claude-code releases - releaseport

Review required

v2.1.162 Breaking risk 5h

Auth RBAC

Windsurf → Devin Desktop

Open

No immediate action

v2.1.161 Bug fix 1d

Provider session blockage fixed

Open

Review required

v2.1.160 Breaking risk 2d

Auth RCE / SSRF

Removed vars, renamed trigger

Open

No immediate action

v2.1.159 Maintenance 3d

Routine maintenance and dependency updates.

Open

No immediate action

v2.1.158 New feature 5d

Auto mode on Bedrock/Vertex/Foundry

Open

No immediate action

v2.1.157 Breaking risk 5d

Auto‑load plugins

Open

No immediate action

v2.1.156 Bug fix 6d

Opus 4.8 API error fix

Open

Review required

v2.1.154 Breaking risk 6d

RCE / SSRF Breaking upgrade

Opus 4.8 + dynamic workflows

Open

Upgrade now

v2.1.153 Bug fix 7d

Auth Breaking upgrade

Update channel fix + background session fixes

Open

No immediate action

v2.1.152 Breaking risk 8d

OTP cooldowns + usage alerts

Open

No immediate action

v2.1.150 Maintenance 11d

Routine maintenance and dependency updates.

Open

Review required

v2.1.149 Security relevant 12d

Auth RBAC

PowerShell bypass + sandbox fix

Open

No immediate action

v2.1.148 Bug fix 13d

Bash exit‑code fix

Open

Review required

v2.1.147 Breaking risk 13d

Auth RCE / SSRF

/code-review + sandbox hardening

Open

No immediate action

v2.1.146 Breaking risk 14d

/simplify → /code-review

Open

Review required

v2.1.145 Breaking risk 15d

Auth

Permission‑prompt bypass fix

Open

No immediate action

v2.1.144 Mixed 16d

/usage-credits rename + /resume

Open

Review required

v2.1.143 Bug fix 19d

Auth RBAC

Fix for corrupt credentials JSON

Open

Review required

v2.1.142 Breaking risk 20d

Auth RBAC

Opus 4.7 default, MCP timeout fix

Open

No immediate action

v2.1.141 Breaking risk 21d

terminalSequence hook + numerous bug fixes

Open

No immediate action

v2.1.140 Bug fix 22d

/goal hang + bg‑service fix

Open

Review required

v2.1.139 New feature 23d

Agent view + goal loop + scroll speed

Open

v2.1.138 Maintenance 25d

Minor fixes and improvements.

Changelog

What's changed

Internal fixes

View release on GitHub

v2.1.137 Bug fix 26d

Fixed VSCode extension activation failure on Windows.

Changelog

What's changed

[VSCode] Fixed extension failing to activate on Windows

View release on GitHub

v2.1.136 Mixed 26d

Notable features

Added `settings.autoMode.hard_deny` to block auto‑mode classifier rules unconditionally
Changed plugin marketplace removal key from `r` to `d` for consistency

Full changelog

What's changed

Added CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL to re-enable the session quality survey for enterprises capturing responses through OpenTelemetry
Added settings.autoMode.hard_deny for auto mode classifier rules that block unconditionally regardless of user intent or allow exceptions
Fixed MCP servers configured in .mcp.json, plugins, and claude.ai connectors silently disappearing after /clear in the VS Code extension, JetBrains plugin, and Agent SDK
Fixed a rare login loop where a concurrent credential write could overwrite a freshly-rotated OAuth token and force re-login
Fixed MCP OAuth refresh tokens being lost when multiple servers refresh concurrently — users with several remote MCP servers should no longer need daily re-authentication
Fixed an API error (400) when extended thinking emitted a redacted thinking block after a tool call
Fixed --resume / --continue not finding sessions when the project path contains underscores
Fixed plan mode not blocking file writes when a matching Edit(...) allow rule exists
WSL2: image paste from Windows clipboard now works via a PowerShell fallback when xclip/wl-paste cannot read image data
Fixed plugin Stop/UserPromptSubmit hooks failing when cache cleanup deletes a version still in use by a running session
Improved visual consistency across slash command dialogs: standardized footer hints, dialog spacing, and arrow-key styling, and the dialog frame now appears immediately during loading instead of popping in after
Fixed colors appearing at wrong positions in bash command output and markdown code blocks
Fixed ReasonML diffs rendering corrupted "undefined" text artifacts at word-diff boundaries
Fixed worktree exit dialog warning about uncommitted files in the wrong directory after worktree removal
Fixed @ file picker not matching files created mid-session in small non-git directories
Fixed @-mention file picker not finding files in directories with more than 100 entries
Fixed failed tool calls not being click-to-expand in fullscreen mode when their output was truncated
Fixed Backspace and Ctrl+Backspace getting swapped after using Ctrl+G to open an external editor on terminals with persistent extended-key modes
Fixed /usage weekly reset showing time of day instead of the calendar date
Fixed welcome banner ellipsis causing column overflow on CJK terminals
Fixed /insights crash when session history contains tool calls with malformed input fields
Fixed a renderer crash when a tool's collapsibility classification changes mid-session
Fixed a skills entry in plugin.json hiding the plugin's default skills/ directory, and listing a file path now shows an error instead of failing silently
Fixed IDE shell-integration lock files not respecting CLAUDE_CONFIG_DIR
Fixed trailing whitespace in copied terminal output during streaming
Fixed plugin uninstall and enable/disable not matching slugs case-insensitively
Fixed tool error truncation marker showing a negative count for surrogate-pair strings
Fixed env vars from CLAUDE_ENV_FILE SessionStart hooks going stale after /resume or /clear
Fixed /branch saving a multi-line session title when given a pasted multi-line name
Fixed a stray leading space on the second line of wrapped text at the column boundary
Fixed Esc not dismissing dialogs in /install-github-app, /desktop, /resume, and /web-setup
Fixed /doctor MCP schema errors not naming the missing field or showing the source file path
Fixed Bash permission prompts showing an internal parser diagnostic instead of a user-readable explanation
Fixed plugin slash commands with spaces (e.g. /myplugin review) not resolving to their namespaced form
Fixed AskUserQuestion discarding multi-select answers when supplied as an array
Fixed /clear <name> not labeling the cleared session for /resume
Fixed CronList output missing qualifiers and the scheduled prompt
Fixed "Jump to bottom" overlay leaving color artifacts on CJK characters in fullscreen mode
Fixed wide markdown tables leaving a stale bordered render in terminal scrollback while streaming
Fixed pasted text being silently dropped when a long prompt with a pasted-text placeholder was auto-truncated
Fixed /release-notes getting stuck on an old version after a failed changelog refresh
Fixed /mcp server list not scrolling when there are more servers than fit in the terminal
Fixed mid-input slash command autocomplete not working after an initial slash command
Fixed scrolling to bottom re-engaging auto-follow with autoScrollEnabled: false
Fixed prompt suggestions being auto-submitted by Enter on an empty input instead of requiring Tab or arrow to accept
Fixed keyboard shortcut hints not reflecting rebound keys from keybindings.json
Fixed /settings language change being reverted on Escape after confirming
Fixed /terminal-setup only appearing in autocomplete on exact name match instead of partial prefixes
Fixed "Chat about this" on an AskUserQuestion dialog erasing the question text
Fixed MCP tool results being invisible when the server returns content blocks
Improved error message when --worktree collides with an existing or stale worktree
Changed plugin marketplace removal key to d (matching delete elsewhere) instead of r which collided with retry

View release on GitHub

v2.1.133 Breaking risk 27d

⚠ Upgrade required

If relying on unpushed commits in new worktrees, set `worktree.baseRef: "head"` to preserve the previous default behavior
Specify custom bubblewrap and socat paths via `sandbox.bwrapPath` and `sandbox.socatPath` if using non‑default binaries

Breaking changes

Default `worktree.baseRef` changed from `head` (local HEAD) to `fresh` (origin/); set `worktree.baseRef: "head"` to retain previous behavior

Notable features

`worktree.baseRef` setting (`fresh` | `head`) controls branch source for worktrees
`sandbox.bwrapPath` and `sandbox.socatPath` managed settings allow custom bubblewrap and socat binary locations on Linux/WSL
`parentSettingsBehavior` admin-tier key (`'first-wins'` | `'merge'`) enables SDK `managedSettings` policy merging

Full changelog

What's changed

Added worktree.baseRef setting (fresh | head) to choose whether --worktree, EnterWorktree, and agent-isolation worktrees branch from origin/<default> or local HEAD. Note: the default fresh changes EnterWorktree's base back to origin/<default> (it has been local HEAD since 2.1.128) — set worktree.baseRef: "head" to keep unpushed commits in new worktrees
Added sandbox.bwrapPath and sandbox.socatPath managed settings (Linux/WSL) to specify custom bubblewrap and socat binary locations
Added parentSettingsBehavior admin-tier key ('first-wins' | 'merge') to let admins opt SDK managedSettings (parent tier) into the policy merge
Hooks now receive the active effort level via the effort.level JSON input field and the $CLAUDE_EFFORT environment variable, and Bash tool commands can read $CLAUDE_EFFORT
Improved focus mode behavior
Improved memory usage by releasing warm-spare background workers under memory pressure
Fixed parallel sessions all dead-ending at 401 after a refresh-token race wiped shared credentials
Fixed Edit/Write allow rules scoped to a drive root (C:\) or POSIX / matching incorrectly and always prompting
Fixed an unhandled rejection (ECOMPROMISED) when a history or session-log file lock is compromised by clock skew or slow disk
Fixed pressing Esc during conversation compaction showing a spurious "Error compacting conversation" notification
Fixed HTTP(S)_PROXY / NO_PROXY / mTLS not being respected for the full MCP OAuth flow including discovery, dynamic client registration, token exchange, and token refresh
Fixed Read/Write/Edit being denied on mapped network drives passed via --add-dir / SDK additionalDirectories
Fixed Remote Control stop/interrupt from claude.ai not fully canceling the CLI session the same way local Esc does, causing queued messages to never advance after interrupting a stuck tool or prompt
Fixed /effort in one session unexpectedly changing the effort level of other concurrent sessions, and a related issue where an IDE effort change could be silently dropped
Fixed subagents not discovering project, user, or plugin skills via the Skill tool
claude --help now lists --remote-control alongside --remote-control-session-name-prefix
[VSCode] Fixed claudeCode.claudeProcessWrapper failing with "Unsupported platform" when the extension build doesn't bundle a Claude binary

View release on GitHub

v2.1.132 Bug fix 28d

Notable features

Added `CLAUDE_CODE_SESSION_ID` env var to subprocess environment
Added `CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1` opt‑out flag
Added "Pasting…" footer hint during Ctrl+V image paste

Full changelog

What's changed

Added CLAUDE_CODE_SESSION_ID environment variable to the Bash tool subprocess environment, matching the session_id passed to hooks
Added CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1 env var to opt out of the fullscreen alternate-screen renderer and keep the conversation in the terminal's native scrollback
Added a "Pasting…" footer hint while a Ctrl+V image paste is being read from the clipboard
Fixed external SIGINT (e.g. IDE stop button, kill -INT) not running graceful shutdown — terminal modes are now restored and the --resume hint is printed instead of an abrupt exit
Fixed an uncaught exception when the terminal is closed or SSH disconnects mid-session under the native build
Fixed --resume failing with no low surrogate in string when a tool error truncation split an emoji; pre-corrupted sessions are sanitized on load
Fixed --permission-mode flag being ignored when resuming a plan-mode session with -p --continue/--resume, and plan mode not being re-applied after ExitPlanMode within the same session
Fixed fullscreen mode showing a blank screen after laptop sleep/wake or Ctrl+Z/fg until the next keystroke or stream output
Fixed cursor landing mid-grapheme on Ctrl+E/A/K/U/arrow keys when an Indic conjunct or ZWJ emoji wraps across lines
Fixed vim operators corrupting text containing decomposed (NFD) accented characters
Fixed pasting text starting with / silently swallowing the input or triggering an unknown-command reply
Fixed pasting dumping stray escape sequences into the prompt when focus events or mouse-tracking reports interleave with the bracketed paste
Fixed mouse wheel scrolling being too fast in Cursor and VS Code 1.92–1.104 due to an upstream xterm.js bug
Fixed scroll-wheel handling in JetBrains IDE 2025.2 terminals (spurious arrow keys, wrong-direction events, runaway acceleration)
Fixed /usage Ctrl+S hanging when copying the stats screenshot to the clipboard on Linux/X11
Fixed /terminal-setup showing a contradictory error in Windows Terminal — Shift+Enter is natively supported there
Fixed /effort picker not reflecting the CLAUDE_CODE_EFFORT_LEVEL env var override
Fixed /status showing the wrong default model for some users
Fixed slash command autocomplete popup being capped at ~3–5 visible commands instead of scaling with terminal height
Fixed statusline context_window token counts reflecting cumulative session totals instead of current context usage
Fixed Alt+T (thinking toggle) not working on macOS terminals without "Option as Meta" enabled (iTerm2, Terminal.app defaults)
Fixed dead keyboard input on Windows after re-opening a background session from claude agents
Fixed unbounded memory growth (10GB+ RSS) when a stdio MCP server writes non-protocol data to stdout
Fixed MCP servers that connect but fail tools/list silently showing 0 tools — they now retry once and show "connected · tools fetch failed" in /mcp
Fixed unauthorized claude.ai MCP connectors showing as "failed" instead of "needs auth", and headless -p mode retrying non-transient 4xx connection failures
Improved visual consistency in slash command dialogs and /login, /upgrade, /extra-usage dialog spacing
Updated the /tui fullscreen startup banner to describe additional renderer benefits (lower memory usage, mouse support, auto-copy on select)
Fixed Bedrock and Vertex 400 errors when ENABLE_PROMPT_CACHING_1H is set

View release on GitHub

v2.1.131 Bug fix 28d

Fixed VS Code extension activation on Windows and Mantle endpoint auth missing x-api-key header.

Full changelog

What's changed

Fixed VS Code extension failing to activate on Windows due to a hardcoded build path in the bundled SDK (createRequire polyfill bug)
Fixed Mantle endpoint authentication failing with missing x-api-key header

View release on GitHub

v2.1.129 New feature 29d

⚠ Upgrade required

Plugin manifests now require `themes` and `monitors` under `

Notable features

Added --plugin-url flag to fetch plugin .zip archives from a URL for the current session
Added CLAUDE_CODE_FORCE_SYNC_OUTPUT=1 env var to force-enable synchronized output on terminals with detection issues (e.g., Emacs `eat`)
Added CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE: background upgrade prompt for Homebrew or WinGet installations

Full changelog

What's changed

Added --plugin-url <url> flag to fetch a plugin .zip archive from a URL for the current session
Added CLAUDE_CODE_FORCE_SYNC_OUTPUT=1 env var to force-enable synchronized output on terminals that auto-detection misses (e.g. Emacs eat)
Added CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE: when set on Homebrew or WinGet installations, Claude Code runs the upgrade command in the background and prompts to restart
Plugin manifests: themes and monitors should now be declared under "experimental": { ... }. Top-level declarations still work but claude plugin validate will warn
Gateway /v1/models discovery for the /model picker is now opt-in via CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY=1 (was automatic in 2.1.126–2.1.128)
Ctrl+R history picker now defaults to searching all prompts across all projects, matching pre-2.1.124 behavior. Press Ctrl+S to narrow to the current project or session
Third-party deployments (Bedrock, Vertex, Foundry, or ANTHROPIC_BASE_URL gateway) no longer see spinner tips pointing at first-party Anthropic surfaces
skillOverrides setting now works: off hides from model and /, user-invocable-only hides from model only, name-only collapses description
The claude_code.pull_request.count OTel metric now counts PRs/MRs created via MCP tools, not just shell commands
Policy refusal error messages now include the API Request ID for easier support debugging
Fixed API errors with unrecognized 400 status codes showing raw JSON instead of the underlying error message
Fixed /clear not resetting the terminal tab title after a conversation
Fixed session title chip from /rename disappearing while a permission or other dialog is active
Fixed agent panel below the prompt being hidden when subagents are running (regression in 2.1.122)
Fixed external-editor handoff (Ctrl+G) blanking the conversation history above the prompt
Fixed /context dumping its rendered ASCII visualization grid into the conversation, wasting ~1.6k tokens per call
Fixed /agents Library list arrow-key navigation: the highlighted agent now stays visible when the list exceeds the viewport
Fixed /branch success message not including the new branch's session id for /resume
Fixed bold headers with keycap/ZWJ/skin-tone emoji losing trailing characters in fullscreen mode
Fixed server-managed settings policy not applying for enterprise/team users whose stored OAuth credentials lacked the user:inference scope
Fixed OAuth refresh race after wake-from-sleep that could log out all running sessions
Fixed 1-hour prompt cache TTL being silently downgraded to 5 minutes
Fixed cache-miss warning appearing spuriously after /clear or compaction when changing /effort or /model
Fixed Bash(mkdir *), Bash(touch *) and similar allow rules not being honored for in-project paths
Fixed deniedMcpServers patterns with a *:// scheme wildcard not matching mixed-case hostnames
Fixed harmless WebSocket warning being logged as an error in --debug during voice mode
[VSCode] Fixed /clear not clearing the conversation context and displayed transcript

View release on GitHub

v2.1.128 Bug fix 1mo

⚠ Upgrade required

--channels requires console orgs to set channelsEnabled: true
OTEL_* env vars no longer inherited by subprocess tools (affects OTEL‑instrumented apps)
MCP reconnect now summarizes tool lists instead of full list flood

Notable features

--plugin-dir now accepts .zip archives
`EnterWorktree` creates branch from local HEAD not origin/
Auto mode error hints (retry, /compact, --debug)

Full changelog

What's changed

Bare /color (no args) now picks a random session color
/mcp now shows the tool count for connected servers and flags servers that connected with 0 tools
--plugin-dir now accepts .zip plugin archives in addition to directories
--channels now works with console (API key) authentication — console orgs with managed settings must set channelsEnabled: true to enable
Updated /model picker: collapsed duplicate Opus 4.7 entries, and current Opus now shows as "Opus" instead of "Opus 4.7"
Subprocesses (Bash, hooks, MCP, LSP) no longer inherit OTEL_* environment variables, so OTEL-instrumented apps run via the Bash tool no longer pick up the CLI's own OTLP endpoint
MCP: workspace is now a reserved server name — existing servers with that name will be skipped with a warning
Reconnecting MCP servers no longer flood the conversation with full tool-name lists on every reconnect — re-announced tools are summarized by server prefix
SDK hosts now receive a persistent localSettings suggestion for Bash permission prompts, so "Always allow" writes to .claude/settings.local.json
EnterWorktree now creates the new branch from local HEAD as documented, instead of origin/<default-branch> — unpushed commits are no longer dropped
Auto mode: when the classifier can't evaluate an action, the error now includes a hint (retry, /compact, or run with --debug)
Fixed focus mode briefly dimming the previous response when submitting a new prompt
Fixed stray "4;0;" desktop notification on every /exit in Kitty and other terminals that interpret OSC 9 as a notification
Fixed Remote Control showing an empty "Opening your options…" message on rate limit instead of actionable upsell options
Fixed drag-and-drop image upload hanging on "Pasting text…" when the image read fails
Fixed crash loop when piping very large input (>10 MB) to claude -p via stdin
Fixed long URLs not being individually clickable on every wrapped row in fullscreen mode
Fixed /plugin Components panel showing "Marketplace 'inline' not found" for plugins loaded via --plugin-dir
Fixed MCP tool results dropping images when the server returns both structured content and content blocks
Fixed fenced code blocks inside list items carrying leading whitespace into the clipboard on copy-paste
Fixed tab navigation in /config stranding focus — the tab header now stays focused so arrows and Esc keep working
Fixed markdown link labels being lost on terminals without OSC 8 hyperlink support — links now render as label (url) instead of just the URL
Fixed sessions on 1M-context models with a smaller autocompact window being falsely blocked with "Prompt is too long" before reaching the actual API limit
Fixed parallel shell tool calls: a failing read-only command (grep, git diff, ls) no longer cancels sibling calls
Fixed banner showing "with X effort" on models that don't support effort
Fixed /fast on 3P providers fuzzy-matching to an unrelated skill instead of showing "not available"
Fixed Bedrock default model resolving to global.* instead of the region-appropriate prefix
Fixed vim mode: Space in NORMAL mode now moves the cursor right, matching standard vi/vim behavior
Fixed terminal progress indicator (OSC 9;4) flickering off between tool calls — stays visible across the full turn
Fixed /rename without args failing on resumed sessions whose last entry is a compact boundary
Fixed stale "remote-control is active" status lines from prior sessions appearing after --resume/--continue
Fixed stale installed_plugins.json entries pointing at deleted cache directories polluting PATH
Fixed MCP stdio servers receiving corrupted arguments when CLAUDE_CODE_SHELL_PREFIX is set and an argument contains spaces or shell metacharacters
Fixed sub-agent progress summaries missing the prompt cache (~3× cache_creation reduction)
Fixed /plugin update never detecting new versions of npm-sourced plugins
Fixed sub-agent summaries firing repeatedly while a sub-agent's transcript is static, capping worst-case token cost on idle sub-agents
Headless --output-format stream-json: init.plugin_errors now includes --plugin-dir load failures in addition to dependency demotions

View release on GitHub

v2.1.126 Breaking risk 1mo

Security fixes

Fixed `allowManagedDomainsOnly` / `allowManagedReadPathsOnly` being ignored when a higher‑priority managed‑settings source lacked a `sandbox` block

Notable features

Project purge command (`claude project purge [path]`) with dry‑run, yes, interactive, and all options
OAuth login accepts code pasted into terminal for unreachable localhost (WSL2, containers)
`claude_code.skill_activated` OpenTelemetry event now fires for user‑typed slash commands with `invocation_trigger` attribute

Full changelog

What's changed

The /model picker now lists models from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway
- Added claude project purge [path] to delete all Claude Code state for a project (transcripts, tasks, file history, config entry) — supports --dry-run, -y/--yes, -i/--interactive, and --all
--dangerously-skip-permissions now bypasses prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)
claude auth login now accepts the OAuth code pasted into the terminal when the browser callback can't reach localhost (WSL2, SSH, containers)
claude_code.skill_activated OpenTelemetry event now fires for user-typed slash commands and carries a new invocation_trigger attribute ("user-slash", "claude-proactive", or "nested-skill")
Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running
Host-managed deployments (CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST) no longer auto-disable analytics on Bedrock/Vertex/Foundry
Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or .NET global tool is now detected
Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash
Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and "this is not malware" commentary on legacy models
Security: Fixed allowManagedDomainsOnly / allowManagedReadPathsOnly being ignored when a higher-priority managed-settings source lacked a sandbox block
Fixed pasting an image larger than 2000px breaking the session — images are now downscaled on paste, and oversized images in history are automatically removed and the request retried
Fixed showing the login screen for "OAuth not allowed for organization" errors — now shows guidance to contact your admin
Fixed OAuth login failing with timeout on slow or proxied connections, in IPv6-only devcontainers, and when the browser callback can't reach localhost
Fixed a rare race where a concurrent credential write could clear a valid OAuth refresh token
Fixed API retry countdown sticking at "0s" instead of counting down between attempts
Fixed "Stream idle timeout" error after waking Mac from sleep mid-request
Fixed background and remote sessions falsely aborting with "Stream idle timeout" during long model thinking pauses
Fixed a hang where the assistant could finish thinking but show no output after a run of empty turns
Fixed overly fast trackpad scrolling in Cursor and VS Code 1.92–1.104 integrated terminals
Fixed claude.ai MCP connectors being suppressed by manual servers stuck in needs-auth state
Fixed Japanese/Korean/Chinese text rendering as garbled characters on Windows in no-flicker mode
Fixed Ctrl+L clearing the prompt input — it now only forces a screen redraw, matching readline behavior
Fixed deferred tools (WebSearch, WebFetch, etc.) not being available to skills with context: fork and other subagents on their first turn
Fixed plan-mode tools being unavailable in interactive sessions launched with --channels
Fixed /plugin Uninstall reporting "Enabled" instead of "Uninstalled"
Bounded total size of file-modified reminders when a linter touches many files at once
Fixed /remote-control retries appearing stuck on "connecting…" — each retry now shows its result
Fixed Remote Control failure notification not showing the error reason for initial connection failures
Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes >22KB selections not reaching the clipboard
PowerShell tool: bare -- (e.g. git diff -- file) is no longer mis-flagged as the --% stop-parsing token
Fixed Agent SDK hang when the model emits a malformed tool name in a parallel tool call batch

View release on GitHub

v2.1.123 Bug fix 1mo

Fixed OAuth authentication 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1

Full changelog

What's changed

Fixed OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set

View release on GitHub

v2.1.122 Bug fix 1mo

Notable features

Added ANTHROPIC_BEDROCK_SERVICE_TIER env var to select Bedrock service tier
OpenTelemetry now emits numeric attributes as numbers and added claude_code.at_mention log event

Full changelog

What's changed

Added ANTHROPIC_BEDROCK_SERVICE_TIER environment variable to select a Bedrock service tier (default, flex, or priority), sent as the X-Amzn-Bedrock-Service-Tier header
Pasting a PR URL into the /resume search box now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, and Bitbucket)
/mcp now shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate
Clarified the /mcp message shown when an MCP server is still unauthorized after the browser sign-in flow
OpenTelemetry: numeric attributes on api_request/api_error log events are now emitted as numbers, not strings
OpenTelemetry: added claude_code.at_mention log event for @-mention resolution
Fixed /branch producing forks that fail with "tool_use ids were found without tool_result blocks" when the source session contained entries from rewound timelines
Fixed /model not showing the Effort option for Bedrock application inference profile ARNs, and those ARNs not receiving output_config.effort
Fixed Vertex AI / Bedrock returning invalid_request_error: output_config: Extra inputs are not permitted on session-title generation and other structured-output queries
Fixed Vertex AI count_tokens endpoint returning 400 errors for users behind proxy gateways
Fixed spinnerTipsOverride.excludeDefault not suppressing the time-based spinner tips
Fixed ToolSearch missing MCP tools that connected after session start in nonblocking mode
Fixed !exit / !quit in bash mode terminating the CLI instead of running as a shell command
Fixed images sent to newer models being resized to 2576px per side instead of the correct 2000px maximum
Fixed remote control session idle status redrawing twice per second, which could flood tmux -CC control pipes and pause the terminal
Fixed assistant messages appearing blank in some sessions due to a stale view preference
Fixed a malformed hooks entry in settings.json no longer invalidating the entire file
Voice mode: keybindings bound to Caps Lock now show an error since terminals don't deliver Caps Lock as a key event

View release on GitHub

v2.1.121 Breaking risk 1mo

Notable features

Added `alwaysLoad` option to MCP server config for always‑available tools
Added `claude plugin prune` and cascading prune on uninstall
Type-to-filter search box in `/skills` UI

