on Opus 4.7 across every plan and provider. Other models fall back to high.

How: /effort xhigh, claude --effort xhigh, or CLAUDE_CODE_EFFORT_LEVEL=xhigh.

/effort interactive slider

Why: Remembering five level names broke flow when changing how hard the model thinks.

What: Running /effort with no arguments opens an interactive slider; arrow keys navigate levels, Enter confirms. The same slider appears in /model via left/right arrows.

How: /effort (no args) then arrow keys + Enter.

Auto (match terminal) theme

Why: Claude Code's theme drifted out of sync with the terminal's dark/light mode.

What: A new "Auto (match terminal)" theme option follows your terminal's light/dark signal live.

How: /theme → "Auto (match terminal)".

/less-permission-prompts skill

Why: Power users accumulate dozens of small permission prompts — ls, rg, git status — that interrupt flow.

What: Scans recent transcripts for common read-only Bash and MCP tool calls and proposes a prioritized allowlist to paste into .claude/settings.json.

How: /less-permission-prompts.

/ultrareview command

Why: Comprehensive code review wants multiple perspectives — security, performance, style — and running them sequentially hits context limits.

What: Runs comprehensive code review in the cloud using parallel multi-agent analysis and critique. No arguments reviews current branch; a PR number fetches and reviews that PR.

How: /ultrareview or /ultrareview 1234.

Auto mode — no flag required

Why: Auto mode was gated behind the --enable-auto-mode startup flag, requiring opt-in on every launch.

What: Auto mode is now a first-class permission mode; the startup flag is gone. The classifier still gates risky actions.

How: /permissions → Auto, or "permissions": { "defaultMode": "auto" } in settings.json.

PowerShell tool on Windows

Why: Windows users routed shell work through Git Bash, which broke native PowerShell idioms and paths.

What: A native PowerShell tool is rolling out progressively on Windows. Opt in or out with CLAUDE_CODE_USE_POWERSHELL_TOOL. Linux/macOS also work with pwsh on PATH.

How: export CLAUDE_CODE_USE_POWERSHELL_TOOL=1.

Bash globs skip permission prompts

Why: Routine ls *.ts and cd packages/api && ls still triggered permission prompts.

What: Read-only Bash commands with glob patterns, and commands starting with cd <project-dir> &&, no longer prompt. Write-capable commands like find and sed still prompt.

How: Nothing to configure.

/setup-vertex & /setup-bedrock polish

Why: Enterprise users re-running the provider wizards had to retype model IDs and re-discover settings.json paths.

What: Both wizards now show the actual settings.json path when CLAUDE_CONFIG_DIR is set, seed model candidates from existing pins on re-run, and offer a "with 1M context" option for supported models.

How: /setup-vertex or /setup-bedrock.

plugin_errors in stream-json init

Why: Headless SDK pipelines couldn't tell whether a plugin was silently demoted at startup for unsatisfied dependencies.

What: Headless --output-format stream-json now includes a plugin_errors field on the init event, distinguishing conflicting, invalid, and overly complex version requirements.

How: claude -p "..." --output-format stream-json and inspect init.plugin_errors.

OTEL_LOG_RAW_API_BODIES env var

Why: Debugging anomalous model behavior requires seeing exact request and response bodies, which metrics alone can't capture.

What: New OTEL_LOG_RAW_API_BODIES emits full API request/response bodies as OpenTelemetry log events.

How: export OTEL_LOG_RAW_API_BODIES=1 alongside CLAUDE_CODE_ENABLE_TELEMETRY=1.

Reverted non-streaming retry cap

Why: The v2.1.110 retry cap avoided multi-minute hangs but pushed transient failures into outright errors.

What: The cap is reverted. Non-streaming fallbacks retry longer during API overload, trading occasional long waits for fewer outright failures.

How: No action — behavior reverts automatically.

Windows CLAUDE_ENV_FILE support

Why: On Windows, CLAUDE_ENV_FILE and SessionStart hook env files were silent no-ops.

What: Both mechanisms now apply on Windows. Env state set in the file or SessionStart hook carries into subsequent Bash and PowerShell tool calls.

How: set CLAUDE_ENV_FILE=C:\path\to\setup.ps1 or equivalent in .claude/settings.json.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - Opus 4.7 + Auto mode for Max
• (01:28) - New xhigh effort level
• (02:08) - /effort interactive slider
• (02:45) - Auto (match terminal) theme
• (03:08) - /less-permission-prompts skill
• (03:52) - /ultrareview command
• (04:26) - Auto mode — no flag required
• (05:07) - PowerShell tool on Windows
• (05:41) - Bash globs skip permission prompts
• (06:19) - /setup-vertex & /setup-bedrock polish
• (06:59) - plugin_errors in stream-json init
• (07:31) - OTEL_LOG_RAW_API_BODIES env var
• (07:59) - Reverted non-streaming retry cap
...

