Claude Code

• Claude Opus 4.7 xhigh is now available! Use /effort to tune speed vs. intelligence
• Auto mode is now available for Max subscribers when using Opus 4.7
• Added xhigh effort level for Opus 4.7, sitting between high and max. Available via /effort, --effort, and the model picker; other models fall back to high
• /effort now opens an interactive slider when called without arguments, with arrow-key navigation between levels and Enter to confirm
• Added "Auto (match terminal)" theme option that matches your terminal's dark/light mode — select it from /theme
• Added /less-permission-prompts skill — scans transcripts for common read-only Bash and MCP tool calls and proposes a prioritized allowlist for .claude/settings.json
• Added /ultrareview for running comprehensive code review in the cloud using parallel multi-agent analysis and critique — invoke with no arguments to review your current branch, or /ultrareview <PR#> to fetch and review a specific GitHub PR
• Auto mode no longer requires --enable-auto-mode
• Windows: PowerShell tool is progressively rolling out. Opt in or out with CLAUDE_CODE_USE_POWERSHELL_TOOL. On Linux and macOS, enable with CLAUDE_CODE_USE_POWERSHELL_TOOL=1 (requires pwsh on PATH)
• Read-only bash commands with glob patterns (e.g. ls *.ts) and commands starting with cd <project-dir> && no longer trigger a permission prompt
• Suggest the closest matching subcommand when claude <word> is invoked with a near-miss typo (e.g. claude udpate → "Did you mean claude update?")
• Plan files are now named after your prompt (e.g. fix-auth-race-snug-otter.md) instead of purely random words
• Improved /setup-vertex and /setup-bedrock to show the actual settings.json path when CLAUDE_CONFIG_DIR is set, seed model candidates from existing pins on re-run, and offer a "with 1M context" option for supported models
• /skills menu now supports sorting by estimated token count — press t to toggle
• Ctrl+U now clears the entire input buffer (previously: delete to start of line); press Ctrl+Y to restore
• Ctrl+L now forces a full screen redraw in addition to clearing the prompt input
• Transcript view footer now shows [ (dump to scrollback) and v (open in editor) shortcuts
• The "+N lines" marker for truncated long pastes is now a full-width rule for easier scanning
• Headless --output-format stream-json now includes plugin_errors on the init event when plugins are demoted for unsatisfied dependencies
• Added OTEL_LOG_RAW_API_BODIES environment variable to emit full API request and response bodies as OpenTelemetry log events for debugging
• Suppressed spurious decompression, network, and transient error messages that could appear in the TUI during normal operation
• Reverted the v2.1.110 cap on non-streaming fallback retries — it traded long waits for more outright failures during API overload
• Fixed terminal display tearing (random characters, drifting input) in iTerm2 + tmux setups when terminal notifications are sent
• Fixed @ file suggestions re-scanning the entire project on every turn in non-git working directories, and showing only config files in freshly-initialized git repos with no tracked files
• Fixed LSP diagnostics from before an edit appearing after it, causing the model to re-read files it just edited
• Fixed tab-completing /resume immediately resuming an arbitrary titled session instead of showing the session picker
• Fixed /context grid rendering with extra blank lines between rows
• Fixed /clear dropping the session name set by /rename, causing statusline output to lose session_name
• Improved plugin error handling: dependency errors now distinguish conflicting, invalid, and overly complex version requirements; fixed stale resolved versions after plugin update; plugin install now recovers from interrupted prior installs
• Fixed Claude calling a non-existent commit skill and showing "Unknown skill: commit" for users without a custom /commit command
• Fixed 429 rate-limit errors on Bedrock/Vertex/Foundry referencing status.claude.com (it only covers Anthropic-operated providers)
• Fixed feedback surveys appearing back-to-back after dismissing one
• Fixed bare URLs in bash/PowerShell/MCP tool output being unclickable when the terminal wraps them across lines
• Windows: CLAUDE_ENV_FILE and SessionStart hook environment files now apply (previously a no-op)
• Windows: permission rules with drive-letter paths are now correctly root-anchored, and paths differing only by drive-letter case are recognized as the same path