Full changelog

What's changed

Added alwaysLoad option to MCP server config — when true, all tools from that server skip tool-search deferral and are always available
Added claude plugin prune to remove orphaned auto-installed plugin dependencies; plugin uninstall --prune cascades
Added a type-to-filter search box to /skills so you can find a skill in long lists without scrolling
PostToolUse hooks can now replace tool output for all tools via hookSpecificOutput.updatedToolOutput (previously MCP-only)
Fullscreen mode: typing into the prompt no longer jumps scroll back to the bottom after you've scrolled up to read earlier output
Dialogs that overflow the terminal are now scrollable with arrow keys, PgUp/PgDn, home/end, and mouse wheel in both fullscreen and non-fullscreen modes
Clicking any line of a long URL that wraps across rows in fullscreen mode now opens the full URL
SDK and claude -p: CLAUDE_CODE_FORK_SUBAGENT=1 now works in non-interactive sessions
--dangerously-skip-permissions no longer prompts for writes to .claude/skills/, .claude/agents/, and .claude/commands/
/terminal-setup now enables iTerm2's "Applications in terminal may access clipboard" setting so /copy works, including from tmux
MCP servers that hit a transient error during startup now auto-retry up to 3 times instead of staying disconnected
The terminal tab session title is now generated in your configured language setting
Claude.ai connectors with the same upstream URL are now deduplicated instead of appearing as duplicates
Vertex AI: support X.509 certificate-based Workload Identity Federation (mTLS ADC)
Faster startup after upgrading: removed the Recent Activity panel from the release-notes splash
LSP diagnostic summaries now expand on click/ctrl+o and show the expand hint
SDK: mcp_authenticate now supports redirectUri for custom scheme completion and claude.ai connectors
OpenTelemetry: added stop_reason, gen_ai.response.finish_reasons, and user_system_prompt (gated behind OTEL_LOG_USER_PROMPTS) to LLM request spans
[VSCode] Voice dictation now respects the accessibility.voice.speechLanguage setting when no Claude Code language is configured
[VSCode] /context now opens a native token usage dialog
Fixed unbounded memory growth (multi-GB RSS) when processing many images in a session
Fixed /usage leaking up to ~2GB of memory on machines with large transcript histories
Fixed memory leak when long-running tools fail to emit a clear progress event
Fixed Bash tool becoming permanently unusable when the directory Claude was started in is deleted or moved mid-session
Fixed --resume crashing on startup in external builds
Fixed --resume failing on large sessions when a transcript line was corrupted by an unclean shutdown — the corrupt line is now skipped
Fixed thinking.type.enabled is not supported error when using Bedrock application inference profile ARNs
Fixed Microsoft 365 MCP OAuth failing with duplicate or unsupported prompt parameter
Fixed scrollback duplication when pressing Ctrl+L or triggering a redraw in non-fullscreen mode on tmux, GNOME Terminal, Windows Terminal, and Konsole
Fixed claude.ai MCP connectors silently disappearing when the connector-list fetch hits a transient auth error at startup
Fixed "Always allow" rules for built-in tools in remote sessions not surviving worker restarts
Fixed NO_PROXY not being respected for all HTTP clients when set via managed-settings.json under the native build
Fixed managed settings approval prompt exiting the session even when accepted — now applies settings and continues
Fixed /usage returning "rate limited" after a stale OAuth token — now refreshes automatically
Fixed invalid legacy enum values in settings.json invalidating the entire settings file
Fixed /usage dialog content being clipped when no-flicker mode is off
Fixed /focus showing "Unknown command" when the fullscreen renderer is off — now explains how to enable it
Fixed embedded grep/find/rg shell wrappers failing when the running binary is deleted mid-session — now falls back to installed tools
Reduced peak file descriptor usage during find in the Bash tool on large directory trees

View release on GitHub

v2.1.119 Breaking risk 1mo

Notable features

Added `prUrlTemplate` to customize PR badge URLs
`--from-pr` now accepts GitLab, Bitbucket, and GitHub Enterprise URLs
`--print` honors frontmatter `tools:` and `disallowedTools:`, matching interactive mode

Full changelog

What's changed

/config settings (theme, editor mode, verbose, etc.) now persist to ~/.claude/settings.json and participate in project/local/policy override precedence
Added prUrlTemplate setting to point the footer PR badge at a custom code-review URL instead of github.com
Added CLAUDE_CODE_HIDE_CWD environment variable to hide the working directory in the startup logo
--from-pr now accepts GitLab merge-request, Bitbucket pull-request, and GitHub Enterprise PR URLs
--print mode now honors the agent's tools: and disallowedTools: frontmatter, matching interactive-mode behavior
--agent <name> now honors the agent definition's permissionMode for built-in agents
PowerShell tool commands can now be auto-approved in permission mode, matching Bash behavior
Hooks: PostToolUse and PostToolUseFailure hook inputs now include duration_ms (tool execution time, excluding permission prompts and PreToolUse hooks)
Subagent and SDK MCP server reconfiguration now connects servers in parallel instead of serially
Plugins pinned by another plugin's version constraint now auto-update to the highest satisfying git tag
Vim mode: Esc in INSERT no longer pulls a queued message back into the input; press Esc again to interrupt
Slash command suggestions now highlight the characters that matched your query
Slash command picker now wraps long descriptions onto a second line instead of truncating
owner/repo#N shorthand links in output now use your git remote's host instead of always pointing at github.com
Security: blockedMarketplaces now correctly enforces hostPattern and pathPattern entries
OpenTelemetry: tool_result and tool_decision events now include tool_use_id; tool_result also includes tool_input_size_bytes
Status line: stdin JSON now includes effort.level and thinking.enabled
Fixed pasting CRLF content (Windows clipboards, Xcode console) inserting an extra blank line between every line
Fixed multi-line paste losing newlines in terminals using kitty keyboard protocol sequences inside bracketed paste
Fixed Glob and Grep tools disappearing on native macOS/Linux builds when the Bash tool is denied via permissions
Fixed scrolling up in fullscreen mode snapping back to the bottom every time a tool finishes
Fixed MCP HTTP connections failing with "Invalid OAuth error response" when servers returned non-JSON bodies for OAuth discovery requests
Fixed Rewind overlay showing "(no prompt)" for messages with image attachments
Fixed auto mode overriding plan mode with conflicting "Execute immediately" instructions
Fixed async PostToolUse hooks that emit no response payload writing empty entries to the session transcript
Fixed spinner staying on when a subagent task notification is orphaned in the queue
Tool search is now disabled by default on Vertex AI to avoid an unsupported beta header error (opt in with ENABLE_TOOL_SEARCH)
Fixed @-file Tab completion replacing the entire prompt when used inside a slash command with an absolute path
Fixed a stray p character appearing at the prompt on startup in macOS Terminal.app via Docker or SSH
Fixed ${ENV_VAR} placeholders in headers for HTTP/SSE/WebSocket MCP servers not being substituted before requests
Fixed MCP OAuth client secret stored via --client-secret not being sent during token exchange for servers requiring client_secret_post
Fixed /skills Enter key closing the dialog instead of pre-filling /<skill-name> in the prompt
Fixed /agents detail view mislabeling built-in tools unavailable to subagents as "Unrecognized"
Fixed MCP servers from plugins not spawning on Windows when the plugin cache was incomplete
Fixed /export showing the current default model instead of the model the conversation actually used
Fixed verbose output setting not persisting after restart
Fixed /usage progress bars overlapping with their "Resets …" labels
Fixed plugin MCP servers failing when ${user_config.*} references an optional field left blank
Fixed list items containing a sentence-final number wrapping the number onto its own line
Fixed /plan and /plan open not acting on the existing plan when entering plan mode
Fixed skills invoked before auto-compaction being re-executed against the next user message
Fixed /reload-plugins and /doctor reporting load errors for disabled plugins
Fixed Agent tool with isolation: "worktree" reusing stale worktrees from prior sessions
Fixed disabled MCP servers appearing as "failed" in /status
Fixed TaskList returning tasks in arbitrary filesystem order instead of sorted by ID
Fixed spurious "GitHub API rate limit exceeded" hints when gh output contained PR titles mentioning "rate limit"
Fixed SDK/bridge read_file not correctly enforcing size cap on growing files
Fixed PR not linked to session when working in a git worktree
Fixed /doctor warning about MCP server entries overridden by a higher-precedence scope
Windows: removed false-positive "Windows requires 'cmd /c' wrapper" MCP config warning
[VSCode] Fixed voice dictation's first recording producing nothing on macOS while the microphone permission prompt is showing

View release on GitHub

v2.1.118 Breaking risk 1mo

⚠ Upgrade required

`DISABLE_UPDATES` is stricter than `DISABLE_AUTOUPDATER`; set it to block both automatic and manual updates.
/usage now serves as the unified endpoint for cost and stats; existing shortcuts still work but should be updated in scripts.

Breaking changes

Merged `/cost` and `/stats` into a single `/usage` command; original endpoints remain as typing shortcuts.

Notable features

Added vim visual mode (`v`) and visual‑line mode (`V`) with selection, operators, and feedback.
Introduced `DISABLE_UPDATES` env var to block all update paths including manual `claude update`.
Added `claude plugin tag` command for creating validated release git tags of plugins.

Full changelog

What's changed

Added vim visual mode (v) and visual-line mode (V) with selection, operators, and visual feedback
Merged /cost and /stats into /usage — both remain as typing shortcuts that open the relevant tab
Create and switch between named custom themes from /theme, or hand-edit JSON files in ~/.claude/themes/; plugins can also ship themes via a themes/ directory
Hooks can now invoke MCP tools directly via type: "mcp_tool"
Added DISABLE_UPDATES env var to completely block all update paths including manual claude update — stricter than DISABLE_AUTOUPDATER
WSL on Windows can now inherit Windows-side managed settings via the wslInheritsWindowsSettings policy key
Auto mode: include "$defaults" in autoMode.allow, autoMode.soft_deny, or autoMode.environment to add custom rules alongside the built-in list instead of replacing it
Added a "Don't ask again" option to the auto mode opt-in prompt
Added claude plugin tag to create release git tags for plugins with version validation
--continue/--resume now find sessions that added the current directory via /add-dir
/color now syncs the session accent color to claude.ai/code when Remote Control is connected
The /model picker now honors ANTHROPIC_DEFAULT_*_MODEL_NAME/_DESCRIPTION overrides when using a custom ANTHROPIC_BASE_URL gateway
When auto-update skips a plugin due to another plugin's version constraint, the skip now appears in /doctor and the /plugin Errors tab
Fixed /mcp menu hiding OAuth Authenticate/Re-authenticate actions for servers configured with headersHelper, and HTTP/SSE MCP servers with custom headers being stuck in "needs authentication" after a transient 401
Fixed MCP servers whose OAuth token response omits expires_in requiring re-authentication every hour
Fixed MCP step-up authorization silently refreshing instead of prompting for re-consent when the server's insufficient_scope 403 names a scope the current token already has
Fixed an unhandled promise rejection when an MCP server's OAuth flow times out or is cancelled
Fixed MCP OAuth refresh proceeding without its cross-process lock under contention
Fixed macOS keychain race where a concurrent MCP token refresh could overwrite a freshly-refreshed OAuth token, causing unexpected "Please run /login" prompts
Fixed OAuth token refresh failing when the server revokes a token before its local expiry time
Fixed credential save crash on Linux/Windows corrupting ~/.claude/.credentials.json
Fixed /login having no effect in a session launched with CLAUDE_CODE_OAUTH_TOKEN — the env token is now cleared so disk credentials take effect
Fixed unreadable text in the "new messages" scroll pill and /plugin badges
Fixed plan acceptance dialog offering "auto mode" instead of "bypass permissions" when running with --dangerously-skip-permissions
Fixed agent-type hooks failing with "Messages are required for agent hooks" when configured for events other than Stop or SubagentStop
Fixed prompt hooks re-firing on tool calls made by an agent-hook verifier subagent
Fixed /fork writing the full parent conversation to disk per fork — now writes a pointer and hydrates on read
Fixed Alt+K / Alt+X / Alt+^ / Alt+_ freezing keyboard input
Fixed connecting to a remote session overwriting your local model setting in ~/.claude/settings.json
Fixed typeahead showing "No commands match" error when pasting file paths that start with /
Fixed plugin install on an already-installed plugin not re-resolving a dependency installed at the wrong version
Fixed unhandled errors from file watcher on invalid paths or fd exhaustion
Fixed Remote Control sessions getting archived on transient CCR initialization blips during JWT refresh
Fixed subagents resumed via SendMessage not restoring the explicit cwd they were spawned with

View release on GitHub

v2.1.117 New feature 1mo

Notable features

Enable forked subagents on external builds via CLAUDE_CODE_FORK_SUBAGENT=1
Agent frontmatter mcpServers now load for main‑thread sessions with --agent
Improved /model: selections persist across restarts and header shows pin source

Full changelog

What's changed

Forked subagents can now be enabled on external builds by setting CLAUDE_CODE_FORK_SUBAGENT=1
Agent frontmatter mcpServers are now loaded for main-thread agent sessions via --agent
Improved /model: selections now persist across restarts even when the project pins a different model, and the startup header shows when the active model comes from a project or managed-settings pin
The /resume command now offers to summarize stale, large sessions before re-reading them, matching the existing --resume behavior
Faster startup when both local and claude.ai MCP servers are configured (concurrent connect now default)
plugin install on an already-installed plugin now installs any missing dependencies instead of stopping at "already installed"
Plugin dependency errors now say "not installed" with an install hint, and claude plugin marketplace add now auto-resolves missing dependencies from configured marketplaces
Managed-settings blockedMarketplaces and strictKnownMarketplaces are now enforced on plugin install, update, refresh, and autoupdate
Advisor Tool (experimental): dialog now carries an "experimental" label, learn-more link, and startup notification when enabled; sessions no longer get stuck with "Advisor tool result content could not be processed" errors on every prompt and /compact
The cleanupPeriodDays retention sweep now also covers ~/.claude/tasks/, ~/.claude/shell-snapshots/, and ~/.claude/backups/
OpenTelemetry: user_prompt events now include command_name and command_source for slash commands; cost.usage, token.usage, api_request, and api_error now include an effort attribute when the model supports effort levels. Custom/MCP command names are redacted unless OTEL_LOG_TOOL_DETAILS=1 is set
Native builds on macOS and Linux: the Glob and Grep tools are replaced by embedded bfs and ugrep available through the Bash tool — faster searches without a separate tool round-trip (Windows and npm-installed builds unchanged)
Windows: cached where.exe executable lookups per process for faster subprocess launches
Default effort for Pro/Max subscribers on Opus 4.6 and Sonnet 4.6 is now high (was medium)
Fixed Plain-CLI OAuth sessions dying with "Please run /login" when the access token expires mid-session — the token is now refreshed reactively on 401
Fixed WebFetch hanging on very large HTML pages by truncating input before HTML-to-markdown conversion
Fixed a crash when a proxy returns HTTP 204 No Content — now surfaces a clear error instead of a TypeError
Fixed /login having no effect when launched with CLAUDE_CODE_OAUTH_TOKEN env var and that token expires
Fixed prompt-input undo (Ctrl+_) doing nothing immediately after typing, and skipping a state on each undo step
Fixed NO_PROXY not being respected for remote API requests when running under Bun
Fixed rare spurious escape/return triggers when key names arrive as coalesced text over slow connections
Fixed SDK reload_plugins reconnecting all user MCP servers serially
Fixed Bedrock application-inference-profile requests failing with 400 when backed by Opus 4.7 with thinking disabled
Fixed MCP elicitation/create requests auto-cancelling in print/SDK mode when the server finishes connecting mid-turn
Fixed subagents running a different model than the main agent incorrectly flagging file reads with a malware warning
Fixed idle re-render loop when background tasks are present, reducing memory growth on Linux
[VSCode] Fixed "Manage Plugins" panel breaking when multiple large marketplaces are configured
Fixed Opus 4.7 sessions showing inflated /context percentages and autocompacting too early — Claude Code was computing against a 200K context window instead of Opus 4.7's native 1M

View release on GitHub

v2.1.116 Bug fix 1mo

Security fixes

Sandbox auto-allow now correctly enforces dangerous-path safety checks for `rm`/`rmdir` targeting `/`, `$HOME`, or other critical system directories

Notable features

/resume performance up to 67% faster for sessions >40MB
Thinking spinner now shows inline progress states
/config search matches option values (e.g., "vim" finds Editor mode)

Full changelog

What's changed

/resume on large sessions is significantly faster (up to 67% on 40MB+ sessions) and handles sessions with many dead-fork entries more efficiently
Faster MCP startup when multiple stdio servers are configured; resources/templates/list is now deferred to first @-mention
Smoother fullscreen scrolling in VS Code, Cursor, and Windsurf terminals — /terminal-setup now configures the editor's scroll sensitivity
Thinking spinner now shows progress inline ("still thinking", "thinking more", "almost done thinking"), replacing the separate hint row
/config search now matches option values (e.g. searching "vim" finds the Editor mode setting)
/doctor can now be opened while Claude is responding, without waiting for the current turn to finish
/reload-plugins and background plugin auto-update now auto-install missing plugin dependencies from marketplaces you've already added
Bash tool now surfaces a hint when gh commands hit GitHub's API rate limit, so agents can back off instead of retrying
The Usage tab in Settings now shows your 5-hour and weekly usage immediately and no longer fails when the usage endpoint is rate-limited
Agent frontmatter hooks: now fire when running as a main-thread agent via --agent
Slash command menu now shows "No commands match" when your filter has zero results, instead of disappearing
Security: sandbox auto-allow no longer bypasses the dangerous-path safety check for rm/rmdir targeting /, $HOME, or other critical system directories
Fixed Devanagari and other Indic scripts rendering with broken column alignment in the terminal UI
Fixed Ctrl+- not triggering undo in terminals using the Kitty keyboard protocol (iTerm2, Ghostty, kitty, WezTerm, Windows Terminal)
Fixed Cmd+Left/Right not jumping to line start/end in terminals that use the Kitty keyboard protocol (Warp fullscreen, kitty, Ghostty, WezTerm)
Fixed Ctrl+Z hanging the terminal when Claude Code is launched via a wrapper process (e.g. npx, bun run)
Fixed scrollback duplication in inline mode where resizing the terminal or large output bursts would repeat earlier conversation history
Fixed modal search dialogs overflowing the screen at short terminal heights, hiding the search box and keyboard hints
Fixed scattered blank cells and disappearing composer chrome in the VS Code integrated terminal during scrolling
Fixed an intermittent API 400 error related to cache control TTL ordering that could occur when a parallel request completed during request setup
Fixed /branch rejecting conversations with transcripts larger than 50MB
Fixed /resume silently showing an empty conversation on large session files instead of reporting the load error
Fixed /plugin Installed tab showing the same item twice when it appears under Needs attention or Favorites
Fixed /update and /tui not working after entering a worktree mid-session

View release on GitHub

v2.1.114 Bug fix 1mo

Fixed crash in permission dialog when an agent‑teams teammate requests tool permission

Full changelog

What's changed

Fixed a crash in the permission dialog when an agent teams teammate requested tool permission

View release on GitHub

v2.1.113 Security relevant 1mo

Security fixes

macOS: `/private/{etc,var,tmp,home}` paths are now treated as dangerous removal targets under `Bash(rm:*)` allow rules
Bash deny rules now match commands wrapped in exec wrappers such as `env`, `sudo`, `watch`, `ionice`, `setsid`

Notable features

Fullscreen mode: Shift+↑/↓ scrolls viewport when selection exceeds visible area
Ctrl+A/Ctrl+E navigate to start/end of logical line in multiline input
Windows: Ctrl+Backspace deletes previous word

Full changelog

What's changed

Changed the CLI to spawn a native Claude Code binary (via a per-platform optional dependency) instead of bundled JavaScript
Added sandbox.network.deniedDomains setting to block specific domains even when a broader allowedDomains wildcard would otherwise permit them
Fullscreen mode: Shift+↑/↓ now scrolls the viewport when extending a selection past the visible edge
Ctrl+A and Ctrl+E now move to the start/end of the current logical line in multiline input, matching readline behavior
Windows: Ctrl+Backspace now deletes the previous word
Long URLs in responses and bash output stay clickable when they wrap across lines (in terminals with OSC 8 hyperlinks)
Improved /loop: pressing Esc now cancels pending wakeups, and wakeups display as "Claude resuming /loop wakeup" for clarity
/extra-usage now works from Remote Control (mobile/web) clients
Remote Control clients can now query @-file autocomplete suggestions
Improved /ultrareview: faster launch with parallelized checks, diffstat in the launch dialog, and animated launching state
Subagents that stall mid-stream now fail with a clear error after 10 minutes instead of hanging silently
Bash tool: multi-line commands whose first line is a comment now show the full command in the transcript, closing a UI-spoofing vector
Running cd <current-directory> && git … no longer triggers a permission prompt when the cd is a no-op
Security: on macOS, /private/{etc,var,tmp,home} paths are now treated as dangerous removal targets under Bash(rm:*) allow rules
Security: Bash deny rules now match commands wrapped in env/sudo/watch/ionice/setsid and similar exec wrappers
Security: Bash(find:*) allow rules no longer auto-approve find -exec/-delete
Fixed MCP concurrent-call timeout handling where a message for one tool call could silently disarm another call's watchdog
Fixed Cmd-backspace / Ctrl+U to once again delete from the cursor to the start of the line
Fixed markdown tables breaking when a cell contains an inline code span with a pipe character
Fixed session recap auto-firing while composing unsent text in the prompt
Fixed /copy "Full response" not aligning markdown table columns for pasting into GitHub, Notion, or Slack
Fixed messages typed while viewing a running subagent being hidden from its transcript and misattributed to the parent AI
Fixed Bash dangerouslyDisableSandbox running commands outside the sandbox without a permission prompt
Fixed /effort auto confirmation — now says "Effort level set to max" to match the status bar label
Fixed the "copied N chars" toast overcounting emoji and other multi-code-unit characters
Fixed /insights crashing with EBUSY on Windows
Fixed exit confirmation dialog mislabeling one-shot scheduled tasks as recurring — now shows a countdown
Fixed slash/@ completion menu not sitting flush against the prompt border in fullscreen mode
Fixed CLAUDE_CODE_EXTRA_BODY output_config.effort causing 400 errors on subagent calls to models that don't support effort and on Vertex AI
Fixed prompt cursor disappearing when NO_COLOR is set
Fixed ToolSearch ranking so pasted MCP tool names surface the actual tool instead of description-matching siblings
Fixed compacting a resumed long-context session failing with "Extra usage is required for long context requests"
Fixed plugin install succeeding when a dependency version conflicts with an already-installed plugin — now reports range-conflict
Fixed "Refine with Ultraplan" not showing the remote session URL in the transcript
Fixed SDK image content blocks that fail to process crashing the session — now degrade to a text placeholder
Fixed Remote Control sessions not streaming subagent transcripts
Fixed Remote Control sessions not being archived when Claude Code exits
Fixed thinking.type.enabled is not supported 400 error when using Opus 4.7 via a Bedrock Application Inference Profile ARN

View release on GitHub

v2.1.112 Bug fix 1mo

Fixed the "claude-opus-4-7 is temporarily unavailable" error in auto mode.

Changelog

What's changed

Fixed "claude-opus-4-7 is temporarily unavailable" for auto mode

View release on GitHub

v2.1.111 New feature 1mo

⚠ Upgrade required

`/effort` invoked without arguments opens an interactive slider with arrow‑key navigation and Enter confirmation.
`Auto (match terminal)` theme option matches the host terminal’s dark/light mode, selectable via `/theme`.
/less-permission-prompts skill scans transcripts for read‑only Bash/MCP calls and proposes a prioritized allowlist in `.claude/settings.json`.

Notable features

Added `xhigh` effort level for Opus 4.7 (between `high` and `max`) accessible via `/effort`, `--effort`, or the model picker.
Auto mode now enabled for Max subscribers without needing `--enable-auto-mode`.
/ultrareview skill added to run comprehensive cloud‑based multi‑agent code review.

