Claude docs changes for June 17th, 2026 [diff]
Executive Summary
- New Admin Analytics APIs: Comprehensive analytics suite added with endpoints for activity summaries, token usage, cost reporting, per-user activity, skill usage, connector usage, and chat project usage
- New Spend Limits API: Full API for managing per-user spend limits on Claude Enterprise, including approval workflows for member increase requests
- New Service Accounts & Federation APIs: Service account management (CRUD) plus OIDC/JWT federation with Issuers and Rules for non-human identity
- New permission rule syntax
Tool(param:value): Deny and ask rules can now match any top-level tool input parameter (e.g.,Agent(model:opus)to block Opus subagents) - Nested
.claude/directory support: Skills, subagents, and workflows now load from nested directories closest to the working directory, with qualified names for conflict resolution
New Claude Code versions
2.1.178
New features
- Added
Tool(param:value)syntax for permission rules to match a tool's input parameters (with*wildcard), e.g.,Agent(model:opus)to block Opus subagents - Skills in nested
.claude/skillsdirectories now load when working on files there; on a name clash, the nested skill appears as<dir>:<name>so both stay available - Nested
.claude/directories: the agent, workflow, and output-style closest to the working directory now wins when names collide; project-scope workflow saves now target the closest existing.claude/workflows/
Existing feature improvements
- Improved auto mode: subagent spawns are now evaluated by the classifier before launch, closing a gap where a subagent could request a blocked action without review
- Improved
/doctorwith consistent flat tree layout across all sections, clearer section status icons, and highlighted command names - Improved Remote Control error messages: connection failures now show a persistent red "/rc failed" indicator in the footer; the "not yet enabled" error now explains whether it's a gate, a check failure, stale entitlement, or org policy
- Improved the skill listing truncation warning to show how many skill descriptions are affected
- Changed the workflow prompt keyword to use a purple shimmer highlight and trigger only on explicit phrases like "run a workflow" or "workflow:", not on any mention of the word
/bugnow requires a description before submitting, and no longer uses model-refusal text as the GitHub issue title
Major bug fixes
- Fixed a crash (out-of-memory) when the CLI inherits a stale websocket/OAuth file-descriptor environment variable from a parent process
- Fixed Claude in Chrome silently failing to connect when the OAuth token belongs to a different account than the Claude Code login
- Fixed nested
.claude/skillsskills with directory-qualified names being blocked by permission prompts in non-interactive runs - Fixed several subagent issues: viewing a subagent's transcript now shows tool results and live progress, messages sent while it finishes its turn are no longer dropped, and backgrounding a running subagent (ctrl+b) no longer restarts it from scratch
- Fixed
claude agentsworkers failing with401 Invalid bearer tokenwhen the daemon was started from a shell with a custom API gateway viaANTHROPIC_BASE_URLandANTHROPIC_AUTH_TOKEN - Fixed compaction not honoring
--fallback-model: compaction now falls back to the configured fallback model chain on overload or model-availability errors - Fixed model requests continuing to fail with auth errors after credentials were refreshed outside the session, due to a stale cached request configuration
- Fixed background sessions created with
/bgor←←after a turn finished showing "Working" forever in the agents list - Fixed Linux sandbox failing to start when
.claude/skillsor.claude/hooksis a symlink - Fixed MCP server-level specs (
mcp__server,mcp__server__*,mcp__*) in subagentdisallowedToolsbeing silently ignored - Fixed vim mode undo:
unow steps through NORMAL/VISUAL-mode commands one at a time instead of merging commands in quick succession into a single undo step - Fixed statusline links with custom URI schemes (e.g.,
vscode://) not opening when clicked inclaude agents - [VSCode] Fixed pressing Esc to dismiss a CJK IME candidate window canceling the running Claude task
Claude Code changes
Changed documents
advisor [Source]
- Removed the statement that Fable 5 does not appear in the
