Plugin dependency enforcement. claude plugin disable now refuses if another enabled plugin depends on the target, and prints a copy-pasteable disable chain. claude plugin enable force-enables transitive dependencies automatically. End of silent breakage when plugins depend on each other.

PowerShell on by default for Bedrock / Vertex / Foundry on Windows. The PowerShell tool is now enabled by default for cloud-provider variants on Windows, and runs with -ExecutionPolicy Bypass so scripts don't trip on the default Restricted policy. Opt out with CLAUDE_CODE_USE_POWERSHELL_TOOL=0; keep the policy restrictive with CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1.

worktree.bgIsolation: "none" tells background sessions to skip the per-session git worktree dance and edit the working copy directly. For repos where worktrees are impractical — submodules, mixed VCS, build artifacts that don't survive relative-path moves. Trade-off: parallel sessions can now stomp each other's edits.

Worktree cleanup no longer falls back to rm -rf. When git worktree remove fails — usually gitignored files, in-progress edits, stuck index locks — Claude Code used to rm -rf the directory. Now it stops and surfaces the error. No more silent loss of WIP work.

Stop-hook circuit breaker. Stop hooks that keep blocking the end of a turn now get cut off after 8 consecutive blocks, with a warning. Tune the threshold with CLAUDE_CODE_STOP_HOOK_BLOCK_CAP. Prevents a stuck hook from pinning the session forever.

/bg and detach preserve session config. Backgrounding a session — via /bg or ←-detach from agent view — now preserves --mcp-config, --settings, --add-dir, --plugin-dir, --strict-mcp-config, --fallback-model, and --allow-dangerously-skip-permissions. Background sessions launched from claude agents also now honor permissions.defaultMode from settings.json instead of being force-overridden to auto mode.

Not in this episode: 29 bug fixes including the macOS Documents/Desktop/Downloads permission error, corrupted credentials hanging the CLI, IDE file-reference leak into warm spares, Windows ← keystroke hangs, plus follow-up clarifications to features covered in episode 28.

• (00:00) - Plugin dependency enforcement
• (01:02) - PowerShell defaults on Windows
• (01:55) - worktree.bgIsolation escape hatch
• (02:34) - Worktree cleanup: no more rm -rf
• (03:22) - Stop-hook circuit breaker
• (03:52) - /bg preserves session config

claude agents inherits session flags. claude agents now accepts --add-dir, --settings, --mcp-config, --plugin-dir, --permission-mode, --model, --effort, and --dangerously-skip-permissions. Before, dispatched background sessions just inherited daemon defaults. Now each session is per-call scoped.

Fast mode defaults to Opus 4.7. speed: "fast" and /fast now route through Opus 4.7 instead of Opus 4.6. The Opus 4.7 launch was April 16 on the platform; fast mode was still on 4.6 until this release. Pin the old behavior with CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE=1.

Root-level SKILL.md plugins. A plugin with a top-level SKILL.md and no skills/ subdirectory is now surfaced as a single skill named after the plugin. Removes the scaffolding for one-skill plugins where the skill and plugin are basically the same thing.

LSP servers in plugin details. The /plugin details pane and claude plugin details <name> now list LSP servers a plugin contributes from .lsp.json, alongside its skills, agents, hooks, and MCP servers. Surface-area transparency before install.

/web-setup safety prompt. /web-setup now confirms before replacing an existing GitHub App connection on the same org. Previously the connection was silently overwritten, breaking other users' web sessions in the same workspace.

MCP_TOOL_TIMEOUT fix for remote servers. Behavioral trap: MCP_TOOL_TIMEOUT was being ignored for remote HTTP and SSE MCP servers — calls capped at 60s regardless of the configured value. Now it actually raises the per-request fetch timeout for remote servers too, not just stdio. If you've been seeing weird one-minute aborts on mcp-remote-style servers, this is the fix.

Not in this episode: 18 bug fixes including daemon sleep/wake reconnects, brew-upgrade crash-loop, Windows network-drive deadlocks, plugin cache cleanup, and various UX fixes.

• (00:00) - claude agents inherits session flags
• (01:10) - Fast mode defaults to Opus 4.7
• (01:56) - Root-level SKILL.md plugins
• (02:30) - LSP servers in plugin details
• (03:06) - /web-setup GitHub App warning
• (03:37) - MCP_TOOL_TIMEOUT fix for remote servers

Hook terminalSequence output. Hook JSON output now accepts a terminalSequence field, so hooks can emit desktop notifications, window-title updates, and bells without owning a TTY. Lets daemonized and headless hooks signal completion or attention.

CLAUDE_CODE_PLUGIN_PREFER_HTTPS. Set this env var to clone GitHub plugin sources over HTTPS instead of SSH. Useful for CI runners, locked-down corporate laptops, and dev containers without an SSH key.

ANTHROPIC_WORKSPACE_ID for WIF. Workload identity federation rules can cover more than one workspace. Setting ANTHROPIC_WORKSPACE_ID scopes the minted federated token to a specific workspace — one federation rule at the org level, per-workspace blast radius at runtime.

claude agents --cwd. New flag scopes the agent session list to a working directory. Helps when you have many sessions across many repos. Pairs well with a shell alias per project.

Rewind: Summarize up to here. Rewind always threw away everything after a chosen turn. The new action compresses everything before the chosen turn, leaving recent turns intact — useful for long debugging sessions where early diagnostic context is heavy but recent fix attempts still matter.

Not in this episode: 50+ bug fixes including Bedrock cross-account auth export, MCP config diagnostics, Remote Control token rotation, and many small UX fixes.

• (00:00) - Hook terminalSequence output
• (01:07) - CLAUDE_CODE_PLUGIN_PREFER_HTTPS
• (01:42) - ANTHROPIC_WORKSPACE_ID for WIF
• (02:34) - claude agents --cwd
• (03:07) - Rewind: Summarize up to here

Claude Platform on AWS — launched. The full Anthropic API surface is now available through Anthropic-managed infrastructure on AWS, with AWS billing and IAM authentication. That includes the Messages API, Files API, Message Batches API, Claude Managed Agents, Agent Skills, code execution, and tool use — all reachable through native AWS endpoints.

How it differs from Bedrock. The Bedrock Messages endpoint (launched April 16) is a Messages-only surface at /anthropic/v1/messages. Claude Platform on AWS is the full platform — same shape as the first-party Anthropic API, just with AWS billing and IAM-based auth.

Who it's for. AWS-first organizations that previously had to pick between the rich first-party API (separate billing, separate API-key management) and the Bedrock subset (clean AWS integration, narrower surface). This collapses that trade-off. If you're on GCP, Azure, or on-prem, nothing changes — keep using the Anthropic API directly, or Vertex AI, or Foundry.

Docs: Claude Platform on AWS.

One bullet with a narrow but meaningful audience: fast mode (research preview) now supports Claude Opus 4.7, extending the same speed lever that's been available for Opus 4.6 since February to the newer model. Pricing, rate limits, and access are unchanged — same waitlist, same beta header.

Fast mode (research preview) now supports Claude Opus 4.7

Why: Opus 4.7 shipped April 16 but fast-mode acceleration was still scoped to Opus 4.6; long-horizon agentic workloads on 4.7 had no speed lever.

What: Fast mode (research preview) now supports Opus 4.7 — up to 2.5x faster output token generation at premium pricing, same access model as the 4.6 preview.

How: Set speed: "fast" with model: "claude-opus-4-7" and the fast-mode-2026-02-01 beta header. Join the waitlist at claude.com/fast-mode for access.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Platform release notes.

Release notes: platform.claude.com/docs/en/release-notes/api

Fast mode docs: platform.claude.com/docs/en/build-with-claude/fast-mode

Four quality-of-life changes that take real paper cuts out of advanced workflows: subagent_type matching becomes case- and separator-insensitive on the Agent tool, /loop stops scheduling redundant wakeups for self-notifying tasks, plugin authors now get a warning when a plugin.json key silently shadows a default component folder, and /goal reports cleanly instead of hanging when hooks are disabled.

Agent tool subagent_type matching is now case- and separator-insensitive

Why: Specifying subagent_type had to match the exact slug; common variants like "Code Reviewer" failed against code-reviewer for no good reason.

What: The Agent tool now resolves subagent_type case- and separator-insensitively, so "Code Reviewer", "code reviewer", and "code-reviewer" all match.

How: No action — slugs you'd intuitively write now just work.

/loop no longer schedules redundant wakeups for self-notifying tasks

Why: /loop was scheduling polling wakeups even when its watched task already notifies on completion, burning context and cache for no useful work.

What: /loop now skips redundant wakeups when the task it's watching emits its own completion signal.

How: No action — existing /loop invocations get cheaper automatically.

Plugins warn when default component folders are silently shadowed

Why: Setting a commands (or similar) key in plugin.json was silently disabling discovery of the default commands/ folder, leaving plugin authors confused why their components didn't appear.

What: Plugins now warn when a default folder is shadowed by an explicit plugin.json key. The warning shows up in /doctor, claude plugin list, and /plugin.

How: No action; check /doctor after upgrade if you suspect a plugin is missing components.

/goal reports clearly when hooks are disabled

Why: When disableAllHooks or allowManagedHooksOnly is set, /goal was silently hanging on an indicator that never resolved — looked like a broken command.

What: /goal now shows a clear "hooks are disabled" message instead of hanging.

How: No action — the failure mode is now diagnosable.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: docs.claude.com/en/docs/claude-code

• (00:00) - Agent subagent_type case-insensitive matching
• (00:57) - /loop drops redundant wakeups
• (01:22) - Plugin default-folder shadowing warning
• (01:49) - /goal reports hooks-disabled cleanly

One bullet, but it's a calendar-entry kind of bullet: Anthropic announced deprecation of Claude Sonnet 4 (claude-sonnet-4-20250514) and Claude Opus 4 (claude-opus-4-20250514), with retirement on the Claude API scheduled for June 15, 2026. Migrate to claude-sonnet-4-6 and claude-opus-4-7 respectively — and note that Opus 4.7 ships with API breaking changes versus Opus 4.6.

Sonnet 4 and Opus 4 deprecation — retirement June 15, 2026

Why: Both models are reaching end-of-life on the Claude API; without migration, requests to the deprecated model IDs will return errors after June 15, 2026.

What: Anthropic announced deprecation of claude-sonnet-4-20250514 and claude-opus-4-20250514, with retirement scheduled for June 15, 2026.

How: Migrate to claude-sonnet-4-6 and claude-opus-4-7 respectively before June 15, 2026. For Opus, read the dedicated migration guide because Opus 4.7 includes API breaking changes versus Opus 4.6.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Platform release notes.

Release notes: platform.claude.com/docs/en/release-notes/api

Model deprecations: platform.claude.com/docs/en/about-claude/model-deprecations

Migrating to Opus 4.7: platform.claude.com/docs/en/about-claude/models/migration-guide

Five quiet but consequential changes for advanced users: subagents finally inherit project, user, and plugin skill discovery; hooks see the active effort level via JSON input and a $CLAUDE_EFFORT env var; new worktree.baseRef setting picks whether worktrees branch from origin/<default> or local HEAD; admins get sandbox.bwrapPath and sandbox.socatPath for non-standard Linux/WSL deployments; and SDK hosts get parentSettingsBehavior for managed-settings merge control.

Subagents now discover project, user, and plugin skills

Why: Subagents were skill-blind — they only saw built-in tools, not the skills the parent session had access to.