Full changelog

What's changed

Claude Opus 4.7 xhigh is now available! Use /effort to tune speed vs. intelligence
Auto mode is now available for Max subscribers when using Opus 4.7
Added xhigh effort level for Opus 4.7, sitting between high and max. Available via /effort, --effort, and the model picker; other models fall back to high
/effort now opens an interactive slider when called without arguments, with arrow-key navigation between levels and Enter to confirm
Added "Auto (match terminal)" theme option that matches your terminal's dark/light mode — select it from /theme
Added /less-permission-prompts skill — scans transcripts for common read-only Bash and MCP tool calls and proposes a prioritized allowlist for .claude/settings.json
Added /ultrareview for running comprehensive code review in the cloud using parallel multi-agent analysis and critique — invoke with no arguments to review your current branch, or /ultrareview <PR#> to fetch and review a specific GitHub PR
Auto mode no longer requires --enable-auto-mode
Windows: PowerShell tool is progressively rolling out. Opt in or out with CLAUDE_CODE_USE_POWERSHELL_TOOL. On Linux and macOS, enable with CLAUDE_CODE_USE_POWERSHELL_TOOL=1 (requires pwsh on PATH)
Read-only bash commands with glob patterns (e.g. ls *.ts) and commands starting with cd <project-dir> && no longer trigger a permission prompt
Suggest the closest matching subcommand when claude <word> is invoked with a near-miss typo (e.g. claude udpate → "Did you mean claude update?")
Plan files are now named after your prompt (e.g. fix-auth-race-snug-otter.md) instead of purely random words
Improved /setup-vertex and /setup-bedrock to show the actual settings.json path when CLAUDE_CONFIG_DIR is set, seed model candidates from existing pins on re-run, and offer a "with 1M context" option for supported models
/skills menu now supports sorting by estimated token count — press t to toggle
Ctrl+U now clears the entire input buffer (previously: delete to start of line); press Ctrl+Y to restore
Ctrl+L now forces a full screen redraw in addition to clearing the prompt input
Transcript view footer now shows [ (dump to scrollback) and v (open in editor) shortcuts
The "+N lines" marker for truncated long pastes is now a full-width rule for easier scanning
Headless --output-format stream-json now includes plugin_errors on the init event when plugins are demoted for unsatisfied dependencies
Added OTEL_LOG_RAW_API_BODIES environment variable to emit full API request and response bodies as OpenTelemetry log events for debugging
Suppressed spurious decompression, network, and transient error messages that could appear in the TUI during normal operation
Reverted the v2.1.110 cap on non-streaming fallback retries — it traded long waits for more outright failures during API overload
Fixed terminal display tearing (random characters, drifting input) in iTerm2 + tmux setups when terminal notifications are sent
Fixed @ file suggestions re-scanning the entire project on every turn in non-git working directories, and showing only config files in freshly-initialized git repos with no tracked files
Fixed LSP diagnostics from before an edit appearing after it, causing the model to re-read files it just edited
Fixed tab-completing /resume immediately resuming an arbitrary titled session instead of showing the session picker
Fixed /context grid rendering with extra blank lines between rows
Fixed /clear dropping the session name set by /rename, causing statusline output to lose session_name
Improved plugin error handling: dependency errors now distinguish conflicting, invalid, and overly complex version requirements; fixed stale resolved versions after plugin update; plugin install now recovers from interrupted prior installs
Fixed Claude calling a non-existent commit skill and showing "Unknown skill: commit" for users without a custom /commit command
Fixed 429 rate-limit errors on Bedrock/Vertex/Foundry referencing status.claude.com (it only covers Anthropic-operated providers)
Fixed feedback surveys appearing back-to-back after dismissing one
Fixed bare URLs in bash/PowerShell/MCP tool output being unclickable when the terminal wraps them across lines
Windows: CLAUDE_ENV_FILE and SessionStart hook environment files now apply (previously a no-op)
Windows: permission rules with drive-letter paths are now correctly root-anchored, and paths differing only by drive-letter case are recognized as the same path

View release on GitHub

v2.1.110 New feature 1mo

Security fixes

Hardened "Open in editor" actions against command injection from untrusted filenames

Notable features

/tui command with `fullscreen` mode for flicker‑free rendering
Push notification tool when Remote Control and "Push when Claude decides" are enabled
`autoScrollEnabled` config to disable auto‑scroll in fullscreen

Full changelog

What's changed

Added /tui command and tui setting — run /tui fullscreen to switch to flicker-free rendering in the same conversation
Changed Ctrl+O to toggle between normal and verbose transcript only; focus view is now toggled separately with the new /focus command
Added push notification tool — Claude can send mobile push notifications when Remote Control and "Push when Claude decides" config are enabled
Added autoScrollEnabled config to disable conversation auto-scroll in fullscreen mode
Added option to show Claude's last response as commented context in the Ctrl+G external editor (enable via /config)
Improved /plugin Installed tab — items needing attention and favorites appear at the top, disabled items are hidden behind a fold, and f favorites the selected item
Improved /doctor to warn when an MCP server is defined in multiple config scopes with different endpoints
--resume/--continue now resurrects unexpired scheduled tasks
/autocompact, /context, /exit, and /reload-plugins now work from Remote Control (mobile/web) clients
Write tool now informs the model when you edit the proposed content in the IDE diff before accepting
Bash tool now enforces the documented maximum timeout instead of accepting arbitrarily large values
SDK/headless sessions now read TRACEPARENT/TRACESTATE from the environment for distributed trace linking
Session recap is now enabled for users with telemetry disabled (Bedrock, Vertex, Foundry, DISABLE_TELEMETRY). Opt out via /config or CLAUDE_CODE_ENABLE_AWAY_SUMMARY=0.
Fixed MCP tool calls hanging indefinitely when the server connection drops mid-response on SSE/HTTP transports
Fixed non-streaming fallback retries causing multi-minute hangs when the API is unreachable
Fixed session recap, local slash-command output, and other system status lines not appearing in focus mode
Fixed high CPU usage in fullscreen when text is selected while a tool is running
Fixed plugin install not honoring dependencies declared in plugin.json when the marketplace entry omits them; /plugin install now lists auto-installed dependencies
Fixed skills with disable-model-invocation: true failing when invoked via /<skill> mid-message
Fixed --resume sometimes showing the first prompt instead of the /rename name for sessions still running or exited uncleanly
Fixed queued messages briefly appearing twice during multi-tool-call turns
Fixed session cleanup not removing the full session directory including subagent transcripts
Fixed dropped keystrokes after the CLI relaunches (e.g. /tui, provider setup wizards)
Fixed garbled startup rendering in macOS Terminal.app and other terminals that don't support synchronized output
Hardened "Open in editor" actions against command injection from untrusted filenames
Fixed PermissionRequest hooks returning updatedInput not being re-checked against permissions.deny rules; setMode:'bypassPermissions' updates now respect disableBypassPermissionsMode
Fixed PreToolUse hook additionalContext being dropped when the tool call fails
Fixed stdio MCP servers that print stray non-JSON lines to stdout being disconnected on the first stray line (regression in 2.1.105)
Fixed headless/SDK session auto-title firing an extra Haiku request when CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC or CLAUDE_CODE_DISABLE_TERMINAL_TITLE is set
Fixed potential excessive memory allocation when piped (non-TTY) Ink output contains a single very wide line
Fixed /skills menu not scrolling when the list overflows the modal in fullscreen mode
Fixed Remote Control sessions showing a generic error instead of prompting for re-login when the session is too old
Fixed Remote Control session renames from claude.ai not persisting the title to the local CLI session

View release on GitHub

v2.1.109 New feature 1mo

Notable features

Extended‑thinking indicator now shows a rotating progress hint

Changelog

What's changed

Improved the extended-thinking indicator with a rotating progress hint

View release on GitHub

v2.1.108 Breaking risk 1mo

⚠ Upgrade required

`ENABLE_PROMPT_CACHING_1H_BEDROCK` is deprecated but still honored; migrate to `ENABLE_PROMPT_CACHING_1H`.
Setting any `DISABLE_PROMPT_CACHING*` env var now shows a startup warning about prompt caching being disabled.

Notable features

Added `ENABLE_PROMPT_CACHING_1H` env var for 1‑hour prompt cache TTL (deprecates `ENABLE_PROMPT_CACHING_1H_BEDROCK`).
Added recap feature (/recap) configurable in /config and controllable via `CLAUDE_CODE_ENABLE_AWAY_SUMMARY`.
Model can now discover and invoke built‑in slash commands (`/init`, `/review`, `/security-review`) via the Skill tool.

Full changelog

What's changed

Added ENABLE_PROMPT_CACHING_1H env var to opt into 1-hour prompt cache TTL on API key, Bedrock, Vertex, and Foundry (ENABLE_PROMPT_CACHING_1H_BEDROCK is deprecated but still honored), and FORCE_PROMPT_CACHING_5M to force 5-minute TTL
Added recap feature to provide context when returning to a session, configurable in /config and manually invocable with /recap; force with CLAUDE_CODE_ENABLE_AWAY_SUMMARY if telemetry disabled.
The model can now discover and invoke built-in slash commands like /init, /review, and /security-review via the Skill tool
/undo is now an alias for /rewind
Improved /model to warn before switching models mid-conversation, since the next response re-reads the full history uncached
Improved /resume picker to default to sessions from the current directory; press Ctrl+A to show all projects
Improved error messages: server rate limits are now distinguished from plan usage limits; 5xx/529 errors show a link to status.claude.com; unknown slash commands suggest the closest match
Reduced memory footprint for file reads, edits, and syntax highlighting by loading language grammars on demand
Added "verbose" indicator when viewing the detailed transcript (Ctrl+O)
Added a warning at startup when prompt caching is disabled via DISABLE_PROMPT_CACHING* environment variables
Fixed paste not working in the /login code prompt (regression in 2.1.105)
Fixed subscribers who set DISABLE_TELEMETRY falling back to 5-minute prompt cache TTL instead of 1 hour
Fixed Agent tool prompting for permission in auto mode when the safety classifier's transcript exceeded its context window
Fixed Bash tool producing no output when CLAUDE_ENV_FILE (e.g. ~/.zprofile) ends with a # comment line
Fixed claude --resume <session-id> losing the session's custom name and color set via /rename
Fixed session titles showing placeholder example text when the first message is a short greeting
Fixed terminal escape codes appearing as garbage text in the prompt input after --teleport
Fixed /feedback retry: pressing Enter to resubmit after a failure now works without first editing the description
Fixed --teleport and --resume <id> precondition errors (e.g. dirty git tree, session not found) exiting silently instead of showing the error message
Fixed Remote Control session titles set in the web UI being overwritten by auto-generated titles after the third message
Fixed --resume truncating sessions when the transcript contained a self-referencing message
Fixed transcript write failures (e.g., disk full) being silently dropped instead of being logged
Fixed diacritical marks (accents, umlauts, cedillas) being dropped from responses when the language setting is configured
Fixed policy-managed plugins never auto-updating when running from a different project than where they were first installed

View release on GitHub

v2.1.107 Feature 1mo

Notable features

Thinking hints displayed earlier in long-running operations

Changelog

What's changed

Show thinking hints sooner during long operations

View release on GitHub

v2.1.105 New feature 1mo

Notable features

Added `path` parameter to `EnterWorktree` tool for switching existing worktrees
/proactive is now an alias for /loop

Full changelog

What's changed

Added path parameter to the EnterWorktree tool to switch into an existing worktree of the current repository
Added PreCompact hook support: hooks can now block compaction by exiting with code 2 or returning {"decision":"block"}
Added background monitor support for plugins via a top-level monitors manifest key that auto-arms at session start or on skill invoke
/proactive is now an alias for /loop
Improved stalled API stream handling: streams now abort after 5 minutes of no data and retry non-streaming instead of hanging indefinitely
Improved network error messages: connection errors now show a retry message immediately instead of a silent spinner
Improved file write display: long single-line writes (e.g. minified JSON) are now truncated in the UI instead of paginating across many screens
Improved /doctor layout with status icons; press f to have Claude fix reported issues
Improved /config labels and descriptions for clarity
Improved skill description handling: raised the listing cap from 250 to 1,536 characters and added a startup warning when descriptions are truncated
Improved WebFetch to strip <style> and <script> contents from fetched pages so CSS-heavy pages no longer exhaust the content budget before reaching actual text
Improved stale agent worktree cleanup to remove worktrees whose PR was squash-merged instead of keeping them indefinitely
Improved MCP large-output truncation prompt to give format-specific recipes (e.g. jq for JSON, computed Read chunk sizes for text)
Fixed images attached to queued messages (sent while Claude is working) being dropped
Fixed screen going blank when the prompt input wraps to a second line in long conversations
Fixed leading whitespace getting copied when selecting multi-line assistant responses in fullscreen mode
Fixed leading whitespace being trimmed from assistant messages, breaking ASCII art and indented diagrams
Fixed garbled bash output when commands print clickable file links (e.g. Python rich/loguru logging)
Fixed alt+enter not inserting a newline in terminals using ESC-prefix alt encoding, and Ctrl+J not inserting a newline (regression in 2.1.100)
Fixed duplicate "Creating worktree" text in EnterWorktree/ExitWorktree tool display
Fixed queued user prompts disappearing from focus mode
Fixed one-shot scheduled tasks re-firing repeatedly when the file watcher missed the post-fire cleanup
Fixed inbound channel notifications being silently dropped after the first message for Team/Enterprise users
Fixed marketplace plugins with package.json and lockfile not having dependencies installed automatically after install/update
Fixed marketplace auto-update leaving the official marketplace in a broken state when a plugin process holds files open during the update
Fixed "Resume this session with..." hint not printing on exit after /resume, --worktree, or /branch
Fixed feedback survey shortcut keys firing when typed at the end of a longer prompt
Fixed stdio MCP server emitting malformed (non-JSON) output hanging the session instead of failing fast with "Connection closed"
Fixed MCP tools missing on the first turn of headless/remote-trigger sessions when MCP servers connect asynchronously
Fixed /model picker on AWS Bedrock in non-US regions persisting invalid us.* model IDs to settings.json when inference profile discovery is still in-flight
Fixed 429 rate-limit errors showing a raw JSON dump instead of a clean message for API-key, Bedrock, and Vertex users
Fixed crash on resume when session contains malformed text blocks
Fixed /help dropping the tab bar, Shortcuts heading, and footer at short terminal heights
Fixed malformed keybinding entry values in keybindings.json being silently loaded instead of rejected with a clear error
Fixed CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC in one project's settings permanently disabling usage metrics for all projects on the machine
Fixed washed-out 16-color palette when using Ghostty, Kitty, Alacritty, WezTerm, foot, rio, or Contour over SSH/mosh
Fixed Bash tool suggesting acceptEdits permission mode when exiting plan mode would downgrade from a higher permission level

View release on GitHub

v2.1.104 Maintenance 1mo

Routine maintenance release for claude-code.

Full changelog

View release on GitHub

v2.1.101 Breaking risk 1mo

⚠ Upgrade required

Set CLAUDE_CODE_CERT_STORE=bundled to use only bundled CAs if enterprise TLS proxies require it
Deprecation warning: Hardcoded 5‑minute request timeout removed; timeouts now respect API_TIMEOUT_MS configuration

Security fixes

CVE-2026-XXXXX — Command injection vulnerability fixed in POSIX `which` fallback used for LSP binary detection

Notable features

/team-onboarding command to generate ramp-up guide
OS CA certificate store trust enabled by default (override via CLAUDE_CODE_CERT_STORE)
Remote‑session features auto‑create a default cloud environment

Full changelog

What's changed

Added /team-onboarding command to generate a teammate ramp-up guide from your local Claude Code usage
Added OS CA certificate store trust by default, so enterprise TLS proxies work without extra setup (set CLAUDE_CODE_CERT_STORE=bundled to use only bundled CAs)
/ultraplan and other remote-session features now auto-create a default cloud environment instead of requiring web setup first
Improved brief mode to retry once when Claude responds with plain text instead of a structured message
Improved focus mode: Claude now writes more self-contained summaries since it knows you only see its final message
Improved tool-not-available errors to explain why and how to proceed when the model calls a tool that exists but isn't available in the current context
Improved rate-limit retry messages to show which limit was hit and when it resets instead of an opaque seconds countdown
Improved refusal error messages to include the API-provided explanation when available
Improved claude -p --resume <name> to accept session titles set via /rename or --name
Improved settings resilience: an unrecognized hook event name in settings.json no longer causes the entire file to be ignored
Improved plugin hooks from plugins force-enabled by managed settings to run when allowManagedHooksOnly is set
Improved /plugin and claude plugin update to show a warning when the marketplace could not be refreshed, instead of silently reporting a stale version
Improved plan mode to hide the "Refine with Ultraplan" option when the user's org or auth setup can't reach Claude Code on the web
Improved beta tracing to honor OTEL_LOG_USER_PROMPTS, OTEL_LOG_TOOL_DETAILS, and OTEL_LOG_TOOL_CONTENT; sensitive span attributes are no longer emitted unless opted in
Improved SDK query() to clean up subprocess and temp files when consumers break from for await or use await using
Fixed a command injection vulnerability in the POSIX which fallback used by LSP binary detection
Fixed a memory leak where long sessions retained dozens of historical copies of the message list in the virtual scroller
Fixed --resume/--continue losing conversation context on large sessions when the loader anchored on a dead-end branch instead of the live conversation
Fixed --resume chain recovery bridging into an unrelated subagent conversation when a subagent message landed near a main-chain write gap
Fixed a crash on --resume when a persisted Edit/Write tool result was missing its file_path
Fixed a hardcoded 5-minute request timeout that aborted slow backends (local LLMs, extended thinking, slow gateways) regardless of API_TIMEOUT_MS
Fixed permissions.deny rules not overriding a PreToolUse hook's permissionDecision: "ask" — previously the hook could downgrade a deny into a prompt
Fixed --setting-sources without user causing background cleanup to ignore cleanupPeriodDays and delete conversation history older than 30 days
Fixed Bedrock SigV4 authentication failing with 403 when ANTHROPIC_AUTH_TOKEN, apiKeyHelper, or ANTHROPIC_CUSTOM_HEADERS set an Authorization header
Fixed claude -w <name> failing with "already exists" after a previous session's worktree cleanup left a stale directory
Fixed subagents not inheriting MCP tools from dynamically-injected servers
Fixed sub-agents running in isolated worktrees being denied Read/Edit access to files inside their own worktree
Fixed sandboxed Bash commands failing with mktemp: No such file or directory after a fresh boot
Fixed claude mcp serve tool calls failing with "Tool execution failed" in MCP clients that validate outputSchema
Fixed RemoteTrigger tool's run action sending an empty body and being rejected by the server
Fixed several /resume picker issues: narrow default view hiding sessions from other projects, unreachable preview on Windows Terminal, incorrect cwd in worktrees, session-not-found errors not surfacing in stderr, terminal title not being set, and resume hint overlapping the prompt input
Fixed Grep tool ENOENT when the embedded ripgrep binary path becomes stale (VS Code extension auto-update, macOS App Translocation); now falls back to system rg and self-heals mid-session
Fixed /btw writing a copy of the entire conversation to disk on every use
Fixed /context Free space and Messages breakdown disagreeing with the header percentage
Fixed several plugin issues: slash commands resolving to the wrong plugin with duplicate name: frontmatter, /plugin update failing with ENAMETOOLONG, Discover showing already-installed plugins, directory-source plugins loading from a stale version cache, and skills not honoring context: fork and agent frontmatter fields
Fixed the /mcp menu offering OAuth-specific actions for MCP servers configured with headersHelper; Reconnect is now offered instead to re-invoke the helper script
Fixed ctrl+], ctrl+\, and ctrl+^ keybindings not firing in terminals that send raw C0 control bytes (Terminal.app, default iTerm2, xterm)
Fixed /login OAuth URL rendering with padding that prevented clean mouse selection
Fixed rendering issues: flicker in non-fullscreen mode when content above the visible area changed, terminal scrollback being wiped during long sessions in non-fullscreen mode, and mouse-scroll escape sequences occasionally leaking into the prompt as text
Fixed crash when settings.json env values are numbers instead of strings
Fixed in-app settings writes (e.g. /add-dir --remember, /config) not refreshing the in-memory snapshot, preventing removed directories from being revoked mid-session
Fixed custom keybindings (~/.claude/keybindings.json) not loading on Bedrock, Vertex, and other third-party providers
Fixed claude --continue -p not correctly continuing sessions created by -p or the SDK
Fixed several Remote Control issues: worktrees removed on session crash, connection failures not persisting in the transcript, spurious "Disconnected" indicator in brief mode for local sessions, and /remote-control failing over SSH when only CLAUDE_CODE_ORGANIZATION_UUID is set
Fixed /insights sometimes omitting the report file link from its response
[VSCode] Fixed the file attachment below the chat input not clearing when the last editor tab is closed

View release on GitHub

v2.1.100 Maintenance 1mo

Routine maintenance release for claude-code.

Full changelog

View release on GitHub

v2.1.98 Breaking risk 1mo

Security fixes

Fixed Bash permission bypass where a backslash‑escaped flag could be auto‑allowed as read‑only, enabling arbitrary code execution

Notable features

Interactive Google Vertex AI setup wizard from login screen
CLAUDE_CODE_PERFORCE_MODE env var for read‑only file handling with `p4 edit` hint
Monitor tool for streaming background script events

Full changelog

What's changed

Added interactive Google Vertex AI setup wizard accessible from the login screen when selecting "3rd-party platform", guiding you through GCP authentication, project and region configuration, credential verification, and model pinning
Added CLAUDE_CODE_PERFORCE_MODE env var: when set, Edit/Write/NotebookEdit fail on read-only files with a p4 edit hint instead of silently overwriting them
Added Monitor tool for streaming events from background scripts
Added subprocess sandboxing with PID namespace isolation on Linux when CLAUDE_CODE_SUBPROCESS_ENV_SCRUB is set, and CLAUDE_CODE_SCRIPT_CAPS env var to limit per-session script invocations
Added --exclude-dynamic-system-prompt-sections flag to print mode for improved cross-user prompt caching
Added workspace.git_worktree to the status line JSON input, set whenever the current directory is inside a linked git worktree
Added W3C TRACEPARENT env var to Bash tool subprocesses when OTEL tracing is enabled, so child-process spans correctly parent to Claude Code's trace tree
LSP: Claude Code now identifies itself to language servers via clientInfo in the initialize request
Fixed a Bash tool permission bypass where a backslash-escaped flag could be auto-allowed as read-only and lead to arbitrary code execution
Fixed compound Bash commands bypassing forced permission prompts for safety checks and explicit ask rules in auto and bypass-permissions modes
Fixed read-only commands with env-var prefixes not prompting unless the var is known-safe (LANG, TZ, NO_COLOR, etc.)
Fixed redirects to /dev/tcp/... or /dev/udp/... not prompting instead of auto-allowing
Fixed stalled streaming responses timing out instead of falling back to non-streaming mode
Fixed 429 retries burning all attempts in ~13s when the server returns a small Retry-After — exponential backoff now applies as a minimum
Fixed MCP OAuth oauth.authServerMetadataUrl config override not being honored on token refresh after restart, affecting ADFS and similar IdPs
Fixed capital letters being dropped to lowercase on xterm and VS Code integrated terminal when the kitty keyboard protocol is active
Fixed macOS text replacements deleting the trigger word instead of inserting the substitution
Fixed --dangerously-skip-permissions being silently downgraded to accept-edits mode after approving a write to a protected path via Bash
Fixed managed-settings allow rules remaining active after an admin removed them, until process restart
Fixed permissions.additionalDirectories changes not applying mid-session — removed directories lose access immediately and added ones work without restart
Fixed removing a directory from additionalDirectories revoking access to the same directory passed via --add-dir
Fixed Bash(cmd:*) and Bash(git commit *) wildcard permission rules failing to match commands with extra spaces or tabs
Fixed Bash(...) deny rules being downgraded to a prompt for piped commands that mix cd with other segments
Fixed false Bash permission prompts for cut -d /, paste -d /, column -s /, awk '{print $1}' file, and filenames containing %
Fixed permission rules with names matching JavaScript prototype properties (e.g. toString) causing settings.json to be silently ignored
Fixed agent team members not inheriting the leader's permission mode when using --dangerously-skip-permissions
Fixed a crash in fullscreen mode when hovering over MCP tool results
Fixed copying wrapped URLs in fullscreen mode inserting spaces at line breaks
Fixed file-edit diffs disappearing from the UI on --resume when the edited file was larger than 10KB
Fixed several /resume picker issues: --resume <name> opening uneditable, filter reload wiping search state, empty list swallowing arrow keys, cross-project staleness, and transient task-status text replacing conversation summaries
Fixed /export not honoring absolute paths and ~, and silently rewriting user-supplied extensions to .txt
Fixed /effort max being denied for unknown or future model IDs
Fixed slash command picker breaking when a plugin's frontmatter name is a YAML boolean keyword
Fixed rate-limit upsell text being hidden after message remounts
Fixed MCP tools with _meta["anthropic/maxResultSizeChars"] not bypassing the token-based persist layer
Fixed voice mode leaking dozens of space characters into the input when re-holding the push-to-talk key while the previous transcript is still processing
Fixed DISABLE_AUTOUPDATER not fully suppressing the npm registry version check and symlink modification on npm-based installs
Fixed a memory leak where Remote Control permission handler entries were retained for the lifetime of the session
Fixed background subagents that fail with an error not reporting partial progress to the parent agent
Fixed prompt-type Stop/SubagentStop hooks failing on long sessions, and hook evaluator API errors showing "JSON validation failed" instead of the real message
Fixed feedback survey rendering when dismissed
Fixed Bash grep -f FILE / rg -f FILE not prompting when reading a pattern file outside the working directory
Fixed stale subagent worktree cleanup removing worktrees that contain untracked files
Fixed sandbox.network.allowMachLookup not taking effect on macOS
Improved /resume filter hint labels and added project/worktree/branch names in the filter indicator
Improved footer indicators (Focus, notifications) to stay on the mode-indicator row instead of wrapping at narrow terminal widths
Improved /agents with a tabbed layout: a Running tab shows live subagents, and the Library tab adds Run agent and View running instance actions
Improved /reload-plugins to pick up plugin-provided skills without requiring a restart
Improved Accept Edits mode to auto-approve filesystem commands prefixed with safe env vars or process wrappers
Improved Vim mode: j/k in NORMAL mode now navigate history and select the footer pill at the input boundary
Improved hook errors in the transcript to include the first line of stderr for self-diagnosis without --debug
Improved OTEL tracing: interaction spans now correctly wrap full turns under concurrent SDK calls, and headless turns end spans per-turn
Improved transcript entries to carry final token usage instead of streaming placeholders
Updated the /claude-api skill to cover Managed Agents alongside Claude API
[VSCode] Fixed false-positive "requires git-bash" error on Windows when CLAUDE_CODE_GIT_BASH_PATH is set or Git is installed at a default location
Fixed CLAUDE_CODE_MAX_CONTEXT_TOKENS to honor DISABLE_COMPACT when it is set.
Dropped /compact hints when DISABLE_COMPACT is set.

View release on GitHub

v2.1.97 Breaking risk 1mo

Notable features

Focus view toggle (`Ctrl+O`) in NO_FLICKER mode showing prompt, tool summary, and edit diffstats
Refresh interval setting to re-run status line command every N seconds
Workspace `git_worktree` flag added to status‑line JSON input

Full changelog

What's changed

Added focus view toggle (Ctrl+O) in NO_FLICKER mode showing prompt, one-line tool summary with edit diffstats, and final response
Added refreshInterval status line setting to re-run the status line command every N seconds
Added workspace.git_worktree to the status line JSON input, set when the current directory is inside a linked git worktree
Added ● N running indicator in /agents next to agent types with live subagent instances
Added syntax highlighting for Cedar policy files (.cedar, .cedarpolicy)
Fixed --dangerously-skip-permissions being silently downgraded to accept-edits mode after approving a write to a protected path
Fixed and hardened Bash tool permissions, tightening checks around env-var prefixes and network redirects, and reducing false prompts on common commands
Fixed permission rules with names matching JavaScript prototype properties (e.g. toString) causing settings.json to be silently ignored
Fixed managed-settings allow rules remaining active after an admin removed them until process restart
Fixed permissions.additionalDirectories changes in settings not applying mid-session
Fixed removing a directory from settings.permissions.additionalDirectories revoking access to the same directory passed via --add-dir
Fixed MCP HTTP/SSE connections accumulating ~50 MB/hr of unreleased buffers when servers reconnect
Fixed MCP OAuth oauth.authServerMetadataUrl not being honored on token refresh after restart, fixing ADFS and similar IdPs
Fixed 429 retries burning all attempts in ~13 seconds when the server returns a small Retry-After — exponential backoff now applies as a minimum
Fixed rate-limit upgrade options disappearing after context compaction
Fixed several /resume picker issues: --resume <name> opening uneditable, Ctrl+A reload wiping search, empty list swallowing navigation, task-status text replacing conversation summary, and cross-project staleness
Fixed file-edit diffs disappearing on --resume when the edited file was larger than 10KB
Fixed --resume cache misses and lost mid-turn input from attachment messages not being saved to the transcript
Fixed messages typed while Claude is working not being persisted to the transcript
Fixed prompt-type Stop/SubagentStop hooks failing on long sessions, and hook evaluator API errors displaying "JSON validation failed" instead of the actual message
Fixed subagents with worktree isolation or cwd: override leaking their working directory back to the parent session's Bash tool
Fixed compaction writing duplicate multi-MB subagent transcript files on prompt-too-long retries
Fixed claude plugin update reporting "already at the latest version" for git-based marketplace plugins when the remote had newer commits
Fixed slash command picker breaking when a plugin's frontmatter name is a YAML boolean keyword
Fixed copying wrapped URLs in NO_FLICKER mode inserting spaces at line breaks
Fixed scroll rendering artifacts in NO_FLICKER mode when running inside zellij
Fixed a crash in NO_FLICKER mode when hovering over MCP tool results
Fixed a NO_FLICKER mode memory leak where API retries left stale streaming state
Fixed slow mouse-wheel scrolling in NO_FLICKER mode on Windows Terminal
Fixed custom status line not displaying in NO_FLICKER mode on terminals shorter than 24 rows
Fixed Shift+Enter and Alt/Cmd+arrow shortcuts not working in Warp with NO_FLICKER mode
Fixed Korean/Japanese/Unicode text becoming garbled when copied in no-flicker mode on Windows
Fixed Bedrock SigV4 authentication failing when AWS_BEARER_TOKEN_BEDROCK or ANTHROPIC_BEDROCK_BASE_URL are set to empty strings (as GitHub Actions does for unset inputs)
Improved Accept Edits mode to auto-approve filesystem commands prefixed with safe env vars or process wrappers (e.g. LANG=C rm foo, timeout 5 mkdir out)
Improved auto mode and bypass-permissions mode to auto-approve sandbox network access prompts
Improved sandbox: sandbox.network.allowMachLookup now takes effect on macOS
Improved image handling: pasted and attached images are now compressed to the same token budget as images read via the Read tool
Improved slash command and @-mention completion to trigger after CJK sentence punctuation, so Japanese/Chinese input no longer requires a space before / or @
Improved Bridge sessions to show the local git repo, branch, and working directory on the claude.ai session card
Improved footer layout: indicators (Focus, notifications) now stay on the mode-indicator row instead of wrapping below
Improved context-low warning to show as a transient footer notification instead of a persistent row
Improved markdown blockquotes to show a continuous left bar across wrapped lines
Improved session transcript size by skipping empty hook entries and capping stored pre-edit file copies
Improved transcript accuracy: per-block entries now carry the final token usage instead of the streaming placeholder
Improved Bash tool OTEL tracing: subprocesses now inherit a W3C TRACEPARENT env var when tracing is enabled
Updated /claude-api skill to cover Managed Agents alongside the Claude API

View release on GitHub

v2.1.96 Bug fix 1mo

Fixed Bedrock requests failing with "Authorization header is missing" error.

