Coding Agents

What's changed

• Bug fixes and reliability improvements

What's changed

• Bug fixes and reliability improvements

What's changed

• Added fallbackModel setting to configure up to three fallback models tried in order when the primary model is overloaded or unavailable; --fallback-model now also applies to interactive sessions
• Added glob pattern support in deny rule tool-name position ("*" denies all tools); allow rules reject non-MCP globs, and unknown tool names in deny rules warn at startup
• Hardened cross-session messaging: messages relayed via SendMessage from other Claude sessions no longer carry user authority — receivers refuse relayed permission requests, and auto mode blocks them
• MAX_THINKING_TOKENS=0, --thinking disabled, and the per-model thinking toggle now disable thinking on models that think by default via the Claude API (3P providers unchanged)
• Claude Code now retries a turn once on the fallback model when the API rejects an unexpected non-retryable error; auth, rate-limit, request-size, and transport errors still surface immediately
• claude update now announces the target version before downloading instead of going silent
• claude agents: typing a URL into the list now filters to the session whose first prompt contained it
• Fixed a recurring "image could not be processed" error and extra token usage when an unprocessable image was sent in a session
• Fixed remote sessions becoming permanently stuck when a brief backend disruption occurred during worker registration at startup
• Fixed flickering in JetBrains IDE terminals (IntelliJ, PyCharm, WebStorm, etc.) on 2026.1+ by enabling synchronized output
• Fixed Shift+non-ASCII characters (e.g. Shift+ä → Ä) being dropped in terminals using the Kitty keyboard protocol (WezTerm, Ghostty, kitty)
• Fixed PowerShell command validation occasionally hanging far past its time budget on Windows when a killed process's children held its output pipes
• Fixed orphaned claude --bg-pty-host processes spinning at 100% CPU after the daemon dies while connected on macOS
• Fixed voice mode requiring /login to clear a stale auth check after toggling /voice
• Fixed managed settings with an invalid entry silently disabling enforcement of their remaining valid policies
• Fixed managed-settings allowedMcpServers/deniedMcpServers predicates not matching when they use ${VAR} references
• Fixed background agent sessions that entered a git worktree crash-looping with "No conversation found" when reopened from claude agents
• Fixed duplicated thinking text in the Ctrl+O transcript view while streaming
• Fixed /doctor showing a contradictory failed "Not inside a remote session" check when run inside a remote session
• Fixed the cursor sticking at the end of the first line when typing a multiline prompt in the claude agents dispatch and reply inputs
• Fixed blank lines appearing between background agent rows in the task list on terminals without Unicode support

What's changed

• Bug fixes and reliability improvements

With Design Mode in the Cursor browser, you can click, draw, or describe changes by voice to help agents update your UI.

Multi-select elements

Click on two or more elements together in the browser. Cursor sees the selected elements, their code, the surrounding layout, and the visual relationships on the page.

Ask the agent to make one match the other, remove repeated content, or adjust a group of components at once.

Voice input

Narrate changes through the Design Mode overlay. The mic stays available while an agent is mid-run, so you can queue the next change by voice without waiting for the previous one to finish.

What's changed

• Added requiredMinimumVersion and requiredMaximumVersion managed settings — Claude Code refuses to start if its version is outside the allowed range and directs the user to an approved version
• Added /plugin list command to list installed plugins, with --enabled/--disabled filters
• Added a "c to copy" shortcut to /btw that copies the raw markdown answer to the clipboard, preserving formatting when pasted elsewhere
• Hooks: Stop and SubagentStop hooks can now return hookSpecificOutput.additionalContext to give Claude feedback and keep the turn going without being labeled a hook error
• Skills: added \$ escape syntax to include a literal $ before a digit in command bodies
• stdio MCP servers now receive the same CLAUDE_CODE_SESSION_ID as hooks/Bash on --resume
• Fixed claude -p hanging forever after its final result when a backgrounded command never exits — background shells are now stopped ~5s after the result once stdin closes
• Fixed claude -p failing with "ANTHROPIC_API_KEY required" on Bedrock/Vertex/Foundry when CI=true and no Anthropic API key is set
• Fixed bash commands failing under bazel and EDR-protected Go workflows: $TMPDIR was overridden to /tmp/claude-{uid} for all commands instead of only sandboxed ones (regression in 2.1.154)
• Fixed Bash commands failing on Windows with "EEXIST: file already exists" on the session-env directory when it has the read-only attribute or is inside OneDrive
• Fixed org-managed permission rules not applying for the entire session when the managed settings fetch completed during startup on a fresh config directory
• Fixed background sessions in claude agents losing their running background tasks when reattached after a Claude Code update
• Fixed terminal misalignment and a multi-second hang when exiting the agent view by pressing Esc
• Fixed clicking Stop on a background-task chip in the desktop app not clearing the chip when the underlying process was already gone
• Fixed keyboard input becoming permanently unresponsive after a paste operation whose end marker is dropped by the terminal
• Fixed hook if: "Bash(...)" conditions firing on every Bash command containing $() or $VAR; the pattern now matches against commands inside subshells and backticks too
• Fixed deny rules on home-directory paths (e.g. Read(~/Desktop/**)) not blocking Bash commands that reference the path via $HOME
• Fixed a stray "(no content)" line left in the transcript after closing panel dialogs like /mcp and /plugins
• Background agent sessions now update to a new Claude Code version in the background, so opening a session after an update no longer waits on a cold restart
• Clearer descriptions for built-in commands and skills in the / menu
• The subscription-switch suggestion now shows in the startup announcement slot instead of a toast
• claude agents dispatching from the state-grouped view now starts the session in the directory the agent view was opened from

