Claude docs changes for July 15th, 2026 [diff]
Executive Summary
- New Admin API endpoints for RBAC (role-based access control) groups and custom roles, plus a new Claude Enterprise user-management guide, let admins programmatically manage members, invites, and access control instead of relying on the claude.ai UI.
- Managed Agents API gains multiagent orchestration: a coordinator agent can now delegate work to a roster of other agents (or copies of itself), each running in its own isolated session thread.
- Claude Code 2.1.210 bundles several security hardening fixes — isolated worktree subagents could previously run git commands against the main repo, the Agent tool is now hardened against indirect prompt injection, and
Readdeny rules now also block the Edit tool on the same path. - New
CLAUDE_CODE_PROCESS_WRAPPERenvironment variable and corporate-launcher support let enterprises force every process Claude Code spawns through a mandatory security wrapper script. - Claude Code 2.1.210 also fixes numerous background-session reliability issues:
claude attachfailures during session transitions, permanent worktree locks left behind by killed sessions, and hook-callback timeouts being misreported as user rejections.
New Claude Code versions
2.1.210
New features
- Added a live elapsed-time counter to the collapsed tool summary line so long-running tool calls visibly tick instead of looking stuck
- Added a startup warning for
Write(path),NotebookEdit(path), andGlob(path)permission rules — useEdit(path)orRead(path)instead
Existing feature improvements
- Improved the Bash/PowerShell tool message when a command hits its timeout and is auto-backgrounded, so the model can distinguish a hang from an explicit background request
- Improved auto mode: the permission classifier now defaults to Sonnet 5 for external sessions, validated on the session's first request and pinned for the session
- Improved the bundled dataviz skill's chart color validation with perceptual OKLab color difference and recalibrated color-blindness thresholds
- Screen reader mode now announces permission mode changes aloud when cycling modes with Shift+Tab
- The agents footer hint now shows how many background agents are waiting on your input, with a brief color emphasis when the count changes
- Agent view: the session you pressed ← from stays visibly marked even after mouse hover or arrow keys move the selection
Major bug fixes
- Fixed
isolation: 'worktree'subagents being able to run git-mutating commands against the main repo checkout instead of their own isolated worktree - Fixed the
ultracodekeyword opt-in firing on non-human-originated input such as webhook payloads and relayed PR comments - Fixed paste markers leaking into external editors opened from Claude Code, which could appear as stray È/É characters around pasted text
- Fixed
claude attachsometimes failing with "job not found" or "agent is still starting" errors during session transitions — attach now waits for the daemon to settle, and terminal resizes during a slow attach are applied once it completes - Fixed a session crash when a tool's result renderer returned a numeric bigint value or plain text instead of a UI element
- Fixed a hook callback timeout being misreported to the model as a user rejection, which made unattended sessions stop and wait
- Fixed Claude assuming a
cdtook effect after its command was moved to the background; the tool result now states the working directory is unchanged - Fixed plugin-provided MCP servers being torn down when MCP servers are re-synced mid-session
- Fixed plan approvals without edits being labeled "(edited by user)" and overwriting the plan file with a stale snapshot
- Fixed
/doctorskipping its auto-mode-default proposal on Bedrock, Vertex, and Foundry, where auto mode no longer needs an opt-in - Fixed Grep content mode claiming "No matches found" when paginating past the end of results
- Fixed unmatched
$1/$2positional placeholders in skills and commands being silently stripped; they are now preserved verbatim - Fixed plugin cache writes leaving temp files behind on failure and failing on locked-file renames on Windows and network filesystems
- Fixed background workers crash-looping when a client resets its connection to the background service
- Fixed
claude agents --effort ultracodenot reaching dispatched sessions; the value was silently dropped - Fixed pressing ← to open the agents view dropping the task tracker when returning to the session
- Fixed the agents dashboard retaining pasted images from abandoned reply drafts after their session was deleted
- Fixed killed background sessions leaving a permanent
git worktree lockbehind; the periodic sweep now releases locks whose owning process is gone - Fixed SDK MCP servers registered via an
initializecontrol request waiting until the next turn to start connecting - Fixed returning to the agents view from a session leaving overlapping ghost frames with
CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1 - Fixed late-appearing
.claude/*symlinks not being reconciled into the sandbox deny-write list - Hardened the Agent tool against indirect prompt injection via content a subagent read
- Memory writes that leave a MEMORY.md index over its read limit now produce an explicit error instead of silent truncation
- Fable temporarily shows as unavailable in the advisor picker while a server-side issue causing Fable advisor failures is fixed
Claude Code changes
New Documents
corporate-launcher [Source]
Documents the new CLAUDE_CODE_PROCESS_WRAPPER environment variable (Claude Code v2.1.208+), which lets organizations force every process Claude Code spawns — the background service, agent view sessions, and self-update relaunches — to start through a mandatory corporate launcher script that applies sandboxing, network controls, or credential injection. It covers what the launcher does and doesn't cover (ignored on Windows, doesn't catch manually started terminal sessions or deep-link launches), the strict "launcher contract" a script must follow (must end in exec "$@", must pass through all inherited env vars, must respond within ~3 seconds), setup via managed settings, and how it differs from the related CLAUDE_CODE_SHELL_PREFIX variable.