/advisorpicker — Fable is now selectable directly from the picker [diff] - New behavior: subagents now inherit the configured advisor and apply the same pairing check against their own model
- Client-side validation changed: if the advisor is less capable than the main model, it is now silently not attached (with a notification) rather than producing an API error
hooks [Source]
- Added clarification that
resolvedModelcan differ from the requested model whenavailableModelsor another override applies team_namefield inTaskCreated,TaskCompleted, andTeammateIdlehook events is now documented as deprecated ("will be removed in a future release"); example values changed to session-derived format"session-a1b2c3d4"
model-config [Source]
- Added that alias environment variables (
ANTHROPIC_DEFAULT_OPUS_MODEL, etc.) cannot redirect an allowed alias to a model outsideavailableModels /fastnow refuses to toggle when it would switch to an Opus model outsideavailableModels- Clarified that an
opusplanHaiku session stays on Haiku in plan mode when Sonnet is excluded fromavailableModels
permissions [Source]
- New "Match by input parameter" section: deny and ask rules can now match any top-level tool input parameter using
Tool(param:value)syntax (e.g.,Agent(model:opus),Bash(run_in_background:true)) with wildcard support [diff] - Added clarification that a broad deny rule overrides a narrower allow rule — deny rules cannot carry allowlist exceptions
--add-dirnow loads subagents from.claude/agents/directories in the added paths
remote-control [Source]
- New "Check connection status" section: documents
/rc activefooter indicator, which turns red and reads/rc failedon connection failure with a dismiss option - New error documented: "Couldn't verify Remote Control eligibility" (added in v2.1.178) caused by inability to reach the feature-flag service when offline or behind a proxy
- Error message for "Remote Control is not yet enabled" rewritten — now directs users to
claude auth logout/loginto refresh entitlements
settings [Source]
- New
footerLinksRegexessetting (v2.1.176+): renders clickable footer badges when a regex matches turn output, with named capture groups for URL/label templating; supports max 5 badges, allowlisted URL schemes, and is scoped to user/managed settings only - New
enforceAvailableModelssetting referenced as a way to constrain the Default model picker languagesetting now also applies to auto-generated session titles (as of v2.1.176)availableModelsmerge behavior clarified: managed/policy values fully replace lower-precedence entries
skills [Source]
- Added that a user/project skill overrides a same-named bundled skill
- New content on nested skill loading in monorepos: skills in subdirectory
.claude/skills/become available when working in that directory, with conflicts resolved via directory-qualified names (e.g.,/apps/web:deploy)
statusline [Source]
- Added a note pointing to
footerLinksRegexesfor clickable footer badges, clarifying they are independent of the status line script
sub-agents [Source]
- Added v2.1.178 behavior: when multiple nested
.claude/agents/directories define the samename, the definition closest to the working directory wins --add-dirdirectories are now scanned for.claude/agents/subagent definitions- MCP server-level patterns now accepted in
tools/disallowedTools:mcp__<server>ormcp__<server>__*grants/removes all tools from a server;mcp__*indisallowedToolsremoves every MCP tool - Fork mode updated: forks are now spawned only when Claude explicitly requests the
forksubagent type; spawns without a subagent type still use the general-purpose subagent
workflows [Source]
- New nested workflow loading behavior (v2.1.178): saving a workflow writes to the closest
.claude/workflows/directory; project workflows load from every.claude/workflows/along the path from cwd to repo root, with the closest-to-cwd definition taking precedence on name conflicts
API changes
New Documents
admin/analytics [Source]
New API reference for the Analytics Admin API. Includes activity summary endpoint (GET /v1/organizations/analytics/summaries) returning DAU, WAU, MAU, adoption rates, Cowork active users, and seat counts.
admin/analytics/cost [Source]
New cost analytics endpoints: GET /v1/organizations/analytics/cost_report and GET /v1/organizations/analytics/user_cost_report. Returns CostBucket objects with amount, list_amount, and cost_type (tokens/web_search/code_execution).