Personal Automations

You can now create personal automations that run under your own identity. Personal automations include a dedicated toggle, permission model, and badge in automation lists. The legacy Schedules page now shows migration guidance to help you transition to the new Automations system.

Devin Review: Enrolled Users, Spend Limits, and GHES/GitLab Support

Devin Review now includes an enrolled users management table in settings, a redesigned per-PR spend limit that acts as a soft block (you can re-enable if needed), and pinned section titles above file headers in the embedded review view. "Open in Devin Review" is now available for GitHub Enterprise Server and GitLab PRs.

Pre-Approve Testing

A new user preference lets you always approve testing for future sessions, so Devin can test changes without prompting each time. Access it from your profile settings or via the split-button on the "Test the app" action.

V3 API: Organization Members and Automations

New org-scoped GET /v3beta1/organizations/{org_id}/members endpoint for listing organization members. A full automations CRUD API is also now available via v3.

SSO/SCIM: JIT Provisioning and Enterprise Redirect

SSO just-in-time provisioning can now be toggled on or off, with group sync gated separately. SSO-only enterprise users are now automatically redirected to their enterprise webapp host on login.

Settings Improvements

The Repositories page now supports pagination. Search results in the settings sidebar are deduplicated with indent guides. A permission-gated "Add repositories" button and empty state have been added to Skills & Rules. Terminology has been updated from "org" to "organization" throughout.

Child Sessions: Tree Connector

Child sessions now display with a tree connector in the sidebar, making parent-child relationships visually clear.

Bug Fixes

Persisted orange sidebar indicator for quota-suspended sessions. Made question answer submission optimistic, removing click lag. Fixed send button centering at fractional zoom levels. Added email fallback for IdP users without a name in the session list. Fixed cross-org router links dropping query string and hash. Added cost column to scheduled sessions past sessions list. Cleared "Approve session" attention dot once the session is read. Restored question selections when an optimistic submit fails. Pinned bulk-edit bar to viewport bottom centered over content column. Included enterprise members in the session creator filter.

We've shipped a batch of new functionality across the TypeScript and Python SDKs. You can now choose how agent and run metadata is persisted, expose your own functions to the agent as tools, route local tool calls through auto-review, and nest subagents to any depth. This release also brings a set of reliability, performance, and platform fixes that make local and cloud SDK agents easier to run in production scripts, CI, and custom integrations.

Custom tools

You can now hand the local agent your own tools by passing function definitions through `local.customTools`, on `Agent.create()` or per `send()`. The SDK exposes them to the agent through a built-in MCP server called `custom-user-tools`, so the model calls your code through the same path and the same permission gate as any other MCP tool.

Before this, exposing a custom capability meant standing up your own stdio or remote HTTP MCP server and wiring it into the agent. Now a function definition is enough. Custom tools are also visible to every subagent of a parent agent, so a tool you define once is available throughout the whole run.

Auto-review

By default, a local SDK agent runs tool calls without asking for approval, since there's no human in the loop in a headless run. Set `local.autoReview` to route those calls through auto-review instead. A classifier decides which calls run automatically and which to hold back, rather than bypassing review entirely.