What: Subagents now inherit skill discovery from project, user, and plugin sources.

How: No action — subagents pick up skills automatically.

Hooks now receive effort.level and $CLAUDE_EFFORT

Why: Hooks couldn't tell which effort level a session was running at, so they couldn't tailor behavior to high/medium/low effort.

What: Hook JSON input now includes effort.level, and $CLAUDE_EFFORT is exposed to hook subprocesses.

How: Read input.effort.level in hook JSON or $CLAUDE_EFFORT in hook scripts.

worktree.baseRef setting

Why: Worktrees default to branching from origin/<default>, but team workflows that want HEAD-based branches had no opt-in.

What: New worktree.baseRef setting picks whether new worktrees branch from origin/<default> or local HEAD.

How: Set "worktree": { "baseRef": "head" } in .claude/settings.json.

sandbox.bwrapPath and sandbox.socatPath managed settings

Why: Linux/WSL sandboxing relies on bwrap and socat, but their paths can vary across distributions and managed deployments couldn't override.

What: Two new managed settings let admins point Claude Code at custom bwrap and socat binaries.

How: Set "sandbox": { "bwrapPath": "...", "socatPath": "..." } in managed settings.

parentSettingsBehavior — SDK managed-settings merge policy

Why: SDK hosts using managedSettings had no way to control how parent settings merged with child overrides.

What: New admin-tier parentSettingsBehavior key configures the merge policy for managed-settings inheritance.

How: Set "parentSettingsBehavior" in the SDK host's managed settings.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: docs.claude.com/en/docs/claude-code

• (00:00) - Subagents discover skills
• (00:58) - Hooks see effort.level
• (01:29) - worktree.baseRef setting
• (02:22) - Sandbox bwrapPath / socatPath
• (02:50) - parentSettingsBehavior

v2.1.136 ships about fifty bullets, mostly bug fixes — but five of them change daily behavior for advanced users. A plan-mode bypass via Edit allow-rules is closed, a new settings.autoMode.hard_deny key gives security teams unconditional blocks, WSL2 image paste from the Windows clipboard works again, plugin.json's skills entry no longer hides the default skills/ directory, and MCP content-block tool results render properly.

Plan mode now blocks file writes despite Edit allow-rules

Why: Plan mode is supposed to be read-only, but Edit allow-rules in your permissions were accidentally bypassing the gate.

What: Plan mode now correctly blocks Edit/Write operations even when an Edit(...) allow-rule matches the path.

How: No action — already-defined plan-mode workflows are now safer by default.

settings.autoMode.hard_deny for unconditional auto-mode blocks

Why: Auto-mode classifier rules can be overridden contextually by the model; some policies need to be unconditional regardless of context.

What: New settings.json key for classifier rules that block without re-evaluation by the model.

How: Add "autoMode": { "hard_deny": [...] } to .claude/settings.json to enforce always-block patterns.

WSL2 image paste from the Windows clipboard

Why: WSL2 users couldn't paste images from the Windows clipboard, blocking screenshot-driven workflows.

What: Image paste now uses a PowerShell fallback to read the Windows clipboard from inside WSL2.

How: Just press Ctrl+V in any WSL2 Claude Code session — works automatically.

plugin.json "skills" no longer hides the default skills/ directory

Why: Plugin authors who added a skills entry to plugin.json lost their default skills/ discovery silently.

What: The skills field now augments, not replaces, the default skills/ directory.

How: No action — both custom paths and skills/ are discovered together.

MCP tool results with content blocks now render

Why: MCP servers returning content blocks (rather than raw text) showed empty results in the conversation.

What: Content-block payloads from MCP servers are now correctly rendered in tool results.

How: No action — works automatically with any MCP server emitting content blocks.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: docs.claude.com/en/docs/claude-code

• (00:00) - Plan mode safety fix
• (00:59) - autoMode.hard_deny setting
• (01:44) - WSL2 image paste
• (02:07) - plugin.json skills entry fix
• (02:29) - MCP content blocks visibility

This release expands Claude Managed Agents on four axes: multiagent sessions and Outcomes go public beta, mcp_oauth vault credentials get background refresh, webhooks fire on lifecycle events, and sessions/events get proper filtering and sorting. All updates use the existing managed-agents-2026-04-01 beta header.

Multiagent sessions and Outcomes — public beta

Why: Single-agent sessions can't coordinate across multiple specialized agents; Outcomes lets you declare what success looks like upfront and have the agent loop until it's met.

What: Multiagent sessions (multiple agents collaborating on one session) and Outcomes (declarative success criteria) are both now public beta.

How: Set the beta header managed-agents-2026-04-01 and use the multi-agent and define-outcomes endpoints.

Vault credential background refresh for mcp_oauth

Why: OAuth tokens expire mid-session; without background refresh, agents fail when their credentials silently lapse.

What: Background refresh is now supported for mcp_oauth vault credentials, keeping agents authenticated for long-running sessions.

How: No client change — configure mcp_oauth credentials in your vault and refresh runs server-side.

Webhooks for Claude Managed Agents

Why: Polling for session and vault state changes is wasteful; webhooks let your backend react to events in near-real time.

What: Webhooks now fire on session and vault lifecycle events (created, completed, errored, credential rotated, etc.).

How: Configure webhook endpoints in the managed agents API; subscribe to event types via the documented event-type list.

Sessions and events filtering/sorting

Why: As agent fleets grow, listing every session and event in raw chronological order makes debugging and dashboards painful.

What: Sessions can now be filtered by status; events can be filtered by type and by creation time.

How: Pass the new query parameters when listing sessions or events — see the managed-agents API reference.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Platform release notes.

Release notes: platform.claude.com/docs/en/release-notes/api

Managed Agents docs: platform.claude.com/docs/en/managed-agents

• (00:00) - Multiagent sessions and Outcomes — public beta
• (01:37) - Vault credential background refresh for mcp_oauth
• (02:20) - Webhooks for Claude Managed Agents
• (02:52) - Sessions and events filtering/sorting

Claude Code v2.1.132 fixes a 10GB+ RSS leak from stdio MCP servers writing to stdout, adds CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN and CLAUDE_CODE_SESSION_ID env vars, corrects the statusline context_window counter, and unblocks 1-hour prompt cache TTL on Bedrock and Vertex.

Stdio MCP non-protocol stdout no longer leaks 10GB+ RSS

Why: A common MCP-author footgun: writing logs or stray output to stdout caused unbounded memory growth in the parent Claude Code process.

What: Fixed unbounded memory growth (10GB+ RSS) when a stdio MCP server writes non-protocol data to stdout.

How: No action — but MCP authors should still log to stderr, not stdout.

MCP tools/list failures now surface clearly in /mcp

Why: Servers that connected but couldn't list tools showed zero tools with no explanation, looking like silent failures.

What: They now retry once and display "connected · tools fetch failed" in /mcp.

How: Run /mcp to see the new badge for any server in this state.

claude.ai MCP unauthorized = "needs auth"; headless stops retrying 4xx

Why: Unauthorized connectors looked like a hard failure, hiding the actual cause; headless mode was burning retries on permanent 4xx.

What: Unauthorized claude.ai MCP connectors now show "needs auth"; headless -p mode no longer retries non-transient 4xx connection failures.

How: No config — the diagnostic just becomes accurate.

CLAUDE_CODE_SESSION_ID in Bash subprocesses

Why: Hooks already received session_id; Bash subprocesses didn't, so external scripts couldn't correlate to the session that invoked them.

What: Added CLAUDE_CODE_SESSION_ID to the Bash tool subprocess env, matching the value passed to hooks.

How: Read $CLAUDE_CODE_SESSION_ID inside any Bash invocation; no config required.

CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN to keep terminal scrollback

Why: Fullscreen alternate-screen renderer hides the conversation from native terminal scrollback — users want both options.

What: New env var opts out of the fullscreen renderer and keeps the conversation in the terminal's native scrollback.

How: CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1 claude

--permission-mode flag now respected on plan-mode resume

Why: Resuming a plan-mode session with -p --continue silently ignored --permission-mode, leaving users in the wrong mode.

What: Flag is now honored on resume, and plan mode is re-applied after ExitPlanMode within the same session.

How: Set --permission-mode as usual; existing scripts start working again.

/effort picker now reflects CLAUDE_CODE_EFFORT_LEVEL

Why: Users setting CLAUDE_CODE_EFFORT_LEVEL saw the picker show a different value, hiding their actual config.

What: /effort picker now reflects the env var override.

How: No action — the picker matches your env on next launch.

Statusline context_window shows current, not cumulative

Why: The statusline context_window token count was reflecting cumulative session totals, making the number nearly useless for compaction decisions.

What: Counter now shows current context usage instead of cumulative.

How: No action — restart Claude Code and the statusline reflects current usage.

Slash command autocomplete scales with terminal height

Why: The popup was capped at three to five visible commands; bigger terminals wasted space and required scrolling.

What: Autocomplete popup now scales with terminal height.

How: No config — automatic.

Bedrock/Vertex 1h cache TTL 400 errors fixed

Why: Users on Bedrock or Vertex who opted into 1h cache TTL were hitting hard 400 errors instead of getting cache.

What: Fixed Bedrock and Vertex 400 errors when ENABLE_PROMPT_CACHING_1H is set.

How: No action — re-enable the env var if you'd disabled it as a workaround.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: docs.claude.com/en/docs/claude-code

• (00:00) - Stdio MCP memory leak fix (10GB+ RSS)
• (01:02) - MCP tools/list failures surface in /mcp
• (01:25) - claude.ai MCP needs-auth; headless skips 4xx retries
• (01:56) - CLAUDE_CODE_SESSION_ID in Bash subprocesses
• (02:23) - CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN
• (02:56) - --permission-mode honored on plan-mode resume
• (03:26) - /effort picker reflects CLAUDE_CODE_EFFORT_LEVEL
• (03:43) - Statusline context_window shows current usage
• (04:09) - Slash autocomplete scales with terminal height
• (04:31) - Bedrock/Vertex 1h cache 400 errors fixed

Claude Code v2.1.129 fixes the 1-hour prompt cache silent downgrade, restores Bash allow-rules for in-project paths, and adds --plugin-url for session-scoped plugin testing — plus new env vars for terminal output, package-manager auto-update, and gateway-model-discovery opt-in.

1-hour prompt cache TTL silent downgrade fixed

Why: Users opting into 1h cache TTL were silently being downgraded to 5min, defeating the cost optimization they paid for.

What: Fixed 1-hour prompt cache TTL being silently downgraded to 5 minutes.

How: No action — verify cache hit logs show 1h TTL on next run.

Bash(mkdir *), Bash(touch *) allow rules now match in-project paths

Why: Allow rules for safe basic commands weren't matching in-project paths, forcing approval prompts for benign operations.

What: Bash(mkdir *), Bash(touch *) and similar allow rules now match in-project paths.

How: No config change — existing rules in permissions.allow start working as intended.

--plugin-url for session-scoped plugin .zip loading

Why: Quick-testing a plugin used to mean cloning the repo or hosting a marketplace; pointing at a hosted .zip is faster.

What: New --plugin-url <url> flag fetches a plugin .zip from any URL and loads it for the current session only.

How: claude --plugin-url https://example.com/my-plugin.zip

Plugin manifest themes/monitors move under "experimental"

Why: These were always experimental; nesting under experimental makes their stability status explicit in the manifest.

What: themes and monitors should now be declared under "experimental": { ... }. Top-level still works but claude plugin validate warns.