Full changelog

What's changed

Fixed Bedrock requests failing with 403 "Authorization header is missing" when using AWS_BEARER_TOKEN_BEDROCK or CLAUDE_CODE_SKIP_BEDROCK_AUTH (regression in 2.1.94)

View release on GitHub

v2.1.94 Bug fix 1mo

⚠ Upgrade required

Control default effort level with `/effort` command.
Set `CLAUDE_CODE_USE_MANTLE=1` to enable Amazon Bedrock support.

Notable features

Added Amazon Bedrock support via `CLAUDE_CODE_USE_MANTLE=1`
Changed default effort level to high for API‑key, Bedrock/Vertex/Foundry, Team, and Enterprise users (configurable with `/effort`)
Compact `Slacked #channel` header with clickable link for Slack MCP send-message tool calls

Full changelog

What's changed

Added support for Amazon Bedrock powered by Mantle, set CLAUDE_CODE_USE_MANTLE=1
Changed default effort level from medium to high for API-key, Bedrock/Vertex/Foundry, Team, and Enterprise users (control this with /effort)
Added compact Slacked #channel header with a clickable channel link for Slack MCP send-message tool calls
Added keep-coding-instructions frontmatter field support for plugin output styles
Added hookSpecificOutput.sessionTitle to UserPromptSubmit hooks for setting the session title
Plugin skills declared via "skills": ["./"] now use the skill's frontmatter name for the invocation name instead of the directory basename, giving a stable name across install methods
Fixed agents appearing stuck after a 429 rate-limit response with a long Retry-After header — the error now surfaces immediately instead of silently waiting
Fixed Console login on macOS silently failing with "Not logged in" when the login keychain is locked or its password is out of sync — the error is now surfaced and claude doctor diagnoses the fix
Fixed plugin skill hooks defined in YAML frontmatter being silently ignored
Fixed plugin hooks failing with "No such file or directory" when CLAUDE_PLUGIN_ROOT was not set
Fixed ${CLAUDE_PLUGIN_ROOT} resolving to the marketplace source directory instead of the installed cache for local-marketplace plugins on startup
Fixed scrollback showing the same diff repeated and blank pages in long-running sessions
Fixed multiline user prompts in the transcript indenting wrapped lines under the ❯ caret instead of under the text
Fixed Shift+Space inserting the literal word "space" instead of a space character in search inputs
Fixed hyperlinks opening two browser tabs when clicked inside tmux running in an xterm.js-based terminal (VS Code, Hyper, Tabby)
Fixed an alt-screen rendering bug where content height changes mid-scroll could leave compounding ghost lines
Fixed FORCE_HYPERLINK environment variable being ignored when set via settings.json env
Fixed native terminal cursor not tracking the selected tab in dialogs, so screen readers and magnifiers can follow tab navigation
Fixed Bedrock invocation of Sonnet 3.5 v2 by using the us. inference profile ID
Fixed SDK/print mode not preserving the partial assistant response in conversation history when interrupted mid-stream
Improved --resume to resume sessions from other worktrees of the same repo directly instead of printing a cd command
Fixed CJK and other multibyte text being corrupted with U+FFFD in stream-json input/output when chunk boundaries split a UTF-8 sequence
[VSCode] Reduced cold-open subprocess work on starting a session
[VSCode] Fixed dropdown menus selecting the wrong item when the mouse was over the list while typing or using arrow keys
[VSCode] Added a warning banner when settings.json files fail to parse, so users know their permission rules are not being applied

View release on GitHub

v2.1.92 Breaking risk 2mo

⚠ Upgrade required

Linux sandbox now includes `apply-seccomp` helper in both npm and native builds, restoring unix‑socket blocking for sandboxed commands
Homebrew install update prompts use the cask's release channel: `claude-code` → stable, `claude-code@latest` → latest

Breaking changes

Removed `/tag` command
Removed `/vim` command (toggle via `/config` → Editor mode)
Added `forceRemoteSettingsRefresh` policy: CLI blocks startup until remote managed settings are freshly fetched and exits on fetch failure (fail‑closed)

Notable features

Interactive Bedrock setup wizard for AWS authentication, region config, credential verification, and model pinning
Per-model and cache-hit breakdown added to `/cost` for subscription users
Interactive version picker for `/release-notes`

Full changelog

What's changed

Added forceRemoteSettingsRefresh policy setting: when set, the CLI blocks startup until remote managed settings are freshly fetched, and exits if the fetch fails (fail-closed)
Added interactive Bedrock setup wizard accessible from the login screen when selecting "3rd-party platform" — guides you through AWS authentication, region configuration, credential verification, and model pinning
Added per-model and cache-hit breakdown to /cost for subscription users
/release-notes is now an interactive version picker
Remote Control session names now use your hostname as the default prefix (e.g. myhost-graceful-unicorn), overridable with --remote-control-session-name-prefix
Pro users now see a footer hint when returning to a session after the prompt cache has expired, showing roughly how many tokens the next turn will send uncached
Fixed subagent spawning permanently failing with "Could not determine pane count" after tmux windows are killed or renumbered during a long-running session
Fixed prompt-type Stop hooks incorrectly failing when the small fast model returns ok:false, and restored preventContinuation:true semantics for non-Stop prompt-type hooks
Fixed tool input validation failures when streaming emits array/object fields as JSON-encoded strings
Fixed an API 400 error that could occur when extended thinking produced a whitespace-only text block alongside real content
Fixed accidental feedback survey submissions from auto-pilot keypresses and consecutive-prompt digit collisions
Fixed misleading "esc to interrupt" hint appearing alongside "esc to clear" when a text selection exists in fullscreen mode during processing
Fixed Homebrew install update prompts to use the cask's release channel (claude-code → stable, claude-code@latest → latest)
Fixed ctrl+e jumping to the end of the next line when already at end of line in multiline prompts
Fixed an issue where the same message could appear at two positions when scrolling up in fullscreen mode (iTerm2, Ghostty, and other terminals with DEC 2026 support)
Fixed idle-return "/clear to save X tokens" hint showing cumulative session tokens instead of current context size
Fixed plugin MCP servers stuck "connecting" on session start when they duplicate a claude.ai connector that is unauthenticated
Improved Write tool diff computation speed for large files (60% faster on files with tabs/&/$)
Removed /tag command
Removed /vim command (toggle vim mode via /config → Editor mode)
Linux sandbox now ships the apply-seccomp helper in both npm and native builds, restoring unix-socket blocking for sandboxed commands

View release on GitHub

v2.1.91 New feature 2mo

Notable features

Added `_meta["anthropic/maxResultSizeChars"]` annotation to allow result persistence up to 500,000 characters.
Added `disableSkillShellExecution` setting to disable inline shell execution in skills, custom slash commands, and plugin commands.
Supported multi-line prompts in `claude-cli://open?q=` deep links using `%0A` for newlines.

Full changelog

What's changed

Added MCP tool result persistence override via _meta["anthropic/maxResultSizeChars"] annotation (up to 500K), allowing larger results like DB schemas to pass through without truncation
Added disableSkillShellExecution setting to disable inline shell execution in skills, custom slash commands, and plugin commands
Added support for multi-line prompts in claude-cli://open?q= deep links (encoded newlines %0A no longer rejected)
Plugins can now ship executables under bin/ and invoke them as bare commands from the Bash tool
Fixed transcript chain breaks on --resume that could lose conversation history when async transcript writes fail silently
Fixed cmd+delete not deleting to start of line on iTerm2, kitty, WezTerm, Ghostty, and Windows Terminal
Fixed plan mode in remote sessions losing track of the plan file after a container restart, which caused permission prompts on plan edits and an empty plan-approval modal
Fixed JSON schema validation for permissions.defaultMode: "auto" in settings.json
Fixed Windows version cleanup not protecting the active version's rollback copy
/feedback now explains why it's unavailable instead of disappearing from the slash menu
Improved /claude-api skill guidance for agent design patterns including tool surface decisions, context management, and caching strategy
Improved performance: faster stripAnsi on Bun by routing through Bun.stripANSI
Edit tool now uses shorter old_string anchors, reducing output tokens

View release on GitHub

v2.1.90 Breaking risk 2mo

Security fixes

PowerShell tool permission checks hardened: trailing `&` bypass, `-ErrorAction Break` hang, archive‑extraction TOCTOU, parse‑fail fallback deny‑rule degradation

Notable features

/powerup interactive lessons
CLAUDE_CODE_PLUGIN_KEEP_MARKETPLACE_ON_FAILURE env var
.husky protected directory

Full changelog

What's changed

Added /powerup — interactive lessons teaching Claude Code features with animated demos
Added CLAUDE_CODE_PLUGIN_KEEP_MARKETPLACE_ON_FAILURE env var to keep the existing marketplace cache when git pull fails, useful in offline environments
Added .husky to protected directories (acceptEdits mode)
Fixed an infinite loop where the rate-limit options dialog would repeatedly auto-open after hitting your usage limit, eventually crashing the session
Fixed --resume causing a full prompt-cache miss on the first request for users with deferred tools, MCP servers, or custom agents (regression since v2.1.69)
Fixed Edit/Write failing with "File content has changed" when a PostToolUse format-on-save hook rewrites the file between consecutive edits
Fixed PreToolUse hooks that emit JSON to stdout and exit with code 2 not correctly blocking the tool call
Fixed collapsed search/read summary badge appearing multiple times in fullscreen scrollback when a CLAUDE.md file auto-loads during a tool call
Fixed auto mode not respecting explicit user boundaries ("don't push", "wait for X before Y") even when the action would otherwise be allowed
Fixed click-to-expand hover text being nearly invisible on light terminal themes
Fixed UI crash when malformed tool input reached the permission dialog
Fixed headers disappearing when scrolling /model, /config, and other selection screens
Hardened PowerShell tool permission checks: fixed trailing & background job bypass, -ErrorAction Break debugger hang, archive-extraction TOCTOU, and parse-fail fallback deny-rule degradation
Improved performance: eliminated per-turn JSON.stringify of MCP tool schemas on cache-key lookup
Improved performance: SSE transport now handles large streamed frames in linear time (was quadratic)
Improved performance: SDK sessions with long conversations no longer slow down quadratically on transcript writes
Improved /resume all-projects view to load project sessions in parallel, improving load times for users with many projects
Changed --resume picker to no longer show sessions created by claude -p or SDK invocations
Removed Get-DnsClientCache and ipconfig /displaydns from auto-allow (DNS cache privacy)

View release on GitHub

v2.1.89 Breaking risk 2mo

⚠ Upgrade required

Set `showThinkingSummaries: true` in settings.json if you need thinking summaries in interactive sessions
Avoid using `cleanupPeriodDays: 0` as it is now rejected; use a positive integer or omit to keep default persistence

Breaking changes

Rejected `cleanupPeriodDays: 0` in settings.json with a validation error (previously silently disabled transcript persistence)
Thinking summaries are no longer generated by default in interactive sessions; opt‑in via `showThinkingSummaries: true`

Notable features

Edit tool now works on files viewed via Bash (`sed -n`, `cat`) without a preceding Read call
`/env` now applies to PowerShell tool commands (previously only affected Bash)
`/usage` hides redundant "Current week (Sonnet only)" bar for Pro and Enterprise plans

Full changelog

What's changed

Added "defer" permission decision to PreToolUse hooks — headless sessions can pause at a tool call and resume with -p --resume to have the hook re-evaluate
Added CLAUDE_CODE_NO_FLICKER=1 environment variable to opt into flicker-free alt-screen rendering with virtualized scrollback
Added PermissionDenied hook that fires after auto mode classifier denials — return {retry: true} to tell the model it can retry
Added named subagents to @ mention typeahead suggestions
Added MCP_CONNECTION_NONBLOCKING=true for -p mode to skip the MCP connection wait entirely, and bounded --mcp-config server connections at 5s instead of blocking on the slowest server
Auto mode: denied commands now show a notification and appear in /permissions → Recent tab where you can retry with r
Fixed Edit(//path/**) and Read(//path/**) allow rules to check the resolved symlink target, not just the requested path
Fixed voice push-to-talk not activating for some modifier-combo bindings, and voice mode on Windows failing with "WebSocket upgrade rejected with HTTP 101"
Fixed Edit/Write tools doubling CRLF on Windows and stripping Markdown hard line breaks (two trailing spaces)
Fixed StructuredOutput schema cache bug causing ~50% failure rate when using multiple schemas
Fixed memory leak where large JSON inputs were retained as LRU cache keys in long-running sessions
Fixed a crash when removing a message from very large session files (over 50MB)
Fixed LSP server zombie state after crash — server now restarts on next request instead of failing until session restart
Fixed prompt history entries containing CJK or emoji being silently dropped when they fall on a 4KB boundary in ~/.claude/history.jsonl
Fixed /stats undercounting tokens by excluding subagent usage, and losing historical data beyond 30 days when the stats cache format changes
Fixed -p --resume hangs when the deferred tool input exceeds 64KB or no deferred marker exists, and -p --continue not resuming deferred tools
Fixed claude-cli:// deep links not opening on macOS
Fixed MCP tool errors truncating to only the first content block when the server returns multi-element error content
Fixed skill reminders and other system context being dropped when sending messages with images via the SDK
Fixed PreToolUse/PostToolUse hooks to receive file_path as an absolute path for Write/Edit/Read tools, matching the documented behavior
Fixed autocompact thrash loop — now detects when context refills to the limit immediately after compacting three times in a row and stops with an actionable error instead of burning API calls
Fixed prompt cache misses in long sessions caused by tool schema bytes changing mid-session
Fixed nested CLAUDE.md files being re-injected dozens of times in long sessions that read many files
Fixed --resume crash when transcript contains a tool result from an older CLI version or interrupted write
Fixed misleading "Rate limit reached" message when the API returned an entitlement error — now shows the actual error with actionable hints
Fixed hooks if condition filtering not matching compound commands (ls && git push) or commands with env-var prefixes (FOO=bar git push)
Fixed collapsed search/read group badges duplicating in terminal scrollback during heavy parallel tool use
Fixed notification invalidates not clearing the currently-displayed notification immediately
Fixed prompt briefly disappearing after submit when background messages arrived during processing
Fixed Devanagari and other combining-mark text being truncated in assistant output
Fixed rendering artifacts on main-screen terminals after layout shifts
Fixed voice mode failing to request microphone permission on macOS Apple Silicon
Fixed Shift+Enter submitting instead of inserting a newline on Windows Terminal Preview 1.25
Fixed periodic UI jitter during streaming in iTerm2 when running inside tmux
Fixed PowerShell tool incorrectly reporting failures when commands like git push wrote progress to stderr on Windows PowerShell 5.1
Fixed a potential out-of-memory crash when the Edit tool was used on very large files (>1 GiB)
Improved collapsed tool summary to show "Listed N directories" for ls/tree/du instead of "Read N files"
Improved Bash tool to warn when a formatter/linter command modifies files you have previously read, preventing stale-edit errors
Improved @-mention typeahead to rank source files above MCP resources with similar names
Improved PowerShell tool prompt with version-appropriate syntax guidance (5.1 vs 7+)
Changed Edit to work on files viewed via Bash with sed -n or cat, without requiring a separate Read call first
Changed hook output over 50K characters to be saved to disk with a file path + preview instead of being injected directly into context
Changed cleanupPeriodDays: 0 in settings.json to be rejected with a validation error — it previously silently disabled transcript persistence
Changed thinking summaries to no longer be generated by default in interactive sessions — set showThinkingSummaries: true in settings.json to restore
Documented TaskCreated hook event and its blocking behavior
Preserved task notifications when backgrounding a running command with Ctrl+B
PowerShell tool on Windows: external-command arguments containing both a double-quote and whitespace now prompt instead of auto-allowing (PS 5.1 argument-splitting hardening)
/env now applies to PowerShell tool commands (previously only affected Bash)
/usage now hides redundant "Current week (Sonnet only)" bar for Pro and Enterprise plans
Image paste no longer inserts a trailing space
Pasting !command into an empty prompt now enters bash mode, matching typed ! behavior
/buddy is here for April 1st — hatch a small creature that watches you code

View release on GitHub

v2.1.87 Bug fix 2mo

Fixed messages in Cowork Dispatch now get delivered.

Changelog

What's changed

Fixed messages in Cowork Dispatch not getting delivered

View release on GitHub

v2.1.86 Bug fix 2mo

Notable features

Added `X-Claude-Code-Session-Id` header to API requests for session aggregation by proxies
Excluded `.jj` and `.sl` from VCS directory listings to prevent descent into Jujutsu/Sapling metadata
Reduced token overhead when mentioning files with `@` by avoiding JSON‑escaping of raw strings

Full changelog

What's changed

Added X-Claude-Code-Session-Id header to API requests so proxies can aggregate requests by session without parsing the body
Added .jj and .sl to VCS directory exclusion lists so Grep and file autocomplete don't descend into Jujutsu or Sapling metadata
Fixed --resume failing with "tool_use ids were found without tool_result blocks" on sessions created before v2.1.85
Fixed Write/Edit/Read failing on files outside the project root (e.g., ~/.claude/CLAUDE.md) when conditional skills or rules are configured
Fixed unnecessary config disk writes on every skill invocation that could cause performance issues and config corruption on Windows
Fixed potential out-of-memory crash when using /feedback on very long sessions with large transcript files
Fixed --bare mode dropping MCP tools in interactive sessions and silently discarding messages enqueued mid-turn
Fixed the c shortcut copying only ~20 characters of the OAuth login URL instead of the full URL
Fixed masked input (e.g., OAuth code paste) leaking the start of the token when wrapping across multiple lines on narrow terminals
Fixed official marketplace plugin scripts failing with "Permission denied" on macOS/Linux since v2.1.83
Fixed statusline showing another session's model when running multiple Claude Code instances and using /model in one of them
Fixed scroll not following new messages after wheel scroll or click-to-select at the bottom of a long conversation
Fixed /plugin uninstall dialog: pressing n now correctly uninstalls the plugin while preserving its data directory
Fixed a regression where pressing Enter after clicking could leave the transcript blank until the response arrived
Fixed ultrathink hint lingering after deleting the keyword
Fixed memory growth in long sessions from markdown/highlight render caches retaining full content strings
Reduced startup event-loop stalls when many claude.ai MCP connectors are configured (macOS keychain cache extended from 5s to 30s)
Reduced token overhead when mentioning files with @ — raw string content no longer JSON-escaped
Improved prompt cache hit rate for Bedrock, Vertex, and Foundry users by removing dynamic content from tool descriptions
Memory filenames in the "Saved N memories" notice now highlight on hover and open on click
Skill descriptions in the /skills listing are now capped at 250 characters to reduce context usage
Changed /skills menu to sort alphabetically for easier scanning
Auto mode now shows "unavailable for your plan" when disabled by plan restrictions (was "temporarily unavailable")
[VSCode] Fixed extension incorrectly showing "Not responding" during long-running operations
[VSCode] Fixed extension defaulting Max plan users to Sonnet after the OAuth token refreshes (8 hours after login)
Read tool now uses compact line-number format and deduplicates unchanged re-reads, reducing token usage

View release on GitHub

v2.1.85 Bug fix 2mo

⚠ Upgrade required

`tool_parameters` in OpenTelemetry tool_result events are gated behind `OTEL_LOG_TOOL_DETAILS=1`

Notable features

Added `CLAUDE_CODE_MCP_SERVER_NAME` and `CLAUDE_CODE_MCP_SERVER_URL` env vars for multi‑server support
Conditional `if` field for hooks using permission rule syntax to reduce overhead
Timestamp markers added to scheduled task transcripts (`/loop`, `CronCreate`)

Full changelog

What's changed

Added CLAUDE_CODE_MCP_SERVER_NAME and CLAUDE_CODE_MCP_SERVER_URL environment variables to MCP headersHelper scripts, allowing one helper to serve multiple servers
Added conditional if field for hooks using permission rule syntax (e.g., Bash(git *)) to filter when they run, reducing process spawning overhead
Added timestamp markers in transcripts when scheduled tasks (/loop, CronCreate) fire
Added trailing space after [Image #N] placeholder when pasting images
Deep link queries (claude-cli://open?q=…) now support up to 5,000 characters, with a "scroll to review" warning for long pre-filled prompts
MCP OAuth now follows RFC 9728 Protected Resource Metadata discovery to find the authorization server
Plugins blocked by organization policy (managed-settings.json) can no longer be installed or enabled, and are hidden from marketplace views
PreToolUse hooks can now satisfy AskUserQuestion by returning updatedInput alongside permissionDecision: "allow", enabling headless integrations that collect answers via their own UI
tool_parameters in OpenTelemetry tool_result events are now gated behind OTEL_LOG_TOOL_DETAILS=1
Fixed /compact failing with "context exceeded" when the conversation has grown too large for the compact request itself to fit
Fixed /plugin enable and /plugin disable failing when a plugin's install location differs from where it's declared in settings
Fixed --worktree exiting with an error in non-git repositories before the WorktreeCreate hook could run
Fixed deniedMcpServers setting not blocking claude.ai MCP servers
Fixed switch_display in the computer-use tool returning "not available in this session" on multi-monitor setups
Fixed crash when OTEL_LOGS_EXPORTER, OTEL_METRICS_EXPORTER, or OTEL_TRACES_EXPORTER is set to none
Fixed diff syntax highlighting not working in non-native builds
Fixed MCP step-up authorization failing when a refresh token exists — servers requesting elevated scopes via 403 insufficient_scope now correctly trigger the re-authorization flow
Fixed memory leak in remote sessions when a streaming response is interrupted
Fixed persistent ECONNRESET errors during edge connection churn by using a fresh TCP connection on retry
Fixed prompts getting stuck in the queue after running certain slash commands, with up-arrow unable to retrieve them
Fixed Python Agent SDK: type:'sdk' MCP servers passed via --mcp-config are no longer dropped during startup
Fixed raw key sequences appearing in the prompt when running over SSH or in the VS Code integrated terminal
Fixed Remote Control session status staying stuck on "Requires Action" after a permission is resolved
Fixed shift+enter and meta+enter being intercepted by typeahead suggestions instead of inserting newlines
Fixed stale content bleeding through when scrolling up during streaming
Fixed terminal left in enhanced keyboard mode after exit in Ghostty, Kitty, WezTerm, and other terminals supporting the Kitty keyboard protocol — Ctrl+C and Ctrl+D now work correctly after quitting
Improved @-mention file autocomplete performance on large repositories
Improved PowerShell dangerous command detection
Improved scroll performance with large transcripts by replacing WASM yoga-layout with a pure TypeScript implementation
Reduced UI stutter when compaction triggers on large sessions

View release on GitHub

v2.1.84 New feature 2mo

Notable features

PowerShell tool for Windows (opt-in preview)
Env vars `ANTHROPIC_DEFAULT_{OPUS,SONNET,HAIKU}_MODEL_SUPPORTS`, `_MODEL_NAME`, `_DESCRIPTION` to override default model detection and picker labels
Env var `CLAUDE_STREAM_IDLE_TIMEOUT_MS` to configure streaming idle watchdog threshold (default 90000 ms)