You steer that classifier with natural-language instructions in `permissions.json`. The `autoRun.allow_instructions` field describes call shapes to lean toward allowing, and `autoRun.block_instructions` describes the ones to hold for review. For example, you can allow read-only inspections of build artifacts while always pausing on destructive operations like deletes.

```jsonc { "autoRun": { "allow_instructions": [ "Read-only inspections of build artifacts under ./dist are fine." ], "block_instructions": [ "Always pause delete operations so I get a chance to review them." ] } } ```

JSONL and custom stores

Both SDKs persist agent and run metadata so you can resume an agent after a process restart. Until now, that store was SQLite. You can now opt into a JSONL store instead, which writes a plain, append-only file you can read, diff, and check into version control. Both `SqliteLocalAgentStore` and `JsonlLocalAgentStore` are exported directly.

If neither default fits your setup, implement the public `LocalAgentStore` interface and pass it through `local.store`. Build an in-memory store for ephemeral CI runs, or back persistence with Postgres when you want agent state to live next to the rest of your application data. The Python SDK exposes host, JSONL, and composed JSONL stores through the bridge.

Nested subagents

Subagents can now spawn their own subagents, and so on. A reviewer subagent can delegate to a test-writer, which can delegate further, with each level keeping its own prompt and model. There's nothing to turn on; a subagent session registers the executor it needs to call `Task`, so nesting works automatically for any agent that defines subagents.

Reliability, performance, and platform improvements

This release also includes a batch of quality-of-life fixes across both SDKs.

Reliability

• **Run correlation**: Every `send()` now carries a platform-generated `requestId`, exposed on `Run` and `RunResult` and persisted across the in-memory, SQLite, and JSONL stores. Tie a script or CI run to backend logs, analytics, and support threads without inferring it from `agentId`.
• **Reliable `wait()` on local runs**: Local runs no longer resolve `wait()` before the terminal result is written. Hydration keeps refreshing until the run reaches a final state, so automation reads a complete result.
• **Safe checkpoints on dispose**: Disposing a local agent no longer removes checkpoint data when a root reference is missing but checkpoint blobs still exist. The agent directory is only cleared when there's genuinely nothing left to keep.
• **Cloud streaming over HTTP/1.1**: Cloud agent sessions now stream correctly on HTTP/1.1 transports used by some proxies, older Node fetch stacks, and certain CI images. HTTP/2 behavior is unchanged.

Performance and packaging

• **Lighter import**: Importing `@cursor/sdk` no longer eagerly loads the full local agent stack. Cloud-only and type-only consumers skip the local runtime cost until the first local call, with no API change. The first local call pays a one-time import, then stays cached.
• **Self-contained TypeScript types**: Published `.d.ts` files no longer reference unpublished workspace packages. This fixes `TS2305` and `TS2307` errors under `skipLibCheck: false` and silent `any` on stream types like `TurnEndedUpdate`.
• **Bundled ripgrep**: Local shell runs use the bundled platform `rg` binary without modifying your global `PATH`. On Windows, prepending ripgrep no longer clobbers the `Path` variable.

Models

• **Composer 2 routes to Composer 2.5**: SDK clients still pinning retired `composer-2` slugs are routed to Composer 2.5 automatically, keeping fast variants intact, so older scripts keep running.

Python SDK

• **Workspace-scoped `list_runs`**: `Client`, `AsyncClient`, and `Agent.list_runs` take an optional `cwd`, and the bridge falls back to its launch workspace. This fixes spurious "agent not found" results when the bridge runs as a subprocess.
• **Clearer not-found errors**: Looking up an agent that isn't in the resolved workspace returns a clear not-found error instead of an opaque internal error.
• **0.1.6 release and analytics**: `cursor-sdk` 0.1.6 documents the Buildkite release path and labels SDK usage as `sdk-python-` for clearer analytics.

Run `npm install @cursor/sdk` or `pip install cursor-sdk` to upgrade. Scripts pinning `composer-2` move to Composer 2.5 automatically, and `requestId` is a safe addition to your run metadata schema. See the TypeScript and Python docs for full details.

With canvases, agents can create interactive artifacts like dashboards, reports, and internal tools that you can share with your team.

This release introduces Design Mode for faster canvas editing, new ways to understand context usage, and other quality-of-life improvements.

Design Mode in canvases

Design Mode is now available in canvases.

Select and annotate UI elements directly in a canvas to guide Cursor's edits, just as you would in the browser. Instead of describing the change in text, you can point to it, provide feedback, and iterate more quickly.

Context usage report in canvas