How: Move to "experimental": { "themes": [...], "monitors": [...] } in plugin.json.

CLAUDE_CODE_FORCE_SYNC_OUTPUT for terminals auto-detection misses

Why: Some terminals like Emacs eat support synchronized output but aren't auto-detected, causing visual flicker.

What: Forces synchronized output on regardless of terminal capability detection.

How: CLAUDE_CODE_FORCE_SYNC_OUTPUT=1 claude

CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE for Homebrew and WinGet

Why: Users on Homebrew or WinGet installs forget to run upgrades; auto-update keeps them current without ceremony.

What: When set, Claude Code runs the package manager's upgrade command in the background and prompts to restart.

How: export CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE=1 in shell env.

Ctrl+R history picker defaults back to all projects

Why: 2.1.124 narrowed the picker to current project only; users wanted the old all-projects search restored.

What: Ctrl+R now searches prompts across all projects, matching pre-2.1.124 behavior.

How: Press Ctrl+S after opening to narrow to current project or session.

Gateway /v1/models discovery now opt-in

Why: Automatic gateway model discovery in 2.1.126–2.1.128 caused unexpected requests for some third-party deployments.

What: Gateway /v1/models discovery for the /model picker is now opt-in via env var.

How: CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY=1 to re-enable.

skillOverrides setting now actually works

Why: The setting was registered but had no effect — silent noise in settings.json until now.

What: off hides the skill from model and /, user-invocable-only hides from model only, name-only collapses description.

How: "skillOverrides": { "skill-name": "off|user-invocable-only|name-only" } in settings.json.

/context no longer dumps ASCII visualization into conversation

Why: /context was rendering its ASCII grid into the conversation transcript, wasting ~1.6k tokens per call.

What: Visualization grid is no longer included in the model's view of the conversation.

How: No action required — token waste disappears automatically.

OTel pull_request.count now includes MCP-created PRs

Why: PRs created via MCP tools weren't counted, undercounting team productivity metrics for OTel-instrumented orgs.

What: claude_code.pull_request.count metric now counts PRs/MRs created via MCP tools, not just shell commands.

How: No config change — automatic when OTel telemetry is enabled.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: docs.claude.com/en/docs/claude-code

• (00:00) - 1-hour prompt cache TTL silent downgrade fixed
• (01:00) - Bash allow rules now honor in-project paths
• (01:38) - --plugin-url flag
• (02:13) - Plugin manifest themes/monitors under experimental
• (02:38) - CLAUDE_CODE_FORCE_SYNC_OUTPUT
• (03:07) - CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE
• (03:32) - Ctrl+R history picker defaults to all projects
• (04:02) - Gateway /v1/models discovery now opt-in
• (04:43) - skillOverrides setting now actually works
• (05:17) - /context no longer dumps ASCII into conversation
• (05:46) - OTel pull_request.count counts MCP-created PRs

A polish-heavy release with one real data-safety fix. EnterWorktree used to create the new branch from origin/<default-branch>, silently orphaning any unpushed commits — it now branches from local HEAD as documented. /mcp shows the tool count for each connected server and explicitly flags servers that connected with 0 tools (the most common silent MCP failure mode). --plugin-dir accepts .zip archives in addition to directories. --channels now works with API-key console auth, gated behind a new channelsEnabled: true managed setting. Subprocesses (Bash, hooks, MCP, LSP) no longer inherit OTEL_* env vars, so OTel-instrumented apps under the Bash tool stop accidentally sharing Claude Code's collector. MCP workspace is now a reserved server name (breaking — existing servers with that name are skipped with a warning). And SDK hosts receive a persistent localSettings suggestion for Bash permission prompts so "Always allow" persists to .claude/settings.local.json.

EnterWorktree branches from local HEAD

Why: Creating a worktree from origin/<default-branch> quietly orphaned unpushed commits on your current branch — a silent data-loss path if you launched a worktree mid-session.

What: EnterWorktree now creates the new branch from your local HEAD as documented, so unpushed commits travel with you into the worktree.

How: claude -w feature-branch (or the EnterWorktree tool) — branches off your current local commit, no git stash needed.

/mcp shows tool count + flags 0-tool servers

Why: When an MCP server connected but exposed zero tools (auth scope mismatch, broken tool registration), it looked "fine" in /mcp and silently did nothing — you only noticed when you tried to use it.

What: /mcp now displays the tool count alongside each connected server and explicitly flags servers that connected with 0 tools. Reconnects also stop flooding the conversation with full tool-name lists — re-announces are summarized by server prefix.

How: Run /mcp — the count appears inline; 0-tool servers are highlighted so you can investigate before noticing in production.

MCP: workspace is now a reserved server name

Why: A new built-in workspace MCP capability ships in 2.1.128, and any user-defined server named workspace would silently shadow or conflict with the built-in.

What: workspace is now a reserved MCP server name. Existing servers configured with that name are skipped on startup with a warning, not silently overridden.

How: Check /doctor or /mcp after upgrading; rename any "workspace" entry in your MCP config.

--plugin-dir accepts .zip archives

Why: Sharing or testing a plugin meant unzipping it first and pointing --plugin-dir at the unpacked tree — fine locally, awkward for CI artifacts and review packets.

What: --plugin-dir now accepts .zip plugin archives in addition to directories.

How: claude --plugin-dir ./build/my-plugin.zip — same flag, archives load alongside unpacked dirs.

--channels works with console (API key) auth

Why: Channels research preview previously required Claude.ai authentication, which excluded API-key console orgs running on Bedrock/Vertex/Foundry.

What: --channels now works with API-key console authentication. Console orgs with managed settings opt in via a new channelsEnabled: true managed setting before users can attach channels.

How: As an admin, set channelsEnabled: true in your managed settings.json; users then run claude --channels plugin:<name>@<marketplace>.

Subprocesses no longer inherit OTEL_* env vars

Why: OTel-instrumented apps run via the Bash tool inherited Claude Code's own OTEL_EXPORTER_OTLP_ENDPOINT and friends, so their telemetry got mailed to Claude Code's collector instead of the app's.

What: Bash, hook, MCP, and LSP subprocesses now have OTEL_* env vars stripped from their environment. Claude Code keeps its own telemetry; child processes use whatever they were configured with, or nothing.

How: No action needed. If you intentionally want a subprocess to share Claude Code's OTel config, set the env vars explicitly in your hook or wrapper script.

SDK: persistent localSettings suggestion for Bash prompts

Why: SDK hosts choosing "Always allow" for a Bash command had no canonical place to persist the rule — every host implemented its own local store.

What: SDK hosts now receive a persistent localSettings suggestion for Bash permission prompts. Selecting "Always allow" writes the rule to .claude/settings.local.json, so the next session honors it.

How: Update your SDK host to surface the localSettings suggestion field; "Always allow" then auto-persists the matching Bash(...) rule.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - EnterWorktree branches from local HEAD
• (00:41) - /mcp shows tool count + flags 0-tool servers
• (01:30) - MCP: workspace is reserved server name
• (01:56) - --plugin-dir accepts .zip archives
• (02:13) - --channels works with API key console auth
• (02:45) - Subprocesses don't inherit OTEL_* env vars
• (03:36) - SDK localSettings for Bash permission prompts

A "small unblockings everywhere" release. The headline for platform teams is gateway model discovery — point ANTHROPIC_BASE_URL at any Anthropic-Messages-compatible gateway and the /model picker now populates itself from the gateway's /v1/models endpoint. claude project purge deletes every byte of local state Claude Code stored for a project (transcripts, task lists, debug logs, file-edit history, prompt history, plus the ~/.claude.json entry) in one shot. --dangerously-skip-permissions finally lives up to its name — it now also bypasses prompts for writes to .claude/, .git/, .vscode/, and shell rc files. claude auth login gains a paste-code fallback for environments where the browser callback can't reach localhost (WSL2, SSH, dev containers). Observability: claude_code.skill_activated OTel event now fires for user-typed slash commands, not just model-triggered ones. Host-managed Bedrock/Vertex/Foundry deployments stop auto-disabling analytics — operator settings (DISABLE_TELEMETRY, the non-essential traffic flag) become the single source of truth. And on Windows, Claude Code finds PowerShell 7 installed via the Microsoft Store, an MSI without PATH, or as a .NET global tool, and uses it as the primary shell when the PowerShell tool is enabled.

Gateway model discovery in /model picker

Why: Teams routing through an LLM gateway (LiteLLM, custom proxies) had to add new Claude models manually via ANTHROPIC_DEFAULT_*_MODEL env vars every time their gateway exposed one.

What: When ANTHROPIC_BASE_URL points at an Anthropic-Messages-compatible gateway, Claude Code calls the gateway's /v1/models at startup and adds entries with IDs starting claude or anthropic to the /model picker, labeled "From gateway".

How: export ANTHROPIC_BASE_URL=https://your-gateway/ — discovery is automatic, results cached at ~/.claude/cache/gateway-models.json.

New claude project purge subcommand

Why: "Forget this project" used to mean hand-deleting transcripts, task lists, debug logs, file-edit history, prompt history, and the project's ~/.claude.json entry — easy to miss something, and there was no dry-run preview.

What: claude project purge [path] deletes all local Claude Code state for a project in one shot, with an interactive picker when [path] is omitted.

How: claude project purge ~/work/repo --dry-run to preview; -y to skip confirmation; --all for every project.

--dangerously-skip-permissions covers more paths

Why: Bypass mode used to still prompt on writes to .claude/, .git/, .vscode/, and shell rc files — useful as a safety net, but the friction defeated the point of --dangerously-skip-permissions for teams who genuinely wanted "no prompts ever" automation.

What: Bypass mode now also skips prompts for those previously-protected paths, alongside the carve-outs added in v2.1.121 (.claude/skills/, .claude/agents/, .claude/commands/).

How: claude --dangerously-skip-permissions — no opt-in flag; the change applies to every bypass-mode session. Treat the flag as truly unrestricted now.

OAuth paste-code fallback for claude auth login

Why: Browser callback to Claude Code's localhost listener fails inside WSL2, SSH sessions, and dev containers — login would hang indefinitely.

What: When the callback can't reach localhost, the browser displays a code; claude auth login shows a Paste code here if prompted prompt to accept it.

How: Run claude auth login, complete sign-in in the browser, paste the code shown there into the terminal.

skill_activated OTel event fires for user slash commands

Why: OTel observability for skill invocations only counted model-triggered activations — user-typed /foo slash commands silently bypassed the metric, leaving usage dashboards undercounting real adoption.

What: The claude_code.skill_activated event now fires for both model-side and user-typed slash command invocations, so dashboards see every activation.

How: Existing OTel exporters pick this up automatically; ensure CLAUDE_CODE_ENABLE_TELEMETRY=1 and your OTEL_LOGS_EXPORTER is configured.

Host-managed Bedrock/Vertex/Foundry keep analytics on

Why: Previous builds silently auto-disabled analytics for any Bedrock/Vertex/Foundry session, on the assumption that enterprise tenants never want telemetry. That broke org-level usage dashboards for teams who explicitly do want it.

What: Host-managed deployments no longer flip analytics off automatically — the operator's DISABLE_TELEMETRY / CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC settings are now the single source of truth on all three clouds.

How: No action if you want analytics on. To opt out, set DISABLE_TELEMETRY=1 (or the per-channel flag) explicitly — auto-disable is no longer doing it for you.