• Fixed "claude-opus-4-7 is temporarily unavailable" for auto mode

• Improved the extended-thinking indicator with a rotating progress hint

• Added /tui command and tui setting — run /tui fullscreen to switch to flicker-free rendering in the same conversation
• Added push notification tool — Claude can send mobile push notifications when Remote Control and "Push when Claude decides" config are enabled
• Changed Ctrl+O to toggle between normal and verbose transcript only; focus view is now toggled separately with the new /focus command
• Added autoScrollEnabled config to disable conversation auto-scroll in fullscreen mode
• Added option to show Claude's last response as commented context in the Ctrl+G external editor (enable via /config)
• Improved /plugin Installed tab — items needing attention and favorites appear at the top, disabled items are hidden behind a fold, and f favorites the selected item
• Improved /doctor to warn when an MCP server is defined in multiple config scopes with different endpoints
• --resume/--continue now resurrects unexpired scheduled tasks
• /autocompact, /context, /exit, and /reload-plugins now work from Remote Control (mobile/web) clients
• Write tool now informs the model when you edit the proposed content in the IDE diff before accepting
• Bash tool now enforces the documented maximum timeout instead of accepting arbitrarily large values
• SDK/headless sessions now read TRACEPARENT/TRACESTATE from the environment for distributed trace linking
• Session recap is now enabled for users with telemetry disabled (Bedrock, Vertex, Foundry, DISABLE_TELEMETRY). Opt out via /config or CLAUDE_CODE_ENABLE_AWAY_SUMMARY=0.
• Fixed MCP tool calls hanging indefinitely when the server connection drops mid-response on SSE/HTTP transports
• Fixed non-streaming fallback retries causing multi-minute hangs when the API is unreachable
• Fixed session recap, local slash-command output, and other system status lines not appearing in focus mode
• Fixed high CPU usage in fullscreen when text is selected while a tool is running
• Fixed plugin install not honoring dependencies declared in plugin.json when the marketplace entry omits them; /plugin install now lists auto-installed dependencies
• Fixed skills with disable-model-invocation: true failing when invoked via /<skill> mid-message
• Fixed --resume sometimes showing the first prompt instead of the /rename name for sessions still running or exited uncleanly
• Fixed queued messages briefly appearing twice during multi-tool-call turns
• Fixed session cleanup not removing the full session directory including subagent transcripts
• Fixed dropped keystrokes after the CLI relaunches (e.g. /tui, provider setup wizards)
• Fixed garbled startup rendering in macOS Terminal.app and other terminals that don't support synchronized output
• Hardened "Open in editor" actions against command injection from untrusted filenames
• Fixed PermissionRequest hooks returning updatedInput not being re-checked against permissions.deny rules; setMode:'bypassPermissions' updates now respect disableBypassPermissionsMode
• Fixed PreToolUse hook additionalContext being dropped when the tool call fails
• Fixed stdio MCP servers that print stray non-JSON lines to stdout being disconnected on the first stray line (regression in 2.1.105)
• Fixed headless/SDK session auto-title firing an extra Haiku request when CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC or CLAUDE_CODE_DISABLE_TERMINAL_TITLE is set
• Fixed potential excessive memory allocation when piped (non-TTY) Ink output contains a single very wide line
• Fixed /skills menu not scrolling when the list overflows the modal in fullscreen mode
• Fixed Remote Control sessions showing a generic error instead of prompting for re-login when the session is too old
• Fixed Remote Control session renames from claude.ai not persisting the title to the local CLI session

• Show thinking hints sooner during long operations

• Added ENABLE_PROMPT_CACHING_1H env var to opt into 1-hour prompt cache TTL on API key, Bedrock, Vertex, and Foundry (ENABLE_PROMPT_CACHING_1H_BEDROCK is deprecated but still honored), and FORCE_PROMPT_CACHING_5M to force 5-minute TTL
• Added recap feature to provide context when returning to a session, configurable in /config and manually invocable with /recap; force with CLAUDE_CODE_ENABLE_AWAY_SUMMARY if telemetry disabled.
• The model can now discover and invoke built-in slash commands like /init, /review, and /security-review via the Skill tool
• /undo is now an alias for /rewind
• Improved /model to warn before switching models mid-conversation, since the next response re-reads the full history uncached
• Improved /resume picker to default to sessions from the current directory; press Ctrl+A to show all projects
• Improved error messages: server rate limits are now distinguished from plan usage limits; 5xx/529 errors show a link to status.claude.com; unknown slash commands suggest the closest match
• Reduced memory footprint for file reads, edits, and syntax highlighting by loading language grammars on demand
• Added "verbose" indicator when viewing the detailed transcript (Ctrl+O)
• Added a warning at startup when prompt caching is disabled via DISABLE_PROMPT_CACHING* environment variables
• Fixed paste not working in the /login code prompt (regression in 2.1.105)
• Fixed subscribers who set DISABLE_TELEMETRY falling back to 5-minute prompt cache TTL instead of 1 hour
• Fixed Agent tool prompting for permission in auto mode when the safety classifier's transcript exceeded its context window
• Fixed Bash tool producing no output when CLAUDE_ENV_FILE (e.g. ~/.zprofile) ends with a # comment line
• Fixed claude --resume <session-id> losing the session's custom name and color set via /rename
• Fixed session titles showing placeholder example text when the first message is a short greeting
• Fixed terminal escape codes appearing as garbage text in the prompt input after --teleport
• Fixed /feedback retry: pressing Enter to resubmit after a failure now works without first editing the description
• Fixed --teleport and --resume <id> precondition errors (e.g. dirty git tree, session not found) exiting silently instead of showing the error message
• Fixed Remote Control session titles set in the web UI being overwritten by auto-generated titles after the third message
• Fixed --resume truncating sessions when the transcript contained a self-referencing message
• Fixed transcript write failures (e.g., disk full) being silently dropped instead of being logged
• Fixed diacritical marks (accents, umlauts, cedillas) being dropped from responses when the language setting is configured
• Fixed policy-managed plugins never auto-updating when running from a different project than where they were first installed