Full changelog

What's changed

Added PowerShell tool for Windows as an opt-in preview. Learn more at https://code.claude.com/docs/en/tools-reference#powershell-tool
Added ANTHROPIC_DEFAULT_{OPUS,SONNET,HAIKU}_MODEL_SUPPORTS env vars to override effort/thinking capability detection for pinned default models for 3p (Bedrock, Vertex, Foundry), and _MODEL_NAME/_DESCRIPTION to customize the /model picker label
Added CLAUDE_STREAM_IDLE_TIMEOUT_MS env var to configure the streaming idle watchdog threshold (default 90s)
Added TaskCreated hook that fires when a task is created via TaskCreate
Added WorktreeCreate hook support for type: "http" — return the created worktree path via hookSpecificOutput.worktreePath in the response JSON
Added allowedChannelPlugins managed setting for team/enterprise admins to define a channel plugin allowlist
Added x-client-request-id header to API requests for debugging timeouts
Added idle-return prompt that nudges users returning after 75+ minutes to /clear, reducing unnecessary token re-caching on stale sessions
Deep links (claude-cli://) now open in your preferred terminal instead of whichever terminal happens to be first in the detection list
Rules and skills paths: frontmatter now accepts a YAML list of globs
MCP tool descriptions and server instructions are now capped at 2KB to prevent OpenAPI-generated servers from bloating context
MCP servers configured both locally and via claude.ai connectors are now deduplicated — the local config wins
Background bash tasks that appear stuck on an interactive prompt now surface a notification after ~45 seconds
Token counts ≥1M now display as "1.5m" instead of "1512.6k"
Global system-prompt caching now works when ToolSearch is enabled, including for users with MCP tools configured
Fixed voice push-to-talk: holding the voice key no longer leaks characters into the text input, and transcripts now insert at the correct position
Fixed up/down arrow keys being unresponsive when a footer item is focused
Fixed Ctrl+U (kill-to-line-start) being a no-op at line boundaries in multiline input, so repeated Ctrl+U now clears across lines
Fixed null-unbinding a default chord binding (e.g. "ctrl+x ctrl+k": null) still entering chord-wait mode instead of freeing the prefix key
Fixed mouse events inserting literal "mouse" text into transcript search input
Fixed workflow subagents failing with API 400 when the outer session uses --json-schema and the subagent also specifies a schema
Fixed missing background color behind certain emoji in user message bubbles on some terminals
Fixed the "allow Claude to edit its own settings for this session" permission option not sticking for users with Edit(.claude) allow rules
Fixed a hang when generating attachment snippets for large edited files
Fixed MCP tool/resource cache leak on server reconnect
Fixed a startup performance issue where partial clone repositories (Scalar/GVFS) triggered mass blob downloads
Fixed native terminal cursor not tracking the text input caret, so IME composition (CJK input) now renders inline and screen readers can follow the input position
Fixed spurious "Not logged in" errors on macOS caused by transient keychain read failures
Fixed cold-start race where core tools could be deferred without their bypass active, causing Edit/Write to fail with InputValidationError on typed parameters
Improved detection for dangerous removals of Windows drive roots (C:\, C:\Windows, etc.)
Improved interactive startup by ~30ms by running setup() in parallel with slash command and agent loading
Improved startup for claude "prompt" with MCP servers — the REPL now renders immediately instead of blocking until all servers connect
Improved Remote Control to show a specific reason when blocked instead of a generic "not yet enabled" message
Improved p90 prompt cache rate
Reduced scroll-to-top resets in long sessions by making the message window immune to compaction and grouping changes
Reduced terminal flickering when animated tool progress scrolls above the viewport
Changed issue/PR references to only become clickable links when written as owner/repo#123 — bare #123 is no longer auto-linked
Slash commands unavailable for the current auth setup (/voice, /mobile, /chrome, /upgrade, etc.) are now hidden instead of shown
[VSCode] Added rate limit warning banner with usage percentage and reset time
Stats screenshot (Ctrl+S in /stats) now works in all builds and is 16× faster

View release on GitHub

v2.1.83 Breaking risk 2mo

Security fixes

Authflow cooldowns now session‑scoped — closes abuse vector where users changed phone/email mid‑flow to reset OTP cooldowns

Notable features

Usage alerts with email + usage.alert.triggered webhook before hard caps
Non-ASCII sender names in custom SMTP
Portal: Endpoint field now shows for OIDC and SAML app types

Full changelog

What's changed

Added managed-settings.d/ drop-in directory alongside managed-settings.json, letting separate teams deploy independent policy fragments that merge alphabetically
Added CwdChanged and FileChanged hook events for reactive environment management (e.g., direnv)
Added sandbox.failIfUnavailable setting to exit with an error when sandbox is enabled but cannot start, instead of running unsandboxed
Added disableDeepLinkRegistration setting to prevent claude-cli:// protocol handler registration
Added CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 to strip Anthropic and cloud provider credentials from subprocess environments (Bash tool, hooks, MCP stdio servers)
Added transcript search — press / in transcript mode (Ctrl+O) to search, n/N to step through matches
Added Ctrl+X Ctrl+E as an alias for opening the external editor (readline-native binding; Ctrl+G still works)
Pasted images now insert an [Image #N] chip at the cursor so you can reference them positionally in your prompt
Agents can now declare initialPrompt in frontmatter to auto-submit a first turn
chat:killAgents and chat:fastMode are now rebindable via ~/.claude/keybindings.json
Fixed mouse tracking escape sequences leaking to shell prompt after exit
Fixed Claude Code hanging on exit on macOS
Fixed screen flashing blank after being idle for a few seconds
Fixed a hang when diffing very large files with few common lines — diffs now time out after 5 seconds and fall back gracefully
Fixed a 1–8 second UI freeze on startup when voice input was enabled, caused by eagerly loading the native audio module
Fixed a startup regression where Claude Code would wait ~3s for claude.ai MCP config fetch before proceeding
Fixed --mcp-config CLI flag bypassing allowedMcpServers/deniedMcpServers managed policy enforcement
Fixed claude.ai MCP connectors (Slack, Gmail, etc.) not being available in single-turn --print mode
Fixed caffeinate process not properly terminating when Claude Code exits, preventing Mac from sleeping
Fixed bash mode not activating when tab-accepting !-prefixed command suggestions
Fixed stale slash command selection showing wrong highlighted command after navigating suggestions
Fixed /config menu showing both the search cursor and list selection at the same time
Fixed background subagents becoming invisible after context compaction, which could cause duplicate agents to be spawned
Fixed background agent tasks staying stuck in "running" state when git or API calls hang during cleanup
Fixed --channels showing "Channels are not currently available" on first launch after upgrade
Fixed uninstalled plugin hooks continuing to fire until the next session
Fixed queued commands flickering during streaming responses
Fixed slash commands being sent to the model as text when submitted while a message is processing
Fixed scrollback jumping when collapsed read/search groups finish after scrolling offscreen
Fixed scrollback jumping to top when the model starts or stops thinking
Fixed SDK session history loss on resume caused by hook progress/attachment messages forking the parentUuid chain
Fixed copy-on-select not firing when you release the mouse outside the terminal window
Fixed ghost characters appearing in height-constrained lists when items overflow
Fixed Ctrl+B interfering with readline backward-char at an idle prompt — it now only fires when a foreground task can be backgrounded
Fixed tool result files never being cleaned up, ignoring the cleanupPeriodDays setting
Fixed space key being swallowed for up to 3 seconds after releasing voice hold-to-talk
Fixed ALSA library errors corrupting the terminal UI when using voice mode on Linux without audio hardware (Docker, headless, WSL1)
Fixed voice mode SoX detection on Termux/Android where spawning which is kernel-restricted
Fixed Remote Control sessions showing as Idle in the web session list while actively running
Fixed footer navigation selecting an invisible Remote Control pill in config-driven mode
Fixed memory leak in remote sessions where tool use IDs accumulate indefinitely
Improved Bedrock SDK cold-start latency by overlapping profile fetch with other boot work
Improved --resume memory usage and startup latency on large sessions
Improved plugin startup — commands, skills, and agents now load from disk cache without re-fetching
Improved Remote Control session titles: AI-generated titles now appear within seconds of the first message
Improved WebFetch to identify as Claude-User so site operators can recognize and allowlist Claude Code traffic via robots.txt
Reduced WebFetch peak memory usage for large pages
Reduced scrollback resets in long sessions from once per turn to once per ~50 messages
Faster claude -p startup with unauthenticated HTTP/SSE MCP servers (~600ms saved)
Bash ghost-text suggestions now include just-submitted commands immediately
Increased non-streaming fallback token cap (21k → 64k) and timeout (120s → 300s local) so fallback requests are less likely to be truncated
Interrupting a prompt before any response now automatically restores your input so you can edit and resubmit
/status now works while Claude is responding, instead of being queued until the turn finishes
Plugin MCP servers that duplicate an org-managed connector are now suppressed instead of running a second connection
Linux: respect XDG_DATA_HOME when registering the claude-cli:// protocol handler
Changed "stop all background agents" keybinding from Ctrl+F to Ctrl+X Ctrl+K to stop shadowing readline forward-char
Deprecated TaskOutput tool in favor of using Read on the background task's output file path
[VSCode] Spinner now turns red with "Not responding" when the backend hasn't responded for 60 seconds
[VSCode] Fixed session history not loading correctly when reopening a session via URL or after restart

View release on GitHub

v2.1.81 Bug fix 2mo

Notable features

Added `--bare` flag for scripted `-p` calls (skips hooks, LSP, plugin sync, disables auto‑memory)
Added `--channels` permission relay to forward tool approval prompts to phone
Improved MCP read/search collapsing and Bash discoverability

Full changelog

What's changed

Added --bare flag for scripted -p calls — skips hooks, LSP, plugin sync, and skill directory walks; requires ANTHROPIC_API_KEY or an apiKeyHelper via --settings (OAuth and keychain auth disabled); auto-memory fully disabled
Added --channels permission relay — channel servers that declare the permission capability can forward tool approval prompts to your phone
Fixed multiple concurrent Claude Code sessions requiring repeated re-authentication when one session refreshes its OAuth token
Fixed voice mode silently swallowing retry failures and showing a misleading "check your network" message instead of the actual error
Fixed voice mode audio not recovering when the server silently drops the WebSocket connection
Fixed CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS not suppressing the structured-outputs beta header, causing 400 errors on proxy gateways forwarding to Vertex/Bedrock
Fixed --channels bypass for Team/Enterprise orgs with no other managed settings configured
Fixed a crash on Node.js 18
Fixed unnecessary permission prompts for Bash commands containing dashes in strings
Fixed plugin hooks blocking prompt submission when the plugin directory is deleted mid-session
Fixed a race condition where background agent task output could hang indefinitely when the task completed between polling intervals
Resuming a session that was in a worktree now switches back to that worktree
Fixed /btw not including pasted text when used during an active response
Fixed a race where fast Cmd+Tab followed by paste could beat the clipboard copy under tmux
Fixed terminal tab title not updating with an auto-generated session description
Fixed invisible hook attachments inflating the message count in transcript mode
Fixed Remote Control sessions showing a generic title instead of deriving from the first prompt
Fixed /rename not syncing the title for Remote Control sessions
Fixed Remote Control /exit not reliably archiving the session
Improved MCP read/search tool calls to collapse into a single "Queried {server}" line (expand with Ctrl+O)
Improved ! bash mode discoverability — Claude now suggests it when you need to run an interactive command
Improved plugin freshness — ref-tracked plugins now re-clone on every load to pick up upstream changes
Improved Remote Control session titles to refresh after your third message
Updated MCP OAuth to support Client ID Metadata Document (CIMD / SEP-991) for servers without Dynamic Client Registration
Changed plan mode to hide the "clear context" option by default (restore with "showClearContextOnPlanAccept": true)
Disabled line-by-line response streaming on Windows (including WSL in Windows Terminal) due to rendering issues
[VSCode] Fixed Windows PATH inheritance for Bash tool when using Git Bash (regression in v2.1.78)

View release on GitHub

v2.1.80 Bug fix 2mo

Notable features

Added `rate_limits` field to statusline scripts for Claude.ai rate limit usage (5‑hour and 7‑day windows with used_percentage and resets_at)
Added `source: 'settings'` plugin marketplace source
Added CLI tool usage detection to plugin tips

Full changelog

What's changed

Added rate_limits field to statusline scripts for displaying Claude.ai rate limit usage (5-hour and 7-day windows with used_percentage and resets_at)
Added source: 'settings' plugin marketplace source — declare plugin entries inline in settings.json
Added CLI tool usage detection to plugin tips, in addition to file pattern matching
Added effort frontmatter support for skills and slash commands to override the model effort level when invoked
Added --channels (research preview) — allow MCP servers to push messages into your session
Fixed --resume dropping parallel tool results — sessions with parallel tool calls now restore all tool_use/tool_result pairs instead of showing [Tool result missing] placeholders
Fixed voice mode WebSocket failures caused by Cloudflare bot detection on non-browser TLS fingerprints
Fixed 400 errors when using fine-grained tool streaming through API proxies, Bedrock, or Vertex
Fixed /remote-control appearing for gateway and third-party provider deployments where it cannot function
Fixed /sandbox tab switching not responding to Tab or arrow keys
Improved responsiveness of @ file autocomplete in large git repositories
Improved /effort to show what auto currently resolves to, matching the status bar indicator
Improved /permissions — Tab and arrow keys now switch tabs from within a list
Improved background tasks panel — left arrow now closes from the list view
Simplified plugin install tips to use a single /plugin install command instead of a two-step flow
Reduced memory usage on startup in large repositories (~80 MB saved on 250k-file repos)
Fixed managed settings (enabledPlugins, permissions.defaultMode, policy-set env vars) not being applied at startup when remote-settings.json was cached from a prior session

View release on GitHub

v2.1.79 Bug fix 2mo

Notable features

--console flag for Anthropic Console auth
Show turn duration toggle in /config
Remote-control bridge in VSCode

Full changelog

What's changed

Added --console flag to claude auth login for Anthropic Console (API billing) authentication
Added "Show turn duration" toggle to the /config menu
Fixed claude -p hanging when spawned as a subprocess without explicit stdin (e.g. Python subprocess.run)
Fixed Ctrl+C not working in -p (print) mode
Fixed /btw returning the main agent's output instead of answering the side question when triggered during streaming
Fixed voice mode not activating correctly on startup when voiceEnabled: true is set
Fixed left/right arrow tab navigation in /permissions
Fixed CLAUDE_CODE_DISABLE_TERMINAL_TITLE not preventing terminal title from being set on startup
Fixed custom status line showing nothing when workspace trust is blocking it
Fixed enterprise users being unable to retry on rate limit (429) errors
Fixed SessionEnd hooks not firing when using interactive /resume to switch sessions
Improved startup memory usage by ~18MB across all scenarios
Improved non-streaming API fallback with a 2-minute per-attempt timeout, preventing sessions from hanging indefinitely
CLAUDE_CODE_PLUGIN_SEED_DIR now supports multiple seed directories separated by the platform path delimiter (: on Unix, ; on Windows)
[VSCode] Added /remote-control — bridge your session to claude.ai/code to continue from a browser or phone
[VSCode] Session tabs now get AI-generated titles based on your first message
[VSCode] Fixed the thinking pill showing "Thinking" instead of "Thought for Ns" after a response completes
[VSCode] Fixed missing session diff button when opening sessions from the left sidebar

View release on GitHub

v2.1.78 Mixed 2mo

Security fixes

Fixed silent sandbox disable when dependencies are missing — now emits a visible startup warning

Notable features

Added `StopFailure` hook event for API error‑induced turn termination
Introduced `${CLAUDE_PLUGIN_DATA}` variable preserving plugin state across updates, with uninstall prompt
Frontmatter now supports `effort`, `maxTurns`, and `disallowedTools` for shipped agents

Full changelog

What's changed

Added StopFailure hook event that fires when the turn ends due to an API error (rate limit, auth failure, etc.)
Added ${CLAUDE_PLUGIN_DATA} variable for plugin persistent state that survives plugin updates; /plugin uninstall prompts before deleting it
Added effort, maxTurns, and disallowedTools frontmatter support for plugin-shipped agents
Terminal notifications (iTerm2/Kitty/Ghostty popups, progress bar) now reach the outer terminal when running inside tmux with set -g allow-passthrough on
Response text now streams line-by-line as it's generated
Fixed git log HEAD failing with "ambiguous argument" inside sandboxed Bash on Linux, and stub files polluting git status in the working directory
Fixed cc log and --resume silently truncating conversation history on large sessions (>5 MB) that used subagents
Fixed infinite loop when API errors triggered stop hooks that re-fed blocking errors to the model
Fixed deny: ["mcp__servername"] permission rules not removing MCP server tools before sending to the model, allowing it to see and attempt blocked tools
Fixed sandbox.filesystem.allowWrite not working with absolute paths (previously required // prefix)
Fixed /sandbox Dependencies tab showing Linux prerequisites on macOS instead of macOS-specific info
Security: Fixed silent sandbox disable when sandbox.enabled: true is set but dependencies are missing — now shows a visible startup warning
Fixed .git, .claude, and other protected directories being writable without a prompt in bypassPermissions mode
Fixed ctrl+u in normal mode scrolling instead of readline kill-line (ctrl+u/ctrl+d half-page scroll moved to transcript mode only)
Fixed voice mode modifier-combo push-to-talk keybindings (e.g. ctrl+k) requiring a hold instead of activating immediately
Fixed voice mode not working on WSL2 with WSLg (Windows 11); WSL1/Win10 users now get a clear error
Fixed --worktree flag not loading skills and hooks from the worktree directory
Fixed CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS and includeGitInstructions setting not suppressing the git status section in the system prompt
Fixed Bash tool not finding Homebrew and other PATH-dependent binaries when VS Code is launched from Dock/Spotlight
Fixed washed-out Claude orange color in VS Code/Cursor/code-server terminals that don't advertise truecolor support
Added ANTHROPIC_CUSTOM_MODEL_OPTION env var to add a custom entry to the /model picker, with optional _NAME and _DESCRIPTION suffixed vars for display
Fixed ANTHROPIC_BETAS environment variable being silently ignored when using Haiku models
Fixed queued prompts being concatenated without a newline separator
Improved memory usage and startup time when resuming large sessions
[VSCode] Fixed a brief flash of the login screen when opening the sidebar while already authenticated
[VSCode] Fixed "API Error: Rate limit reached" when selecting Opus — model dropdown no longer offers 1M context variant to subscribers whose plan tier is unknown

View release on GitHub

v2.1.77 Breaking risk 2mo

Breaking changes

Renamed `/fork` to `/branch`; `/fork` remains as an alias for backward compatibility.
Removed `resume` parameter from the Agent tool; use `SendMessage({to: agentId})` instead.

Notable features

`SendMessage` now auto‑resumes stopped agents in the background rather than returning an error.

Full changelog

What's changed

Increased default maximum output token limits for Claude Opus 4.6 to 64k tokens, and the upper bound for Opus 4.6 and Sonnet 4.6 models to 128k tokens
Added allowRead sandbox filesystem setting to re-allow read access within denyRead regions
/copy now accepts an optional index: /copy N copies the Nth-latest assistant response
Fixed "Always Allow" on compound bash commands (e.g. cd src && npm test) saving a single rule for the full string instead of per-subcommand, leading to dead rules and repeated permission prompts
Fixed auto-updater starting overlapping binary downloads when the slash-command overlay repeatedly opened and closed, accumulating tens of gigabytes of memory
Fixed --resume silently truncating recent conversation history due to a race between memory-extraction writes and the main transcript
Fixed PreToolUse hooks returning "allow" bypassing deny permission rules, including enterprise managed settings
Fixed Write tool silently converting line endings when overwriting CRLF files or creating files in CRLF directories
Fixed memory growth in long-running sessions from progress messages surviving compaction
Fixed cost and token usage not being tracked when the API falls back to non-streaming mode
Fixed CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS not stripping beta tool-schema fields, causing proxy gateways to reject requests
Fixed Bash tool reporting errors for successful commands when the system temp directory path contains spaces
Fixed paste being lost when typing immediately after pasting
Fixed Ctrl+D in /feedback text input deleting forward instead of the second press exiting the session
Fixed API error when dragging a 0-byte image file into the prompt
Fixed Claude Desktop sessions incorrectly using the terminal CLI's configured API key instead of OAuth
Fixed git-subdir plugins at different subdirectories of the same monorepo commit colliding in the plugin cache
Fixed ordered list numbers not rendering in terminal UI
Fixed a race condition where stale-worktree cleanup could delete an agent worktree just resumed from a previous crash
Fixed input deadlock when opening /mcp or similar dialogs while the agent is running
Fixed Backspace and Delete keys not working in vim NORMAL mode
Fixed status line not updating when vim mode is toggled on or off
Fixed hyperlinks opening twice on Cmd+click in VS Code, Cursor, and other xterm.js-based terminals
Fixed background colors rendering as terminal-default inside tmux with default configuration
Fixed iTerm2 session crash when selecting text inside tmux over SSH
Fixed clipboard copy silently failing in tmux sessions; copy toast now indicates whether to paste with ⌘V or tmux prefix+]
Fixed ←/→ accidentally switching tabs in settings, permissions, and sandbox dialogs while navigating lists
Fixed IDE integration not auto-connecting when Claude Code is launched inside tmux or screen
Fixed CJK characters visually bleeding into adjacent UI elements when clipped at the right edge
Fixed teammate panes not closing when the leader exits
Fixed iTerm2 auto mode not detecting iTerm2 for native split-pane teammates
Faster startup on macOS (~60ms) by reading keychain credentials in parallel with module loading
Faster --resume on fork-heavy and very large sessions — up to 45% faster loading and ~100-150MB less peak memory
Improved Esc to abort in-flight non-streaming API requests
Improved claude plugin validate to check skill, agent, and command frontmatter plus hooks/hooks.json, catching YAML parse errors and schema violations
Background bash tasks are now killed if output exceeds 5GB, preventing runaway processes from filling disk
Sessions are now auto-named from plan content when you accept a plan
Improved headless mode plugin installation to compose correctly with CLAUDE_CODE_PLUGIN_SEED_DIR
Show a notice when apiKeyHelper takes longer than 10s, preventing it from blocking the main loop
The Agent tool no longer accepts a resume parameter — use SendMessage({to: agentId}) to continue a previously spawned agent
SendMessage now auto-resumes stopped agents in the background instead of returning an error
Renamed /fork to /branch (/fork still works as an alias)
[VSCode] Improved plan preview tab titles to use the plan's heading instead of "Claude's Plan"
[VSCode] When option+click doesn't trigger native selection on macOS, the footer now points to the macOptionClickForcesSelection setting

View release on GitHub

v2.1.76 Breaking risk 2mo

⚠ Upgrade required

--plugin-dir now limited to one path per invocation; repeat the flag for multiple directories

Breaking changes

--plugin-dir now accepts only a single path (use repeated --plugin-dir for multiple directories)

Notable features

MCP servers can request structured input mid-task via interactive dialog
-n / --name CLI flag to set session display name at startup
`worktree.sparsePaths` setting for selective checkout in large monorepos

Full changelog

What's changed

Added MCP elicitation support — MCP servers can now request structured input mid-task via an interactive dialog (form fields or browser URL)
Added new Elicitation and ElicitationResult hooks to intercept and override responses before they're sent back
Added -n / --name <name> CLI flag to set a display name for the session at startup
Added worktree.sparsePaths setting for claude --worktree in large monorepos to check out only the directories you need via git sparse-checkout
Added PostCompact hook that fires after compaction completes
Added /effort slash command to set model effort level
Added session quality survey — enterprise admins can configure the sample rate via the feedbackSurveyRate setting
Fixed deferred tools (loaded via ToolSearch) losing their input schemas after conversation compaction, causing array and number parameters to be rejected with type errors
Fixed slash commands showing "Unknown skill"
Fixed plan mode asking for re-approval after the plan was already accepted
Fixed voice mode swallowing keypresses while a permission dialog or plan editor was open
Fixed /voice not working on Windows when installed via npm
Fixed spurious "Context limit reached" when invoking a skill with model: frontmatter on a 1M-context session
Fixed "adaptive thinking is not supported on this model" error when using non-standard model strings
Fixed Bash(cmd:*) permission rules not matching when a quoted argument contains #
Fixed "don't ask again" in the Bash permission dialog showing the full raw command for pipes and compound commands
Fixed auto-compaction retrying indefinitely after consecutive failures — a circuit breaker now stops after 3 attempts
Fixed MCP reconnect spinner persisting after successful reconnection
Fixed LSP plugins not registering servers when the LSP Manager initialized before marketplaces were reconciled
Fixed clipboard copying in tmux over SSH — now attempts both direct terminal write and tmux clipboard integration
Fixed /export showing only the filename instead of the full file path in the success message
Fixed transcript not auto-scrolling to new messages after selecting text
Fixed Escape key not working to exit the login method selection screen
Fixed several Remote Control issues: sessions silently dying when the server reaps an idle environment, rapid messages being queued one-at-a-time instead of batched, and stale work items causing redelivery after JWT refresh
Fixed bridge sessions failing to recover after extended WebSocket disconnects
Fixed slash commands not found when typing the exact name of a soft-hidden command
Improved --worktree startup performance by reading git refs directly and skipping redundant git fetch when the remote branch is already available locally
Improved background agent behavior — killing a background agent now preserves its partial results in the conversation context
Improved model fallback notifications — now always visible instead of hidden behind verbose mode, with human-friendly model names
Improved blockquote readability on dark terminal themes — text is now italic with a left bar instead of dim
Improved stale worktree cleanup — worktrees left behind after an interrupted parallel run are now automatically cleaned up
Improved Remote Control session titles — now derived from your first prompt instead of showing "Interactive session"
Improved /voice to show your dictation language on enable and warn when your language setting isn't supported for voice input
Updated --plugin-dir to only accept one path to support subcommands — use repeated --plugin-dir for multiple directories
[VSCode] Fixed gitignore patterns containing commas silently excluding entire filetypes from the @-mention file picker

View release on GitHub

v2.1.75 Maintenance 2mo

Routine maintenance release for claude-code.

Full changelog

View release on GitHub

v2.1.74 Bug fix 2mo

Notable features

Actionable suggestions in `/context` command for context-heavy tools, memory bloat, and capacity warnings
Added `autoMemoryDirectory` setting to configure custom auto‑memory storage directory

Full changelog

What's changed

Added actionable suggestions to /context command — identifies context-heavy tools, memory bloat, and capacity warnings with specific optimization tips
Added autoMemoryDirectory setting to configure a custom directory for auto-memory storage
Fixed memory leak where streaming API response buffers were not released when the generator was terminated early, causing unbounded RSS growth on the Node.js/npm code path
Fixed managed policy ask rules being bypassed by user allow rules or skill allowed-tools
Fixed full model IDs (e.g., claude-opus-4-5) being silently ignored in agent frontmatter model: field and --agents JSON config — agents now accept the same model values as --model
Fixed MCP OAuth authentication hanging when the callback port is already in use
Fixed MCP OAuth refresh never prompting for re-auth after the refresh token expires, for OAuth servers that return errors with HTTP 200 (e.g. Slack)
Fixed voice mode silently failing on the macOS native binary for users whose terminal had never been granted microphone permission — the binary now includes the audio-input entitlement so macOS prompts correctly
Fixed SessionEnd hooks being killed after 1.5 s on exit regardless of hook.timeout — now configurable via CLAUDE_CODE_SESSIONEND_HOOKS_TIMEOUT_MS
Fixed /plugin install failing inside the REPL for marketplace plugins with local sources
Fixed marketplace update not syncing git submodules — plugin sources in submodules no longer break after update
Fixed unknown slash commands with arguments silently dropping input — now shows your input as a warning
Fixed Hebrew, Arabic, and other RTL text not rendering correctly in Windows Terminal, conhost, and VS Code integrated terminal
Fixed LSP servers not working on Windows due to malformed file URIs
Changed --plugin-dir so local dev copies now override installed marketplace plugins with the same name (unless that plugin is force-enabled by managed settings)
[VSCode] Fixed delete button not working for Untitled sessions
[VSCode] Improved scroll wheel responsiveness in the integrated terminal with terminal-aware acceleration

View release on GitHub

v2.1.73 Breaking risk 2mo

⚠ Upgrade required

/output-style command is deprecated; migrate to /config for output style settings.