Windows: PowerShell 7 auto-detected, used as primary shell

Why: Windows users with PowerShell 7 installed via the Microsoft Store, an MSI without PATH, or as a .NET global tool had Claude Code silently fall back to Bash, missing PowerShell-specific features and producing weird quoting on Windows-native commands.

What: Claude Code now finds PowerShell 7 in those non-PATH install locations; when the PowerShell tool is enabled, it becomes the primary shell instead of Bash.

How: Install PowerShell 7 via any of the three channels above — no config needed. To gate the shell switch, toggle the PowerShell tool in your project settings.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - Gateway model discovery in /model picker
• (01:04) - New claude project purge subcommand
• (01:50) - --dangerously-skip-permissions covers more paths
• (02:36) - OAuth paste-code fallback for claude auth login
• (03:03) - skill_activated OTel fires for user slash commands
• (03:33) - Bedrock/Vertex/Foundry keep analytics on
• (04:11) - Windows: PowerShell 7 auto-detected, primary shell

Polish release with five real wins for advanced users. ANTHROPIC_BEDROCK_SERVICE_TIER lets you pick default, flex, or priority on Bedrock — the value flows through as the X-Amzn-Bedrock-Service-Tier header. Pasting a PR URL into /resume now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, Bitbucket). /mcp exposes claude.ai connectors hidden by a manually-added MCP server with the same URL — a previously silent failure mode. OpenTelemetry numeric attributes on api_request/api_error now emit as numbers (not strings), and there's a new claude_code.at_mention log event. And images sent to newer models are now resized to the documented 2000px cap, not 2576px.

ANTHROPIC_BEDROCK_SERVICE_TIER selects Bedrock service tier

Why: Bedrock customers had no way to opt into the flex or priority service tiers from Claude Code — the tier was effectively pinned to default.

What: Adds ANTHROPIC_BEDROCK_SERVICE_TIER env var (values: default, flex, priority); sent as the X-Amzn-Bedrock-Service-Tier header on every Bedrock request.

How: export ANTHROPIC_BEDROCK_SERVICE_TIER=priority before launching Claude Code; verify in Bedrock CloudWatch metrics.

/resume PR URL search finds the originating session

Why: Engineers wanted to revisit the Claude Code session that had created a given PR but had to remember the session by approximate date — there was no PR-aware lookup.

What: Pasting a GitHub, GitHub Enterprise, GitLab, or Bitbucket PR URL into the /resume search box now finds the session that created that PR.

How: Run /resume, paste the PR URL into the search field; the matching session surfaces directly.

/mcp surfaces duplicate connectors hidden by manual servers

Why: A claude.ai connector and a manually-added MCP server pointing at the same upstream URL silently shadowed each other.

What: /mcp now shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate.

How: Run /mcp; duplicate connectors are flagged inline — remove the manual server or the connector to resolve.

OpenTelemetry: numeric attributes as numbers, plus at_mention event

Why: Numeric attributes on api_request and api_error log events arrived as strings, breaking downstream OTEL pipelines that expected typed numbers; and @-mention resolution was invisible to telemetry.

What: OpenTelemetry now emits numeric attributes on api_request and api_error events as numbers, and adds a new claude_code.at_mention log event for @-mention resolution.

How: Automatic — your existing OTEL exporter receives correctly-typed numerics and the new event without configuration.

Image resize cap corrected from 2576px to 2000px

Why: Newer-model image inputs were being resized to 2576 pixels per side instead of the documented 2000-pixel maximum.

What: Fixes images sent to newer models being resized to 2576px per side instead of the correct 2000px maximum.

How: Automatic on upgrade — image resize behavior matches the documented 2000px cap.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - ANTHROPIC_BEDROCK_SERVICE_TIER env var
• (01:01) - /resume PR URL search
• (01:26) - /mcp duplicate connector detection
• (01:49) - OpenTelemetry numeric typing + at_mention
• (02:27) - Image resize cap fix (2576px to 2000px)

Quietly important release. Windows users no longer need Git for Windows just to run Claude Code — when Git Bash is absent, Claude Code falls back to PowerShell. claude ultrareview [target] ships as a non-interactive CLI subcommand for CI pipelines. Skills get a ${CLAUDE_EFFORT} placeholder for effort-aware authoring. AI_AGENT env var attributes subprocess traffic so gh can identify Claude Code as the originator. claude plugin validate accepts $schema, version, and description fields. DISABLE_TELEMETRY and CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC now correctly suppress usage metrics for API and enterprise users. And a critical find FD-exhaustion fix prevents host-wide crashes on macOS/Linux native builds with large directory trees.

Windows: Git for Windows no longer required

Why: Windows users previously had to install Git for Windows just to give Claude Code a POSIX shell — a confusing prerequisite for non-Git workflows.

What: When Git Bash is absent, Claude Code now uses PowerShell as the shell tool, removing the hard Git-for-Windows dependency.

How: Automatic — install Claude Code on Windows; PowerShell takes over if Git Bash isn't found.

claude ultrareview [target] for non-interactive review in CI

Why: /ultrareview was interactive-only — teams couldn't run it from CI scripts or pre-merge hooks without a TTY.

What: Adds claude ultrareview [target] subcommand that runs /ultrareview non-interactively, prints findings to stdout (--json for raw), exits 0 on completion or 1 on failure.

How: claude ultrareview path/to/file --json — drop into your CI step or git pre-push hook.

Skills can reference ${CLAUDE_EFFORT}

Why: Skills were one-size-fits-all — they couldn't adapt their depth or strictness based on the current effort level.

What: Skill content can now reference ${CLAUDE_EFFORT} to branch behavior on the active effort level.

How: Use ${CLAUDE_EFFORT} inline in your SKILL.md content; expands to the current effort level at runtime.

AI_AGENT env var for subprocess attribution

Why: Subprocesses launched by Claude Code (notably gh) couldn't attribute their traffic to the agent, blurring observability and rate-limit accounting.

What: Sets AI_AGENT environment variable for subprocesses so gh and similar tools can identify Claude Code as the originator.

How: Automatic — any subprocess Claude Code spawns inherits AI_AGENT without configuration.

claude plugin validate accepts $schema, version, description

Why: Plugin authors using JSON-schema editors and version-tracked manifests hit validation errors for fields the validator didn't recognize.

What: claude plugin validate now accepts $schema, version, and description at the top level of marketplace.json, plus $schema in plugin.json.

How: Add the fields freely to your manifests; running claude plugin validate passes without spurious errors.

DISABLE_TELEMETRY now suppresses usage metrics

Why: API and enterprise users who set DISABLE_TELEMETRY or CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC still saw usage-metrics calls leaving the host — a compliance gap.

What: Both env vars now correctly suppress usage-metrics telemetry for API and enterprise users, matching documented behavior.

How: Set DISABLE_TELEMETRY=1 — usage metrics calls are now blocked, not just telemetry events.

Critical: find no longer exhausts FDs and crashes the host

Why: On macOS/Linux native builds, the Bash tool's embedded find could exhaust open file descriptors on large trees, causing host-wide crashes — not just Claude Code crashes.

What: Reduces peak FD usage during find in the Bash tool on large directory trees, eliminating the crash path.

How: Automatic on upgrade — heavy find operations no longer take down the machine.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - Windows: PowerShell fallback removes Git for Windows
• (01:11) - claude ultrareview CLI for non-interactive review
• (01:39) - Skills can reference ${CLAUDE_EFFORT}
• (02:12) - AI_AGENT env var for subprocess attribution
• (02:44) - claude plugin validate accepts $schema, version
• (03:14) - DISABLE_TELEMETRY suppresses usage metrics
• (03:52) - Critical find FD-exhaustion fix

A quietly meaty release. MCP gets two real polish wins (alwaysLoad opt-out of tool-search deferral, transient-error auto-retry up to 3x). Plugin authors get claude plugin prune for orphaned deps. PostToolUse hooks expand to all tools (previously MCP-only). Headless and SDK get CLAUDE_CODE_FORK_SUBAGENT parity and a --dangerously-skip-permissions allowlist for .claude/skills/, agents/, and commands/. /terminal-setup fixes the iTerm2+tmux /copy footgun. Vertex AI gains X.509 Workload Identity Federation; SDK mcp_authenticate gains redirectUri. OTEL spans add stop_reason, finish_reasons, and gated user_system_prompt. Plus scrollable overflow dialogs, /skills type-to-filter, and three serious memory leak fixes that flatten multi-GB session bloat.

MCP alwaysLoad opts out of tool-search deferral

Why: Tool-search deferral keeps MCP tools out of the model's view until needed, but for must-be-available servers that introduces latency and discoverability gaps.

What: Adds an alwaysLoad option to MCP server config; when true, all tools from that server skip tool-search deferral and are always available.

How: Set "alwaysLoad": true on the MCP server entry in your settings JSON.

claude plugin prune for orphaned plugin dependencies

Why: Auto-installed plugin dependencies stayed on disk after their parent plugin was uninstalled, leaving orphaned state that nothing collected.

What: Adds claude plugin prune to remove orphaned auto-installed plugin dependencies; plugin uninstall --prune cascades through dependents.

How: Run claude plugin prune standalone, or pass --prune to claude plugin uninstall.

PostToolUse hooks can replace output for all tools

Why: Hook authors could only mutate tool output for MCP tools — every other tool surface was read-only from a hook's perspective.

What: PostToolUse hooks can now replace tool output for all tools via hookSpecificOutput.updatedToolOutput, not just MCP-originated tools.

How: Set hookSpecificOutput.updatedToolOutput in your hook return; works for any tool that fires PostToolUse.

CLAUDE_CODE_FORK_SUBAGENT works in non-interactive sessions

Why: Forked subagents shipped for interactive use but were silently ignored under claude --print and the SDK, blocking automation pipelines.

What: Enables CLAUDE_CODE_FORK_SUBAGENT=1 for SDK and claude -p non-interactive sessions, matching interactive-mode behavior.

How: export CLAUDE_CODE_FORK_SUBAGENT=1 before launching claude -p or your SDK process.

--dangerously-skip-permissions allowlist for .claude/{skills,agents,commands}

Why: Even with the dangerous flag, writes to common authoring directories prompted, slowing skill/agent/command iteration loops.

What: --dangerously-skip-permissions no longer prompts for writes to .claude/skills/, .claude/agents/, and .claude/commands/.

How: Run claude --dangerously-skip-permissions as before; writes to those three directories now fall through silently.

/terminal-setup enables iTerm2 clipboard for /copy (including tmux)

Why: /copy from inside tmux on iTerm2 silently failed because iTerm2's "Applications in terminal may access clipboard" setting was off by default.

What: /terminal-setup now enables iTerm2's "Applications in terminal may access clipboard" setting, so /copy works including from tmux.

How: Run /terminal-setup once on iTerm2; /copy then works through tmux without manual iTerm2 settings changes.

MCP servers auto-retry transient startup errors up to 3 times

Why: A flaky MCP server hitting a transient error during startup left the connection permanently dead until the user manually reconnected.

What: MCP servers that hit a transient error during startup now auto-retry up to 3 times before staying disconnected.

How: Automatic — no config; flaky servers self-heal up to 3 attempts before surfacing.

Vertex AI X.509 Workload Identity Federation (mTLS ADC)

Why: Enterprises on Vertex AI standardized on certificate-based Workload Identity Federation but Claude Code only accepted service account keys or OAuth tokens.

What: Adds support for X.509 certificate-based Workload Identity Federation (mTLS Application Default Credentials) on Vertex AI.