Cursor can now show your agent's context usage as an interactive report in a canvas.

The context explorer breaks down where tokens go across the system prompt, tool definitions, rules, skills, and more. Because it's a canvas, you can ask the agent follow-up questions, and it can customize the report to answer your specific questions.

Click the Debug with Agent button embedded in the canvas to ask Cursor to identify opportunities to reduce context usage in a new conversation.

Canvas Improvements (4)

• Shared canvases can now be opened full-screen in the browser, making them easier to present to others.
• Added the ability for agents to embed buttons in canvases that will run a specific prompt when clicked.
• Improved the agent's ability to fix canvas type errors.
• Improved component styling, and added more chart customization functionality.

# Codex app updates ### New features - Added activity insights and share cards to the [Profile section](/codex/app/settings#profile). You can review Codex usage highlights and save a profile card; sharing is available on consumer ChatGPT plans. ### Performance improvements and bug fixes - Improved Computer Use startup readiness and appshot error reporting. - Fixed browser and review UI issues, including fullscreen browser composer controls, hex color swatches, terminal scrollbar alignment, and animated diff stat alignment. - Expanded onboarding with more role choices so Codex can tailor first-run suggestions more accurately. - Additional performance improvements and bug fixes.

New Features

• TUI controls now support F13-F24 keybindings, paste in searchable menus, and a compact reasoning-only status/title item (#25329, #25400, #25504).
• Enterprise/admin flows now show monthly credit limits and can apply cloud-managed config bundles, including EDU workspaces (#24812, #24617, #24619, #24620, #24622, #25963).
• Remote-control clients can start pairing and list or revoke controller grants through app-server v2 RPCs (#25675, #25785).
• Plugin workflows gained machine-readable codex plugin list --json output and cached remote catalog suggestions (#25330, #25457).
• Hosted web and image tools are available in more code-mode flows, with standalone web searches able to run in parallel (#25176, #25702, #25890, #25923).
• Multi-agent v2 keeps runtime choice with each thread and exposes cleaner follow-up and metadata defaults for spawned agents (#25266, #25636, #25720, #25721, #25722, #25841, #26114).

Bug Fixes

• Cancelling a submitted prompt before visible output now restores the draft, attachments, and collaboration mode for editing (#25316).
• Slash-command filtering and footer shortcut hints now reset or render according to the current UI state (#25492, #25625).
• Platform reliability improved for macOS app launches and Windows SQLite startup, thread resume, and sandbox setup refreshes (#25485, #25490, #25509, #25949).
• Plugin loading preserves app manifest order, deduplicates local/remote curated installs, and treats malformed skills fields as warnings (#25491, #25681, #25717, #25782).
• Permission requests and approvals now carry environment identity, and managed MITM proxying exports readable CA bundles to child commands (#25850, #25858, #25862, #22668).
• Local session history is safer for compressed rollouts, renamed titles, pathless side-chat reloads, and stack-heavy startup/config rebuilds (#25087, #25624, #25661, #25814, #25844, #25847).

Documentation

• Added app-server docs and generated schema updates for monthly credit limits, remote-control RPCs, and environment-scoped permission approvals (#24812, #25675, #25785, #25862).
• Moved repo review rules and contributor conventions into AGENTS.md, including Rust test-module layout and Python 3 compatibility guidance (#25682, #25690, #25738).

Chores

• Root formatting and Justfile workflows are more complete and Windows-aware (#24983, #25165, #25683).
• Rust CI and release workflows use the git CLI for Cargo fetches to avoid intermittent libgit2/submodule failures (#25644, #25775).
• Python SDK releases now publish runtime wheels from the SDK workflow and pin to a glibc-compatible runtime package (#25906, #25907).
• Bazel CI’s BuildBuddy wrapper was reintroduced with Windows-safe process handling and validation (#25915).
• Shared prompts, context fragments, and skills plumbing moved into dedicated crates/extension paths to reduce codex-core coupling (#25151, #25953, #25959, #26106, #26122, #26167).

Changelog

Full Changelog: rust-v0.136.0...rust-v0.137.0

• #25329 feat(tui): allow function keys through f24 in keymaps @fcoury-oai
• #24617 Add config bundle transport types @joeflorencio-openai
• #25435 Add build_unsigned_archive release mode @shijie-oai
• #24619 Compose requirements layers @joeflorencio-openai
• #24620 Add cloud-managed config layer support @joeflorencio-openai
• #25462 Revert "Add build_unsigned_archive release mode" @shijie-oai
• #25113 store and expose parent_thread_id on Threads @owenlin0
• #25266 Set multi-agent v2 dogfood defaults @jif-oai
• #25060 Add goal extension idle continuation @jif-oai