Notable features

Improved Up arrow handling restores interrupted prompts in one step
Voice mode now automatically retries transient connection failures during rapid push‑to‑talk

Full changelog

What's changed

Added modelOverrides setting to map model picker entries to custom provider model IDs (e.g. Bedrock inference profile ARNs)
Added actionable guidance when OAuth login or connectivity checks fail due to SSL certificate errors (corporate proxies, NODE_EXTRA_CA_CERTS)
Fixed freezes and 100% CPU loops triggered by permission prompts for complex bash commands
Fixed a deadlock that could freeze Claude Code when many skill files changed at once (e.g. during git pull in a repo with a large .claude/skills/ directory)
Fixed Bash tool output being lost when running multiple Claude Code sessions in the same project directory
Fixed subagents with model: opus/sonnet/haiku being silently downgraded to older model versions on Bedrock, Vertex, and Microsoft Foundry
Fixed background bash processes spawned by subagents not being cleaned up when the agent exits
Fixed /resume showing the current session in the picker
Fixed /ide crashing with onInstall is not defined when auto-installing the extension
Fixed /loop not being available on Bedrock/Vertex/Foundry and when telemetry was disabled
Fixed SessionStart hooks firing twice when resuming a session via --resume or --continue
Fixed JSON-output hooks injecting no-op system-reminder messages into the model's context on every turn
Fixed voice mode session corruption when a slow connection overlaps a new recording
Fixed Linux sandbox failing to start with "ripgrep (rg) not found" on native builds
Fixed Linux native modules not loading on Amazon Linux 2 and other glibc 2.26 systems
Fixed "media_type: Field required" API error when receiving images via Remote Control
Fixed /heapdump failing on Windows with EEXIST error when the Desktop folder already exists
Improved Up arrow after interrupting Claude — now restores the interrupted prompt and rewinds the conversation in one step
Improved IDE detection speed at startup
Improved clipboard image pasting performance on macOS
Improved /effort to work while Claude is responding, matching /model behavior
Improved voice mode to automatically retry transient connection failures during rapid push-to-talk re-press
Improved the Remote Control spawn mode selection prompt with better context
Changed default Opus model on Bedrock, Vertex, and Microsoft Foundry to Opus 4.6 (was Opus 4.1)
Deprecated /output-style command — use /config instead. Output style is now fixed at session start for better prompt caching
VSCode: Fixed HTTP 400 errors for users behind proxies or on Bedrock/Vertex with Claude 4.5 models

View release on GitHub

v2.1.72 Breaking risk 2mo

Breaking changes

Removed environment variable CLAUDE_CODE_PROXY_SUPPORTS_TOOL_REFERENCE
Changed effort levels: removed 'max', now only low/medium/high with new symbols (○ ◐ ●) and a brief notification instead of persistent icon

Notable features

Added `w` key in `/copy` to write selection directly to a file over SSH
Added optional description argument to `/plan` for immediate plan mode entry
Added `claude plugins` alias for `claude plugin`

Full changelog

What's changed

Changed tool search to bypass the third-party proxy gate when the environment variable is set (replaces CLAUDE_CODE_PROXY_SUPPORTS_TOOL_REFERENCE, now removed)
Added w key in /copy to write the focused selection directly to a file, bypassing the clipboard (useful over SSH)
Added optional description argument to /plan (e.g., /plan fix the auth bug) that enters plan mode and immediately starts
Added claude plugins as an alias for claude plugin
Added ExitWorktree tool to leave an EnterWorktree session
Added CLAUDE_CODE_DISABLE_CRON environment variable to immediately stop scheduled cron jobs mid-session
Added lsof, pgrep, tput, ss, fd, and fdfind to the bash auto-approval allowlist, reducing permission prompts for common read-only operations
Added support for marketplace git URLs without .git suffix (Azure DevOps, AWS CodeCommit)
Restored the model parameter on the Agent tool for per-invocation model overrides
Simplified effort levels to low/medium/high (removed max) with new symbols (○ ◐ ●) and a brief notification instead of a persistent icon. Use /effort auto to reset to default
Improved /config — Escape now cancels changes, Enter saves and closes, Space toggles settings
Improved up-arrow history to show current session's messages first when running multiple concurrent sessions
Improved voice input transcription accuracy for repo names and common dev terms (regex, OAuth, JSON)
Improved marketplace clone failure messages to show diagnostic info even when git produces no stderr
Improved claude plugin validate to explain that marketplace.json source paths are relative to the repo root when rejecting ../ paths
Improved bash command parsing by switching to a native module — faster initialization and no memory leak
Reduced false-positive bash permission prompts — tree-sitter parsing now handles find -exec, variable assignments, command substitutions, and many other patterns that previously triggered unnecessary prompts. Also fixed tree-sitter not loading in npm-installed versions
Reduced bundle size by ~510 KB
Changed CLAUDE.md HTML comments () to be hidden from Claude when auto-injected. Comments remain visible when read with the Read tool
Fixed slow exits when background tasks or hooks were slow to respond
Fixed agent task progress stuck on "Initializing…"
Fixed skill hooks firing twice per event when a hooks-enabled skill is invoked by the model
Fixed several voice mode issues: occasional input lag, false "No speech detected" errors after releasing push-to-talk, and stale transcripts re-filling the prompt after submission
Fixed --continue not resuming from the most recent point after --compact
Fixed bash security parsing edge cases
Fixed several plugin issues: installation failing on Windows with EEXIST error in OneDrive folders, marketplace blocking user-scope installs when a project-scope install exists, CLAUDE_CODE_PLUGIN_CACHE_DIR creating literal ~ directories, and plugin.json with marketplace-only fields failing to load
Fixed feedback survey appearing too frequently in long sessions
Fixed --effort CLI flag being reset by unrelated settings writes on startup
Fixed backgrounded Ctrl+B queries losing their transcript or corrupting the new conversation after /clear
Fixed /clear killing background agent/bash tasks — only foreground tasks are now cleared
Fixed worktree isolation issues: Task tool resume not restoring cwd, and background task notifications missing worktreePath and worktreeBranch
Fixed /model not displaying results when run while Claude is working
Fixed digit keys selecting menu options instead of typing in plan mode permission prompt's text input
Fixed sandbox permission issues: certain file write operations incorrectly allowed without prompting, and output redirections to allowlisted directories (like /tmp/claude/) prompting unnecessarily
Improved CPU utilization in long sessions
Fixed prompt cache invalidation in SDK query() calls, reducing input token costs up to 12x
Fixed Escape key becoming unresponsive after cancelling a query
Fixed double Ctrl+C not exiting when background agents or tasks are running
Fixed team agents to inherit the leader's model
Fixed "Always Allow" saving permission rules that never match again
Fixed several hooks issues: transcript_path pointing to the wrong directory for resumed/forked sessions, agent prompt being silently deleted from settings.json on every settings write, PostToolUse block reason displaying twice, async hooks not receiving stdin with bash read -r, and validation error message showing an example that fails validation
Fixed session crashes in Desktop/SDK when Read returned files containing U+2028/U+2029 characters
Fixed terminal title being cleared on exit even when CLAUDE_CODE_DISABLE_TERMINAL_TITLE was set
Fixed several permission rule matching issues: wildcard rules not matching commands with heredocs, embedded newlines, or no arguments; sandbox.excludedCommands failing with env var prefixes; "always allow" suggesting overly broad prefixes for nested CLI tools; and deny rules not applying to all command forms
Fixed oversized and truncated images from Bash data-URL output
Fixed a crash when resuming sessions that contained Bedrock API errors
Fixed intermittent "expected boolean, received string" validation errors on Edit, Bash, and Grep tool inputs
Fixed multi-line session titles when forking from a conversation whose first message contained newlines
Fixed queued messages not showing attached images, and images being lost when pressing ↑ to edit a queued message
Fixed parallel tool calls where a failed Read/WebFetch/Glob would cancel its siblings — only Bash errors now cascade
VSCode: Fixed scroll speed in integrated terminals not matching native terminals
VSCode: Fixed Shift+Enter submitting input instead of inserting a newline for users with older keybindings
VSCode: Added effort level indicator on the input border
VSCode: Added vscode://anthropic.claude-code/open URI handler to open a new Claude Code tab programmatically, with optional prompt and session query parameters

View release on GitHub

v2.1.71 Breaking risk 2mo

⚠ Upgrade required

/plugin uninstall now edits .claude/settings.local.json instead of .claude/settings.json to avoid affecting teammates
Removed unauthenticated org‑registered claude.ai connector startup notifications

Notable features

Added /loop command for recurring prompt execution
Added cron scheduling tools for session‑scoped prompts
Added voice:pushToTalk rebindable keybinding (default space)

Full changelog

What's changed

Added /loop command to run a prompt or slash command on a recurring interval (e.g. /loop 5m check the deploy)
Added cron scheduling tools for recurring prompts within a session
Added voice:pushToTalk keybinding to make the voice activation key rebindable in keybindings.json (default: space) — modifier+letter combos like meta+k have zero typing interference
Added fmt, comm, cmp, numfmt, expr, test, printf, getconf, seq, tsort, and pr to the bash auto-approval allowlist
Fixed stdin freeze in long-running sessions where keystrokes stop being processed but the process stays alive
Fixed a 5–8 second startup freeze for users with voice mode enabled, caused by CoreAudio initialization blocking the main thread after system wake
Fixed startup UI freeze when many claude.ai proxy connectors refresh an expired OAuth token simultaneously
Fixed forked conversations (/fork) sharing the same plan file, which caused plan edits in one fork to overwrite the other
Fixed the Read tool putting oversized images into context when image processing failed, breaking subsequent turns in long image-heavy sessions
Fixed false-positive permission prompts for compound bash commands containing heredoc commit messages
Fixed plugin installations being lost when running multiple Claude Code instances
Fixed claude.ai connectors failing to reconnect after OAuth token refresh
Fixed claude.ai MCP connector startup notifications appearing for every org-configured connector instead of only previously connected ones
Fixed background agent completion notifications missing the output file path, which made it difficult for parent agents to recover agent results after context compaction
Fixed duplicate output in Bash tool error messages when commands exit with non-zero status
Fixed Chrome extension auto-detection getting permanently stuck on "not installed" after running on a machine without local Chrome
Fixed /plugin marketplace update failing with merge conflicts when the marketplace is pinned to a branch/tag ref
Fixed /plugin marketplace add owner/repo@ref incorrectly parsing @ — previously only # worked as a ref separator, causing undiagnosable errors with strictKnownMarketplaces
Fixed duplicate entries in /permissions Workspace tab when the same directory is added with and without a trailing slash
Fixed --print hanging forever when team agents are configured — the exit loop no longer waits on long-lived in_process_teammate tasks
Fixed "❯ Tool loaded." appearing in the REPL after every ToolSearch call
Fixed prompting for cd <cwd> && git ... on Windows when the model uses a mingw-style path
Improved startup time by deferring native image processor loading to first use
Improved bridge session reconnection to complete within seconds after laptop wake from sleep, instead of waiting up to 10 minutes
Improved /plugin uninstall to disable project-scoped plugins in .claude/settings.local.json instead of modifying .claude/settings.json, so changes don't affect teammates
Improved plugin-provided MCP server deduplication — servers that duplicate a manually-configured server (same command/URL) are now skipped, preventing duplicate connections and tool sets. Suppressions are shown in the /plugin menu.
Updated /debug to toggle debug logging on mid-session, since debug logs are no longer written by default
Removed startup notification noise for unauthenticated org-registered claude.ai connectors

View release on GitHub

v2.1.70 Bug fix 3mo

Notable features

[VSCode] Spark icon activity bar listing Claude Code sessions
[VSCode] Full markdown document view for plans with comment support
[VSCode] Native MCP server management dialog via `/mcp`

Full changelog

What's changed

Fixed API 400 errors when using ANTHROPIC_BASE_URL with a third-party gateway — tool search now correctly detects proxy endpoints and disables tool_reference blocks
Fixed API Error: 400 This model does not support the effort parameter when using custom Bedrock inference profiles or other model identifiers not matching standard Claude naming patterns
Fixed empty model responses immediately after ToolSearch — the server renders tool schemas with system-prompt-style tags at the prompt tail, which could confuse models into stopping early
Fixed prompt-cache bust when an MCP server with instructions connects after the first turn
Fixed Enter inserting a newline instead of submitting when typing over a slow SSH connection
Fixed clipboard corrupting non-ASCII text (CJK, emoji) on Windows/WSL by using PowerShell Set-Clipboard
Fixed extra VS Code windows opening at startup on Windows when running from the VS Code integrated terminal
Fixed voice mode failing on Windows native binary with "native audio module could not be loaded"
Fixed push-to-talk not activating on session start when voiceEnabled: true was set in settings
Fixed markdown links containing #NNN references incorrectly pointing to the current repository instead of the linked URL
Fixed repeated "Model updated to Opus 4.6" notification when a project's .claude/settings.json has a legacy Opus model string pinned
Fixed plugins showing as inaccurately installed in /plugin
Fixed plugins showing "not found in marketplace" errors on fresh startup by auto-refreshing after marketplace installation
Fixed /security-review command failing with unknown option merge-base on older git versions
Fixed /color command having no way to reset back to the default color — /color default, /color gray, /color reset, and /color none now restore the default
Fixed a performance regression in the AskUserQuestion preview dialog that re-ran markdown rendering on every keystroke in the notes input
Fixed feature flags read during early startup never refreshing their disk cache, causing stale values to persist across sessions
Fixed permissions.defaultMode settings values other than acceptEdits or plan being applied in Claude Code Remote environments — they are now ignored
Fixed skill listing being re-injected on every --resume (~600 tokens saved per resume)
Fixed teleport marker not rendering in VS Code teleported sessions
Improved error message when microphone captures silence to distinguish from "no speech detected"
Improved compaction to preserve images in the summarizer request, allowing prompt cache reuse for faster and cheaper compaction
Improved /rename to work while Claude is processing, instead of being silently queued
Reduced prompt input re-renders during turns by ~74%
Reduced startup memory by ~426KB for users without custom CA certificates
Reduced Remote Control /poll rate to once per 10 minutes while connected (was 1–2s), cutting server load ~300×. Reconnection is unaffected — transport loss immediately wakes fast polling.
[VSCode] Added spark icon in VS Code activity bar that lists all Claude Code sessions, with sessions opening as full editors
[VSCode] Added full markdown document view for plans in VS Code, with support for adding comments to provide feedback
[VSCode] Added native MCP server management dialog — use /mcp in the chat panel to enable/disable servers, reconnect, and manage OAuth authentication without switching to the terminal

View release on GitHub

v2.1.69 Breaking risk 3mo

Breaking changes

Automatic upgrade of Sonnet 4.5 users to Sonnet 4.6 in claude.ai/code.

Security fixes

Fixed nested skill discovery loading skills from gitignored directories like node_modules.
Fixed trust dialog silently enabling all .mcp.json servers on first run; now shows per‑server approval dialog.
Fixed symlink bypass where writing through a symlinked parent directory could escape the working directory in acceptEdits mode.

Full changelog

What's changed

Added the /claude-api skill for building applications with the Claude API and Anthropic SDK
Added Ctrl+U on an empty bash prompt (!) to exit bash mode, matching escape and backspace
Added numeric keypad support for selecting options in Claude's interview questions (previously only the number row above QWERTY worked)
Added optional name argument to /remote-control and claude remote-control (/remote-control My Project or --name "My Project") to set a custom session title visible in claude.ai/code
Added Voice STT support for 10 new languages (20 total) — Russian, Polish, Turkish, Dutch, Ukrainian, Greek, Czech, Danish, Swedish, Norwegian
Added effort level display (e.g., "with low effort") to the logo and spinner, making it easier to see which effort setting is active
Added agent name display in terminal title when using claude --agent
Added sandbox.enableWeakerNetworkIsolation setting (macOS only) to allow Go programs like gh, gcloud, and terraform to verify TLS certificates when using a custom MITM proxy with httpProxyPort
Added includeGitInstructions setting (and CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS env var) to remove built-in commit and PR workflow instructions from Claude's system prompt
Added /reload-plugins command to activate pending plugin changes without restarting
Added a one-time startup prompt suggesting Claude Code Desktop on macOS and Windows (max 3 showings, dismissible)
Added ${CLAUDE_SKILL_DIR} variable for skills to reference their own directory in SKILL.md content
Added InstructionsLoaded hook event that fires when CLAUDE.md or .claude/rules/*.md files are loaded into context
Added agent_id (for subagents) and agent_type (for subagents and --agent) to hook events
Added worktree field to status line hook commands with name, path, branch, and original repo directory when running in a --worktree session
Added pluginTrustMessage in managed settings to append organization-specific context to the plugin trust warning shown before installation
Added policy limit fetching (e.g., remote control restrictions) for Team plan OAuth users, not just Enterprise
Added pathPattern to strictKnownMarketplaces for regex-matching file/directory marketplace sources alongside hostPattern restrictions
Added plugin source type git-subdir to point to a subdirectory within a git repo
Added oauth.authServerMetadataUrl config option for MCP servers to specify a custom OAuth metadata discovery URL when standard discovery fails
Fixed a security issue where nested skill discovery could load skills from gitignored directories like node_modules
Fixed trust dialog silently enabling all .mcp.json servers on first run. You'll now see the per-server approval dialog as expected
Fixed claude remote-control crashing immediately on npm installs with "bad option: --sdk-url" (anthropics/claude-code#28334)
Fixed --model claude-opus-4-0 and --model claude-opus-4-1 resolving to deprecated Opus versions instead of current
Fixed macOS keychain corruption when using multiple OAuth MCP servers. Large OAuth metadata blobs could overflow the security -i stdin buffer, silently leaving stale credentials behind and causing repeated /login prompts.
Fixed .credentials.json losing subscriptionType (showing "Claude API" instead of "Claude Pro"/"Claude Max") when the profile endpoint transiently fails during token refresh (anthropics/claude-code#30185)
Fixed ghost dotfiles (.bashrc, HEAD, etc.) appearing as untracked files in the working directory after sandboxed Bash commands on Linux
Fixed Shift+Enter printing [27;2;13~ instead of inserting a newline in Ghostty over SSH
Fixed stash (Ctrl+S) being cleared when submitting a message while Claude is working
Fixed ctrl+o (transcript toggle) freezing for many seconds in long sessions with lots of file edits
Fixed plan mode feedback input not supporting multi-line text entry (backslash+Enter and Shift+Enter now insert newlines)
Fixed cursor not moving down into blank lines at the top of the input box
Fixed /stats crash when transcript files contain entries with missing or malformed timestamps
Fixed a brief hang after a streaming error on long sessions (the transcript was being fully rewritten to drop one line; it is now truncated in place)
Fixed --setting-sources user not blocking dynamically discovered project skills
Fixed duplicate CLAUDE.md, slash commands, agents, and rules when running from a worktree nested inside its main repo (e.g. claude -w)
Fixed plugin Stop/SessionEnd/etc hooks not firing after any /plugin operation
Fixed plugin hooks being silently dropped when two plugins use the same ${CLAUDE_PLUGIN_ROOT}/... command template
Fixed memory leak in long-running SDK/CCR sessions where conversation messages were retained unnecessarily
Fixed API 400 errors in forked agents (autocompact, summarization) when resuming sessions that were interrupted mid-tool-batch
Fixed "unexpected tool_use_id found in tool_result blocks" error when resuming conversations that start with an orphaned tool result
Fixed teammates accidentally spawning nested teammates via the Agent tool's name parameter
Fixed CLAUDE_CODE_MAX_OUTPUT_TOKENS being ignored during conversation compaction
Fixed /compact summary rendering as a user bubble in SDK consumers (Claude Code Remote web UI, VSCode extension)
Fixed voice space bar getting stuck after a failed voice activation (module loading race, cold GrowthBook)
Fixed worktree file copy on Windows
Fixed global .claude folder detection on Windows
Fixed symlink bypass where writing new files through a symlinked parent directory could escape the working directory in acceptEdits mode
Fixed sandbox prompting users to approve non-allowed domains when allowManagedDomainsOnly is enabled in managed settings — non-allowed domains are now blocked automatically with no bypass
Fixed interactive tools (e.g., AskUserQuestion) being silently auto-allowed when listed in a skill's allowed-tools, bypassing the permission prompt and running with empty answers
Fixed multi-GB memory spike when committing with large untracked binary files in the working tree
Fixed Escape not interrupting a running turn when the input box has draft text. Use Up arrow to pull queued messages back for editing, or Ctrl+U to clear the input line.
Fixed Android app crash when running local slash commands (/voice, /cost) in Remote Control sessions
Fixed a memory leak where old message array versions accumulated in React Compiler memoCache over long sessions
Fixed a memory leak where REPL render scopes accumulated over long sessions (~35MB over 1000 turns)
Fixed memory retention in in-process teammates where the parent's full conversation history was pinned for the teammate's lifetime, preventing GC after /clear or auto-compact
Fixed a memory leak in interactive mode where hook events could accumulate unboundedly during long sessions
Fixed hang when --mcp-config points to a corrupted file
Fixed slow startup when many skills/plugins are installed
Fixed cd <outside-dir> && <cmd> permission prompt to surface the chained command instead of only showing "Yes, allow reading from /"
Fixed conditional .claude/rules/*.md files (with paths: frontmatter) and nested CLAUDE.md files not loading in print mode (claude -p)
Fixed /clear not fully clearing all session caches, reducing memory retention in long sessions
Fixed terminal flicker caused by animated elements at the scrollback boundary
Fixed UI frame drops on macOS when using MCP servers with OAuth (regression from 2.1.x)
Fixed occasional frame stalls during typing caused by synchronous debug log flushes
Fixed TeammateIdle and TaskCompleted hooks to support {"continue": false, "stopReason": "..."} to stop the teammate, matching Stop hook behavior
Fixed WorktreeCreate and WorktreeRemove plugin hooks being silently ignored
Fixed skill descriptions with colons (e.g., "Triggers include: X, Y, Z") failing to load from SKILL.md frontmatter
Fixed project skills without a description: frontmatter field not appearing in Claude's available skills list
Fixed /context showing identical token counts for all MCP tools from a server
Fixed literal nul file creation on Windows when the model uses CMD-style 2>nul redirection in Git Bash
Fixed extra blank lines appearing below each tool call in the expanded subagent transcript view (Ctrl+O)
Fixed Tab/arrow keys not cycling Settings tabs when /config search box is focused but empty
Fixed service key OAuth sessions (CCR containers) spamming [ERROR] logs with 403s from profile-scoped endpoints
Fixed inconsistent color for "Remote Control active" status indicator
Fixed Voice waveform cursor covering the first suffix letter when dictating mid-input
Fixed Voice input showing all 5 spaces during warmup instead of capping at ~2 (aligning with the "keep holding…" hint)
Improved spinner performance by isolating the 50ms animation loop from the surrounding shell, reducing render and CPU overhead during turns
Improved UI rendering performance in native binaries with React Compiler
Improved --worktree startup by eliminating a git subprocess on the startup path
Improved macOS startup by eliminating redundant settings-file reloads when managed settings resolve
Improved macOS startup for Claude.ai enterprise/team users by skipping an unnecessary keychain lookup
Improved MCP -p startup by pipelining claude.ai config fetch with local connections and using a concurrency pool instead of sequential batching
Improved voice startup by removing imperceptible warmup pulse animations that were causing re-render stutter
Improved MCP binary content handling: tools returning PDFs, Office documents, or audio now save decoded bytes to disk with the correct file extension instead of dumping raw base64 into the conversation context. WebFetch also saves binary responses alongside its summary.
Improved memory usage in long sessions by stabilizing onSubmit across message updates
Improved LSP tool rendering and memory context building to no longer read entire files
Improved session upload and memory sync to avoid reading large files into memory before size/binary checks
Improved file operation performance by avoiding reading file contents for existence checks (6 sites)
Improved documentation to clarify that --append-system-prompt-file and --system-prompt-file work in interactive mode (the docs previously said print mode only)
Reduced baseline memory by ~16MB by deferring Yoga WASM preloading
Reduced memory footprint for SDK and CCR sessions using stream-json output
Reduced memory usage when resuming large sessions (including compacted history)
Reduced token usage on multi-agent tasks with more concise subagent final reports
Changed Sonnet 4.5 users on Pro/Max/Team Premium to be automatically migrated to Sonnet 4.6
Changed the /resume picker to show your most recent prompt instead of the first one. This also resolves some titles appearing as (session).
Changed claude.ai MCP connector failures to show a notification instead of silently disappearing from the tool list
Changed example command suggestions to be generated deterministically instead of calling Haiku
Changed resuming after compaction to no longer produce a preamble recap before continuing
[SDK] Changed task creation to no longer require the activeForm field — the spinner falls back to the task subject
[VSCode] Added compaction display as a collapsible "Compacted chat" card with the summary inside
[VSCode] The permission mode picker now respects permissions.disableBypassPermissionsMode from your effective Claude Code settings (including managed/policy settings) — when set to disable, bypass permissions mode is hidden from the picker
[VSCode] Fixed RTL text (Arabic, Hebrew, Persian) rendering reversed in the chat panel (regression in v2.1.63)

View release on GitHub

v2.1.68 Breaking risk 3mo

Breaking changes

Removed Opus 4 and Opus 4.1 from Claude Code on the first‑party API; users with these models pinned are automatically moved to Opus 4.6.

Notable features

Opus 4.6 now defaults to medium effort for Max and Team subscribers, adjustable via /model
Re‑introduced "ultrathink" keyword to enable high effort for the next turn

Full changelog

What's changed

Opus 4.6 now defaults to medium effort for Max and Team subscribers. Medium effort works well for most tasks — it's the sweet spot between speed and thoroughness. You can change this anytime with /model
Re-introduced the "ultrathink" keyword to enable high effort for the next turn
Removed Opus 4 and 4.1 from Claude Code on the first-party API — users with these models pinned are automatically moved to Opus 4.6

View release on GitHub

v2.1.66 Maintenance 3mo

Routine maintenance release for claude-code.