How: Configure Vertex Workload Identity Federation with X.509 certs in your gcloud ADC; Claude Code picks them up automatically.

SDK mcp_authenticate redirectUri + OpenTelemetry enrichments

Why: Claude.ai connectors and custom-scheme OAuth flows had no way to specify their redirect URI, and OTEL spans lacked stop_reason and full prompt context.

What: SDK mcp_authenticate now supports redirectUri for custom-scheme completion and claude.ai connectors; OTEL adds stop_reason, gen_ai.response.finish_reasons, and user_system_prompt (gated by OTEL_LOG_USER_PROMPTS) to LLM request spans.

How: Pass redirectUri to mcp_authenticate; set OTEL_LOG_USER_PROMPTS=1 to opt into user-prompt span attributes.

Scrollable overflow dialogs + /skills type-to-filter

Why: Dialogs taller than the terminal viewport had unreachable rows, and /skills lists scrolled off-screen with no way to jump to a specific skill.

What: Dialogs that overflow the terminal are now scrollable with arrow keys, PgUp/PgDn, home/end, and mouse wheel in both fullscreen and non-fullscreen; /skills gains a type-to-filter search box.

How: Automatic — overflow dialogs accept the standard navigation keys; /skills filter activates when you start typing.

Memory leak fixes that ship with the release

Why: Long-running sessions leaked multi-GB of RSS through several distinct paths — image processing, /usage with large transcript histories, and stalled progress events on long-running tools.

What: Fixes unbounded memory growth when processing many images, /usage leaking up to ~2GB on machines with large transcript histories, and a memory leak when long-running tools fail to emit a clear progress event.

How: Automatic on upgrade; long-running sessions stop accumulating ghost memory.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - MCP polish: alwaysLoad + transient retry
• (01:07) - claude plugin prune for orphaned deps
• (01:29) -...

Memory for Claude Managed Agents lands in public beta under the standard managed-agents-2026-04-01 header. Memory stores are workspace-scoped collections of text documents that mount into agent sessions at /mnt/memory/ — the agent reads and writes them with the same file tools it uses for the rest of the filesystem. Every change creates an immutable memory version (audit trail + point-in-time recovery), and a redact endpoint scrubs content out of historical versions for compliance workflows. Read-only mounts matter for security: prompt injection on a read-write store can poison later sessions.

Memory for Claude Managed Agents — public beta

Why: Each Managed Agents session started with a fresh context, so user preferences, project conventions, prior mistakes, and domain knowledge were lost when the session ended.

What: Releases public-beta memory stores for Managed Agents — workspace-scoped collections of text documents the agent reads and writes via filesystem tools, mounted under /mnt/memory/.

How: Beta header managed-agents-2026-04-01; POST /v1/memory_stores to create, then attach via the session's resources[] with type: memory_store and access: read_write or read_only.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Platform release notes.

Full release notes: platform.claude.com/docs/en/release-notes/api

Memory docs: platform.claude.com/docs/en/managed-agents/memory

The Rate Limits API lands in the Admin API. It returns the rate limits configured for your organization and per-workspace overrides — grouped by limiter type (model_group, batch, token_count, files, skills, web_search). Useful for keeping gateways and proxies in sync, powering internal alerting against the Usage and Cost API, and auditing workspace configuration. Read-only — Console is still where you configure overrides.

Rate Limits API in the Admin API

Why: Gateways, proxies, and internal alerting tools had to hardcode rate-limit values that drifted when Anthropic adjusted them, with no programmatic way to read current org and workspace limits.

What: Releases the Rate Limits API — a new Admin API endpoint returning configured rate limits for the organization and each workspace, grouped by limiter type.

How: GET /v1/organizations/rate_limits with an Admin API key (sk-ant-admin...); per-workspace via /v1/organizations/workspaces/{workspace_id}/rate_limits.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Platform release notes.

Full release notes: platform.claude.com/docs/en/release-notes/api

Rate Limits API docs: platform.claude.com/docs/en/build-with-claude/rate-limits-api

A shorter list than recent releases but with quietly significant changes. /config settings finally persist to ~/.claude/settings.json and participate in the override chain. --from-pr and the owner/repo#N shorthand now support GitLab, Bitbucket, GitHub Enterprise, and your git remote's host — first-class non-GitHub support. --print and --agent modes now honor agent frontmatter consistently with interactive. PowerShell tool gains Bash-parity auto-approval. Hooks gain duration_ms. Plus plugin auto-update smarts, a Vim Esc fix, OTEL/status-line enrichments, and a Vertex AI tool-search default change.

/config settings now persist to settings.json with the full override chain

Why: Runtime UI settings like theme, editor mode, and verbose changed with /config didn't survive restarts, and their place in the project/local/policy override precedence was murky.

What: Persists /config settings to ~/.claude/settings.json and participates in project/local/policy override precedence.

How: Automatic — change /config, your choice now sticks and respects higher-scope overrides.

Non-GitHub Git support in --from-pr and owner/repo#N shorthand

Why: Teams on GitLab, Bitbucket, GitHub Enterprise, or self-hosted Git were locked out of --from-pr review and had owner/repo#N links always point to github.com.

What: --from-pr now accepts GitLab merge-request, Bitbucket pull-request, and GitHub Enterprise PR URLs; owner/repo#N shorthand now uses your git remote's host.

How: claude --from-pr <gitlab-or-bitbucket-or-ghe-url>; inline owner/repo#123 resolves to your origin's host automatically.

New UI chrome settings: prUrlTemplate and CLAUDE_CODE_HIDE_CWD

Why: The footer PR badge hard-coded github.com, and the startup logo always showed the working directory — awkward in demos or when recording.

What: Adds prUrlTemplate setting to point the footer PR badge at a custom code-review URL, and CLAUDE_CODE_HIDE_CWD env var to hide the working directory in the startup logo.

How: Set prUrlTemplate in settings.json; export CLAUDE_CODE_HIDE_CWD=1 in your shell.

--print honors agent tools/disallowedTools; --agent honors permissionMode; PowerShell auto-approve

Why: Headless --print mode ignored the agent's tool restrictions, --agent <name> didn't respect the agent's permissionMode, and PowerShell users still hit prompts that Bash had learned to skip.

What: --print mode honors agent tools:/disallowedTools:; --agent <name> honors the agent's permissionMode for built-in agents; PowerShell tool commands can be auto-approved in permission mode (Bash parity).

How: Automatic for --print and --agent; configure PowerShell allow-rules in .claude/settings.json permissions.

Hooks: PostToolUse and PostToolUseFailure include duration_ms

Why: Hook-based observability pipelines had no signal for tool execution time — only that the tool ran.

What: PostToolUse and PostToolUseFailure hook inputs now include duration_ms, measuring tool execution time excluding permission prompts and PreToolUse hooks.

How: Read duration_ms from your hook's stdin JSON; already populated in 2.1.119.

Plugin auto-update respects version constraints + parallel MCP reconfig

Why: A plugin pinned by another plugin's version constraint was stuck at its old version, and subagent/SDK MCP server reconfiguration connected servers serially, slowing startup.

What: Plugins pinned by another plugin's version constraint now auto-update to the highest satisfying git tag; subagent and SDK MCP server reconfiguration now connects servers in parallel.

How: Automatic — auto-update picks the best satisfying tag and MCP reconnects faster across subagent spawns.

Vim: Esc in INSERT no longer pulls queued messages back

Why: Vim users hitting Esc to leave INSERT had a queued message unexpectedly reappear in the input, breaking the mental model.

What: Esc in INSERT mode no longer pulls a queued message back into the input; press Esc again to interrupt.

How: Enable vim mode and press Esc as usual; behavior now matches expectations.

Security: blockedMarketplaces enforces hostPattern/pathPattern + telemetry enrichments

Why: Managed-settings blockedMarketplaces documented hostPattern/pathPattern but didn't enforce them, and OTEL events couldn't be correlated across tool_result/tool_decision without manually threading tool_use_id.

What: blockedMarketplaces now enforces hostPattern and pathPattern; OTEL tool_result/tool_decision include tool_use_id; tool_result also includes tool_input_size_bytes; status-line stdin JSON includes effort.level and thinking.enabled.

How: Existing policy and telemetry pipelines now receive the new fields and enforcement automatically.

Tool search disabled by default on Vertex AI

Why: Vertex AI returned an unsupported beta header error whenever Claude Code tried to enable the tool search tool by default.

What: Disables tool search by default on Vertex AI to avoid the unsupported-beta-header error; opt in explicitly via ENABLE_TOOL_SEARCH.

How: export ENABLE_TOOL_SEARCH=1 on Vertex AI to turn it back on.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - /config now persists to settings.json
• (01:07) - Non-GitHub Git: GitLab, Bitbucket, GHE
• (01:38) - UI chrome: prUrlTemplate + CLAUDE_CODE_HIDE_CWD
• (02:01) - Print/agent/permissions polish
• (02:32) - Hooks: PostToolUse duration_ms
• (02:54) - Plugin auto-update + parallel MCP reconfig
• (03:19) - Vim: Esc no longer pulls queued message
• (03:40) - Security + telemetry enrichments
• (04:17) - Tool search opt-in on Vertex AI

A meaty release. Vim users finally get visual mode (v) and visual-line mode (V) in the prompt editor. Hooks can now invoke MCP tools directly via a new type: "mcp_tool" action — a real declarative-pipeline unlock. /cost and /stats merge into /usage, and there's a real custom theme system that plugins can ship into. Plus a stricter DISABLE_UPDATES env var, WSL inheriting Windows-side managed settings, an auto-mode $defaults sentinel that fixes a common config footgun, a claude plugin tag command for plugin authors, smarter --continue/--resume for monorepo subprojects, /color sync to Remote Control, and gateway model-name overrides honored by /model.

Vim visual mode (v) and visual-line mode (V) land in the prompt editor

Why: Vim-mode users had motions and operators but no selection primitive, so half of vim's real power was missing from the prompt editor.

What: Adds visual mode (v) and visual-line mode (V) with selection, operators, and visual feedback to the built-in vim editor.

How: Enable vim mode, then press v or V in the prompt editor to start a selection.

/usage merges /cost and /stats

Why: Two overlapping commands for billing and session stats made users hunt for the right one.

What: Merges /cost and /stats into a single /usage command; both old names remain as typing shortcuts that open the relevant tab.

How: Type /usage for the consolidated view; /cost and /stats still work and jump straight to their tab.

Named custom themes plus plugin-shipped themes

Why: Theme customization was limited to a fixed set, and plugin authors couldn't ship branded styling.

What: Adds named custom themes via /theme, hand-editable JSON files in ~/.claude/themes/, and a themes/ directory plugins can ship themes from.

How: Run /theme, create a named theme, or drop JSON into ~/.claude/themes/; plugin authors add a themes/ directory.

Hooks can invoke MCP tools directly

Why: Hooks wanting to call an MCP tool had to shell out to a command or HTTP request, breaking declarative hook config.

What: Adds a new hook action type: "mcp_tool" that invokes an MCP tool directly from a hook definition.

How: In your hook config, set type: "mcp_tool" with the target server and tool name.

DISABLE_UPDATES env var blocks all update paths

Why: DISABLE_AUTOUPDATER stopped background updates but claude update could still run, leaving change-controlled environments exposed.

What: Adds a new DISABLE_UPDATES env var that blocks all update paths including manual claude update.

How: export DISABLE_UPDATES=1 in your shell profile or deployment environment.