Changed documents
accessibility [Source]
- Clarifies that when Claude Code relaunches itself (e.g., to finish installing an update), the new process inherits screen reader mode via the
CLAUDE_AX_SCREEN_READERenvironment variable, so its confirmation line always reads "on via env" regardless of the original activation method. [line 19] [Source]
admin-setup [Source]
- Documents a new admin surface for Claude Code on the web: owners/admins can create organization-shared cloud environments (network access level, env vars, setup script) and set an org default environment. [line 81] [Source]
agent-sdk/hooks [Source]
- New
UserPromptExpansionhook documented: fires when a user-typed command expands into a prompt before reaching Claude. [line 155] [Source] - Clarifies timeout/interrupt semantics for
UserPromptSubmit/UserPromptExpansion: a timeout now blocks the prompt with a message instead of ending the query witherror_during_execution(fixed in v2.1.208). [line 775] [Source]
agent-sdk/typescript [Source]
setMaxThinkingTokens()now documented to reset thinking to the session default when passednull. [line 509] [Source]- New
SDKThinkingTokensMessagetype emitted during thinking blocks with running token estimates (requires v2.1.153+). [lines 974-3336] [Source]
agent-view [Source]
- New footer hint in a regular
claudesession shows a count of background agents waiting on you (e.g.← 2 agents), refreshing periodically; requires v2.1.205+. [line 61] [Source] - A reply to a background session that can't be delivered is now saved and sent as the session's next prompt when it restarts, instead of being discarded. [line 162] [Source]
- Background sessions now refuse
/install-github-appand the/mcpsettings list (including auth actions), directing users to a regular session;/mcp reconnect|enable|disablestill work. [line 170] [Source] - Deleting a session no longer removes a worktree with unpushed commits or one claimed/locked by another session; both the worktree and session row are kept with a reason shown. [lines 195-196] [Source]
/modelbehavior changed: picking from the picker or typing/model <name>now saves as the default for new sessions, unlesssis pressed for a session-only switch. [line 395] [Source]- If a running process's own binary was replaced by an update, it can still start the supervisor from another installed copy instead of failing. [line 463] [Source]
- Supervisor version-restart logic now only ever moves sessions to a newer version, never restarting a session onto an older binary. [line 487] [Source]
- Attaching to a stopped session's process now shows the last screenful of transcript with a "Session is starting" note instead of just the note. [line 581] [Source]
agents [Source]
amazon-bedrock [Source]
- Clarifies IAM Identity Center
sso_regionhandling and documents a v2.1.207 regression where the Bedrock region incorrectly overrode it, breaking auth. [line 82] [Source] - New troubleshooting section for streaming errors caused by a gateway/proxy altering the event-stream content-type, including a new env var workaround. [line 410] [Source]
authentication [Source]
apiKeyHelperfailures now surface a specific error within 3 attempts instead of a generic 401 after ~10 silent retries (v2.1.208). [line 133] [Source]
auto-mode-config [Source]
- New
--label <prefix>flag forclaude auto-mode defaultsto print a specific rule's full wording (v2.1.208+). [line 211] [Source]
checkpointing [Source]
- Documents a 100-checkpoint retention limit for file snapshots per session, with pruning behavior fixed in v2.1.208 (previously superseded snapshots weren't cleaned up until session cleanup). [line 14] [Source]
claude-code-on-the-web [Source]
- New "Organization-shared environments" feature for Team/Enterprise: shared cloud environments managed centrally by admins. [lines 159-168] [Source]
- Clarifies there's no org-level allowed-domains push mechanism. [line 285] [Source]
- GitHub proxy now restricts API/release-asset requests to repos attached to the session, returning 403 otherwise. [line 294] [Source]
claude-directory [Source]
- Documents the 100-checkpoint snapshot retention/pruning behavior for
file-history/<session>/. [line 190] [Source]
cli-reference [Source]
commands [Source]
- Clarifies command queuing behavior: most commands queue until the current turn finishes, but
