HIPAA compliance is now a first-class API feature with full documentation, a signed BAA process, a dedicated HIPAA-enabled org, and a new feature eligibility table showing which API features are HIPAA-eligible
A new PermissionDenied hook event lets hooks respond when auto mode denies a tool call (including the ability to request a retry), and a new "defer" decision in PreToolUse allows non-interactive callers to pause Claude at a tool call and resume later
Claude Code 2.1.90 adds /powerup interactive feature lessons, fixes critical bugs (rate-limit dialog infinite loop, --resume cache miss regression, PostToolUse format-hook edit failures), and delivers multiple quadratic-to-linear performance improvements
Sub-agents now support managed settings deployment by org admins, an auto permission mode, and a color display field
The settings.jsonshowThinkingSummaries option controls whether extended thinking summaries appear in interactive sessions (default off)
Added /powerup — interactive lessons that teach Claude Code features with animated demos
Added CLAUDE_CODE_PLUGIN_KEEP_MARKETPLACE_ON_FAILURE env var to keep the existing marketplace cache when git pull fails, useful in offline environments
Added .husky to protected directories in acceptEdits mode
Existing feature improvements
Improved performance: eliminated per-turn JSON.stringify of MCP tool schemas on cache-key lookup
Improved performance: SSE transport now handles large streamed frames in linear time (previously quadratic)
Improved performance: SDK sessions with long conversations no longer slow down quadratically on transcript writes
Improved /resume all-projects view to load project sessions in parallel, reducing load times with many projects
Changed --resume picker to no longer show sessions created by claude -p or SDK invocations
Removed Get-DnsClientCache and ipconfig /displaydns from auto-allow list (DNS cache privacy)
Fixed an infinite loop where the rate-limit options dialog would repeatedly auto-open after hitting the usage limit, eventually crashing the session
Fixed --resume causing a full prompt-cache miss on the first request for users with deferred tools, MCP servers, or custom agents (regression since v2.1.69)
Fixed Edit/Write failing with "File content has changed" when a PostToolUse format-on-save hook rewrites the file between consecutive edits
Fixed PreToolUse hooks that emit JSON to stdout and exit with code 2 not correctly blocking the tool call
Fixed auto mode not respecting explicit user boundaries ("don't push", "wait for X before Y") even when the action would otherwise be allowed
Default primary model for Bedrock changed to us.anthropic.claude-sonnet-4-5-20250929-v1:0. [line 130] [Source]
New section documenting 1M token context window support for Claude Opus 4.6 and Sonnet 4.6 on Bedrock; Claude Code auto-enables it when a 1M model variant is selected, or append [1m] to the model ID for a pinned model. [line 211] [Source]
/permissions command description expanded to cover managing allow/ask/deny rules by scope, adding/removing rules, managing working directories, and reviewing recent auto mode denials. [line 42] [Source]
/tasks command now also available as /bashes. [line 63] [Source]
Extended thinking token billing clarification: thinking tokens are charged even when summaries are redacted; in interactive mode, thinking appears as a collapsed stub by default; showThinkingSummaries: true in settings.json shows full summaries. [line 555] [Source]
New MCP_CONNECTION_NONBLOCKING environment variable: in non-interactive mode (-p), setting to true skips the MCP connection wait entirely (without it, the first query waits up to 5 seconds for --mcp-config server connections). [line 161] [Source]
Vertex AI example model IDs updated from claude-sonnet-4@20250514 to claude-sonnet-4-5@20250929 and the related env var renamed accordingly. [line 545] [Source]
New PermissionDenied hook event documented: fires when the auto mode classifier denies a tool call; return {retry: true} to tell the model it may retry; supports matcher and if field. [line 373] [Source]
New "defer" option for PreToolUsepermissionDecision: available in non-interactive (-p) mode, pauses the process and lets a calling Agent SDK app resume later. [line 466] [Source]
New PermissionDenied hook event fully documented: fires when auto mode classifier denies a tool call (not on manual denials or PreToolUse blocks); matches on tool name; supports retry: true; only supports command and http hook types. [lines 1161-1210] [Source]
New "defer" decision value for PreToolUsepermissionDecision: allows non-interactive callers to pause Claude at a tool call, collect input externally, then resume; includes the deferred_tool_use payload in the SDK result, stop_reason: "tool_deferred", and stop_reason: "tool_deferred_unavailable"; requires v2.1.89+. [lines 912-978] [Source]