WSL inherits Windows-side managed settings

Why: Enterprise admins had to apply managed settings twice — once for Windows, once for each WSL distro — doubling policy drift risk.

What: Adds wslInheritsWindowsSettings policy key so WSL on Windows can inherit Windows-side managed settings.

How: Set wslInheritsWindowsSettings: true in the managed-settings policy.

Auto mode $defaults sentinel

Why: Adding a single custom rule to autoMode.allow/soft_deny/environment silently replaced the entire built-in list — a common footgun.

What: Adds a "$defaults" sentinel you can include in autoMode.allow, autoMode.soft_deny, or autoMode.environment to preserve the built-in list alongside your custom rules.

How: Include "$defaults" in the array to keep built-ins; omit it to replace them.

"Don't ask again" on the auto mode opt-in prompt

Why: Users re-approving auto mode on every launch got prompt fatigue.

What: Adds a "Don't ask again" option to the auto mode opt-in prompt.

How: Check "Don't ask again" when prompted.

claude plugin tag for plugin authors

Why: Plugin authors had to create release tags manually, and version validation was ad-hoc.

What: Adds claude plugin tag which creates release git tags for plugins with version validation.

How: Run claude plugin tag in the plugin directory.

--continue / --resume finds sessions added via /add-dir

Why: Monorepo users pulling subprojects with /add-dir couldn't resume those sessions from elsewhere in the tree.

What: --continue and --resume now find sessions that added the current directory via /add-dir, not only sessions natively rooted there.

How: claude --continue or claude --resume from any directory that was added to a prior session via /add-dir.

/color syncs accent color to Remote Control

Why: Remote Control sessions on mobile/web didn't match the accent color set in the terminal.

What: /color now syncs the session accent color to claude.ai/code when Remote Control is connected.

How: Run /color in a Remote Control-connected session; the color propagates to the web/mobile view.

/model picker honors gateway default overrides

Why: Enterprise users on a custom ANTHROPIC_BASE_URL gateway had the default model names/descriptions show as upstream defaults instead of their overrides.

What: /model picker now honors ANTHROPIC_DEFAULT_*_MODEL_NAME and ANTHROPIC_DEFAULT_*_MODEL_DESCRIPTION overrides when using a custom ANTHROPIC_BASE_URL.

How: Set the env vars alongside ANTHROPIC_BASE_URL; /model reflects them.

Plugin auto-update skips surface in /doctor and /plugin Errors

Why: When auto-update skipped a plugin because another plugin's version constraint blocked it, users had no way to see what got held back.

What: When auto-update skips a plugin due to another plugin's version constraint, the skip now appears in /doctor and the /plugin Errors tab.

How: Check /doctor or the /plugin Errors tab to see skip reasons.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - Vim visual mode lands in the prompt editor
• (00:57) - /usage merges /cost and /stats
• (01:18) - Custom themes plus plugin theme surface
• (01:43) - Hooks can invoke MCP tools...

A dense release. The headline fix: Opus 4.7 finally computes /context against its 1M window instead of 200K, so sessions stop autocompacting prematurely. Pro and Max subscribers get a default effort bump from medium to high on Opus 4.6 and Sonnet 4.6. Plugin ecosystem gets a real overhaul across dependencies, errors, and marketplace auto-resolve — plus managed-settings marketplace enforcement applied uniformly. Native macOS and Linux builds replace Glob and Grep with embedded bfs and ugrep. Forked subagents and agent mcpServers expand to external builds and --agent main-thread sessions. Plus /model persistence, /resume stale-session summarize, Advisor Tool labeling, broader cleanupPeriodDays sweep, and OpenTelemetry enrichments.

Opus 4.7 /context now computed against 1M window

Why: Opus 4.7 shipped with a 1M context window, but Claude Code was still computing /context percentages against 200K, causing premature autocompact warnings.

What: Fixes /context on Opus 4.7 to compute against the native 1M window, eliminating inflated percentages and premature autocompact.

How: Automatic — upgrade to v2.1.117 and Opus 4.7 sessions use 1M as the denominator.

Default effort bumped to high on Opus 4.6 / Sonnet 4.6 for Pro/Max

Why: Pro and Max subscribers were defaulting to medium effort on Opus 4.6 and Sonnet 4.6, under-using available quality on flat-rate plans.

What: Bumps default effort from medium to high for Pro/Max subscribers on Claude Opus 4.6 and Sonnet 4.6.

How: Automatic — set /effort medium explicitly to restore the old default.

Plugin dependency UX overhaul

Why: plugin install bailed with "already installed" when a plugin had unmet deps, errors were cryptic, and adding a marketplace didn't resolve missing deps.

What: plugin install now installs missing deps on already-installed plugins; errors say "not installed" with install hint; plugin marketplace add auto-resolves from configured marketplaces.

How: Re-run plugin install <name> to backfill deps; claude plugin marketplace add <url> now fills in anything missing.

Managed-settings marketplace enforcement

Why: blockedMarketplaces and strictKnownMarketplaces were only enforced on some plugin operations — a policy gap for IT-managed fleets.

What: Enforces blockedMarketplaces and strictKnownMarketplaces on plugin install, update, refresh, and autoupdate operations.

How: Existing managed-settings keys now apply uniformly; no config change needed.

Native builds: Glob and Grep replaced by embedded bfs and ugrep

Why: Separate Glob and Grep tools incurred a per-call round-trip and lacked ugrep's richer pattern features.

What: On native macOS and Linux builds, Glob and Grep are replaced by embedded bfs and ugrep invoked through the Bash tool — faster and more capable.

How: Automatic on native builds; Windows and npm-installed builds unchanged.

Forked subagents opt-in for external builds

Why: Forked subagents were gated behind internal flags, blocking external builds and SDK users from using them.

What: Enables forked subagents on external builds via the CLAUDE_CODE_FORK_SUBAGENT=1 environment variable.

How: export CLAUDE_CODE_FORK_SUBAGENT=1 before launching Claude Code or your SDK session.

Agent mcpServers frontmatter now fires under --agent

Why: Agent-level mcpServers in frontmatter only loaded for subagent invocations, leaving main-thread --agent sessions without agent-specific MCP.

What: Loads agent frontmatter mcpServers for main-thread agent sessions launched via --agent, not only subagents.

How: Add mcpServers: to your agent frontmatter; now applies under claude --agent <name> and subagent launches both.

/model persists across restarts + startup header shows pin source

Why: /model selections could be silently overridden by project pins on restart, and users had no signal about where a pinned model came from.

What: /model selections now persist across restarts even when a project pins a different model, and the startup header shows when the active model comes from a project or managed-settings pin.

How: Automatic — your /model choice sticks; the startup header tells you when a pin is overriding.

/resume offers to summarize stale, large sessions

Why: Re-reading a huge stale session on /resume was slow and dumped a massive context on the model, whereas --resume already offered a summarize path.

What: Adds a summarize-before-re-read prompt to /resume on stale large sessions, matching the existing --resume flag behavior.

How: Run /resume — when a stale large session is detected, accept the summarize offer.

Advisor Tool: experimental label and stuck-error fix

Why: Advisor Tool was preview-quality but lacked that signal, and sessions were getting stuck with "Advisor tool result content could not be processed" on every prompt and /compact.

What: Adds "experimental" label, learn-more link, and startup notification to the Advisor Tool dialog; fixes the persistent result-processing error.

How: Automatic — existing Advisor Tool users get both the labeling and the fix.

cleanupPeriodDays retention extends to more directories

Why: Long-running installs accumulated untracked state in ~/.claude/tasks/, ~/.claude/shell-snapshots/, and ~/.claude/backups/ that retention sweeps didn't touch.

What: cleanupPeriodDays retention sweep now also covers ~/.claude/tasks/, ~/.claude/shell-snapshots/, and ~/.claude/backups/.

How: Automatic on next sweep; existing cleanupPeriodDays setting applies.

OpenTelemetry enrichments

Why: OTEL events lacked signal about which slash command fired and at what effort level, making it hard to attribute cost and latency to code paths.

What: Adds command_name and command_source to user_prompt events; adds effort attribute to cost.usage, token.usage, api_request, and api_error when supported.

How: Automatic; custom/MCP command names are redacted unless OTEL_LOG_TOOL_DETAILS=1 is set.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs:

Performance, security, and developer-UX wins. /resume is up to 67% faster on 40MB+ sessions, MCP startup defers template listing until the first @-mention, /doctor works mid-response, and sandbox auto-allow stops bypassing the dangerous-path safety check. Plus /terminal-setup tuning for fullscreen editor scroll, /reload-plugins auto-installing missing dependencies, the Bash tool surfacing GitHub rate-limit hints, and agent hooks firing under main-thread --agent.

67% faster /resume on large sessions

Why: Users with 40MB+ session files waited noticeable seconds for /resume to load, especially when sessions accumulated many dead-fork entries over time.

What: Makes /resume up to 67% faster on 40MB+ sessions and handles dead-fork-heavy sessions more efficiently during load.

How: Automatic — upgrade to v2.1.116 and run /resume as usual; no config changes needed.

Faster MCP startup, lazy template listing

Why: Sessions with many stdio MCP servers paid a long startup penalty as each server exhaustively listed its resource templates up front.

What: Defers resources/templates/list to the first @-mention, cutting MCP startup time when multiple stdio servers are configured.

How: Automatic on upgrade — the first @-mention in a session triggers template fetches lazily.

/terminal-setup now tunes editor fullscreen scroll

Why: Fullscreen mode in VS Code, Cursor, and Windsurf terminals felt jerky because the editor's built-in scroll sensitivity overrode Claude Code's own.

What: /terminal-setup now configures the editor's terminal scroll sensitivity for smoother fullscreen scrolling across VS Code, Cursor, and Windsurf.

How: Run /terminal-setup once inside each editor; it writes the scroll-sensitivity settings into the editor config for you.

/doctor now works mid-response

Why: You couldn't open /doctor to diagnose a stuck or pathological turn — the slash command was blocked until the current turn finished.

What: Lets /doctor be invoked while Claude is still responding, without waiting for the turn to complete.

How: Type /doctor at any time, even during a running turn; no flags or extra config needed.

/reload-plugins auto-installs missing dependencies

Why: Plugin reloads and background auto-updates would fail or stall when a plugin referenced a dependency from a marketplace you hadn't yet added.

What: /reload-plugins and background plugin auto-update now auto-install missing plugin dependencies from marketplaces you've already added.

How: Run /reload-plugins — missing deps now resolve automatically from known marketplaces; no manual install step needed.

Bash tool surfaces GitHub API rate-limit hints

Why: Agents running gh commands against GitHub would blindly retry on rate-limit, wasting turns and sometimes triggering stricter secondary limits.

What: Bash tool now surfaces a hint when gh commands hit GitHub's API rate limit, so agents can back off instead of retrying.

How: Automatic — agents see the rate-limit hint in tool output and can choose to pause or switch strategies.

Agent hooks: frontmatter now fires under --agent

Why: Agent-level hooks: frontmatter only fired for subagent invocations, leaving main-thread --agent runs without any pre/post hook coverage.

What: Fires the agent's hooks: frontmatter when the agent runs as a main-thread agent via --agent, not only as a subagent.

How: Add hooks: to your agent frontmatter; it now activates under claude --agent <name> as well as subagent launches.

Sandbox auto-allow no longer bypasses dangerous-path safety

Why: A permissive sandbox auto-allow rule could bypass the existing dangerous-path safety check, letting rm hit /, $HOME, or critical system directories.