/status,/tasks,/usagerun immediately. [line 6] [Source] /release-notesno longer injects viewed notes into the conversation Claude sees (fixed v2.1.208 regression). [line 93] [Source]/resumeclarified: a still-running background session can't be resumed there; must attach viaclaude agentsor stop it first. [line 99] [Source]/tasksnow includes finished subagents. [line 117] [Source]/upgradenow shows a sign-in prompt instead of printing a URL when the browser fails to open. [line 125] [Source]
costs [Source]
/usagenow shows last-known usage bars (within 60 min) with a retry option when the plan-limits request is rate limited, instead of always showing an error. [line 23] [Source]- Typed
yesconfirmation now required for every usage-credit purchase/auto-reload change (not just above $1,000); spend-limit changes keep the $1,000 threshold. [line 38] [Source] - Amount fields now open prefilled (first digit replaces suggestion); usage-credits enable screen now defaults to Cancel selected. [line 39] [Source]
data-usage [Source]
- Clarifies that Remote Control sessions store the transcript on Anthropic servers while connected, to sync across devices. [line 50] [Source]
desktop-quickstart [Source]
- Clarifies Cowork now distinguishes on-device VMs (run locally) from remote Cowork sessions (run on an Anthropic-managed VM). [line 25] [Source]
discover-plugins [Source]
- Clarifies plugin auto-update timing: checks run after session start with up to a 10-minute random delay, and updates only apply to the running session after
/reload-pluginsor on next launch. [line 376] [Source]
env-vars [Source]
- Clarifies precedence: settings-file
envblock values override the same variable inherited from the shell. [line 72] [Source] - New
CLAUDE_CODE_DISABLE_BEDROCK_CONTENT_TYPE_GUARDenv var to skip the Bedrock streaming content-type check (v2.1.208+). [line 168] [Source] - New
CLAUDE_CODE_PROCESS_WRAPPERenv var to launch Claude Code's own spawned processes through a corporate launcher wrapper. [line 247] [Source]
errors [Source]
- New "Your apiKeyHelper script is failing" error documented, replacing the previous generic 401 after ~10 retries (v2.1.208). [lines 382-387] [Source]
- New "Bedrock streaming response has an unexpected content-type" error, not retried, replacing the old "Truncated event message received" symptom. [line 612] [Source]
- New "Agent would be spawned with zero tools" error: Claude Code now refuses to launch a subagent whose
toolslist resolves to nothing, instead of launching it with no tools. [lines 1087-1091] [Source] - New "File is covered by a Read deny rule" error: Edit tool calls are now blocked by
Readdeny rules (Write/NotebookEdit unaffected), a behavior change from v2.1.208. [line 1105] [Source] - New "Background session errors" section documenting commands refused in background sessions (
/install-github-app,/mcpsettings) andCLAUDE_CODE_PROCESS_WRAPPERlauncher errors. [lines 1118-1122] [Source]
fast-mode [Source]
- Clarifies fast mode re-activation behavior when switching models, including interaction with per-session opt-in; fixes a v2.1.208 bug where fast mode stayed off after switching back to Opus. [line 34] [Source]
fullscreen [Source]
- New mouse interaction support for multi-select menus (toggle options, click submit) and free-text rows in multiple-choice questions (v2.1.208+). [line 42] [Source]
headless [Source]
- Documents that the last line of
stream-jsonoutput is aresultmessage with the final response text, cost, and session metadata; before v2.1.208, piping a large response could truncate the final line and omit that message. [line 131] [Source]
hooks [Source]
- Distinguishes timeout behavior for
UserPromptSubmitcommand/HTTP/MCP-tool hooks from Agent SDK callback hooks: a callback hook timeout onUserPromptSubmitnow blocks the prompt with a message naming the hook instead of ending the turn with an execution error (before v2.1.208). [lines 1030-1031] [Source]
interactive-mode [Source]
Ctrl+Otranscript viewer now shows a timestamp and the model used on each assistant message. [line 20] [Source]- New
vimInsertModeRemapssetting (v2.1.208+) maps a two-key INSERT-mode sequence likejjto Escape in vim editor mode; only read from user settings,--settings, or managed settings, not project/local settings. [lines 116-130] [Source]
keybindings [Source]
- Notes that vim keys aren't remappable via the keybindings file, and points to the new
vimInsertModeRemapssetting for remapping a two-key INSERT-mode sequence to Escape. [line 452] [Source]