• Added path parameter to the EnterWorktree tool to switch into an existing worktree of the current repository
• Added PreCompact hook support: hooks can now block compaction by exiting with code 2 or returning {"decision":"block"}
• Added background monitor support for plugins via a top-level monitors manifest key that auto-arms at session start or on skill invoke
• /proactive is now an alias for /loop
• Improved stalled API stream handling: streams now abort after 5 minutes of no data and retry non-streaming instead of hanging indefinitely
• Improved network error messages: connection errors now show a retry message immediately instead of a silent spinner
• Improved file write display: long single-line writes (e.g. minified JSON) are now truncated in the UI instead of paginating across many screens
• Improved /doctor layout with status icons; press f to have Claude fix reported issues
• Improved /config labels and descriptions for clarity
• Improved skill description handling: raised the listing cap from 250 to 1,536 characters and added a startup warning when descriptions are truncated
• Improved WebFetch to strip <style> and <script> contents from fetched pages so CSS-heavy pages no longer exhaust the content budget before reaching actual text
• Improved stale agent worktree cleanup to remove worktrees whose PR was squash-merged instead of keeping them indefinitely
• Improved MCP large-output truncation prompt to give format-specific recipes (e.g. jq for JSON, computed Read chunk sizes for text)
• Fixed images attached to queued messages (sent while Claude is working) being dropped
• Fixed screen going blank when the prompt input wraps to a second line in long conversations
• Fixed leading whitespace getting copied when selecting multi-line assistant responses in fullscreen mode
• Fixed leading whitespace being trimmed from assistant messages, breaking ASCII art and indented diagrams
• Fixed garbled bash output when commands print clickable file links (e.g. Python rich/loguru logging)
• Fixed alt+enter not inserting a newline in terminals using ESC-prefix alt encoding, and Ctrl+J not inserting a newline (regression in 2.1.100)
• Fixed duplicate "Creating worktree" text in EnterWorktree/ExitWorktree tool display
• Fixed queued user prompts disappearing from focus mode
• Fixed one-shot scheduled tasks re-firing repeatedly when the file watcher missed the post-fire cleanup
• Fixed inbound channel notifications being silently dropped after the first message for Team/Enterprise users
• Fixed marketplace plugins with package.json and lockfile not having dependencies installed automatically after install/update
• Fixed marketplace auto-update leaving the official marketplace in a broken state when a plugin process holds files open during the update
• Fixed "Resume this session with…" hint not printing on exit after /resume, --worktree, or /branch
• Fixed feedback survey shortcut keys firing when typed at the end of a longer prompt
• Fixed stdio MCP server emitting malformed (non-JSON) output hanging the session instead of failing fast with "Connection closed"
• Fixed MCP tools missing on the first turn of headless/remote-trigger sessions when MCP servers connect asynchronously
• Fixed /model picker on AWS Bedrock in non-US regions persisting invalid us.* model IDs to settings.json when inference profile discovery is still in-flight
• Fixed 429 rate-limit errors showing a raw JSON dump instead of a clean message for API-key, Bedrock, and Vertex users
• Fixed crash on resume when session contains malformed text blocks
• Fixed /help dropping the tab bar, Shortcuts heading, and footer at short terminal heights
• Fixed malformed keybinding entry values in keybindings.json being silently loaded instead of rejected with a clear error
• Fixed CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC in one project's settings permanently disabling usage metrics for all projects on the machine
• Fixed washed-out 16-color palette when using Ghostty, Kitty, Alacritty, WezTerm, foot, rio, or Contour over SSH/mosh
• Fixed Bash tool suggesting acceptEdits permission mode when exiting plan mode would downgrade from a higher permission level

Added:

• /team-onboarding command to generate teammate ramp-up guides from local Claude Code usage
• OS CA certificate store trust by default for enterprise TLS proxies (set CLAUDE_CODE_CERT_STORE=bundled to use only bundled CAs)
• Auto-creation of default cloud environment for /ultraplan and remote-session features
• Monitor tool for streaming events from background scripts
• Subprocess sandboxing with PID namespace isolation on Linux via CLAUDE_CODE_SUBPROCESS_ENV_SCRUB
• CLAUDE_CODE_SCRIPT_CAPS env var to limit per-session script invocations
• CLAUDE_CODE_PERFORCE_MODE env var for p4 edit hints on read-only files
• --exclude-dynamic-system-prompt-sections flag for improved cross-user prompt caching
• workspace.git_worktree to status line JSON input
• W3C TRACEPARENT env var to Bash tool subprocesses for proper OTEL trace parenting
• LSP clientInfo identification

Improved:

• Brief mode now retries when Claude responds with plain text
• Focus mode with more self-contained summaries
• Tool-not-available errors with explanations and solutions
• Rate-limit retry messages showing which limit was hit and reset time
• Refusal error messages with API-provided explanations
• claude -p --resume <name> to accept titles from /rename or --name
• Settings resilience for unrecognized hook event names
• Plugin hooks from force-enabled plugins run when allowManagedHooksOnly is set
• /plugin and claude plugin update warnings when marketplace refresh fails
• Plan mode hides "Refine with Ultraplan" when org can't reach Claude Code on web
• Beta tracing to honor OTEL_LOG_USER_PROMPTS, OTEL_LOG_TOOL_DETAILS, and OTEL_LOG_TOOL_CONTENT
• SDK query() cleanup of subprocess and temp files on break/await using
• /resume filter hints and project/worktree/branch names in indicator
• Footer indicators to stay on mode-indicator row at narrow widths
• /agents with tabbed layout (Running/Library tabs)
• /reload-plugins to pick up plugin-provided skills without restart
• Accept Edits mode to auto-approve filesystem commands with safe env vars
• Vim mode: j/k in NORMAL mode navigate history and select footer pill
• Hook errors with first line of stderr for diagnosis
• OTEL tracing with correct interaction span wrapping and per-turn span ending
• Transcript entries with final token usage instead of streaming placeholders
• Updated /claude-api skill to cover Managed Agents