• #25576 Use templates for goal steering prompts @jif-oai
• #25577 Remove Plan-mode gate from idle turn injection @jif-oai
• #25096 Add goal extension GoalApi @jif-oai
• #25087 Read compressed rollouts and materialize before append @jif-oai
• #25628 [codex] fix compressed rollout fixture SessionMeta initialization @fcoury-oai
• #25316 feat(tui): restore output-free cancelled prompts @fcoury-oai
• #23763 Preserve auto-review approval policy in codex exec @won-openai
• #25400 Allow paste in searchable selection menus @charliemarsh-oai
• #25485 Use deep links for macOS codex app paths @etraut-openai
• #25492 Reset slash popup selection when filter changes @etraut-openai
• #25504 Add reasoning-only status surface item @etraut-openai
• #25624 Preserve renamed thread titles during reconciliation @jif-oai
• #25089 Compress cold local rollouts @jif-oai
• #25490 Disable SQLite intrinsics for Windows x64 releases @etraut-openai
• #25603 [codex] Inherit raw events for spawned child listeners @vivi
• #25644 [codex] Use git CLI for release Cargo fetches @shijie-oai
• #25655 nit: drop todo @jif-oai
• #25654 Parallelize cold rollout compression @jif-oai
• #25121 exec-server: add environment path refs @starr-openai
• #25636 [codex] Rename multi-agent v2 assign_task to followup_task @jif-oai
• #25491 Preserve plugin app manifest order @charlesgong-openai
• #24983 [codex] Make justfile recipes Windows-aware @iceweasel-oai
• #25151 [codex] Consolidate shared prompts in codex-prompts @anp-oai
• #25659 Throttle repeated rollout compression runs @jif-oai
• #25165 Check root Python script formatting in CI @anp-oai
• #23767 [codex-rs] auto-review model override @won-openai
• #25149 exec-server: canonicalize bound filesystem paths @starr-openai
• #25669 fix: deflake zsh-fork approval test @jif-oai
• #24979 feat: gate unified exec zsh fork composition @bolinfest
• #24980 refactor: hide shell override for zsh fork unified exec @bolinfest
• #25679 Add rollout compression counters @jif-oai
• #25682 [codex] document out-of-line test module convention @anp-oai
• #25680 Add rollout compression histograms @jif-oai
• #25689 [codex] Generalize deferred nested tool guidance @sayan-oai
• #25690 Add Python version compatibility guidance @anp-oai
• #25681 fix: Deduplicate installed local and remote curated plugins @xl-openai
• #25701 fix: rename McpServer to TestAppServer @bolinfest
• #25702 [codex] enable parallel standalone web search calls @sayan-oai
• #25705 Fix stale TestAppServer rename in plugin_list test @bolinfest
• #25684 Move tool search metadata onto ToolExecutor @jif-oai
• #25625 fix(tui): clarify footer shortcut overlay hints @fcoury-oai
• #25649 [codex] Publish release symbol artifacts @nornagon-openai
• #25661 Reject directory rollout paths for pathless side chats @bolinfest
• #22668 Wire managed MITM CA trust into child env @winston-openai
• #25712 app-server: remove experimental persist_extended_history bool flag @owenlin0
• #24621 Move cloud requirements crate to cloud config @joeflorencio-openai
• #25717 Handle invalid plugin skills manifest field @xli-oai
• #25675 feat(remote-control): add pairing start @apanasenko-oai
• #25683 [codex] Add comprehensive root formatting check @anp-oai
• #25738 Move code review rules into AGENTS @pakrym-oai
• #24812 feat: show enterprise monthly credit limits in status @efrazer-oai
• #25330 [codex] Add plugin list JSON output @xl-openai
• #25457 [codex] Cache remote plugin catalog for suggestions @xl-openai
• #25783 [codex] Move plugin discoverable logic into core-plugins @xl-openai
• #25782 [codex] Validate plugin skill base names @xl-openai
• #25814 feat: reuse compressed rollout search snippets @jif-oai
• #25720 Add multi-agent runtime metadata types @jif-oai
• #25721 Persist multi-agent runtime metadata @jif-oai
• #25722 Resolve per-thread multi-agent runtime @jif-oai
• #25841 session: keep startup prewarm aligned with resolved multi-agent runtime @jif-oai
• #25840 fix: main oops @jif-oai
• #25723 Test remote multi-agent runtime selector override @jif-oai
• #25724 Test runtime selector before first turn @jif-oai
• #25844 Reduce stack pressure in session startup and config rebuilds @jif-oai
• #25857 flake: Keep plugin test homes alive @jif-oai
• #25847 Run Codex async main on a sized stack @jif-oai
• #25775 [codex] Use git CLI for Cargo fetches across Rust workflows @anp-oai
• #25167 [app-server][core] Add connector-level Guardian reviewer overrides @zamoshchin-openai
• #25868 Skip startup prewarm when websockets are disabled @jif-oai
• #25156 Route Bazel CI through shared BuildBuddy remote config wrapper @anp-oai
• #25739 core: derive built-in permission profiles from raw policies @bolinfest
• #25909 [codex] Revert shared BuildBuddy Bazel wrapper @anp-oai
• #25850 Key request-permission grants by environment @jif-oai
• #25707 [codex-analytics] Track CodexErr details in turn analytics @rhan-oai
• #25858 Add environmentId to request_permissions @jif-oai
• #25176 Route standalone image generation through host finalization md @won-openai
• #25916 Fix Windows release PDB staging @shijie-oai
• #25862 Propagate permission approval environment id @jif-oai