llm-gateway-connect [Source]
- New troubleshooting row for "Your apiKeyHelper script is failing", explaining that a failing/timing-out/empty-output
apiKeyHelpercommand causes requests to carry a placeholder key. [line 414] [Source]
mcp [Source]
- A remote MCP server with an empty
urlnow shows asnot configuredin/mcp,claude mcp list, and/pluginrather than being reported as a configuration issue (before v2.1.208). [line 152] [Source] - Replaces the generic
${CLAUDE_PLUGIN_ROOT}/${CLAUDE_PLUGIN_DATA}/${CLAUDE_PROJECT_DIR}description with a table specifying exactly which fields substitute placeholders per transport (stdio vs. http/sse/ws), notingheadersHelperdidn't substitute placeholders before v2.1.195. [line 234] [Source] - Clarifies the
headersHelpercommand runs from the session's current working directory, so scripts should use an absolute path or one onPATH. [line 670] [Source]
model-config [Source]
CLAUDE_CODE_SUBAGENT_MODELnow also applies to the agents a dynamic workflow runs (previously just subagents/agent teams), and documents it accepts an alias or a full model name. [line 496] [Source]
permission-modes [Source]
- Auto mode now prompts for approval (instead of going to the classifier) for
rm -rf //rm -rf ~-style removals, including when wrapped in command/process substitution such asecho "$(rm -rf ~)"(before v2.1.208 these went to the classifier). [line 148] [Source] bypassPermissionscircuit breaker for root/home-directory removals is clarified to also catch command/process-substitution forms, and MCP tools requiring user interaction still prompt (requires v2.1.199+). [lines 313-314] [Source]
permissions [Source]
bypassPermissionsmode's circuit breaker againstrm -rf //rm -rf ~now also fires for commands that reach the removal through command or process substitution (v2.1.208 extends the existing plain-form check). [line 45] [Source]- New behavior: a
Readdeny rule also blocks the Edit tool on the same path, including creating a new file there (Write/NotebookEdit aren't covered); requires v2.1.208+. [line 213] [Source]
plugin-marketplaces [Source]
- Points plugin authors to the new substitution table in plugins-reference.md for which config fields substitute
${CLAUDE_PLUGIN_ROOT}per server type. [line 471] [Source]
plugins-reference [Source]
- Example MCP plugin config drops the
"cwd": "${CLAUDE_PLUGIN_ROOT}"field. [line 155] [Source] - Clarifies monitor processes don't receive
CLAUDE_PLUGIN_OPTION_<KEY>environment variables, so scripts must read values from a config file instead. [line 292] [Source] - Adds a table of which fields reject
${user_config.*}substitution (shell-form hook commands, monitor commands, MCPheadersHelper) and the alternative way to pass each value. [lines 525-533] [Source] - Adds a table specifying exactly which fields substitute
${CLAUDE_PLUGIN_ROOT}/${CLAUDE_PLUGIN_DATA}/${CLAUDE_PROJECT_DIR}per component (skills/agents, hooks/monitors, MCP stdio vs. http/sse/ws, and LSP servers). [lines 610-616] [Source]
remote-control [Source]
- Connecting a new device now immediately shows subagents/workflows already running in the background (before v2.1.208 it waited for one to start or stop). [line 103] [Source]
- New disclosure: while Remote Control is connected, the full session transcript (messages, responses, tool activity) is stored on Anthropic servers to sync across devices and support reconnection; documents the
disableRemoteControlsetting to turn the feature off, and that ZDR orgs can't enable it. [lines 124-125] [Source]
security [Source]
- Updates the Remote Control security description to disclose that the session transcript is stored on Anthropic servers to sync the conversation across devices. [line 94] [Source]
settings [Source]
- New
fastModesetting documented: turns fast mode on for eligible sessions, written by/fast. [line 235] [Source] - New
vimInsertModeRemapssetting documented (v2.1.208+), including its user/managed-settings-only scoping. [line 293] [Source] - Notes that a
Readdeny rule also blocks the Edit tool on matching paths. [line 429] [Source]
sub-agents [Source]
- If no entry in a subagent's
toolslist resolves to a real tool, the subagent now fails to launch with an error naming the entries, instead of launching with no tools (before v2.1.208). [lines 229, 299] - A completed background subagent now stays listed in