admin/analytics/users [Source]
New per-user activity analytics endpoint (GET /v1/organizations/analytics/users). Returns detailed per-product metrics: chat (conversations, files, artifacts, skills, connectors), Claude Code (commits, PRs, lines added/removed, tool accept/reject counts), Cowork, Design, and Office products (Excel, Outlook, PowerPoint, Word).
admin/analytics/usage [Source]
New token usage analytics endpoints: GET /v1/organizations/analytics/usage_report and GET /v1/organizations/analytics/user_usage_report. Returns UsageBucket objects with breakdowns by input/output token type, inference geo (global/us), context window size, speed (fast/standard), and product (chat, claude_code, cowork, office_agent, etc.).
admin/analytics/connectors [Source]
New connector usage analytics endpoint (GET /v1/organizations/analytics/connectors). Returns per-product connector usage metrics across chat, Claude Code, Cowork, and Office products.
admin/analytics/skills [Source]
New skill usage analytics endpoint (GET /v1/organizations/analytics/skills). Returns per-product skill usage metrics.
admin/analytics/chat_projects [Source]
New chat project usage analytics endpoint (GET /v1/organizations/analytics/apps/chat/projects). Returns ChatProjectUsage with distinct conversation count, distinct user count, message count, project ID/name, and creation metadata.
admin/federation_issuers [Source]
New Federation Issuers API reference (5 endpoints: Create, Get, List, Update, Archive). FederationIssuer object includes issuer_url, JWKS config (discovery/explicit URL/inline), JTI checking, max JWT lifetime, and polling status fields.
admin/federation_rules [Source]
New Federation Rules API reference (5 endpoints + workspace sub-endpoints). FederationRule object includes match conditions (audience, claims, CEL expression, subject prefix), target service account, OAuth scope, token lifetime, and workspace applicability.
admin/service_accounts [Source]
New Service Accounts API reference (5 endpoints: Create, Get, List, Update, Archive + workspace membership sub-endpoints). ServiceAccount object includes organization_role (developer/admin) and federation-related actor fields.
admin/spend_limits [Source]
New Spend Limits API reference (4 endpoints for spend limits + 4 for increase requests). SpendLimit object with amount, period, and polymorphic scope (user, seat_tier, rbac_group, organization). Includes approval/denial workflow for member-submitted increase requests.
admin/workspaces/service_accounts [Source]
New Workspace Service Account Membership API reference (5 endpoints: Create, Get, List, Update, Delete). Documents ServiceAccountCreateResponse with workspace_role values including workspace_user, workspace_developer, workspace_restricted_developer, workspace_admin.
manage-claude/spend-limits-api [Source]
New guide for the Spend Limits API (Claude Enterprise only). Covers the spend limit hierarchy (user override → seat tier → RBAC group → org default), how monetary values are expressed in minor currency units, the increase request lifecycle (pending/approved/denied), and quick-start curl examples. Requires scoped Admin API key with read:spend_limits/write:spend_limits scope.
Changed documents
api/admin [Source]
- Massive expansion: added new top-level sections for Analytics, Spend Limits, Service Accounts, Federation Issuers, and Federation Rules with all their endpoints and model schemas [diff]
ExternalKeyListResponseschema restructured: was{ data, next_page }list wrapper; now represents a single CMEK config object with immutability language about encrypted data- Workspace Service Accounts sub-section added with 5 new endpoints for managing service account workspace membership
api/admin/external_keys [Source]
ExternalKeyListResponseschema changed from a paginated list wrapper{ data, next_page }to a single CMEK config object;next_pagefield removed; added immutability note about workspace-referenced configs
api/admin/workspaces [Source]
- Added 5 new Service Account Workspace Member endpoints under the existing workspaces section with full
ServiceAccountCreateResponse,ServiceAccountRetrieveResponse, etc. model definitions