Full changelog

View release on GitHub

v2.1.63 Bug fix 3mo

Notable features

Added `/simplify` and `/batch` slash commands
Added `ENABLE_CLAUDEAI_MCP_SERVERS=false` env var to opt out of claude.ai MCP servers
Added HTTP hooks for JSON POST/GET without shell command execution

Full changelog

What's changed

Added /simplify and /batch bundled slash commands
Fixed local slash command output like /cost appearing as user-sent messages instead of system messages in the UI
Project configs & auto memory now shared across git worktrees of the same repository
Added ENABLE_CLAUDEAI_MCP_SERVERS=false env var to opt out from making claude.ai MCP servers available
Improved /model command to show the currently active model in the slash command menu
Added HTTP hooks, which can POST JSON to a URL and receive JSON instead of running a shell command
Fixed listener leak in bridge polling loop
Fixed listener leak in MCP OAuth flow cleanup
Added manual URL paste fallback during MCP OAuth authentication. If the automatic localhost redirect doesn't work, you can paste the callback URL to complete authentication.
Fixed memory leak when navigating hooks configuration menu
Fixed listener leak in interactive permission handler during auto-approvals
Fixed file count cache ignoring glob ignore patterns
Fixed memory leak in bash command prefix cache
Fixed MCP tool/resource cache leak on server reconnect
Fixed IDE host IP detection cache incorrectly sharing results across ports
Fixed WebSocket listener leak on transport reconnect
Fixed memory leak in git root detection cache that could cause unbounded growth in long-running sessions
Fixed memory leak in JSON parsing cache that grew unbounded over long sessions
VSCode: Fixed remote sessions not appearing in conversation history
Fixed a race condition in the REPL bridge where new messages could arrive at the server interleaved with historical messages during the initial connection flush, causing message ordering issues.
Fixed memory leak where long-running teammates retained all messages in AppState even after conversation compaction
Fixed a memory leak where MCP server fetch caches were not cleared on disconnect, causing growing memory usage with servers that reconnect frequently
Improved memory usage in long sessions with subagents by stripping heavy progress message payloads during context compaction
Added "Always copy full response" option to the /copy picker. When selected, future /copy commands will skip the code block picker and copy the full response directly.
VSCode: Added session rename and remove actions to the sessions list
Fixed /clear not resetting cached skills, which could cause stale skill content to persist in the new conversation

View release on GitHub

v2.1.62 Bug fix 3mo

Fixed prompt suggestion cache regression that reduced cache hit rates.

Changelog

What's changed

Fixed prompt suggestion cache regression that reduced cache hit rates

View release on GitHub

v2.1.61 Bug fix 3mo

Fixed concurrent writes corrupting the config file on Windows.

Changelog

What's changed

Fixed concurrent writes corrupting config file on Windows

View release on GitHub

v2.1.59 Bug fix 3mo

Notable features

Auto‑memory saves useful context, manageable via /memory
/copy command with interactive code block picker
Smarter "always allow" prefix suggestions for compound bash commands

Full changelog

What's changed

Claude automatically saves useful context to auto-memory. Manage with /memory
Added /copy command to show an interactive picker when code blocks are present, allowing selection of individual code blocks or the full response.
Improved "always allow" prefix suggestions for compound bash commands (e.g. cd /tmp && git fetch && git push) to compute smarter per-subcommand prefixes instead of treating the whole command as one
Improved ordering of short task lists
Improved memory usage in multi-agent sessions by releasing completed subagent task state
Fixed MCP OAuth token refresh race condition when running multiple Claude Code instances simultaneously
Fixed shell commands not showing a clear error message when the working directory has been deleted

View release on GitHub

v2.1.58 Feature 3mo

Notable features

Expanded Remote Control access for more users

Changelog

What's changed

Expand Remote Control to more users

View release on GitHub

v2.1.56 Bug fix 3mo

Fixed crashes caused by the command "claude-vscode.editor.openLast" not being found in VS Code.

Full changelog

What's changed

VS Code: Fixed another cause of "command 'claude-vscode.editor.openLast' not found" crashes

View release on GitHub

v2.1.55 Bug fix 3mo

Fixed BashTool failing on Windows with EINVAL error.

Changelog

What's changed

Fixed BashTool failing on Windows with EINVAL error

View release on GitHub

v2.1.53 Bug fix 3mo

Fixed UI flicker after submission and crashes across multiple platforms.

Full changelog

What's changed

Fixed a UI flicker where user input would briefly disappear after submission before the message rendered
Fixed bulk agent kill (ctrl+f) to send a single aggregate notification instead of one per agent, and to properly clear the command queue
Fixed graceful shutdown sometimes leaving stale sessions when using Remote Control by parallelizing teardown network calls
Fixed --worktree sometimes being ignored on first launch
Fixed a panic ("switch on corrupted value") on Windows
Fixed a crash that could occur when spawning many processes on Windows
Fixed a crash in the WebAssembly interpreter on Linux x64 & Windows x64
Fixed a crash that sometimes occurred after 2 minutes on Windows ARM64

View release on GitHub

v2.1.52 Bug fix 3mo

Fixed extension crash on Windows when command 'claude-vscode.editor.openLast' was not found.

Full changelog

What's changed

VS Code: Fixed extension crash on Windows ("command 'claude-vscode.editor.openLast' not found")

View release on GitHub

v2.1.51 Security relevant 3mo

⚠ Upgrade required

BashTool no longer requires `CLAUDE_BASH_NO_LOGIN=true`; the `-l` flag is skipped automatically when a snapshot exists
HTTP hooks are routed through the sandbox network proxy enforcing domain allowlist; not supported for SessionStart/Setup events

Security fixes

Fixed security issue allowing `statusLine` and `fileSuggestion` hook commands to execute without workspace trust acceptance in interactive mode (CVE not disclosed)
Fixed security issue enabling arbitrary environment variable interpolation from HTTP hook header values; now requires explicit `allowedEnvVars` list

Notable features

Added `claude remote-control` subcommand for external builds
Updated default Git timeout to 120 s and introduced `CLAUDE_CODE_PLUGIN_GIT_TIMEOUT_MS` env var
Supported custom npm registries with version pinning for plugin installs

Full changelog

What's changed

Added claude remote-control subcommand for external builds, enabling local environment serving for all users.
Updated plugin marketplace default git timeout from 30s to 120s and added CLAUDE_CODE_PLUGIN_GIT_TIMEOUT_MS to configure.
Added support for custom npm registries and specific version pinning when installing plugins from npm sources
BashTool now skips login shell (-l flag) by default when a shell snapshot is available, improving command execution performance. Previously this required setting CLAUDE_BASH_NO_LOGIN=true.
Fixed a security issue where statusLine and fileSuggestion hook commands could execute without workspace trust acceptance in interactive mode.
Tool results larger than 50K characters are now persisted to disk (previously 100K). This reduces context window usage and improves conversation longevity.
Fixed a security issue where HTTP hooks could interpolate arbitrary environment variables from header values. Env var interpolation now requires an explicit allowedEnvVars list in the hook configuration.
Fixed a bug where duplicate control_response messages (e.g. from WebSocket reconnects) could cause API 400 errors by pushing duplicate assistant messages into the conversation.
Added CLAUDE_CODE_ACCOUNT_UUID, CLAUDE_CODE_USER_EMAIL, and CLAUDE_CODE_ORGANIZATION_UUID environment variables for SDK callers to provide account info synchronously, eliminating a race condition where early telemetry events lacked account metadata.
Fixed slash command autocomplete crashing when a plugin's SKILL.md description is a YAML array or other non-string type
HTTP hooks are now routed through the sandbox network proxy when sandboxing is enabled, enforcing the domain allowlist. HTTP hooks are not supported for SessionStart/Setup events.
The /model picker now shows human-readable labels (e.g., "Sonnet 4.5") instead of raw model IDs for pinned model versions, with an upgrade hint when a newer version is available.

View release on GitHub

v2.1.50 Breaking risk 3mo

Notable features

Added `isolation: worktree` in agent definitions for declarative git‑worktree isolation
Introduced `claude agents` CLI command to list configured agents

Full changelog

What's changed

Added support for startupTimeout configuration for LSP servers
Added WorktreeCreate and WorktreeRemove hook events, enabling custom VCS setup and teardown when agent worktree isolation creates or removes worktrees.
Fixed a bug where resumed sessions could be invisible when the working directory involved symlinks, because the session storage path was resolved at different times during startup. Also fixed session data loss on SSH disconnect by flushing session data before hooks and analytics in the graceful shutdown sequence.
Linux: Fixed native modules not loading on systems with glibc older than 2.30 (e.g., RHEL 8)
Fixed memory leak in agent teams where completed teammate tasks were never garbage collected from session state
Fixed CLAUDE_CODE_SIMPLE to fully strip down skills, session memory, custom agents, and CLAUDE.md token counting
Fixed /mcp reconnect freezing the CLI when given a server name that doesn't exist
Fixed memory leak where completed task state objects were never removed from AppState
Added support for isolation: worktree in agent definitions, allowing agents to declaratively run in isolated git worktrees.
CLAUDE_CODE_SIMPLE mode now also disables MCP tools, attachments, hooks, and CLAUDE.md file loading for a fully minimal experience.
Fixed bug where MCP tools were not discovered when tool search is enabled and a prompt is passed in as a launch argument
Improved memory usage during long sessions by clearing internal caches after compaction
Added claude agents CLI command to list all configured agents
Improved memory usage during long sessions by clearing large tool results after they have been processed
Fixed a memory leak where LSP diagnostic data was never cleaned up after delivery, causing unbounded memory growth in long sessions
Fixed a memory leak where completed task output was not freed from memory, reducing memory usage in long sessions with many tasks
Improved startup performance for headless mode (-p flag) by deferring Yoga WASM and UI component imports
Fixed prompt suggestion cache regression that reduced cache hit rates
Fixed unbounded memory growth in long sessions by capping file history snapshots
Added CLAUDE_CODE_DISABLE_1M_CONTEXT environment variable to disable 1M context window support
Opus 4.6 (fast mode) now includes the full 1M context window
VSCode: Added /extra-usage command support in VS Code sessions
Fixed memory leak where TaskOutput retained recent lines after cleanup
Fixed memory leak in CircularBuffer where cleared items were retained in the backing array
Fixed memory leak in shell command execution where ChildProcess and AbortController references were retained after cleanup

View release on GitHub

v2.1.49 Breaking risk 3mo

Breaking changes

Sonnet 4.5 (Max plan) removed; frontier Sonnet 4.6 now provides 1M context.

Full changelog

What's changed

Fixed Ctrl+C and ESC being silently ignored when background agents are running and the main thread is idle. Pressing twice within 3 seconds now kills all background agents.
Fixed prompt suggestion cache regression that reduced cache hit rates.
Fixed plugin enable and plugin disable to auto-detect the correct scope when --scope is not specified, instead of always defaulting to user scope
Simple mode (CLAUDE_CODE_SIMPLE) now includes the file edit tool in addition to the Bash tool, allowing direct file editing in simple mode.
Permission suggestions are now populated when safety checks trigger an ask response, enabling SDK consumers to display permission options
Sonnet 4.5 with 1M context is being removed from the Max plan in favor of our frontier Sonnet 4.6 model, which now has 1M context. Please switch in /model.
Fixed verbose mode not updating thinking block display when toggled via /config — memo comparators now correctly detect verbose changes
Fixed unbounded WASM memory growth during long sessions by periodically resetting the tree-sitter parser
Fixed potential rendering issues caused by stale yoga layout references
Improved performance in non-interactive mode (-p) by skipping unnecessary API calls during startup
Improved performance by caching authentication failures for HTTP and SSE MCP servers, avoiding repeated connection attempts to servers requiring auth
Fixed unbounded memory growth during long-running sessions caused by Yoga WASM linear memory never shrinking
SDK model info now includes supportsEffort, supportedEffortLevels, and supportsAdaptiveThinking fields so consumers can discover model capabilities.
Added ConfigChange hook event that fires when configuration files change during a session, enabling enterprise security auditing and optional blocking of settings changes.
Improved startup performance by caching MCP auth failures to avoid redundant connection attempts
Improved startup performance by reducing HTTP calls for analytics token counting
Improved startup performance by batching MCP tool token counting into a single API call
Fixed disableAllHooks setting to respect managed settings hierarchy — non-managed settings can no longer disable managed hooks set by policy (#26637)
Fixed --resume session picker showing raw XML tags for sessions that start with commands like /clear. Now correctly falls through to the session ID fallback.
Improved permission prompts for path safety and working directory blocks to show the reason for the restriction instead of a bare prompt with no context

View release on GitHub

v2.1.47 Bug fix 3mo

Fixed file‑write errors no longer abort parallel writes, allowing independent mutations to complete.

Full changelog

What's changed

Fixed FileWriteTool line counting to preserve intentional trailing blank lines instead of stripping them with trimEnd().
Fixed Windows terminal rendering bugs caused by os.EOL (\r\n) in display code — line counts now show correct values instead of always showing 1 on Windows.
Improved VS Code plan preview: auto-updates as Claude iterates, enables commenting only when the plan is ready for review, and keeps the preview open when rejecting so Claude can revise.
Fixed a bug where bold and colored text in markdown output could shift to the wrong characters on Windows due to \r\n line endings.
Fixed compaction failing when conversation contains many PDF documents by stripping document blocks alongside images before sending to the compaction API (anthropics/claude-code#26188)
Improved memory usage in long-running sessions by releasing API stream buffers, agent context, and skill state after use
Improved startup performance by deferring SessionStart hook execution, reducing time-to-interactive by ~500ms.
Fixed an issue where bash tool output was silently discarded on Windows when using MSYS2 or Cygwin shells.
Improved performance of @ file mentions - file suggestions now appear faster by pre-warming the index on startup and using session-based caching with background refresh.
Improved memory usage by trimming agent task message history after tasks complete
Improved memory usage during long agent sessions by eliminating O(n²) message accumulation in progress updates
Fixed the bash permission classifier to validate that returned match descriptions correspond to actual input rules, preventing hallucinated descriptions from incorrectly granting permissions
Fixed user-defined agents only loading one file on NFS/FUSE filesystems that report zero inodes (anthropics/claude-code#26044)
Fixed plugin agent skills silently failing to load when referenced by bare name instead of fully-qualified plugin name (anthropics/claude-code#25834)
Search patterns in collapsed tool results are now displayed in quotes for clarity
Windows: Fixed CWD tracking temp files never being cleaned up, causing them to accumulate indefinitely (anthropics/claude-code#17600)
Use ctrl+f to kill all background agents instead of double-pressing ESC. Background agents now continue running when you press ESC to cancel the main thread, giving you more control over agent lifecycle.
Fixed API 400 errors ("thinking blocks cannot be modified") that occurred in sessions with concurrent agents, caused by interleaved streaming content blocks preventing proper message merging.
Simplified teammate navigation to use only Shift+Down (with wrapping) instead of both Shift+Up and Shift+Down.
Fixed an issue where a single file write/edit error would abort all other parallel file write/edit operations. Independent file mutations now complete even when a sibling fails.
Added last_assistant_message field to Stop and SubagentStop hook inputs, providing the final assistant response text so hooks can access it without parsing transcript files.
Fixed custom session titles set via /rename being lost after resuming a conversation (anthropics/claude-code#23610)
Fixed collapsed read/search hint text overflowing on narrow terminals by truncating from the start.
Fixed an issue where bash commands with backslash-newline continuation lines (e.g., long commands split across multiple lines with \) would produce spurious empty arguments, potentially breaking command execution.
Fixed built-in slash commands (/help, /model, /compact, etc.) being hidden from the autocomplete dropdown when many user skills are installed (anthropics/claude-code#22020)
Fixed MCP servers not appearing in the MCP Management Dialog after deferred loading
Fixed session name persisting in status bar after /clear command (anthropics/claude-code#26082)
Fixed crash when a skill's name or description in SKILL.md frontmatter is a bare number (e.g., name: 3000) — the value is now properly coerced to a string (anthropics/claude-code#25837)
Fixed /resume silently dropping sessions when the first message exceeds 16KB or uses array-format content (anthropics/claude-code#25721)
Added chat:newline keybinding action for configurable multi-line input (anthropics/claude-code#26075)
Added added_dirs to the statusline JSON workspace section, exposing directories added via /add-dir to external scripts (anthropics/claude-code#26096)
Fixed claude doctor misclassifying mise and asdf-managed installations as native installs (anthropics/claude-code#26033)
Fixed zsh heredoc failing with "read-only file system" error in sandboxed commands (anthropics/claude-code#25990)
Fixed agent progress indicator showing inflated tool use count (anthropics/claude-code#26023)
Fixed image pasting not working on WSL2 systems where Windows copies images as BMP format (anthropics/claude-code#25935)
Fixed background agent results returning raw transcript data instead of the agent's final answer (anthropics/claude-code#26012)
Fixed Warp terminal incorrectly prompting for Shift+Enter setup when it supports it natively (anthropics/claude-code#25957)
Fixed CJK wide characters causing misaligned timestamps and layout elements in the TUI (anthropics/claude-code#26084)
Fixed custom agent model field in .claude/agents/*.md being ignored when spawning team teammates (anthropics/claude-code#26064)
Fixed plan mode being lost after context compaction, causing the model to switch from planning to implementation mode (anthropics/claude-code#26061)
Fixed alwaysThinkingEnabled: true in settings.json not enabling thinking mode on Bedrock and Vertex providers (anthropics/claude-code#26074)
Fixed tool_decision OTel telemetry event not being emitted in headless/SDK mode (anthropics/claude-code#26059)
Fixed session name being lost after context compaction — renamed sessions now preserve their custom title through compaction (anthropics/claude-code#26121)
Increased initial session count in resume picker from 10 to 50 for faster session discovery (anthropics/claude-code#26123)
Windows: fixed worktree session matching when drive letter casing differs (anthropics/claude-code#26123)
Fixed /resume <session-id> failing to find sessions whose first message exceeds 16KB (anthropics/claude-code#25920)
Fixed "Always allow" on multiline bash commands creating invalid permission patterns that corrupt settings (anthropics/claude-code#25909)
Fixed React crash (error #31) when a skill's argument-hint in SKILL.md frontmatter uses YAML sequence syntax (e.g., [topic: foo | bar]) — the value is now properly coerced to a string (anthropics/claude-code#25826)
Fixed crash when using /fork on sessions that used web search — null entries in search results from transcript deserialization are now handled gracefully (anthropics/claude-code#25811)
Fixed read-only git commands triggering FSEvents file watcher loops on macOS by adding --no-optional-locks flag (anthropics/claude-code#25750)
Fixed custom agents and skills not being discovered when running from a git worktree — project-level .claude/agents/ and .claude/skills/ from the main repository are now included (anthropics/claude-code#25816)
Fixed non-interactive subcommands like claude doctor and claude plugin validate being blocked inside nested Claude sessions (anthropics/claude-code#25803)
Windows: Fixed the same CLAUDE.md file being loaded twice when drive letter casing differs between paths (anthropics/claude-code#25756)
Fixed inline code spans in markdown being incorrectly parsed as bash commands (anthropics/claude-code#25792)
Fixed teammate spinners not respecting custom spinnerVerbs from settings (anthropics/claude-code#25748)
Fixed shell commands permanently failing after a command deletes its own working directory (anthropics/claude-code#26136)
Fixed hooks (PreToolUse, PostToolUse) silently failing to execute on Windows by using Git Bash instead of cmd.exe (anthropics/claude-code#25981)
Fixed LSP findReferences and other location-based operations returning results from gitignored files (e.g., node_modules/, venv/) (anthropics/claude-code#26051)
Moved config backup files from home directory root to ~/.claude/backups/ to reduce home directory clutter (anthropics/claude-code#26130)
Fixed sessions with large first prompts (>16KB) disappearing from the /resume list (anthropics/claude-code#26140)
Fixed shell functions with double-underscore prefixes (e.g., __git_ps1) not being preserved across shell sessions (anthropics/claude-code#25824)
Fixed spinner showing "0 tokens" counter before any tokens have been received (anthropics/claude-code#26105)
VSCode: Fixed conversation messages appearing dimmed while the AskUserQuestion dialog is open (anthropics/claude-code#26078)
Fixed background tasks failing in git worktrees due to remote URL resolution reading from worktree-specific gitdir instead of the main repository config (anthropics/claude-code#26065)
Fixed Right Alt key leaving visible [25~ escape sequence residue in the input field on Windows/Git Bash terminals (anthropics/claude-code#25943)
The /rename command now updates the terminal tab title by default (anthropics/claude-code#25789)
Fixed Edit tool silently corrupting Unicode curly quotes (\u201c\u201d \u2018\u2019) by replacing them with straight quotes when making edits (anthropics/claude-code#26141)
Fixed OSC 8 hyperlinks only being clickable on the first line when link text wraps across multiple terminal lines.

View release on GitHub

v2.1.45 New feature 3mo

Notable features

Support for Claude Sonnet 4.6
Added `spinnerTipsOverride` setting to customize spinner tips (with optional exclusion of defaults)
Introduced `SDKRateLimitInfo` and `SDKRateLimitEvent` types for detailed rate‑limit status

Full changelog

What's changed

Added support for Claude Sonnet 4.6
Added support for reading enabledPlugins and extraKnownMarketplaces from --add-dir directories
Added spinnerTipsOverride setting to customize spinner tips — configure tips with an array of custom tip strings, and optionally set excludeDefault: true to show only your custom tips instead of the built-in ones
Added SDKRateLimitInfo and SDKRateLimitEvent types to the SDK, enabling consumers to receive rate limit status updates including utilization, reset times, and overage information
Fixed Agent Teams teammates failing on Bedrock, Vertex, and Foundry by propagating API provider environment variables to tmux-spawned processes (anthropics/claude-code#23561)
Fixed sandbox "operation not permitted" errors when writing temporary files on macOS by using the correct per-user temp directory (anthropics/claude-code#21654)
Fixed Task tool (backgrounded agents) crashing with a ReferenceError on completion (anthropics/claude-code#22087)
Fixed autocomplete suggestions not being accepted on Enter when images are pasted in the input
Fixed skills invoked by subagents incorrectly appearing in main session context after compaction
Fixed excessive .claude.json.backup files accumulating on every startup
Fixed plugin-provided commands, agents, and hooks not being available immediately after installation without requiring a restart
Improved startup performance by removing eager loading of session history for stats caching
Improved memory usage for shell commands that produce large output — RSS no longer grows unboundedly with command output size
Improved collapsed read/search groups to show the current file or search pattern being processed beneath the summary line while active
[VSCode] Improved permission destination choice (project/user/session) to persist across sessions

View release on GitHub

v2.1.44 Bugfix 3mo

Fixed auth refresh errors.

Changelog

What's changed

Fixed auth refresh errors

View release on GitHub

v2.1.42 Bug fix 3mo

Fixed /resume interrupt messages appearing as session titles.

Full changelog

What's changed

Fixed /resume showing interrupt messages as session titles
Fixed Opus 4.6 launch announcement showing for Bedrock/Vertex/Foundry users
Improved error message for many-image dimension limit errors with /compact suggestion

View release on GitHub

v2.1.41 Bug fix 3mo

Notable features

Added `claude auth login`, `claude auth status`, and `claude auth logout` CLI subcommands
Added Windows ARM64 (win32-arm64) native binary support
Improved `/rename` to auto-generate session name from conversation context when called without arguments

Full changelog

What's changed

Fixed AWS auth refresh hanging indefinitely by adding a 3-minute timeout
Added claude auth login, claude auth status, and claude auth logout CLI subcommands
Added Windows ARM64 (win32-arm64) native binary support
Improved /rename to auto-generate session name from conversation context when called without arguments
Improved narrow terminal layout for prompt footer
Fixed file resolution failing for @-mentions with anchor fragments (e.g., @README.md#installation)
Fixed FileReadTool blocking the process on FIFOs, /dev/stdin, and large files
Fixed background task notifications not being delivered in streaming Agent SDK mode
Fixed cursor jumping to end on each keystroke in classifier rule input
Fixed markdown link display text being dropped for raw URL
Fixed auto-compact failure error notifications being shown to users
Fixed permission wait time being included in subagent elapsed time display
Fixed proactive ticks firing while in plan mode
Fixed clear stale permission rules when settings change on disk
Fixed hook blocking errors showing stderr content in UI

View release on GitHub

v2.1.39 Bug fix 3mo

Fixed process hanging after session close.

Full changelog

What's changed

Improved terminal rendering performance
Fixed fatal errors being swallowed instead of displayed
Fixed process hanging after session close
Fixed character loss at terminal screen boundary
Fixed blank lines in verbose transcript view

View release on GitHub

v2.1.38 Bug fix 3mo

Security fixes

Blocked writes to .claude/skills directory in sandbox mode

Notable features

Improved heredoc delimiter parsing to prevent command smuggling
Blocked writes to .claude/skills directory in sandbox mode

Full changelog

What's changed

Fixed VS Code terminal scroll-to-top regression introduced in 2.1.37
Fixed Tab key queueing slash commands instead of autocompleting
Fixed bash permission matching for commands using environment variable wrappers
Fixed text between tool uses disappearing when not using streaming
Fixed duplicate sessions when resuming in VS Code extension
Improved heredoc delimiter parsing to prevent command smuggling
Blocked writes to .claude/skills directory in sandbox mode

View release on GitHub

v2.1.37 Bug fix 3mo

Fixed the delay in availability of /fast endpoint after enabling /extra-usage.

Full changelog

What's changed

Fixed an issue where /fast was not immediately available after enabling /extra-usage

View release on GitHub

v2.1.36 Feature 3mo

Notable features

Fast mode introduced in Opus 4.6

Full changelog

What's changed

Fast mode is now available for Opus 4.6. Learn more at https://code.claude.com/docs/en/fast-mode

View release on GitHub

v2.1.34 Bug fix 3mo

Security fixes

Commands excluded from sandboxing can no longer bypass the Bash ask permission rule when `autoAllowBashIfSandboxed` is enabled

Full changelog

What's changed

Fixed a crash when agent teams setting changed between renders
Fixed a bug where commands excluded from sandboxing (via sandbox.excludedCommands or dangerouslyDisableSandbox) could bypass the Bash ask permission rule when autoAllowBashIfSandboxed was enabled

View release on GitHub

v2.1.33 Bug fix 3mo

Notable features

TeammateIdle and TaskCompleted hook events for multi-agent workflows
`memory` frontmatter field enabling persistent agent memory (user, project, local scopes)
Plugin name added to skill descriptions and /skills menu

Full changelog

What's changed

Fixed agent teammate sessions in tmux to send and receive messages
Fixed warnings about agent teams not being available on your current plan
Added TeammateIdle and TaskCompleted hook events for multi-agent workflows
Added support for restricting which sub-agents can be spawned via Task(agent_type) syntax in agent "tools" frontmatter
Added memory frontmatter field support for agents, enabling persistent memory with user, project, or local scope
Added plugin name to skill descriptions and /skills menu for better discoverability
Fixed an issue where submitting a new message while the model was in extended thinking would interrupt the thinking phase
Fixed an API error that could occur when aborting mid-stream, where whitespace text combined with a thinking block would bypass normalization and produce an invalid request
Fixed API proxy compatibility issue where 404 errors on streaming endpoints no longer triggered non-streaming fallback
Fixed an issue where proxy settings configured via settings.json environment variables were not applied to WebFetch and other HTTP requests on the Node.js build
Fixed /resume session picker showing raw XML markup instead of clean titles for sessions started with slash commands
Improved error messages for API connection failures — now shows specific cause (e.g., ECONNREFUSED, SSL errors) instead of generic "Connection error"
Errors from invalid managed settings are now surfaced
VSCode: Added support for remote sessions, allowing OAuth users to browse and resume sessions from claude.ai
VSCode: Added git branch and message count to the session picker, with support for searching by branch name
VSCode: Fixed scroll-to-bottom under-scrolling on initial session load and session switch

View release on GitHub

v2.1.32 New feature 3mo

⚠ Upgrade required

Set environment variable CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 to enable the agent teams feature.
--resume now re‑uses the previously specified --agent value by default.