Fixed:

• Command injection vulnerability in POSIX which fallback for LSP binary detection
• Memory leak in long sessions with historical message copies in virtual scroller
• --resume/--continue losing context on large sessions
• Chain recovery bridging into unrelated subagent conversations
• Crash on --resume with missing Edit/Write tool result file_path
• Hardcoded 5-minute request timeout aborting slow backends
• permissions.deny rules not overriding PreToolUse hook's permissionDecision: "ask"
• --setting-sources without user causing aggressive history deletion
• Bedrock SigV4 authentication with Authorization headers
• claude -w <name> failing after stale worktree cleanup
• Subagents not inheriting MCP tools from dynamically-injected servers
• Sub-agents in isolated worktrees denied Read/Edit access to their own files
• Sandboxed Bash commands failing with mktemp errors after fresh boot
• claude mcp serve tool calls failing in MCP clients validating outputSchema
• RemoteTrigger tool's run action sending empty body
• Multiple /resume picker issues (narrow default view, preview on Windows Terminal, incorrect cwd, session-not-found errors, terminal title, prompt overlap)
• Grep tool ENOENT when ripgrep path becomes stale; now falls back to system rg
• /btw writing entire conversation to disk on every use
• /context Free space and Messages breakdown disagreeing with header percentage
• Multiple plugin issues (slash command resolution, ENAMETOOLONG errors, Discover showing installed plugins, stale cache, frontmatter fields)
• /mcp menu offering OAuth actions for headersHelper servers; now offers Reconnect
• ctrl+], ctrl+\, ctrl+^ keybindings in terminals with raw C0 control bytes
• /login OAuth URL rendering with selection padding
• Rendering issues (flicker, scrollback wipe, escape sequences leaking)
• Crash when settings.json env values are numbers
• In-app settings writes not refreshing in-memory snapshot
• Custom keybindings not loading on Bedrock/Vertex providers
• claude --continue -p not continuing sessions
• Multiple Remote Control issues (worktrees on crash, connection persistence, spurious indicators, SSH failures)
• /insights omitting report file link
• VSCode file attachment not clearing on last tab close
• Bash tool permission bypass with backslash-escaped flags
• Compound Bash commands bypassing forced permission prompts
• Read-only commands with env-var prefixes not prompting
• Redirects to /dev/tcp/... or /dev/udp/... not prompting
• Stalled streaming responses timing out
• 429 retries burning attempts in ~13s; exponential backoff now applies as minimum
• MCP OAuth oauth.authServerMetadataUrl not honored on token refresh
• Capital letters dropped to lowercase with kitty keyboard protocol
• macOS text replacements deleting trigger word instead of substituting
• --dangerously-skip-permissions downgraded after write to protected path
• Managed-settings allow rules remaining active after removal
• permissions.additionalDirectories changes not applying mid-session
• Removing directory from additionalDirectories revoking --add-dir access
• Wildcard permission rules failing with extra spaces/tabs
• Deny rules downgraded to prompts for piped commands
• False Bash permission prompts for various commands
• Permission rules with prototype property names causing silent ignores
• Agent team members not inheriting leader's permission mode
• Crash in fullscreen mode hovering over MCP tool results
• Wrapped URL copying inserting spaces
• File-edit diffs disappearing on --resume for files >10KB
• Multiple /resume picker issues (uneditable opens, filter reload, empty list, cross-project staleness, task-status text)
• /export not honoring absolute paths, ~, and silently rewriting extensions
• /effort max denied for unknown model IDs
• Slash command picker breaking with YAML boolean keywords
• Rate-limit upsell text hidden after remounts
• MCP tools with _meta["anthropic/maxResultSizeChars"] not bypassing persist layer
• Voice mode leaking space characters on re-hold
• DISABLE_AUTOUPDATER not fully suppressing version check
• Memory leak in Remote Control permission handler entries
• Background subagents not reporting partial progress
• Prompt-type hooks failing on long sessions
• Feedback survey rendering when dismissed
• Bash grep -f FILE / rg -f FILE not prompting
• Stale subagent worktree cleanup removing untracked files
• sandbox.network.allowMachLookup not taking effect on macOS
• CLAUDE_CODE_MAX_CONTEXT_TOKENS not honoring DISABLE_COMPACT
• VSCode false-positive "requires git-bash" error
• Dropped /compact hints when DISABLE_COMPACT is set

Added:

• Interactive Google Vertex AI setup wizard on login screen with GCP authentication, project/region configuration, credential verification, and model pinning
• CLAUDE_CODE_PERFORCE_MODE env var for p4 edit hints on read-only files
• Monitor tool for streaming events from background scripts
• Subprocess sandboxing with PID namespace isolation on Linux via CLAUDE_CODE_SUBPROCESS_ENV_SCRUB
• CLAUDE_CODE_SCRIPT_CAPS env var to limit per-session script invocations
• --exclude-dynamic-system-prompt-sections flag for improved cross-user prompt caching
• workspace.git_worktree to status line JSON input
• W3C TRACEPARENT env var to Bash tool subprocesses for OTEL trace parenting
• LSP clientInfo identification