• #25907 [codex] Pin Python SDK to glibc-compatible runtime @aibrahim-oai
• #24859 Use environment secrets for Azure signing @shijie-oai
• #25509 Fix Windows running thread resume path normalization @etraut-openai
• #25135 Populate workspace kind on Codex turn events @knittel-openai
• #24622 Switch runtime to cloud config bundle @joeflorencio-openai
• #25938 fix: update image generation test helper rename @joeflorencio-openai
• #25911 core: stop passing legacy SandboxPolicy to guardian reviews @bolinfest
• #25668 Split cloud config bundle service modules @joeflorencio-openai
• #25890 [codex] Keep hosted tools visible in code-only mode @aibrahim-oai
• #25867 Add remote request permissions integration coverage @jif-oai
• #25943 config: remove dead profile sandbox fallback @bolinfest
• #25948 Revert "Use environment secrets for Azure signing" @shijie-oai
• #25923 Expose standalone image generation in code mode @won-openai
• #25906 [codex] Publish Python runtime wheels with Python SDK releases @aibrahim-oai
• #25953 feat: add skills extension scaffold @jif-oai
• #25915 [codex] Fix Windows BuildBuddy Bazel wrapper execution @anp-oai
• #25926 config: express implicit sandbox defaults as permission profiles @bolinfest
• #25959 feat: add extension turn-input contributors @jif-oai
• #25963 Allow EDU accounts to fetch cloud config bundles @joeflorencio-openai
• #25785 feat(app-server): add remote control client management RPCs @apanasenko-oai
• #25988 revert: publish release symbol artifacts @shijie-oai
• #26114 feat: default hide_spawn_agent_metadata to true @jif-oai
• #26122 chore: extract context fragments into dedicated crate @jif-oai
• #26144 Reject MAv2 close_agent self-targets @jif-oai
• #26106 skills: resolve per-turn catalogs from turn input context @jif-oai
• #26155 fix: serialize goal progress accounting @jif-oai
• #26156 chore: mechanical rename @jif-oai
• #26167 Implement v1 skills extension prompt injection @jif-oai
• #26176 fix: main @jif-oai
• #25949 [codex] Restore setup helper UAC manifest @iceweasel-oai

What's changed

• claude agents --json now includes waitingFor showing what a waiting session is blocked on (e.g. permission prompt)
• --tools: explicitly listing Grep/Glob now provides the dedicated search tools on native builds with embedded search (previously these names were silently ignored)
• /effort now confirms when your chosen level will persist as the default for new sessions
• Clicking a slash command in the autocomplete menu now fills it into your prompt instead of running it immediately; press Enter to run
• Remote Control now shows as a persistent footer pill (with a link to the session) instead of a startup message
• Renamed Windsurf to Devin Desktop in the /ide menu, /terminal-setup, and /scroll-speed, following the editor's rebrand
• Fixed a silent startup hang when the config directory is read-only or unwritable — Claude Code now starts with in-memory config and surfaces startup errors instead of showing a blank screen
• Fixed WebFetch permission rules not being applied to built-in preapproved domains; explicit WebFetch(domain:...) deny/ask/allow rules now take precedence over the preapproved-host auto-allow
• Fixed Windows permission rules never matching when spelled with backslashes (~\, \\server\share) or case-variant paths, and Read deny rules not hiding files from Glob/Grep results
• Fixed an interrupt (Esc) sent at the very start of a turn being silently dropped in stream-json/SDK sessions, leaving the turn running with no "Interrupted" feedback
• Fixed API 400 no low surrogate in string errors for classifier side-queries and MCP server descriptions containing emoji near a truncation boundary
• Fixed MCP per-server timeout config values below 1000 ms being floored to a 1-second watchdog that aborted every tool call; sub-1000 ms values are now ignored (falling back to MCP_TOOL_TIMEOUT or default), and claude mcp get annotates them accordingly
• Fixed the LSP tool's workspaceSymbol operation returning no results; it now accepts a query parameter and passes it to the language server
• Fixed claude agents cutting live status text (tool args, replies, prompts, exec output) at 60–120 columns on wide terminals; the status detail now uses the full terminal width
• Fixed claude agents truncating long session names at 40 columns; the name column now grows with terminal width
• Fixed claude agents attach occasionally bouncing straight back to the session list on the first try after a background-service restart
• Fixed claude agents Ctrl+V image paste doing nothing in the dispatch input and the session reply box; pasting with no image now shows a hint
• Fixed backgrounding a session with ← silently losing the conversation when the background service cannot start; the session stays in the list as a failed row you can wake with Enter
• Fixed replies from the agents view that fail to send being lost; they are now queued for delivery on the next session start
• Fixed cross-session messaging (SendMessage) silently breaking when CLAUDE_CODE_TMPDIR or $TMPDIR points at a deep directory