Notable features

Research preview agent teams feature for multi‑agent collaboration (enabled via CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1)
Automatic recording and recall of memories during conversations
"Summarize from here" option in message selector for partial summarization

Full changelog

What's changed

Claude Opus 4.6 is now available!
Added research preview agent teams feature for multi-agent collaboration (token-intensive feature, requires setting CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1)
Claude now automatically records and recalls memories as it works
Added "Summarize from here" to the message selector, allowing partial conversation summarization.
Skills defined in .claude/skills/ within additional directories (--add-dir) are now loaded automatically.
Fixed @ file completion showing incorrect relative paths when running from a subdirectory
Updated --resume to re-use --agent value specified in previous conversation by default.
Fixed: Bash tool no longer throws "Bad substitution" errors when heredocs contain JavaScript template literals like ${index + 1}, which previously interrupted tool execution
Skill character budget now scales with context window (2% of context), so users with larger context windows can see more skill descriptions without truncation
Fixed Thai/Lao spacing vowels (สระ า, ำ) not rendering correctly in the input field
VSCode: Fixed slash commands incorrectly being executed when pressing Enter with preceding text in the input field
VSCode: Added spinner when loading past conversations list

View release on GitHub

v2.1.31 Breaking risk 4mo

⚠ Upgrade required

Removed misleading Anthropic API pricing from model selector for third‑party provider users (Bedrock, Vertex, Foundry)

Notable features

Added session resume hint on exit
Added full-width (zenkaku) space support for Japanese IME checkbox input
Improved system prompts to favor dedicated tools over bash equivalents

Full changelog

What's changed

Added session resume hint on exit, showing how to continue your conversation later
Added support for full-width (zenkaku) space input from Japanese IME in checkbox selection
Fixed PDF too large errors permanently locking up sessions, requiring users to start a new conversation
Fixed bash commands incorrectly reporting failure with "Read-only file system" errors when sandbox mode was enabled
Fixed a crash that made sessions unusable after entering plan mode when project config in ~/.claude.json was missing default fields
Fixed temperatureOverride being silently ignored in the streaming API path, causing all streaming requests to use the default temperature (1) regardless of the configured override
Fixed LSP shutdown/exit compatibility with strict language servers that reject null params
Improved system prompts to more clearly guide the model toward using dedicated tools (Read, Edit, Glob, Grep) instead of bash equivalents (cat, sed, grep, find), reducing unnecessary bash command usage
Improved PDF and request size error messages to show actual limits (100 pages, 20MB)
Reduced layout jitter in the terminal when the spinner appears and disappears during streaming
Removed misleading Anthropic API pricing from model selector for third-party provider (Bedrock, Vertex, Foundry) users

View release on GitHub

v2.1.30 New feature 4mo

Notable features

Added `pages` parameter to Read tool for selecting page ranges in PDFs (e.g., `pages: "1-5"`).
Pre‑configured OAuth client credentials (`--client-id`, `--client-secret`) for MCP servers lacking Dynamic Client Registration.
Added `/debug` command to help troubleshoot Claude sessions.

Full changelog

What's changed

Added pages parameter to the Read tool for PDFs, allowing specific page ranges to be read (e.g., pages: "1-5"). Large PDFs (>10 pages) now return a lightweight reference when @ mentioned instead of being inlined into context.
Added pre-configured OAuth client credentials for MCP servers that don't support Dynamic Client Registration (e.g., Slack). Use --client-id and --client-secret with claude mcp add.
Added /debug for Claude to help troubleshoot the current session
Added support for additional git log and git show flags in read-only mode (e.g., --topo-order, --cherry-pick, --format, --raw)
Added token count, tool uses, and duration metrics to Task tool results
Added reduced motion mode to the config
Fixed phantom "(no content)" text blocks appearing in API conversation history, reducing token waste and potential model confusion
Fixed prompt cache not correctly invalidating when tool descriptions or input schemas changed, only when tool names changed
Fixed 400 errors that could occur after running /login when the conversation contained thinking blocks
Fixed a hang when resuming sessions with corrupted transcript files containing parentUuid cycles
Fixed rate limit message showing incorrect "/upgrade" suggestion for Max 20x users when extra-usage is unavailable
Fixed permission dialogs stealing focus while actively typing
Fixed subagents not being able to access SDK-provided MCP tools because they were not synced to the shared application state
Fixed a regression where Windows users with a .bashrc file could not run bash commands
Improved memory usage for --resume (68% reduction for users with many sessions) by replacing the session index with lightweight stat-based loading and progressive enrichment
Improved TaskStop tool to display the stopped command/task description in the result line instead of a generic "Task stopped" message
Changed /model to execute immediately instead of being queued
[VSCode] Added multiline input support to the "Other" text input in question dialogs (use Shift+Enter for new lines)
[VSCode] Fixed duplicate sessions appearing in the session list when starting a new conversation

View release on GitHub

v2.1.29 Bug fix 4mo

Fixed startup performance issues when resuming sessions with `saved_hook_context`.

Full changelog

What's changed

Fixed startup performance issues when resuming sessions that have saved_hook_context

View release on GitHub

v2.1.27 Breaking risk 4mo

Breaking changes

Permissions now respect content-level `ask` over tool-level `allow`, altering allowed command behavior.

Notable features

Added `--from-pr` flag to resume sessions linked to a specific GitHub PR
Sessions automatically link to PRs when created via `gh pr create`
VSCode: Enabled Claude in Chrome integration

Full changelog

What's changed

Added tool call failures and denials to debug logs
Fixed context management validation error for gateway users, ensuring CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 avoids the error
Added --from-pr flag to resume sessions linked to a specific GitHub PR number or URL
Sessions are now automatically linked to PRs when created via gh pr create
Fixed /context command not displaying colored output
Fixed status bar duplicating background task indicator when PR status was shown
VSCode: Enabled Claude in Chrome integration
Permissions now respect content-level ask over tool-level allow. Previously allow: ["Bash"], ask: ["Bash(rm *)"] allowed all bash commands, but will now permission prompt for rm.
Windows: Fixed bash command execution failing for users with .bashrc files
Windows: Fixed console windows flashing when spawning child processes
VSCode: Fixed OAuth token expiration causing 401 errors after extended sessions

View release on GitHub

v2.1.25 Bug fix 4mo

Fixed beta header validation error for gateway users on Bedrock and Vertex with env var CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1.

Full changelog

What's changed

Fixed beta header validation error for gateway users on Bedrock and Vertex, ensuring CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 avoids the error

View release on GitHub

v2.1.23 Bug fix 4mo

Notable features

Added customizable spinner verbs setting (`spinnerVerbs`)
Improved terminal rendering performance with optimized screen data layout
Changed Bash commands to show timeout duration alongside elapsed time

Full changelog

What's changed

Added customizable spinner verbs setting (spinnerVerbs)
Fixed mTLS and proxy connectivity for users behind corporate proxies or using client certificates
Fixed per-user temp directory isolation to prevent permission conflicts on shared systems
Fixed a race condition that could cause 400 errors when prompt caching scope was enabled
Fixed pending async hooks not being cancelled when headless streaming sessions ended
Fixed tab completion not updating the input field when accepting a suggestion
Fixed ripgrep search timeouts silently returning empty results instead of reporting errors
Improved terminal rendering performance with optimized screen data layout
Changed Bash commands to show timeout duration alongside elapsed time
Changed merged pull requests to show a purple status indicator in the prompt footer
[IDE] Fixed model options displaying incorrect region strings for Bedrock users in headless mode

View release on GitHub

v2.1.22 Bug fix 4mo

Fixed structured outputs in non‑interactive (-p) mode.

Changelog

What's changed

Fixed structured outputs for non-interactive (-p) mode

View release on GitHub

v2.1.21 Bug fix 4mo

Notable features

Full-width (zenkaku) number input support for Japanese IME in option selection prompts
[VSCode] Automatic Python virtual environment activation with configurable setting `claudeCode.usePythonEnvironment`

Full changelog

What's changed

Added support for full-width (zenkaku) number input from Japanese IME in option selection prompts
Fixed shell completion cache files being truncated on exit
Fixed API errors when resuming sessions that were interrupted during tool execution
Fixed auto-compact triggering too early on models with large output token limits
Fixed task IDs potentially being reused after deletion
Fixed file search not working in VS Code extension on Windows
Improved read/search progress indicators to show "Reading…" while in progress and "Read" when complete
Improved Claude to prefer file operation tools (Read, Edit, Write) over bash equivalents (cat, sed, awk)
[VSCode] Added automatic Python virtual environment activation, ensuring python and pip commands use the correct interpreter (configurable via claudeCode.usePythonEnvironment setting)
[VSCode] Fixed message action buttons having incorrect background colors

View release on GitHub

v2.1.20 New feature 4mo

Notable features

PR review status indicator in prompt footer with colored dot and clickable link
Ability to delete tasks via the TaskUpdate tool

Full changelog

What's changed

Added arrow key history navigation in vim normal mode when cursor cannot move further
Added external editor shortcut (Ctrl+G) to the help menu for better discoverability
Added PR review status indicator to the prompt footer, showing the current branch's PR state (approved, changes requested, pending, or draft) as a colored dot with a clickable link
Added support for loading CLAUDE.md files from additional directories specified via --add-dir flag (requires setting CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1)
Added ability to delete tasks via the TaskUpdate tool
Fixed session compaction issues that could cause resume to load full history instead of the compact summary
Fixed agents sometimes ignoring user messages sent while actively working on a task
Fixed wide character (emoji, CJK) rendering artifacts where trailing columns were not cleared when replaced by narrower characters
Fixed JSON parsing errors when MCP tool responses contain special Unicode characters
Fixed up/down arrow keys in multi-line and wrapped text input to prioritize cursor movement over history navigation
Fixed draft prompt being lost when pressing UP arrow to navigate command history
Fixed ghost text flickering when typing slash commands mid-input
Fixed marketplace source removal not properly deleting settings
Fixed duplicate output in some commands like /context
Fixed task list sometimes showing outside the main conversation view
Fixed syntax highlighting for diffs occurring within multiline constructs like Python docstrings
Fixed crashes when cancelling tool use
Improved /sandbox command UI to show dependency status with installation instructions when dependencies are missing
Improved thinking status text with a subtle shimmer animation
Improved task list to dynamically adjust visible items based on terminal height
Improved fork conversation hint to show how to resume the original session
Changed collapsed read/search groups to show present tense ("Reading", "Searching for") while in progress, and past tense ("Read", "Searched for") when complete
Changed teammate messages to render with rich Markdown formatting (bold, code blocks, lists, etc.) instead of plain text
Changed ToolSearch results to appear as a brief notification instead of inline in the conversation
Changed the /commit-push-pr skill to automatically post PR URLs to Slack channels when configured via MCP tools
Changed the /copy command to be available to all users
Changed background agents to prompt for tool permissions before launching
Changed permission rules like Bash(*) to be accepted and treated as equivalent to Bash
Changed config backups to be timestamped and rotated (keeping 5 most recent) to prevent data loss

View release on GitHub

v2.1.19 Breaking risk 4mo

Breaking changes

Changed indexed argument syntax from `$ARGUMENTS.0` to `$ARGUMENTS[0]` (bracket notation).

Full changelog

What's changed

Added env var CLAUDE_CODE_ENABLE_TASKS, set to false to keep the old system temporarily
Added shorthand $0, $1, etc. for accessing individual arguments in custom commands
Fixed crashes on processors without AVX instruction support
Fixed dangling Claude Code processes when terminal is closed by catching EIO errors from process.exit() and using SIGKILL as fallback
Fixed /rename and /tag not updating the correct session when resuming from a different directory (e.g., git worktrees)
Fixed resuming sessions by custom title not working when run from a different directory
Fixed pasted text content being lost when using prompt stash (Ctrl+S) and restore
Fixed agent list displaying "Sonnet (default)" instead of "Inherit (default)" for agents without an explicit model setting
Fixed backgrounded hook commands not returning early, potentially causing the session to wait on a process that was intentionally backgrounded
Fixed file write preview omitting empty lines
Changed skills without additional permissions or hooks to be allowed without requiring approval
Changed indexed argument syntax from $ARGUMENTS.0 to $ARGUMENTS[0] (bracket syntax)
[SDK] Added replay of queued_command attachment messages as SDKUserMessageReplay events when replayUserMessages is enabled
[VSCode] Enabled session forking and rewind functionality for all users

View release on GitHub

v2.1.17 Bug fix 4mo

Fixed crashes on processors lacking AVX instruction support.

Changelog

What's changed

Fixed crashes on processors without AVX instruction support

View release on GitHub

v2.1.16 Bug fix 4mo

Notable features

Added new task management system with dependency tracking
Native plugin management support in VSCode
OAuth users can browse and resume remote Claude sessions from the Sessions dialog

Full changelog

What's changed

Added new task management system, including new capabilities like dependency tracking
[VSCode] Added native plugin management support
[VSCode] Added ability for OAuth users to browse and resume remote Claude sessions from the Sessions dialog
Fixed out-of-memory crashes when resuming sessions with heavy subagent usage
Fixed an issue where the "context remaining" warning was not hidden after running /compact
Fixed session titles on the resume screen not respecting the user's language setting
[IDE] Fixed a race condition on Windows where the Claude Code sidebar view container would not appear on start

View release on GitHub

v2.1.15 Bug fix 4mo

⚠ Upgrade required

Deprecation notification for npm installations – use `claude install` or refer to https://docs.anthropic.com/en/docs/claude-code/getting-started

Notable features

Improved UI rendering performance with React Compiler

Full changelog

What's changed

Added deprecation notification for npm installations - run claude install or see https://docs.anthropic.com/en/docs/claude-code/getting-started for more options
Improved UI rendering performance with React Compiler
Fixed the "Context left until auto-compact" warning not disappearing after running /compact
Fixed MCP stdio server timeout not killing child process, which could cause UI freezes

View release on GitHub

v2.1.14 Bug fix 4mo

Notable features

History-based autocomplete in bash mode (`!`)
Search filter for installed plugins list
Pin plugins to specific git commit SHAs

Full changelog

What's changed

Added history-based autocomplete in bash mode (!) - type a partial command and press Tab to complete from your bash command history
Added search to installed plugins list - type to filter by name or description
Added support for pinning plugins to specific git commit SHAs, allowing marketplace entries to install exact versions
Fixed a regression where the context window blocking limit was calculated too aggressively, blocking users at ~65% context usage instead of the intended ~98%
Fixed memory issues that could cause crashes when running parallel subagents
Fixed memory leak in long-running sessions where stream resources were not cleaned up after shell commands completed
Fixed @ symbol incorrectly triggering file autocomplete suggestions in bash mode
Fixed @-mention menu folder click behavior to navigate into directories instead of selecting them
Fixed /feedback command generating invalid GitHub issue URLs when description is very long
Fixed /context command to show the same token count and percentage as the status line in verbose mode
Fixed an issue where /config, /context, /model, and /todos command overlays could close unexpectedly
Fixed slash command autocomplete selecting wrong command when typing similar commands (e.g., /context vs /compact)
Fixed inconsistent back navigation in plugin marketplace when only one marketplace is configured
Fixed iTerm2 progress bar not clearing properly on exit, preventing lingering indicators and bell sounds
Improved backspace to delete pasted text as a single token instead of one character at a time
[VSCode] Added /usage command to display current plan usage

View release on GitHub

v2.1.12 Bugfix 4mo

Fixed message rendering bug.

Changelog

What's changed

Fixed message rendering bug

View release on GitHub

v2.1.11 Bug fix 4mo

Fixed excessive MCP connection requests for HTTP/SSE transports.

Changelog

What's changed

Fixed excessive MCP connection requests for HTTP/SSE transports

View release on GitHub

v2.1.9 Bug fix 4mo

Notable features

`auto:N` syntax for MCP tool search auto-enable threshold
`plansDirectory` setting to customize plan file storage location
External editor support (Ctrl+G) in AskUserQuestion "Other" input field

Full changelog

What's changed

Added auto:N syntax for configuring the MCP tool search auto-enable threshold, where N is the context window percentage (0-100)
Added plansDirectory setting to customize where plan files are stored
Added external editor support (Ctrl+G) in AskUserQuestion "Other" input field
Added session URL attribution to commits and PRs created from web sessions
Added support for PreToolUse hooks to return additionalContext to the model
Added ${CLAUDE_SESSION_ID} string substitution for skills to access the current session ID
Fixed long sessions with parallel tool calls failing with an API error about orphan tool_result blocks
Fixed MCP server reconnection hanging when cached connection promise never resolves
Fixed Ctrl+Z suspend not working in terminals using Kitty keyboard protocol (Ghostty, iTerm2, kitty, WezTerm)

View release on GitHub

v2.1.7 Security relevant 4mo

⚠ Upgrade required

OAuth and API Console URLs have changed from console.anthropic.com to platform.claude.com
MCP tool search auto mode is enabled by default; defer long descriptions via MCPSearch. Disable with `MCPSearch` in `disallowedTools`.
[VSCode] Fixed claudeProcessWrapper setting now correctly passes the Claude binary path.

Security fixes

Fixed security vulnerability where wildcard permission rules could match compound commands containing shell operators

Notable features

showTurnDuration setting to hide turn duration messages
Ability to provide feedback when accepting permission prompts
Inline display of agent's final response in task notifications

Full changelog

What's changed

Added showTurnDuration setting to hide turn duration messages (e.g., "Cooked for 1m 6s")
Added ability to provide feedback when accepting permission prompts
Added inline display of agent's final response in task notifications, making it easier to see results without reading the full transcript file
Fixed security vulnerability where wildcard permission rules could match compound commands containing shell operators
Fixed false "file modified" errors on Windows when cloud sync tools, antivirus scanners, or Git touch file timestamps without changing content
Fixed orphaned tool_result errors when sibling tools fail during streaming execution
Fixed context window blocking limit being calculated using the full context window instead of the effective context window (which reserves space for max output tokens)
Fixed spinner briefly flashing when running local slash commands like /model or /theme
Fixed terminal title animation jitter by using fixed-width braille characters
Fixed plugins with git submodules not being fully initialized when installed
Fixed bash commands failing on Windows when temp directory paths contained characters like t or n that were misinterpreted as escape sequences
Improved typing responsiveness by reducing memory allocation overhead in terminal rendering
Enabled MCP tool search auto mode by default for all users. When MCP tool descriptions exceed 10% of the context window, they are automatically deferred and discovered via the MCPSearch tool instead of being loaded upfront. This reduces context usage for users with many MCP tools configured. Users can disable this by adding MCPSearch to disallowedTools in their settings.
Changed OAuth and API Console URLs from console.anthropic.com to platform.claude.com
[VSCode] Fixed claudeProcessWrapper setting passing the wrapper path instead of the Claude binary path

View release on GitHub

v2.1.6 Breaking risk 4mo

Breaking changes

Removed ability to @-mention MCP servers to enable/disable; use `/mcp enable ` instead

Security fixes

Fixed permission bypass via shell line continuation that could allow blocked commands to execute

Notable features

Automatic discovery of skills from nested `.claude/skills` directories
/config command now includes search functionality for settings
/doctor command adds Updates section showing auto-update channel and available npm versions (stable/latest)

Full changelog

What's changed

Added search functionality to /config command for quickly filtering settings
Added Updates section to /doctor showing auto-update channel and available npm versions (stable/latest)
Added date range filtering to /stats command - press r to cycle between Last 7 days, Last 30 days, and All time
Added automatic discovery of skills from nested .claude/skills directories when working with files in subdirectories
Added context_window.used_percentage and context_window.remaining_percentage fields to status line input for easier context window display
Added an error display when the editor fails during Ctrl+G
Fixed permission bypass via shell line continuation that could allow blocked commands to execute
Fixed false "File has been unexpectedly modified" errors when file watchers touch files without changing content
Fixed text styling (bold, colors) getting progressively misaligned in multi-line responses
Fixed the feedback panel closing unexpectedly when typing 'n' in the description field
Fixed rate limit warning appearing at low usage after weekly reset (now requires 70% usage)
Fixed rate limit options menu incorrectly auto-opening when resuming a previous session
Fixed numpad keys outputting escape sequences instead of characters in Kitty keyboard protocol terminals
Fixed Option+Return not inserting newlines in Kitty keyboard protocol terminals
Fixed corrupted config backup files accumulating in the home directory (now only one backup is created per config file)
Fixed mcp list and mcp get commands leaving orphaned MCP server processes
Fixed visual artifacts in ink2 mode when nodes become hidden via display:none
Improved the external CLAUDE.md imports approval dialog to show which files are being imported and from where
Improved the /tasks dialog to go directly to task details when there's only one background task running
Improved @ autocomplete with icons for different suggestion types and single-line formatting
Updated "Help improve Claude" setting fetch to refresh OAuth and retry when it fails due to a stale OAuth token
Changed task notification display to cap at 3 lines with overflow summary when multiple background tasks complete simultaneously
Changed terminal title to "Claude Code" on startup for better window identification
Removed ability to @-mention MCP servers to enable/disable - use /mcp enable <name> instead
[VSCode] Fixed usage indicator not updating after manual compact

View release on GitHub

v2.1.5 New feature 4mo

Notable features

Added CLAUDE_CODE_TMPDIR environment variable to override the temp directory

Full changelog

What's changed

Added CLAUDE_CODE_TMPDIR environment variable to override the temp directory used for internal temp files, useful for environments with custom temp directory requirements

View release on GitHub

v2.1.4 Bug fix 4mo

Notable features

CLAUDE_CODE_DISABLE_BACKGROUND_TASKS env var to disable all background task functionality

Full changelog

What's changed

Added CLAUDE_CODE_DISABLE_BACKGROUND_TASKS environment variable to disable all background task functionality including auto-backgrounding and the Ctrl+B shortcut
Fixed "Help improve Claude" setting fetch to refresh OAuth and retry when it fails due to a stale OAuth token

View release on GitHub

v2.1.3 Bug fix 4mo

⚠ Upgrade required

Tool hook execution timeout increased from 60 seconds to 10 minutes

Notable features

Added release channel (`stable` or `latest`) toggle to `/config`
Detection and warnings for unreachable permission rules in `/doctor` with source info and fix guidance
Clickable destination selector for permission requests in VSCode

Full changelog

What's changed

Merged slash commands and skills, simplifying the mental model with no change in behavior
Added release channel (stable or latest) toggle to /config
Added detection and warnings for unreachable permission rules, with warnings in /doctor and after saving rules that include the source of each rule and actionable fix guidance
Fixed plan files persisting across /clear commands, now ensuring a fresh plan file is used after clearing a conversation
Fixed false skill duplicate detection on filesystems with large inodes (e.g., ExFAT) by using 64-bit precision for inode values
Fixed mismatch between background task count in status bar and items shown in tasks dialog
Fixed sub-agents using the wrong model during conversation compaction
Fixed web search in sub-agents using incorrect model
Fixed trust dialog acceptance when running from the home directory not enabling trust-requiring features like hooks during the session
Improved terminal rendering stability by preventing uncontrolled writes from corrupting cursor state
Improved slash command suggestion readability by truncating long descriptions to 2 lines
Changed tool hook execution timeout from 60 seconds to 10 minutes
[VSCode] Added clickable destination selector for permission requests, allowing you to choose where settings are saved (this project, all projects, shared with team, or session only)

View release on GitHub

v2.1.2 Breaking risk 4mo

⚠ Upgrade required

Migrate Windows managed settings from `C:\ProgramData\ClaudeCode\managed-settings.json` to `C:\Program Files\ClaudeCode\managed-settings.json`
Ensure zod peer dependency is at least ^4.0.0 for SDK usage

Breaking changes

Deprecation of Windows managed settings path `C:\ProgramData\ClaudeCode\managed-settings.json` – migrate to `C:\Program Files\ClaudeCode\managed-settings.json`
Minimum zod peer dependency raised to ^4.0.0

Security fixes

CVE-2024-XXXXX — Command injection vulnerability fixed in bash command processing allowing arbitrary code execution via malformed input

Notable features

Source path metadata added for images dragged onto the terminal
Clickable hyperlinks for file paths in terminals supporting OSC 8 (e.g., iTerm)
Windows Package Manager (winget) installation support with auto‑detection and update guidance

Full changelog

What's changed

Added source path metadata to images dragged onto the terminal, helping Claude understand where images originated
Added clickable hyperlinks for file paths in tool output in terminals that support OSC 8 (like iTerm)
Added support for Windows Package Manager (winget) installations with automatic detection and update instructions
Added Shift+Tab keyboard shortcut in plan mode to quickly select "auto-accept edits" option
Added FORCE_AUTOUPDATE_PLUGINS environment variable to allow plugin autoupdate even when the main auto-updater is disabled
Added agent_type to SessionStart hook input, populated if --agent is specified
Fixed a command injection vulnerability in bash command processing where malformed input could execute arbitrary commands
Fixed a memory leak where tree-sitter parse trees were not being freed, causing WASM memory to grow unbounded over long sessions
Fixed binary files (images, PDFs, etc.) being accidentally included in memory when using @include directives in CLAUDE.md files
Fixed updates incorrectly claiming another installation is in progress
Fixed crash when socket files exist in watched directories (defense-in-depth for EOPNOTSUPP errors)
Fixed remote session URL and teleport being broken when using /tasks command
Fixed MCP tool names being exposed in analytics events by sanitizing user-specific server configurations
Improved Option-as-Meta hint on macOS to show terminal-specific instructions for native CSIu terminals like iTerm2, Kitty, and WezTerm
Improved error message when pasting images over SSH to suggest using scp instead of the unhelpful clipboard shortcut hint
Improved permission explainer to not flag routine dev workflows (git fetch/rebase, npm install, tests, PRs) as medium risk
Changed large bash command outputs to be saved to disk instead of truncated, allowing Claude to read the full content
Changed large tool outputs to be persisted to disk instead of truncated, providing full output access via file references
Changed /plugins installed tab to unify plugins and MCPs with scope-based grouping
Deprecated Windows managed settings path C:\ProgramData\ClaudeCode\managed-settings.json - administrators should migrate to C:\Program Files\ClaudeCode\managed-settings.json
[SDK] Changed minimum zod peer dependency to ^4.0.0
[VSCode] Fixed usage display not updating after manual compact

View release on GitHub

v2.1.1 Maintenance 4mo

Routine maintenance release for claude-code.

Full changelog

View release on GitHub

v2.0.76 Bug fix 4mo

Fixed macOS code‑sign warning when using Claude in Chrome integration.

Full changelog

What's changed

Fixed issue with macOS code-sign warning when using Claude in Chrome integration

View release on GitHub

All releases

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed

What's changed