What: Prevents sandbox auto-allow from bypassing the dangerous-path safety check for rm/rmdir targeting /, $HOME, or other critical system directories.

How: Automatic — existing sandbox config still works; the dangerous-path check now always runs before auto-allowing destructive commands.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - 67% faster /resume on large sessions
• (00:57) - MCP startup rework: lazy template listing
• (01:23) - /terminal-setup tunes editor fullscreen scroll
• (01:51) - /doctor now works mid-response
• (02:15) - /reload-plugins auto-installs missing deps
• (02:40) - Bash tool surfaces gh rate-limit hints
• (03:06) - Agent hooks fire under --agent
• (03:29) - Sandbox dangerous-path safety

Two announcements for API developers. Claude Opus 4.7 is generally available at Opus 4.6 pricing, but ships with breaking API changes: thinking budgets removed, temperature/top_p/top_k now 400s on non-default values, thinking silently omitted by default, and a new tokenizer. Separately, Claude in Amazon Bedrock opens to every Bedrock customer across 27 AWS regions through a new Messages API endpoint at /anthropic/v1/messages — zero operator access from Anthropic, AWS-managed infrastructure.

Claude Opus 4.7 GA with breaking API changes

Why: Developers running complex agentic coding and vision workloads needed better reasoning without paying more, but thinking and sampling APIs required a migration.

What: Launches claude-opus-4-7 generally available at Opus 4.6 pricing ($5/$25 per MTok), with a new tokenizer, high-resolution image support, and breaking API changes.

How: Set model: "claude-opus-4-7", drop temperature/top_p/top_k, switch thinking to {"type": "adaptive"}, and review the migration guide before cutting over.

Claude in Amazon Bedrock — open to all customers

Why: AWS-heavy customers needed Claude running entirely inside their security boundary with AWS billing, but Bedrock access was gated and API-shape-divergent.

What: Opens Claude Opus 4.7 and Claude Haiku 4.5 self-serve to all Amazon Bedrock customers via the Messages API endpoint at /anthropic/v1/messages, across 27 AWS regions.

How: Call POST https://bedrock-mantle.{region}.api.aws/anthropic/v1/messages with model ID anthropic.claude-opus-4-7, or install pip install -U "anthropic[bedrock]".

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Platform release notes.

Full release notes: platform.claude.com/docs/en/release-notes/api

Claude API docs: platform.claude.com/docs/en/api

• (00:00) - Claude Opus 4.7 GA with breaking API changes
• (01:39) - Claude in Amazon Bedrock GA

A structural change under the hood (native binary CLI) combined with five genuine security hardenings — deny-rule wrapper matching, find flag scoping, macOS /private path protection, the dangerouslyDisableSandbox permission prompt, and a real Bash UI-spoofing fix. Plus sandbox network deny-lists, faster /ultrareview, Remote Control parity for /extra-usage and @-file autocomplete, and a subagent stall timeout.

Native Claude Code binary

Why: The bundled-JavaScript CLI paid a Node startup cost on every invocation and pulled a full runtime into every install.

What: The CLI now spawns a native Claude Code binary via per-platform optional dependencies. No JS runtime needed at launch — faster starts, smaller footprint.

How: Automatic on upgrade. claude picks the right platform binary; no configuration required.

sandbox.network.deniedDomains

Why: A broad allowedDomains wildcard couldn't carve out a hostile subdomain you still wanted blocked.

What: New sandbox.network.deniedDomains setting blocks specific domains even when a broader wildcard would otherwise permit them. Deny wins.

How: Add "deniedDomains": ["evil.example.com"] under sandbox.network in settings.json.

/loop improvements

Why: Queued /loop wakeups couldn't be cancelled cleanly, and generic "Claude woke up" labels confused users.

What: Esc now cancels pending /loop wakeups; wakeups display as "Claude resuming /loop wakeup" for clarity.

How: Hit Esc during a wakeup wait to cancel.

/extra-usage on Remote Control

Why: Mobile/web Remote Control clients couldn't check plan usage without jumping back to the terminal.

What: /extra-usage now works from Remote Control sessions.

How: Type /extra-usage in any Remote Control session.

Remote Control @-file autocomplete

Why: Typing file paths blind on mobile was painful — no discovery, no completion.

What: Remote Control clients can now query @-file autocomplete suggestions, matching the local CLI.

How: Type @ in a Remote Control session.

Faster /ultrareview launch

Why: Sequential cold-launch checks and no progress signal made /ultrareview feel slow before any feedback.

What: Parallelized launch checks, a diffstat in the launch dialog, and an animated launching state.

How: /ultrareview or /ultrareview <PR#>.

Subagent stall timeout

Why: A subagent that stalled mid-stream left the parent session waiting silently with no signal.

What: Stalls now fail with a clear error after 10 minutes instead of hanging indefinitely.

How: Automatic.

Bash multi-line comment fix (UI-spoofing)

Why: A multi-line Bash command whose first line was a comment only showed the comment in the transcript — a UI-spoofing vector for prompt injection.

What: The Bash tool now shows the full multi-line command in the transcript regardless of whether the first line is a comment.

How: No action. Upgrade to v2.1.113 and transcripts render full command bodies.

cd no-op + git no prompt

Why: cd <cwd> && git status redundantly prompted because the compound-command rule treated the no-op cd as a separate step.

What: cd <cwd> && git … no longer prompts when the cd is a no-op. Real directory changes still prompt.

How: Automatic.

macOS /private paths dangerous under Bash(rm:*)

Why: macOS maps /private/{etc,var,tmp,home} to /etc, /var, etc. An rm -rf /private/etc under Bash(rm:*) wouldn't trigger dangerous-path protection.

What: Both /etc and /private/etc spellings now treated as dangerous removal targets.

How: Automatic whenever Bash(rm:*) is allowed.

Exec-wrapper deny-rule matching

Why: Deny rules missed sudo rm, env FOO=1 rm, watch rm, and similar wrapped invocations — a bypass path for attackers or confused agents.

What: Bash deny rules now match commands wrapped in env, sudo, watch, ionice, setsid, and similar wrappers. Symmetric with allow-side stripping.

How: No action. Existing deny rules automatically cover wrapped variants.

find -exec / -delete no auto-approve

Why: Bash(find:*) allow rules auto-approved find . -exec rm -rf {} \; and find . -delete — destructive flags weren't inspected.

What: Bash(find:*) no longer auto-approves find -exec or -delete; those fall back to the prompt.

How: Approve explicitly when legitimately needed, or add a narrower allow rule.

dangerouslyDisableSandbox permission fix

Why: Commands using dangerouslyDisableSandbox could execute outside the sandbox without a permission prompt — a silent security-contract break.

What: Every dangerouslyDisableSandbox invocation now triggers the standard permission prompt.

How: Automatic. Lock the escape hatch entirely with "sandbox": { "allowUnsandboxedCommands": false }.

Session recap composing-text fix

Why: Session recap auto-fired while you had unsent text in the prompt, interrupting mid-thought.

What: Session recap now waits until the prompt buffer is empty or submitted.

How: Automatic. Force one manually with /recap.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - Native Claude Code binary
• (01:08) - sandbox.network.deniedDomains
• (01:45) - /loop improvements
• (02:08) - /extra-usage on Remote Control
• (02:25) - Remote Control @-file autocomplete
• (02:43) - Faster /ultrareview launch
• (03:08) - Subagent stall timeout
• (03:40) - Bash multi-line comment fix
• (04:32) - cd no-op + git no prompt
• (04:57) - macOS /private paths dangerous
• (05:39) - Exec-wrapper deny-rule matching
• (06:21) - find -exec / -delete no auto-approve
• (06:59) - dangerouslyDisableSandbox permission fix
• (07:45) - Session recap composing-text fix

A dense release — Opus 4.7 becomes the default flagship, a brand-new xhigh effort level lands between high and max, and two cloud-backed skills ship simultaneously. Plus a native Windows PowerShell tool, Auto mode as a first-class permission mode, and a handful of DX wins.

Opus 4.7 + Auto mode for Max

Why: Max subscribers juggled plans and manual model switches when they wanted the strongest reasoning during complex agentic work.

What: Opus 4.7 is now the default opus alias on the Anthropic API, and Auto mode is available to Max subscribers when Opus 4.7 is active.

How: claude --model opus, then /permissions to set defaultMode: auto.

New xhigh effort level

Why: high was starting to feel thin on Opus 4.7's harder tasks; max is uncapped and burns tokens on routine prompts.

What: A new Opus-4.7-only level between high and max. It's the default effort on Opus 4.7 across every plan and provider. Other models fall back to high.

How: /effort xhigh, claude --effort xhigh, or CLAUDE_CODE_EFFORT_LEVEL=xhigh.

/effort interactive slider

Why: Remembering five level names broke flow when changing how hard the model thinks.

What: Running /effort with no arguments opens an interactive slider; arrow keys navigate levels, Enter confirms. The same slider appears in /model via left/right arrows.

How: /effort (no args) then arrow keys + Enter.

Auto (match terminal) theme

Why: Claude Code's theme drifted out of sync with the terminal's dark/light mode.

What: A new "Auto (match terminal)" theme option follows your terminal's light/dark signal live.

How: /theme → "Auto (match terminal)".

/less-permission-prompts skill

Why: Power users accumulate dozens of small permission prompts — ls, rg, git status — that interrupt flow.

What: Scans recent transcripts for common read-only Bash and MCP tool calls and proposes a prioritized allowlist to paste into .claude/settings.json.

How: /less-permission-prompts.

/ultrareview command

Why: Comprehensive code review wants multiple perspectives — security, performance, style — and running them sequentially hits context limits.

What: Runs comprehensive code review in the cloud using parallel multi-agent analysis and critique. No arguments reviews current branch; a PR number fetches and reviews that PR.

How: /ultrareview or /ultrareview 1234.

Auto mode — no flag required

Why: Auto mode was gated behind the --enable-auto-mode startup flag, requiring opt-in on every launch.

What: Auto mode is now a first-class permission mode; the startup flag is gone. The classifier still gates risky actions.

How: /permissions → Auto, or "permissions": { "defaultMode": "auto" } in settings.json.

PowerShell tool on Windows

Why: Windows users routed shell work through Git Bash, which broke native PowerShell idioms and paths.

What: A native PowerShell tool is rolling out progressively on Windows. Opt in or out with CLAUDE_CODE_USE_POWERSHELL_TOOL. Linux/macOS also work with pwsh on PATH.

How: export CLAUDE_CODE_USE_POWERSHELL_TOOL=1.

Bash globs skip permission prompts

Why: Routine ls *.ts and cd packages/api && ls still triggered permission prompts.

What: Read-only Bash commands with glob patterns, and commands starting with cd <project-dir> &&, no longer prompt. Write-capable commands like find and sed still prompt.

How: Nothing to configure.

/setup-vertex & /setup-bedrock polish

Why: Enterprise users re-running the provider wizards had to retype model IDs and re-discover settings.json paths.

What: Both wizards now show the actual settings.json path when CLAUDE_CONFIG_DIR is set, seed model candidates from existing pins on re-run, and offer a "with 1M context" option for supported models.

How: /setup-vertex or /setup-bedrock.

plugin_errors in stream-json init

Why: Headless SDK pipelines couldn't tell whether a plugin was silently demoted at startup for unsatisfied dependencies.

What: Headless --output-format stream-json now includes a plugin_errors field on the init event, distinguishing conflicting, invalid, and overly complex version requirements.