• Fixed opening a running background session from claude agents stalling for 5 seconds before attaching
• Quieter startup: notices group by severity, and session info and announcements share a single line per launch
• Startup warnings rewritten to be shorter and clearer, each with a concrete fix
• Launch-prompt warnings (deep link/pre-filled prompt) now stay pinned below the input until you act instead of scrolling away
• Failed turns now show a compact warning line instead of a multi-line red error block
• Improved background service startup and claude update verification to wait out endpoint-security scanning of new binaries instead of failing after 5 seconds
• Background dispatch spawn failures now report the error class name when no errno is available
• Removed the "Claude in Chrome enabled" and "marketplace installed" startup messages; model auto-updates and the team-onboarding tip now show as quiet notices under the logo

• Eliminate ghost-cell artifacts in markdown table rendering
• Make monitors visible and killable to the model
• Preserve soft breaks in plan preview
• Add image_to_video and reference_to_video tools
• Add bundled imagine skill
• Convert ICO images to PNG
• Resolve [Image #N] attachment references in image_edit
• Open fullscreen viewer on Enter for Search and ListDir blocks
• Route MCP lifecycle notifications by sessionId + bound per-server init
• Route mouse-wheel scroll to /btw overlay panel
• Compaction: neutralize echoed summarization instruction in summary seed
• Structured compaction prompt (successor-assistant, carry-forward, <analysis> block)
• Dedupe between-turn subagent completion reminders
• Allow auto-update to downgrade on rollback
• Dedupe MCP servers declared in both .mcp.json and plugin.json
• Fix local stdio MCP servers on Windows

What's changed

• OTEL_RESOURCE_ATTRIBUTES values are now included as labels on metric datapoints, so you can slice usage metrics by custom dimensions like team or repo
• claude agents rows now show done/total before the detail when work is fanned out; peek shows the longest-running item
• /mcp now collapses claude.ai connectors you've never signed in to behind a "Show unused connectors" row
• Parallel tool calls: a failed Bash command no longer cancels other calls in the same batch — each tool returns its own result independently
• Fullscreen mode: clipboard now uses wl-copy/xclip/xsel on Linux when available, copies to both the clipboard and PRIMARY selection for middle-click paste, and the "hold {key} for native selection" hint now shows the correct key per terminal
• Fixed the /effort dialog, workflow animations, and prompt keyword shimmer not honoring the "Reduce motion" setting
• Fixed forceLoginOrgUUID/forceLoginMethod managed-settings policies blocking third-party provider sessions (Bedrock, Vertex, Foundry, Mantle) alongside the org pin (regression in 2.1.146)
• Fixed background subagent output corrupting claude -p stdout when using --output-format text or json
• Fixed /usage-credits starting a re-login for Team and Enterprise admins instead of pointing to the organization's usage settings page
• Fixed /autofix-pr reporting "cannot run on the default branch" when the session is inside a git worktree or another repository
• Fixed --resume picker not showing sessions from the current directory when it isn't a git worktree (e.g., jj workspaces)
• Fixed Windows hooks that invoke bash explicitly (e.g., /usr/bin/bash script.sh) failing with "command not found" or "cannot execute binary file"
• Fixed OpenTelemetry log events (user_prompt, api_request, tool_result, tool_decision) being silently dropped when emitted before telemetry initialization completed
• Fixed claude mcp list/get/add printing secrets to the terminal: ${VAR} references are no longer expanded, and credential headers and URL secrets are redacted
• Fixed Workflow agents spawned with isolation: "worktree" in background sessions being blocked from editing files inside their own worktree
• Fixed background sessions dispatched from claude agents booting on a stale model from the daemon's environment instead of the model in settings.json
• Fixed a potential crash when rendering Write tool results after resuming a session
• Fixed completed subagents getting stuck showing as running when an error occurs while finalizing their result
• Fixed EADDRINUSE errors from tools that bind Unix sockets under $TMPDIR when CLAUDE_CODE_TMPDIR is set to a deep path
• Improved terminal rendering performance by stabilizing the layout engine's JIT compilation profile
• Improved rendering performance for large file writes
• [VSCode] Added a tip suggesting disabling terminal GPU acceleration (or running /terminal-setup) to fix garbled glyphs

What's changed

• Added a prompt before writing to shell startup files (.zshenv, .zlogin, .bash_login) and ~/.config/git/, which could otherwise lead to unintended command execution
• acceptEdits mode now prompts before writing build-tool config files that grant code execution (.npmrc, .yarnrc*, bunfig.toml, .bazelrc, .pre-commit-config.yaml, .devcontainer/, etc.)