Hook output size cap documented: output injected into context is capped at 10,000 characters; excess is saved to a file and replaced with a preview. [line 543] [Source]
Windows CMD installation troubleshooting note added for users seeing "The token '&&' is not a valid statement separator", directing them to use the PowerShell command instead. [line 36] [Source]
Download URL documentation corrected: storage.googleapis.com is now described as the download bucket for the Claude Code binary and auto-updater; downloads.claude.ai is the CDN for install scripts, version pointers, manifests, signing keys, and plugin executables. [line 74] [Source]
Setting names corrected to use full dotted paths: permissions.disableBypassPermissionsMode and permissions.disableAutoMode. [line 35] [Source]
New "Review auto mode denials" section: auto mode denials are recorded in /permissions under a "Recently denied" tab; press r on a denied action to mark it for retry and resume the conversation. [line 249] [Source]
Relative path resolution behavior documented: when using a local directory or file source with a relative path, it resolves against the repository's main checkout (not a worktree); marketplace state stored per-user in ~/.claude/plugins/known_marketplaces.json. [line 551] [Source]
cleanupPeriodDays behavior changed: setting to 0 is now rejected with a validation error (minimum is now 1); transcript disabling in non-interactive mode now uses --no-session-persistence or persistSession: false. [line 156] [Source]
forceLoginOrgUUID now accepts an array of UUIDs (any listed org is accepted); an empty array blocks all logins. [line 172] [Source]
New showThinkingSummaries setting: controls whether extended thinking summaries appear in interactive sessions; default is false (collapsed stub); non-interactive mode and SDK callers always receive summaries. [line 188] [Source]
Managed subagents added as highest-priority scope (priority 1): organization admins can deploy subagents via .claude/agents/ in the managed settings directory. [line 152] [Source]
auto added to permissionMode options: AI classifier evaluates each tool call. [line 217] [Source]
New color frontmatter field: subagents can be assigned a display color in the task list and transcript; accepts red, blue, green, yellow, purple, orange, pink, or cyan. [line 226] [Source]
Running background subagents now appear in @-mention typeahead with their status shown. [line 564] [Source]
--agent-teams flag removed; activation is now only via CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1. [line 657] [Source]
SendMessage, TeamCreate, TeamDelete tool descriptions updated to remove --agent-teams flag references; activation is now only via CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1. [line 27] [Source]
HIPAA compliance introduced as a first-class arrangement alongside ZDR: getting started requires signing a BAA and being provisioned a dedicated HIPAA-enabled organization; HIPAA-enabled orgs automatically block non-eligible features with a 400 error. [lines 4-8] [Source]
PHI handling guidelines documented: PHI must not appear in JSON schema definitions (property names, enum/const/pattern), as compiled schemas are cached separately and do not receive the same PHI protections as prompts/responses. [lines 90-108] [Source]
Feature eligibility table expanded with a "HIPAA eligible" column for every feature. Notable HIPAA-ineligible features: web fetch, context management/compaction, context editing, computer use, tool search, batch processing, code execution, Files API, agent skills, MCP connector. Structured outputs are HIPAA-eligible with the PHI-in-schema restriction. [lines 133-168] [Source]
HIPAA error handling documented: describes the 400 error response returned when a HIPAA-enabled org uses a non-eligible feature, with the error payload format. [lines 110-125] [Source]
New FAQ entries covering HIPAA vs. ZDR differences, whether ZDR is needed alongside HIPAA, behavior when using non-eligible features, using the same org for mixed workloads, and how to request HIPAA API access. [lines 181-200] [Source]
New "Data retention" section: strict tool use is HIPAA eligible, but PHI must not be included in tool schema definitions (property names, enum/const values, pattern regex); compiled schemas are cached separately and do not receive the same PHI protections. [line 102] [Source]
Structured outputs now stated to be HIPAA eligible, with the restriction that PHI must not be included in JSON schema definitions (property names, enum/const/pattern). [line 406] [Source]