Fixed:

• Bash tool permission bypass with backslash-escaped flags
• Compound Bash commands bypassing forced permission prompts
• Read-only commands with env-var prefixes not prompting
• Redirects to /dev/tcp/... or /dev/udp/... not prompting
• Stalled streaming responses timing out instead of falling back
• 429 retries burning all attempts in ~13s; exponential backoff now applies as minimum
• MCP OAuth oauth.authServerMetadataUrl not honored on token refresh
• Capital letters dropped to lowercase with kitty keyboard protocol on xterm and VS Code
• macOS text replacements deleting trigger word instead of substituting
• --dangerously-skip-permissions downgraded after write to protected path
• Managed-settings allow rules remaining active after removal
• permissions.additionalDirectories changes not applying mid-session
• Removing directory from additionalDirectories revoking --add-dir access
• Bash(cmd:*) and similar wildcard rules failing with extra spaces/tabs
• Deny rules downgraded to prompts for piped commands with cd
• False Bash permission prompts for cut, paste, column, awk commands and filenames with %
• Permission rules with prototype property names causing silent ignores
• Agent team members not inheriting leader's permission mode
• Crash in fullscreen mode hovering over MCP tool results
• Wrapped URLs copying with spaces at line breaks
• File-edit diffs disappearing on --resume for files >10KB
• Multiple /resume picker issues (uneditable opens, filter reload state, empty list, cross-project staleness, task-status text)
• /export not honoring absolute paths, ~, and silently rewriting extensions
• /effort max denied for unknown/future model IDs
• Slash command picker breaking with YAML boolean keywords
• Rate-limit upsell text hidden after message remounts
• MCP tools with _meta["anthropic/maxResultSizeChars"] not bypassing persist layer
• Voice mode leaking space characters on re-hold
• DISABLE_AUTOUPDATER not fully suppressing version check and symlink modification
• Memory leak in Remote Control permission handler entries
• Background subagents not reporting partial progress
• Prompt-type hooks failing on long sessions
• Feedback survey rendering when dismissed
• Bash grep -f FILE / rg -f FILE not prompting
• Stale subagent worktree cleanup removing worktrees with untracked files
• sandbox.network.allowMachLookup not taking effect on macOS

Improved:

• /resume filter hints and project/worktree/branch names
• Footer indicators staying on mode-indicator row at narrow widths
• /agents with tabbed layout (Running and Library tabs)
• /reload-plugins picking up plugin skills without restart
• Accept Edits mode auto-approving filesystem commands with safe env vars
• Vim mode with j/k navigating history and selecting footer pill
• Hook errors showing first line of stderr
• OTEL tracing with correct interaction span wrapping and per-turn ending
• Transcript entries with final token usage
• /claude-api skill updated for Managed Agents
• VSCode error handling for git-bash requirement

Fixed Bedrock requests failing with 403 "Authorization header is missing" when using AWS_BEARER_TOKEN_BEDROCK or CLAUDE_CODE_SKIP_BEDROCK_AUTH (regression in 2.1.94).

Added focus view toggle (Ctrl+O) in NO_FLICKER mode showing prompt, one-line tool summary with edit diffstats, and final response. Added refreshInterval status line setting to re-run the status line command every N seconds. Added workspace.git_worktree to the status line JSON input for linked git worktree directories. Added ● N running indicator in /agents next to agent types with live subagent instances. Added syntax highlighting for Cedar policy files (.cedar, .cedarpolicy).

Fixed --dangerously-skip-permissions being silently downgraded after approving write to protected path. Fixed and hardened Bash tool permissions with tighter env-var and network redirect checks. Fixed permission rules with names matching JavaScript prototype properties causing settings.json to be silently ignored. Fixed managed-settings allow rules remaining active after removal until process restart. Fixed permissions.additionalDirectories changes not applying mid-session and revocation issues when directories passed via --add-dir.

Fixed MCP HTTP/SSE connections accumulating ~50 MB/hr of unreleased buffers on reconnect. Fixed MCP OAuth oauth.authServerMetadataUrl not honored on token refresh after restart. Fixed 429 retries burning attempts in ~13 seconds; exponential backoff now applies as minimum. Fixed rate-limit upgrade options disappearing after context compaction.

Fixed /resume picker issues including --resume <name> opening uneditable, Ctrl+A reload wiping search, empty list swallowing navigation, task-status text replacing conversation summary, and cross-project staleness. Fixed file-edit diffs disappearing on --resume for files larger than 10KB. Fixed --resume cache misses and lost mid-turn input from attachment messages. Fixed messages typed while Claude works not being persisted to transcript.

Fixed prompt-type Stop/SubagentStop hooks failing on long sessions. Fixed subagents with worktree isolation or cwd: override leaking working directory to parent session's Bash tool. Fixed compaction writing duplicate multi-MB subagent transcript files on prompt-too-long retries.