A packed release — fourteen features advanced users will feel day one. New slash commands, a push notification tool Claude itself can invoke, distributed tracing for SDK sessions, and a real security hardening pass on hooks.

/tui command for fullscreen mode

Why: Switching between normal and fullscreen rendering previously required restarting the CLI, losing conversation state mid-task.

What: Adds a /tui slash command and matching tui setting that switches the active session to a flicker-free fullscreen renderer without reload.

How: Run /tui fullscreen inside any session, or set "tui": "fullscreen" in settings to make it the default.

autoScrollEnabled config for fullscreen

Why: Auto-scroll in long fullscreen conversations kept yanking focus away from earlier output users were reading.

What: Adds an autoScrollEnabled settings key that lets you keep the scrollback anchored where you left it in fullscreen mode.

How: Set "autoScrollEnabled": false in settings.json or toggle it under /config while in fullscreen.

Push notification tool for Claude

Why: Long-running agentic work left users tied to the terminal, unable to step away without missing prompts.

What: Adds a push-notification tool the model can invoke to ping your phone when it decides attention is needed, gated on Remote Control.

How: Enable Remote Control and the Push when Claude decides config, then Claude triggers pushes on its own.

/focus command and Ctrl+O rework

Why: The old Ctrl+O shortcut mixed two unrelated concerns — transcript verbosity and focus-view toggling — making muscle memory unreliable.

What: Splits the shortcut: Ctrl+O now toggles normal versus verbose transcript only; the new /focus command toggles the focus view independently.

How: Press Ctrl+O for verbose output, or run /focus to enter or leave the focus pane.

Ctrl+G external editor carries last response

Why: Drafting long prompts in the external editor left authors blind to Claude's prior reply, forcing copy-paste of context.

What: Adds an opt-in option that injects Claude's last response as commented context into the Ctrl+G external-editor buffer.

How: Enable it under /config (external editor section), then Ctrl+G launches your editor with commented prior reply preloaded.

/context, /exit, /reload-plugins on Remote Control

Why: Mobile and web Remote Control clients could not inspect context, reload plugins, or cleanly exit — forcing a return to the laptop.

What: Adds /context, /exit, and /reload-plugins as supported commands inside Remote Control sessions initiated from mobile or web.

How: In any Remote Control session, type /context, /exit, or /reload-plugins — they behave the same as the local CLI.

--resume restores scheduled tasks

Why: Resumed sessions were wiping pending scheduled tasks the user had queued, forcing manual re-entry of cron-like work.

What: --resume and --continue now resurrect unexpired scheduled tasks so they fire on their original timeline after reload.

How: Just run claude --resume <session-id> or claude --continue; scheduled tasks are re-armed automatically.

Write tool sees IDE diff edits

Why: When users tweaked a proposed edit in the IDE diff before accepting, Claude thought its original content shipped — leading to incorrect follow-up edits.

What: The Write tool now tells the model when the IDE diff was modified before acceptance so the model reasons against the actual saved file.

How: Automatic when running Claude Code with an IDE integration (VS Code or JetBrains); no user action required.

Bash tool enforces documented timeout cap

Why: Sessions set Bash timeouts above the documented max and then blocked indefinitely, wedging the whole CLI on a stuck child process.

What: The Bash tool now clamps any requested timeout to the documented maximum rather than accepting arbitrarily large values.

How: Use the normal timeout parameter; values above the documented ceiling are silently lowered to the cap.

TRACEPARENT/TRACESTATE for SDK tracing

Why: SDK and headless Claude Code sessions were disconnected from distributed-trace graphs in observability tools like Honeycomb and Datadog.

What: SDK/headless sessions now read TRACEPARENT and TRACESTATE from the environment, linking the session span into an upstream trace.

How: Export TRACEPARENT=<w3c-traceparent> (and optionally TRACESTATE) before invoking claude in headless or SDK mode.

Session recap default for telemetry-off users

Why: Bedrock, Vertex, Foundry, and DISABLE_TELEMETRY users lost the new recap feature because it was gated on telemetry being on.

What: Enables session recap by default for telemetry-disabled users, with an explicit opt-out via /config or an env-var kill switch.

How: Default is on — opt out with /config or set CLAUDE_CODE_ENABLE_AWAY_SUMMARY=0 in your environment.

/doctor warns on mismatched MCP scopes

Why: Running the same MCP server name in user and project scope with different endpoints silently misbehaved — hard to diagnose.

What: Improves /doctor to detect and warn when an MCP server id is defined in multiple config scopes pointing at different endpoints.

How: Run /doctor and scan for the new MCP-scope mismatch warning; press f to let Claude fix the conflict.

Hardened Open-in-editor against filename injection

Why: A crafted filename could inject shell commands into the external-editor launch flow, giving an attacker code execution in the user's shell.