• Edit no longer requires a separate Read after viewing a file with grep: single-file grep/egrep/fgrep commands now satisfy the read-before-edit check
• Fixed copy-on-select not writing to the Windows clipboard on WSL — now uses PowerShell interop instead of OSC 52, which terminals like MobaXterm don't support
• Fixed restoring a completed session from claude agents dropping chat history and re-running the original prompt
• Fixed background sessions re-attached after overnight retire losing their conversation and re-running the original prompt
• Fixed claude --bg occasionally failing with "socket missing" when the background daemon was cold-starting on a loaded machine
• Fixed an issue on Windows where the directory a background session was started in could not be deleted after claude rm until the background daemon exited
• Fixed background agents that resumed work being shown under Completed in the agents list
• Fixed claude agents freezing for several seconds when returning to the session list due to the auto-updater re-checking on every exit
• Fixed Esc, arrow keys, and typing becoming unresponsive on Windows when attached to a background session or in the agent view while the host is under heavy CPU load
• Fixed background agents emitting terminal sync-output markers to terminals that don't support them (Apple Terminal, tmux), causing render artifacts when entering a running agent
• Fixed mouse wheel scrolling prompt history instead of the transcript right after opening a session from the agents list
• Fixed CJK IME composition appearing at the bottom-left of the screen instead of at the input caret in the claude agents view
• Fixed valid file:///C:/... links being rewritten to a broken path on Windows terminals with hyperlink support
• Fixed voice mode failing to connect when the project directory or branch name contains non-ASCII or special characters
• Fixed the auto mode unavailability message on third-party providers (Bedrock/Vertex/Foundry) to point to the CLAUDE_CODE_ENABLE_AUTO_MODE opt-in instead of incorrectly blaming the model
• Fixed /effort ultracode incorrectly blaming the dynamic workflows setting when the model cannot run xhigh; ultracode is no longer offered on models that do not support it
• Fixed model-not-found errors suggesting --model when running via the SDK or other hosts where the CLI flag doesn't apply
• Fixed Claude's past replies disappearing from scrollback when resuming a brief mode session with brief mode turned off
• Fixed vim mode p pasting on the line below instead of at the cursor when the register was yanked with v$
• Improved performance of opening recently-inactive background agent sessions in claude agents
• Improved auto mode classifier latency by reducing reasoning on routine actions, lowering the chance of "could not evaluate this action" blocks
• Improved background-session teardown (claude rm/stop, idle reap) to send SIGTERM to running shell subprocesses before SIGKILL, so cleanup handlers run
• Removed CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE; the environment variable is now a no-op
• Removed the JetBrains plugin install suggestion from startup
• Renamed the dynamic-workflow trigger keyword from workflow to ultracode. The word "workflow" no longer triggers a run; asking for one in your own words still works. The trigger keyword is highlighted in violet in the prompt input

# Build and deploy websites with Sites [**Sites**](/codex/sites) is now available in preview in the Codex app. Use the Sites plugin to create, save, deploy, and inspect websites, dashboards, internal tools, web apps, and games hosted by OpenAI. Open **Sites** in the app sidebar to return to your projects and manage hosted environment variables and secrets. ChatGPT Business workspaces include Sites by default. ChatGPT Enterprise admins can enable Sites for the appropriate roles through role-based access control (RBAC).

# ChatGPT for iOS ### New features - Added an optional Face ID or passcode lock for Codex. - Added a new settings screen for choosing Queue or Steer as the default follow-up behavior and toggling line wrapping for code diffs. - Added support for connecting to Windows machines over SSH. ### Improvements and bug fixes - Added support for `/side ` to start a side conversation with an initial question. - Improved follow-up prompts, the Codex home screen, and viewing changed files. - Fixed issues with reconnecting, archiving threads, loading tasks, and connecting to hosts.

# Terminal placement controls ### New features - Added **Default terminal location** in [General settings](/codex/app/settings#general). When the bottom panel is enabled, choose whether the terminal shortcut and environment actions open terminal tabs in the bottom panel or the right panel. ### Performance improvements and bug fixes - Additional performance improvements and bug fixes.

# Use Codex with Amazon Bedrock Codex can now use supported OpenAI models available through Amazon Bedrock. Configure [Amazon Bedrock as your model provider](/codex/amazon-bedrock) to run Codex locally with AWS-managed authentication, account controls, and billing.