Fixed claude plugin update reporting "already at latest version" for git-based marketplace plugins. Fixed slash command picker breaking when plugin's frontmatter name is YAML boolean keyword. Fixed copying wrapped URLs in NO_FLICKER mode inserting spaces at line breaks. Fixed scroll rendering artifacts in NO_FLICKER mode on zellij. Fixed crash in NO_FLICKER mode hovering over MCP tool results. Fixed NO_FLICKER mode memory leak from API retries. Fixed slow mouse-wheel scrolling in NO_FLICKER mode on Windows Terminal. Fixed custom status line not displaying in NO_FLICKER mode on terminals shorter than 24 rows. Fixed Shift+Enter and Alt/Cmd+arrow shortcuts not working in Warp with NO_FLICKER mode. Fixed Korean/Japanese/Unicode text becoming garbled when copied in no-flicker mode on Windows.

Fixed Bedrock SigV4 authentication failing when AWS_BEARER_TOKEN_BEDROCK or ANTHROPIC_BEDROCK_BASE_URL are set to empty strings. Improved Accept Edits mode to auto-approve filesystem commands with safe env vars or process wrappers. Improved auto mode and bypass-permissions mode to auto-approve sandbox network access prompts. Improved sandbox.network.allowMachLookup on macOS.

Improved image handling: pasted and attached images compressed to same token budget as images read via Read tool. Improved slash command and @-mention completion after CJK sentence punctuation. Improved Bridge sessions to show local git repo, branch, and working directory. Improved footer layout and context-low warning display. Improved markdown blockquotes with continuous left bar. Improved session transcript size and accuracy. Improved Bash tool OTEL tracing with W3C TRACEPARENT env var. Updated /claude-api skill to cover Managed Agents.

Added support for Amazon Bedrock powered by Mantle via CLAUDE_CODE_USE_MANTLE=1. Changed default effort level from medium to high for API-key, Bedrock/Vertex/Foundry, Team, and Enterprise users (controllable via /effort). Added compact Slacked #channel header with clickable channel link for Slack MCP send-message tool calls. Added keep-coding-instructions frontmatter field support for plugin output styles. Added hookSpecificOutput.sessionTitle to UserPromptSubmit hooks for setting session title.

Plugin skills declared via "skills": ["./"] now use frontmatter name for invocation instead of directory basename. Fixed agents appearing stuck after 429 rate-limit response with long Retry-After header. Fixed Console login on macOS silently failing when login keychain is locked. Fixed plugin skill hooks in YAML frontmatter being silently ignored. Fixed plugin hooks failing with "No such file or directory" when CLAUDE_PLUGIN_ROOT not set. Fixed ${CLAUDE_PLUGIN_ROOT} resolving to marketplace source instead of installed cache.

Fixed scrollback showing repeated diffs and blank pages in long-running sessions. Fixed multiline user prompts indenting wrapped lines incorrectly. Fixed Shift+Space inserting literal "space" instead of space character in search inputs. Fixed hyperlinks opening two tabs in tmux with xterm.js terminals. Fixed alt-screen rendering bug with ghost lines. Fixed FORCE_HYPERLINK ignored when set via settings.json. Fixed native terminal cursor not tracking selected tab in dialogs.

Fixed Bedrock invocation of Sonnet 3.5 v2 by using us. inference profile ID. Fixed SDK/print mode not preserving partial assistant response. Improved --resume to resume sessions from other worktrees directly. Fixed CJK text corrupted with U+FFFD in stream-json when UTF-8 split at chunk boundaries. Reduced VSCode cold-open subprocess work. Fixed VSCode dropdown menus selecting wrong item. Added VSCode warning banner for settings.json parse failures.

Added forceRemoteSettingsRefresh policy setting to block startup until remote settings fetched with fail-closed behavior. Added interactive Bedrock setup wizard from login screen guiding through AWS authentication, region configuration, credential verification, and model pinning. Added per-model and cache-hit breakdown to /cost for subscription users. Made /release-notes an interactive version picker. Remote Control session names now use hostname as default prefix (overridable with --remote-control-session-name-prefix). Pro users see footer hint on returning to cached session showing estimated tokens for next turn.

Fixed subagent spawning permanently failing after tmux windows killed/renumbered. Fixed prompt-type Stop hooks incorrectly failing on small fast model ok:false response. Fixed tool input validation failures when streaming emits array/object fields as JSON-encoded strings. Fixed API 400 error from extended thinking with whitespace-only text blocks. Fixed misleading "esc to interrupt" hint with text selection in fullscreen mode. Fixed Homebrew install prompts to use correct cask release channel.

Fixed ctrl+e jumping to next line end when already at line end in multiline prompts. Fixed message position duplication on scrollback in fullscreen mode. Fixed idle-return hint showing cumulative tokens instead of current context size. Fixed plugin MCP servers stuck "connecting" on duplicate unauthenticated connectors. Improved Write tool diff computation speed (60% faster). Removed /tag and /vim commands. Linux sandbox now ships apply-seccomp helper in both npm and native builds for unix-socket blocking.

Added MCP tool result persistence override via _meta["anthropic/maxResultSizeChars"] annotation (up to 500K) for larger results without truncation. Added disableSkillShellExecution setting to disable inline shell execution in skills, custom slash commands, and plugin commands. Added support for multi-line prompts in claude-cli://open?q= deep links. Plugins can now ship executables under bin/ for invocation as bare commands from Bash tool.