What: Hardens the "Open in editor" action to quote and sanitize filenames before passing them to the external editor command.

How: Automatic; no configuration — pull the latest Claude Code and the fix is active.

Hooks honor permissions.deny on updatedInput

Why: A PermissionRequest hook could rewrite a tool call via updatedInput and bypass the user's permissions.deny list — a real privilege-escalation path.

What: Re-checks updatedInput against permissions.deny after the hook runs, and makes setMode:'bypassPermissions' respect disableBypassPermissionsMode.

How: No action needed; upgrade to 2.1.110. Managed settings can set "disableBypassPermissionsMode": "disable" to enforce organization-wide.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANG...

A one-bullet polish release. Default filter would have skipped this; published per explicit override.

Live thinking progress hint

Why: The previous static "thinking…" indicator gave no signal of progress, so during long extended-thinking passes you couldn't tell if Claude was still working or quietly hung.

What: Adds a rotating progress hint to the extended-thinking indicator, so the visual updates while the model reasons rather than sitting frozen.

How: Automatic — no user action required. Works in any session with extended thinking on (the default); press Ctrl+O to also see the underlying reasoning text in verbose mode.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

A patch release, but genuinely workflow-relevant for advanced users: new cache-TTL knobs, a brand-new /recap command, the Skill tool can now invoke built-in slash commands, and a couple of defaults quietly moved in your favor.

1-hour prompt cache TTL

Why: The default 5-minute prompt cache expired between exchanges in long sessions, so every deep conversation kept re-paying for the same cached tokens.

What: Adds opt-in env var ENABLE_PROMPT_CACHING_1H for 1-hour cache TTL across API key, Bedrock, Vertex, and Foundry; deprecates ENABLE_PROMPT_CACHING_1H_BEDROCK; adds FORCE_PROMPT_CACHING_5M to force the old default back.

How: export ENABLE_PROMPT_CACHING_1H=true before starting Claude Code.

/recap command for returning to a session

Why: Coming back to a long session meant scrolling the transcript or asking Claude "where were we" — manual context recovery every time.

What: A new recap feature that summarizes session state and unfinished work, auto-offered when returning; configurable in /config.

How: Type /recap any time, or force it on for telemetry-disabled setups with CLAUDE_CODE_ENABLE_AWAY_SUMMARY=true.

Skill tool can invoke built-in commands

Why: Claude couldn't reach its own built-in commands like /init, /review, /security-review during agentic work.

What: The model now discovers and invokes the bundled slash commands through the Skill tool, the same mechanism that runs user-defined skills.

How: Automatic — no user action required.

/undo is now an alias for /rewind

Why: Muscle-memory /undo got "unknown command" for users who expected the standard name.

What: /undo is wired as an alias for the existing /rewind command.

How: Type /undo — identical behavior to /rewind.

/model warns before mid-conversation switches

Why: Switching models mid-conversation silently invalidates the prompt cache — the next response re-reads the full history uncached.

What: /model now prints a warning before the switch takes effect.

How: Run /model mid-conversation and read the prompt before confirming.

/resume defaults to current directory

Why: The picker listed sessions across every project, so picking up today's work meant scrolling past stale sessions.

What: The picker now filters to sessions started in the current working directory by default.

How: Type /resume — press Ctrl+A inside the picker to show sessions from all projects.

Better error messages

Why: Failures were ambiguous between server rate limits, plan usage limits, transient 5xx, and slash command typos.

What: Error output now distinguishes server rate limits from plan limits, links 5xx/529 to status.claude.com, and suggests the closest match for unknown slash commands.

How: Automatic — the next failure will show richer, actionable text.

Startup warning when prompt caching is disabled

Why: DISABLE_PROMPT_CACHING* env vars silently kill caching, often inherited from shared dotfiles.

What: Claude Code now prints a warning at startup whenever any DISABLE_PROMPT_CACHING* env var is set.

How: Automatic — if you see the warning, unset DISABLE_PROMPT_CACHING in your shell.

DISABLE_TELEMETRY no longer caps cache at 5 minutes

Why: Users who disabled telemetry assumed they were getting the default 1-hour cache TTL. They weren't — the flag silently forced a 5-minute fallback.

What: Fix: DISABLE_TELEMETRY users now get the expected 1-hour TTL.

How: Automatic — upgrade to 2.1.108. Pair with ENABLE_PROMPT_CACHING_1H if you want it explicit.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - 1-hour prompt cache TTL
• (00:54) - DISABLE_TELEMETRY cap fix
• (01:18) - Disabled-caching startup warning
• (01:47) - /recap command
• (02:33) - /resume defaults to current directory
• (02:50) - /undo alias for /rewind
• (03:10) - Skill tool invokes built-ins
• (03:59) - /model switch warning
• (04:25) - Better error messages