How: claude -p "..." --output-format stream-json and inspect init.plugin_errors.

OTEL_LOG_RAW_API_BODIES env var

Why: Debugging anomalous model behavior requires seeing exact request and response bodies, which metrics alone can't capture.

What: New OTEL_LOG_RAW_API_BODIES emits full API request/response bodies as OpenTelemetry log events.

How: export OTEL_LOG_RAW_API_BODIES=1 alongside CLAUDE_CODE_ENABLE_TELEMETRY=1.

Reverted non-streaming retry cap

Why: The v2.1.110 retry cap avoided multi-minute hangs but pushed transient failures into outright errors.

What: The cap is reverted. Non-streaming fallbacks retry longer during API overload, trading occasional long waits for fewer outright failures.

How: No action — behavior reverts automatically.

Windows CLAUDE_ENV_FILE support

Why: On Windows, CLAUDE_ENV_FILE and SessionStart hook env files were silent no-ops.

What: Both mechanisms now apply on Windows. Env state set in the file or SessionStart hook carries into subsequent Bash and PowerShell tool calls.

How: set CLAUDE_ENV_FILE=C:\path\to\setup.ps1 or equivalent in .claude/settings.json.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - Opus 4.7 + Auto mode for Max
• (01:28) - New xhigh effort level
• (02:08) - /effort interactive slider
• (02:45) - Auto (match terminal) theme
• (03:08) - /less-permission-prompts skill
• (03:52) - /ultrareview command
• (04:26) - Auto mode — no flag required
• (05:07) - PowerShell tool on Windows
• (05:41) - Bash globs skip permission prompts
• (06:19) - /setup-vertex & /setup-bedrock polish
• (06:59) - plugin_errors in stream-json init
• (07:31) - OTEL_LOG_RAW_API_BODIES env var
• (07:59) - Reverted non-streaming retry cap
...

A packed release — fourteen features advanced users will feel day one. New slash commands, a push notification tool Claude itself can invoke, distributed tracing for SDK sessions, and a real security hardening pass on hooks.

/tui command for fullscreen mode

Why: Switching between normal and fullscreen rendering previously required restarting the CLI, losing conversation state mid-task.

What: Adds a /tui slash command and matching tui setting that switches the active session to a flicker-free fullscreen renderer without reload.

How: Run /tui fullscreen inside any session, or set "tui": "fullscreen" in settings to make it the default.

autoScrollEnabled config for fullscreen

Why: Auto-scroll in long fullscreen conversations kept yanking focus away from earlier output users were reading.

What: Adds an autoScrollEnabled settings key that lets you keep the scrollback anchored where you left it in fullscreen mode.

How: Set "autoScrollEnabled": false in settings.json or toggle it under /config while in fullscreen.

Push notification tool for Claude

Why: Long-running agentic work left users tied to the terminal, unable to step away without missing prompts.

What: Adds a push-notification tool the model can invoke to ping your phone when it decides attention is needed, gated on Remote Control.

How: Enable Remote Control and the Push when Claude decides config, then Claude triggers pushes on its own.

/focus command and Ctrl+O rework

Why: The old Ctrl+O shortcut mixed two unrelated concerns — transcript verbosity and focus-view toggling — making muscle memory unreliable.

What: Splits the shortcut: Ctrl+O now toggles normal versus verbose transcript only; the new /focus command toggles the focus view independently.

How: Press Ctrl+O for verbose output, or run /focus to enter or leave the focus pane.

Ctrl+G external editor carries last response

Why: Drafting long prompts in the external editor left authors blind to Claude's prior reply, forcing copy-paste of context.

What: Adds an opt-in option that injects Claude's last response as commented context into the Ctrl+G external-editor buffer.

How: Enable it under /config (external editor section), then Ctrl+G launches your editor with commented prior reply preloaded.

/context, /exit, /reload-plugins on Remote Control

Why: Mobile and web Remote Control clients could not inspect context, reload plugins, or cleanly exit — forcing a return to the laptop.

What: Adds /context, /exit, and /reload-plugins as supported commands inside Remote Control sessions initiated from mobile or web.

How: In any Remote Control session, type /context, /exit, or /reload-plugins — they behave the same as the local CLI.

--resume restores scheduled tasks

Why: Resumed sessions were wiping pending scheduled tasks the user had queued, forcing manual re-entry of cron-like work.

What: --resume and --continue now resurrect unexpired scheduled tasks so they fire on their original timeline after reload.

How: Just run claude --resume <session-id> or claude --continue; scheduled tasks are re-armed automatically.

Write tool sees IDE diff edits

Why: When users tweaked a proposed edit in the IDE diff before accepting, Claude thought its original content shipped — leading to incorrect follow-up edits.

What: The Write tool now tells the model when the IDE diff was modified before acceptance so the model reasons against the actual saved file.

How: Automatic when running Claude Code with an IDE integration (VS Code or JetBrains); no user action required.

Bash tool enforces documented timeout cap

Why: Sessions set Bash timeouts above the documented max and then blocked indefinitely, wedging the whole CLI on a stuck child process.

What: The Bash tool now clamps any requested timeout to the documented maximum rather than accepting arbitrarily large values.

How: Use the normal timeout parameter; values above the documented ceiling are silently lowered to the cap.

TRACEPARENT/TRACESTATE for SDK tracing

Why: SDK and headless Claude Code sessions were disconnected from distributed-trace graphs in observability tools like Honeycomb and Datadog.

What: SDK/headless sessions now read TRACEPARENT and TRACESTATE from the environment, linking the session span into an upstream trace.

How: Export TRACEPARENT=<w3c-traceparent> (and optionally TRACESTATE) before invoking claude in headless or SDK mode.

Session recap default for telemetry-off users

Why: Bedrock, Vertex, Foundry, and DISABLE_TELEMETRY users lost the new recap feature because it was gated on telemetry being on.

What: Enables session recap by default for telemetry-disabled users, with an explicit opt-out via /config or an env-var kill switch.

How: Default is on — opt out with /config or set CLAUDE_CODE_ENABLE_AWAY_SUMMARY=0 in your environment.

/doctor warns on mismatched MCP scopes

Why: Running the same MCP server name in user and project scope with different endpoints silently misbehaved — hard to diagnose.

What: Improves /doctor to detect and warn when an MCP server id is defined in multiple config scopes pointing at different endpoints.

How: Run /doctor and scan for the new MCP-scope mismatch warning; press f to let Claude fix the conflict.

Hardened Open-in-editor against filename injection

Why: A crafted filename could inject shell commands into the external-editor launch flow, giving an attacker code execution in the user's shell.

What: Hardens the "Open in editor" action to quote and sanitize filenames before passing them to the external editor command.

How: Automatic; no configuration — pull the latest Claude Code and the fix is active.

Hooks honor permissions.deny on updatedInput

Why: A PermissionRequest hook could rewrite a tool call via updatedInput and bypass the user's permissions.deny list — a real privilege-escalation path.

What: Re-checks updatedInput against permissions.deny after the hook runs, and makes setMode:'bypassPermissions' respect disableBypassPermissionsMode.

How: No action needed; upgrade to 2.1.110. Managed settings can set "disableBypassPermissionsMode": "disable" to enforce organization-wide.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANG...

A one-bullet polish release. Default filter would have skipped this; published per explicit override.

Live thinking progress hint

Why: The previous static "thinking…" indicator gave no signal of progress, so during long extended-thinking passes you couldn't tell if Claude was still working or quietly hung.

What: Adds a rotating progress hint to the extended-thinking indicator, so the visual updates while the model reasons rather than sitting frozen.

How: Automatic — no user action required. Works in any session with extended thinking on (the default); press Ctrl+O to also see the underlying reasoning text in verbose mode.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

A patch release, but genuinely workflow-relevant for advanced users: new cache-TTL knobs, a brand-new /recap command, the Skill tool can now invoke built-in slash commands, and a couple of defaults quietly moved in your favor.

1-hour prompt cache TTL

Why: The default 5-minute prompt cache expired between exchanges in long sessions, so every deep conversation kept re-paying for the same cached tokens.

What: Adds opt-in env var ENABLE_PROMPT_CACHING_1H for 1-hour cache TTL across API key, Bedrock, Vertex, and Foundry; deprecates ENABLE_PROMPT_CACHING_1H_BEDROCK; adds FORCE_PROMPT_CACHING_5M to force the old default back.

How: export ENABLE_PROMPT_CACHING_1H=true before starting Claude Code.

/recap command for returning to a session

Why: Coming back to a long session meant scrolling the transcript or asking Claude "where were we" — manual context recovery every time.

What: A new recap feature that summarizes session state and unfinished work, auto-offered when returning; configurable in /config.

How: Type /recap any time, or force it on for telemetry-disabled setups with CLAUDE_CODE_ENABLE_AWAY_SUMMARY=true.

Skill tool can invoke built-in commands

Why: Claude couldn't reach its own built-in commands like /init, /review, /security-review during agentic work.

What: The model now discovers and invokes the bundled slash commands through the Skill tool, the same mechanism that runs user-defined skills.

How: Automatic — no user action required.

/undo is now an alias for /rewind

Why: Muscle-memory /undo got "unknown command" for users who expected the standard name.

What: /undo is wired as an alias for the existing /rewind command.

How: Type /undo — identical behavior to /rewind.

/model warns before mid-conversation switches

Why: Switching models mid-conversation silently invalidates the prompt cache — the next response re-reads the full history uncached.

What: /model now prints a warning before the switch takes effect.

How: Run /model mid-conversation and read the prompt before confirming.

/resume defaults to current directory

Why: The picker listed sessions across every project, so picking up today's work meant scrolling past stale sessions.

What: The picker now filters to sessions started in the current working directory by default.

How: Type /resume — press Ctrl+A inside the picker to show sessions from all projects.

Better error messages

Why: Failures were ambiguous between server rate limits, plan usage limits, transient 5xx, and slash command typos.

What: Error output now distinguishes server rate limits from plan limits, links 5xx/529 to status.claude.com, and suggests the closest match for unknown slash commands.

How: Automatic — the next failure will show richer, actionable text.

Startup warning when prompt caching is disabled

Why: DISABLE_PROMPT_CACHING* env vars silently kill caching, often inherited from shared dotfiles.

What: Claude Code now prints a warning at startup whenever any DISABLE_PROMPT_CACHING* env var is set.

How: Automatic — if you see the warning, unset DISABLE_PROMPT_CACHING in your shell.

DISABLE_TELEMETRY no longer caps cache at 5 minutes

Why: Users who disabled telemetry assumed they were getting the default 1-hour cache TTL. They weren't — the flag silently forced a 5-minute fallback.

What: Fix: DISABLE_TELEMETRY users now get the expected 1-hour TTL.

How: Automatic — upgrade to 2.1.108. Pair with ENABLE_PROMPT_CACHING_1H if you want it explicit.

Hosts: Alex Chen & Sarah Kim · Generated from the official Claude Code CHANGELOG.

Full changelog: github.com/anthropics/claude-code/CHANGELOG.md

Claude Code docs: code.claude.com/docs

• (00:00) - 1-hour prompt cache TTL
• (00:54) - DISABLE_TELEMETRY cap fix
• (01:18) - Disabled-caching startup warning
• (01:47) - /recap command
• (02:33) - /resume defaults to current directory
• (02:50) - /undo alias for /rewind
• (03:10) - Skill tool invokes built-ins
• (03:59) - /model switch warning
• (04:25) - Better error messages