Fixed transcript chain breaks on --resume losing conversation history on async transcript write failures. Fixed cmd+delete not deleting to start of line on multiple terminal emulators. Fixed plan mode in remote sessions losing track after container restart. Fixed JSON schema validation for permissions.defaultMode: "auto". Fixed Windows version cleanup not protecting active version's rollback copy.

/feedback now explains unavailability instead of disappearing from menu. Improved /claude-api skill guidance for agent design patterns. Improved performance with faster stripAnsi on Bun. Edit tool now uses shorter old_string anchors.

Removed: Get-DnsClientCache and ipconfig /displaydns from auto-allow (DNS cache privacy)

Added:

• "defer" permission decision to PreToolUse hooks — headless sessions can pause at a tool call and resume with -p --resume
• CLAUDE_CODE_NO_FLICKER=1 environment variable for flicker-free alt-screen rendering
• PermissionDenied hook that fires after auto mode classifier denials
• Named subagents to @ mention typeahead suggestions
• MCP_CONNECTION_NONBLOCKING=true for -p mode and bounded --mcp-config server connections at 5s
• Auto mode: denied commands now show notifications and appear in /permissions → Recent tab with retry option
• /buddy command for April 1st

Fixed:

• Edit(//path/**) and Read(//path/**) allow rules to check resolved symlink targets
• Voice push-to-talk activation for modifier-combo bindings and Windows WebSocket upgrade issues
• Edit/Write tools doubling CRLF on Windows and stripping Markdown hard line breaks
• StructuredOutput schema cache bug causing ~50% failure rate
• Memory leak from large JSON inputs retained as LRU cache keys
• Crash when removing messages from very large session files (>50MB)
• LSP server zombie state after crash
• Prompt history entries with CJK or emoji being silently dropped at 4KB boundaries
• /stats undercounting tokens and losing historical data
• -p --resume hangs and -p --continue not resuming deferred tools
• claude-cli:// deep links on macOS
• MCP tool errors truncating multi-element error content
• Skill reminders and system context being dropped when sending messages with images via SDK
• PreToolUse/PostToolUse hooks receiving relative paths instead of absolute paths
• Autocompact thrash loop with actionable error
• Prompt cache misses in long sessions
• Nested CLAUDE.md files being re-injected multiple times
• --resume crash with tool results from older CLI versions
• Misleading "Rate limit reached" message
• Hooks if condition not matching compound commands or env-var prefixes
• Collapsed search/read group badges duplicating during parallel tool use
• Notification invalidates not clearing immediately
• Prompt disappearing after submit during background messages
• Devanagari and combining-mark text truncation in output
• Rendering artifacts after layout shifts
• Voice mode microphone permission on macOS Apple Silicon
• Shift+Enter submitting instead of newline on Windows Terminal Preview
• UI jitter during streaming in iTerm2 with tmux
• PowerShell tool incorrectly reporting failures on Windows 5.1
• Out-of-memory crash with Edit tool on very large files (>1 GiB)

Improved:

• Collapsed tool summary showing "Listed N directories" for ls/tree/du
• Bash tool warning when formatter/linter modifies previously-read files
• @-mention typeahead ranking source files above MCP resources
• PowerShell tool prompt with version-appropriate syntax

Changed:

• Edit now works on files viewed via Bash sed -n or cat without separate Read call
• Hook output over 50K characters saved to disk instead of injected
• cleanupPeriodDays: 0 now rejected with validation error
• Thinking summaries no longer generated by default in interactive sessions
• Task notifications preserved when backgrounding with Ctrl+B
• PowerShell external-command arguments with quotes and whitespace now prompt instead of auto-allow
• /env now applies to PowerShell tool commands
• /usage hides redundant "Current week (Sonnet only)" bar for Pro and Enterprise
• Image paste no longer inserts trailing space
• Pasting !command into empty prompt enters bash mode

Documentation:

• TaskCreated hook event and blocking behavior documented

Added /powerup — interactive lessons teaching Claude Code features with animated demos. Added CLAUDE_CODE_PLUGIN_KEEP_MARKETPLACE_ON_FAILURE env var to keep existing marketplace cache when git pull fails. Added .husky to protected directories in acceptEdits mode.

Fixed infinite loop where rate-limit options dialog repeatedly auto-opened after hitting usage limit. Fixed --resume causing full prompt-cache miss on first request for users with deferred tools, MCP servers, or custom agents. Fixed Edit/Write failing with "File content has changed" when PostToolUse format-on-save hook rewrites file between edits. Fixed PreToolUse hooks emitting JSON to stdout with exit code 2 not correctly blocking tool call. Fixed collapsed search/read summary badge appearing multiple times.

Fixed auto mode not respecting explicit user boundaries. Fixed click-to-expand hover text nearly invisible on light terminal themes. Fixed UI crash with malformed tool input. Fixed headers disappearing on /model, /config selection screens. Hardened PowerShell tool permission checks for trailing & background job, -ErrorAction, archive extraction, and parse-fail issues. Improved performance eliminating per-turn JSON.stringify of MCP schemas and SSE transport handling. Improved /resume all-projects view parallel loading. Changed --resume picker to no longer show claude -p or SDK invocation sessions.