/tasks(marked done, sorted below running work) until session cleanup, with its detail view staying open; before v2.1.208 it disappeared immediately on completion. [line 669] [Source]
terminal-config [Source]
- Points to the new
vimInsertModeRemapssetting as the way to map a two-key INSERT-mode sequence (e.g.jj) to Escape, since vim motions aren't remappable via the keybindings file. [line 282] [Source]
tools-reference [Source]
- Documents that a subagent whose
toolslist resolves to no tools now fails to launch with an error, rather than launching with no tools (before v2.1.208). [line 92] [Source] - Read-before-edit rules relaxed (v2.1.208+): newer models can edit an unread file when reading wouldn't need a permission prompt, and a path blocked by a
Readdeny rule is refused up front. [line 122] [Source] - A file changed on disk since last read can now still be edited if
old_stringmatches the current content exactly/unambiguously and the file is readable without a prompt (before v2.1.208, any on-disk change blocked the edit). [line 128] [Source] - Glob now returns an explicit error for a
pattern/pathcontaining a null byte. [line 142] [Source] - Grep now surfaces ripgrep's diagnostic as an error for a rejected pattern/glob/type instead of silently reporting
No files found(before v2.1.208). [line 148] [Source] - Grep's
countmode now also reports a total across all matching files, even whenhead_limit/offsettruncate the listed entries (before v2.1.208 the total only summed listed entries). [line 153] [Source] - Read with an explicit
limitnow stops and errors as soon as selected lines exceed what could ever fit, instead of loading the whole range first (fixes a memory-exhaustion risk, before v2.1.208); also fixes empty-file reads to report an "empty" notice rather than a past-the-end notice. [lines 267-268] [Source]
troubleshoot-install [Source]
- Corrects install guidance for Windows certificate-revocation-check failures: the previously documented
--ssl-revoke-best-effortcurl flag doesn't actually fix the problem (it only covers the initial script download); recommends running the PowerShell installer (irm https://claude.ai/install.ps1 | iex) instead. [line 381] [Source]
troubleshooting [Source]
- New section: Markdown tables over 200 rows now render only the first 200 with a "more rows not shown" note (full data still in the conversation and copyable); before v2.1.208 rendering every row could stall on resuming a session with a very large table. [lines 35-37] [Source]
workflows [Source]
- Saved personal workflows now respect
CLAUDE_CONFIG_DIR, and the save dialog shows the resolved path (before v2.1.208 it displayed the default path even when saved elsewhere). [lines 158-160] [Source] - Clarifies resume semantics: an agent still running when a workflow is stopped is not cached and restarts from scratch on resume, favoring workflows that fan out into many small agents. [line 274] [Source]
- Notes
CLAUDE_CODE_SUBAGENT_MODELoverrides both the session model and per-stage script routing for workflow agents. [line 287] [Source]
worktrees [Source]
- Worktree base-branch resolution now refreshes
origin/HEADwith a capped 5-second fetch when nothing has fetched in the last 24 hours, falling back to the cached ref or localHEAD(requires v2.1.208+). [lines 38-39] [Source] - New "Reuse a worktree name" section: a resumed worktree (same name) now resets to the current base rather than resuming at its old tip, when it has no local/uncommitted changes, is still on its original branch, and was never committed or its PR was merged/branch deleted; before v2.1.208 a reused name always resumed at the old tip. [lines 58-67] [Source]
zero-data-retention [Source]
- Adds Remote Control to the table of features blocked under Zero Data Retention, since it stores the session transcript on Anthropic servers. [line 48] [Source]
API changes
New Documents
multiagent-orchestration [Source]
Introduces multiagent orchestration for the Managed Agents API, where a coordinator agent delegates work to a roster of other agents (or copies of itself), each running in an isolated session thread with its own model, tools, and MCP servers. Covers configuring multiagent.agents on a coordinator, per-agent MCP server scoping, thread limits (20 roster agents, 25 concurrent threads, one delegation level deep), and the primary-thread event types used to monitor and route tool permissions across threads.
rbac_groups [Source] / rbac_roles
New Admin API endpoint reference for RBAC (role-based access control) Groups and Roles, covering the full CRUD surface for groups (list/get/create/rename/delete plus add/remove/list members) and read-only endpoints for custom roles and their permissions. These endpoints let Claude Enterprise admins programmatically manage groups (which can be direct or identity-provider-provisioned scim) and inspect which custom roles and permissions are attached, enabling automation of enterprise access-control workflows that previously required the claude.ai admin UI.
user-management [Source]
A new beta guide for Claude Enterprise organizations covering programmatic management of members, invites, RBAC groups, and custom roles under the Admin API. Details the new read:rbac_groups/write:rbac_groups scopes, the required anthropic-beta: ce-user-management-2026-07-13 header for group and role calls, organization roles (user, managed, owner, etc.), seat-pool behavior on invites, and example workflows like offboarding and group-membership auditing.
Changed documents
api/admin [Source]
- Documents new RBAC Groups and RBAC Roles endpoints (list/get/create/update/delete groups, group members, list/get roles, list role permissions). [lines 51-102] [Source]
api/admin/analytics/chat_projects/list [Source]
- Clarifies
order_by: rankable metrics are no longer limited to date-range mode overall — only a few specific metrics are date-range-only, per each endpoint's documented orderable set. [line 55] [Source]
api/admin/analytics/connectors/list [Source]
api/admin/analytics/cost [Source]
- Adds a new
productvalue "claude-in-slack" (Claude Tag) and documents a distinct legacy underscore-spelled value for the retiring v1 Slack chat bot. [line 81] [Source]
api/admin/analytics/cost/list [Source]
- Adds "claude-in-slack" product value to both the
productsfilter andproductresponse field, with legacy-value note. [line 108] [Source]
api/admin/analytics/cost/list_by_user [Source]
- Adds "claude-in-slack" product value to
productsfilter andproductfield, with legacy-value note. [line 139] [Source]
api/admin/analytics/plugins/list [Source]
api/admin/analytics/skills [Source]
attributed_list_priceandestimated_overage_spend: clarifies null conditions and documents that grouped/filtered cuts can sum to less than the ungrouped total when a member-skill pair has spend but no counted usage that day. [line 109] [Source]enable_count: removes the "temporarily unavailable" null condition, narrowing documented null cases. [line 119] [Source]
api/admin/analytics/skills/list [Source]
- Same
order_bysemantics correction, plus the sameattributed_list_price/estimated_overage_spend/enable_countnull-condition and cross-cut-sum clarifications as skills.md. [lines 55, 163-175]
api/admin/analytics/usage [Source]
api/admin/analytics/usage/list [Source]
- Adds "claude-in-slack" product value to
productsfilter andproductfield, with legacy-value note. [line 104] [Source]
api/admin/analytics/usage/list_by_user [Source]
- Adds "claude-in-slack" product value to
productsfilter andproductfield, with legacy-value note. [line 139] [Source]
api/admin/analytics/users/list [Source]
api/admin/api_keys/list [Source]
- Adds new
principalfield to the APIKey object, identifying the user or service account the key acts as. [lines 101-113] [Source]
api/admin/api_keys/retrieve [Source]
- Adds new
principalfield to the APIKey object. [lines 61-73] [Source]
api/admin/api_keys/update [Source]
- Adds new
principalfield to the APIKey object. [lines 81-93] [Source]
api/admin/external_keys [Source]
- Clarifies external key config
idcan be an AWS KMS key ARN (not just a taggedekey_ID) for Claude Platform on AWS organizations. [line 47] [Source] - Clarifies
vault_urimust be a Key Vault data-plane URI with expected domain formats. [line 111] [Source]
api/admin/external_keys/create [Source]
- Same
id/AWS KMS ARN andvault_uridata-plane clarifications, plus a new description for the Azure object as "Azure Key Vault provider configuration". [lines 55, 69, 87]
api/admin/external_keys/list [Source]
- Same
id/AWS KMS ARN andvault_uridata-plane clarifications. [lines 34, 98]
api/admin/external_keys/retrieve [Source]
- Same
id/AWS KMS ARN andvault_uridata-plane clarifications. [lines 23, 87]
api/admin/external_keys/update [Source]
- Same