Fixed messages in Cowork Dispatch not getting delivered

Added:

• X-Claude-Code-Session-Id header to API requests for proxy aggregation
• .jj and .sl to VCS directory exclusion lists (Jujutsu and Sapling metadata)
• Trailing space after [Image #N] placeholder when pasting images
• Deep link queries support up to 5,000 characters with scroll-to-review warning

Fixed:

• --resume failing with "tool_use ids were found without tool_result blocks" on sessions before v2.1.85
• Write/Edit/Read failing on files outside project root with conditional skills
• Unnecessary config disk writes on every skill invocation
• Out-of-memory crash with /feedback on very long sessions
• --bare mode dropping MCP tools and discarding enqueued messages
• c shortcut copying only ~20 characters of OAuth login URL
• Masked input leaking token start on narrow terminals
• Official marketplace plugin scripts failing on macOS/Linux since v2.1.83
• Statusline showing another session's model in multiple instances
• Scroll not following new messages after wheel scroll or click-to-select
• /plugin uninstall dialog pressing n not correctly uninstalling
• Regression leaving transcript blank after clicking and pressing Enter
• ultrathink hint lingering after deletion
• Memory growth from markdown/highlight render caches

Improved:

• Prompt cache hit rate for Bedrock, Vertex, and Foundry users
• Memory filenames in "Saved N memories" notice now highlight and open on click
• Skill descriptions capped at 250 characters
• /skills menu sorted alphabetically
• Read tool using compact line-number format and deduplicating unchanged re-reads

Changed:

• Auto mode shows "unavailable for your plan" instead of "temporarily unavailable"
• Reduced token overhead when mentioning files with @
• Reduced startup stalls with many claude.ai MCP connectors

VSCode Extension:

• Fixed extension showing "Not responding" during long operations
• Fixed extension defaulting Max plan users to Sonnet after OAuth refresh

Added:

• PowerShell tool for Windows as opt-in preview
• ANTHROPIC_DEFAULT_{OPUS,SONNET,HAIKU}_MODEL_SUPPORTS env vars for effort/thinking detection on 3p models
• _MODEL_NAME/_DESCRIPTION env vars to customize /model picker labels
• CLAUDE_STREAM_IDLE_TIMEOUT_MS env var to configure streaming idle watchdog (default 90s)
• TaskCreated hook for task creation via TaskCreate
• WorktreeCreate hook support for type: "http"
• allowedChannelPlugins managed setting for team/enterprise allowlist
• x-client-request-id header for debugging timeouts
• Idle-return prompt nudging users returning after 75+ minutes to /clear
• Deep links open in preferred terminal instead of first detected
• Rules and skills paths: frontmatter accepts YAML list of globs
• MCP tool descriptions capped at 2KB
• MCP servers deduplicated between local and claude.ai configurations
• Background bash tasks surface notification after ~45 seconds on interactive prompt
• Token counts ≥1M display as "1.5m" instead of "1512.6k"
• Global system-prompt caching with ToolSearch enabled

Fixed:

• Voice push-to-talk holding key no longer leaks characters into text input
• Up/down arrow keys unresponsive when footer item focused
• Ctrl+U (kill-to-line-start) no-op at line boundaries
• Null-unbinding default chord bindings still entering chord-wait mode

Added:

• CLAUDE_CODE_MCP_SERVER_NAME and CLAUDE_CODE_MCP_SERVER_URL environment variables for MCP headersHelper scripts
• Conditional if field for hooks using permission rule syntax to filter execution
• Timestamp markers in transcripts for scheduled tasks (/loop, CronCreate)
• Deep link queries support up to 5,000 characters
• MCP OAuth RFC 9728 Protected Resource Metadata discovery
• PreToolUse hooks can satisfy AskUserQuestion via updatedInput with permissionDecision: "allow"
• OTEL_LOG_TOOL_DETAILS=1 gate for tool_parameters in OpenTelemetry tool_result events

Fixed:

• /compact failing with "context exceeded" on large conversations
• /plugin enable and /plugin disable with mismatched install locations
• --worktree exiting with error in non-git repositories
• deniedMcpServers setting not blocking claude.ai servers
• switch_display returning "not available" on multi-monitor setups
• Crash with OTEL_*_EXPORTER set to none
• Diff syntax highlighting in non-native builds
• MCP step-up authorization with existing refresh tokens
• Memory leak in remote sessions with interrupted responses
• Persistent ECONNRESET errors during edge connection churn
• Prompts stuck in queue after certain slash commands
• Python Agent SDK: type:'sdk' MCP servers dropped during startup
• Raw key sequences appearing in prompt over SSH
• Remote Control session status stuck on "Requires Action"
• Shift+enter/meta+enter intercepted by typeahead instead of inserting newlines
• Stale content bleeding through during scrolling
• Terminal left in enhanced keyboard mode after exit in Ghostty, Kitty, WezTerm
• /env not applying to PowerShell commands

Improved:

• @-mention file autocomplete performance on large repositories
• PowerShell dangerous command detection
• Scroll performance with large transcripts (replaced WASM yoga-layout with TypeScript)
• Reduced UI stutter when compaction triggers