id/AWS KMS ARN andvault_uridata-plane clarifications, plus new Azure object description. [lines 73, 87, 97, 161]
api/admin/invites [Source]
- Invite object gains
accepted_atandrbac_group_idsfields, androlegains new values "managed", "membership_admin", "owner", "primary_owner" (Claude Enterprise). [lines 63-77] [Source]
api/admin/invites/create [Source]
- Notes the endpoint is beta for Claude Enterprise orgs, and documents seat-consumption behavior: invite auto-consumes from the lowest available seat tier, failing with 400 if none is free (no seat-tier parameter). [lines 11-13] [Source]
rolenow accepts "managed" in addition to prior values, with accepted values now dependent on organization type (Console/API vs. Claude Enterprise). [lines 27-37] [Source]- Adds new
rbac_group_idsrequest field (beta, requireswrite:rbac_groupsscope) and responseaccepted_at/rbac_group_idsfields. [lines 43, 73, 147-173]
api/admin/invites/delete [Source]
- Notes the endpoint's availability is in beta for Claude Enterprise organizations. [line 11] [Source]
api/admin/invites/list [Source]
- Beta note for Claude Enterprise orgs; Invite object gains
accepted_at,rbac_group_ids, and newrolevalues (managed, membership_admin, owner, primary_owner). [lines 11, 63, 81, 146-179]
api/admin/invites/retrieve [Source]
- Beta note for Claude Enterprise orgs; Invite object gains
accepted_at,rbac_group_ids, and newrolevalues. [lines 11, 47, 65, 116-142]
api/admin/usage_report [Source]
- Renames response schema types
UserActor→ClaudeCodeUserActorandAPIActor→ClaudeCodeAPIActor. [lines 39, 49]
api/admin/usage_report/retrieve_claude_code [Source]
- Same schema type renames. [lines 50, 60]
api/admin/users [Source]
rolegains new values "managed", "membership_admin", "owner", "primary_owner" (Claude Enterprise). [lines 63-69] [Source]
api/admin/users/delete [Source]
- Notes the endpoint's availability is in beta for Claude Enterprise organizations. [line 11] [Source]
api/admin/users/list [Source]
- Beta note for Claude Enterprise orgs;
rolegains new values. [lines 11, 77]
api/admin/users/retrieve [Source]
- Beta note for Claude Enterprise orgs;
rolegains new values. [lines 11, 57]
api/admin/users/update [Source]
- Beta note for Claude Enterprise orgs; request
rolenow accepts "managed" with org-type-dependent accepted values; responserolegains new enterprise values. [lines 11, 27-37, 79]
api/admin/workspaces/archive [Source]
- Clarifies
compartment_id/CMEK behavior differs by cloud: manual KMS key-policy binding needed on AWS only; GCP and Azure enforce the compartment binding automatically. [line 34] [Source]
api/admin/workspaces/create [Source]
api/admin/workspaces/list [Source]
api/admin/workspaces/retrieve [Source]
api/admin/workspaces/update [Source]
build-with-claude/citations [Source]
- Removes the Claude Haiku 3 exception, now stating that all active models support citations. [line 13] [Source]
build-with-claude/claude-in-amazon-bedrock [Source]
- Title now clarifies this Messages API integration supports Claude Opus 4.7 and later, with the older ARN-based integration (renamed from "legacy" to "Opus 4.6 and earlier") covering prior models. [line 1] [Source]
build-with-claude/claude-on-amazon-bedrock-legacy [Source]
- Renamed from "(legacy)" to "(Opus 4.6 and earlier)", clarifying this integration's model support boundary versus the newer Claude in Amazon Bedrock integration. [line 1] [Source]
build-with-claude/claude-on-vertex-ai [Source]
- Install instructions drop the
google-cloud-aiplatformdependency, now only requiringanthropic[vertex]. [line 49] [Source] - Regional endpoint example changes from
us-east1/claude-opus-4-8tous-east5/claude-sonnet-4-6, with a new note that specific regional endpoints only support Claude Sonnet 4.6 and earlier — newer models require global or multi-region endpoints. [lines 263-279] [Source]
manage-claude/admin-api [Source]
- Documents that Claude Enterprise organizations can now use the Admin API (in beta) with a scoped claude.ai API key, limited to members/invites plus Enterprise-only group and custom-role read endpoints and spend limits. [line 24] [Source]
manage-claude/admin-api-keys [Source]
- Adds five new Claude Enterprise API key scopes for the new (beta) Admin API user-management endpoints:
read:members,write:members,read:rbac_groups,write:rbac_groups, and a combined read-onlyread:org_auditscope covering user-management and Compliance API reads. [lines 72-83] [Source]