Claude docs changes for June 25th, 2026 [diff]

Executive Summary

  • LLM gateway docs were completely reorganized into three focused guides: a developer connect guide, an admin rollout guide, and a protocol reference — replacing the old monolithic configuration page
  • New sandbox.credentials setting lets admins explicitly block credential files and secret environment variables from sandboxed Bash commands (requires v2.1.187)
  • availableModels enforcement was significantly expanded: it now covers skills, commands, the advisor, background agents, and sessions restored from /resume, with a new surface-coverage table showing how delivery differs across CLI, Desktop, and cloud sessions
  • v2.1.191 added /rewind support for resuming conversations from before /clear was run, fixed hooks with comma-separated matchers silently never firing, and reduced CPU usage during streaming by ~37%
  • Organization admins can now restrict models via the Claude Console toggle (v2.1.187), enforced server-side for Anthropic API sessions independently from the availableModels settings key

New Claude Code versions

2.1.190

Major bug fixes

  • Bug fixes and reliability improvements

2.1.191

New features

  • Added /rewind support for resuming a conversation from before /clear was run

Existing feature improvements

  • Sandbox network permission dialog now remembers hosts you allow with "Yes" for the rest of the current session, so later connections to the same host do not re-prompt
  • MCP server capability discovery (tools/list, prompts/list, resources/list) now retries transient network errors with short backoff
  • MCP OAuth discovery and token requests now retry once after transient network errors, and headless environments (SSH, no display) skip the browser popup and go straight to paste-the-URL prompt
  • MCP error messages now show the URL and point to MCP config on HTTP 404 errors
  • Vim mode prompt-history search (NORMAL /) now hints how to reach slash commands
  • Reduced CPU usage during streaming responses by ~37% by coalescing text updates to 100ms
  • Reduced long-session memory growth from terminal output cache

Major bug fixes

  • Fixed scroll position jumping to the bottom while reading earlier output during a streaming response
  • Fixed background agents resurrecting after being stopped — stopping an agent from the tasks panel is now permanent
  • Fixed /voice showing a generic "not available" message when disabled by an organization's policy — it now explains the restriction
  • Fixed /login URL opening truncated in Windows Terminal when it wraps across lines
  • Fixed Cmd+click on links in fullscreen mode for Ghostty over ssh/tmux
  • Fixed claude agents sending builtin slash commands like /usage to background sessions as prompt text instead of showing a hint
  • Fixed claude agents job rows showing full filesystem paths for pasted images instead of the [Image #N] placeholder
  • Fixed hooks with comma-separated matchers (e.g. "Bash,PowerShell") silently never firing
  • Fixed /permissions Recently-denied tab: approving a denial now persists on close instead of being silently discarded
  • Fixed the agent panel jumping by one row when scrolling the roster past the overflow cap
  • Fixed the welcome splash art overflowing the default 80×24 macOS Terminal window
  • Fixed managed settings forceRemoteSettingsRefresh not taking effect when set via MDM or file policy, and the fetch now sends Cache-Control: no-cache to prevent proxies from serving stale responses

Claude Code changes

New Documents

Connect Claude Code to an LLM gateway [Source]

New developer guide for connecting to an organization-managed LLM gateway. Covers checking whether an administrator already distributed the configuration, and how to configure the gateway address and credentials manually using ANTHROPIC_BASE_URL and auth variables. Includes guidance on rotating credentials with apiKeyHelper and verifying the connection with /status.

LLM gateway protocol reference [Source]

New technical reference for organizations building or configuring a gateway product. Covers supported API formats (Anthropic Messages, Bedrock InvokeModel, Vertex rawPredict), which request headers must be forwarded for features to work, gateway model discovery via /v1/models, and what happens when the gateway does not forward beta headers.

Roll out an LLM gateway [Source]

New admin guide for deploying and distributing an LLM gateway to an organization. Walks through deploying the gateway, issuing per-developer credentials, distributing configuration through managed settings files, and verifying each developer's connection. Includes configuration examples for distributing the base URL and credential via env in managed settings.

Changed documents

Admin setup [Source]

  • Added availableModels and enforceAvailableModels to the enforcement options table, with a note linking to the surface coverage documentation. [line 65] [Source]
  • Clarified that fallbackModel and availableModels are exceptions to the general array-merge rule — the managed value replaces lower layers rather than merging. [line 47] [Source]

Advisor [Source]

  • If the saved advisorModel is excluded by availableModels, the advisor is not invoked until you pick an allowed model with /advisor. [line 34] [Source]
  • The --advisor flag now exits with an error if the requested model is excluded by availableModels, in addition to when the main model doesn't support the advisor. [line 54] [Source]

Agent SDK — Claude Code features [Source]

  • Clarified that managed policy settings include both endpoint-managed (MDM/file) and server-managed settings, with distinct descriptions of when each applies and how to disable each. [line 54] [Source]
  • Added note that server-managed settings are fetched even in SDK deployments when authenticating with an org credential, and that filesystem isolation doesn't remove them. [line 58] [Source]

Agent SDK — Hooks [Source]

  • Updated matcher documentation to include comma (,) as an accepted list separator alongside |, with optional surrounding whitespace. [line 153] [Source]

Agent SDK — Python [Source]

  • Clarified setting_sources behavior: endpoint-managed policy always loads; server-managed settings are fetched only when authenticating with an org credential on an eligible configuration. [line 804] [Source]

Agent SDK — TypeScript [Source]

  • Clarified settingSources and resolveSettings documentation to distinguish endpoint-managed policy (always loaded) from server-managed settings (fetched on eligible org-authenticated configurations, from on-disk cache in SDK). [lines 345-346] [Source]

Amazon Bedrock [Source]

  • Updated Mantle model ID example in availableModels to use version prefixes (claude-haiku-4-5) rather than bare aliases, because adding a Mantle ID removes the bare alias from the picker per the new merge behavior. [line 344] [Source]

Authentication [Source]

  • Clarified that apiKeyHelper, ANTHROPIC_API_KEY, and ANTHROPIC_AUTH_TOKEN apply to the CLI and CLI-wrapping surfaces (VS Code extension, Agent SDK, GitHub Actions), not just "terminal CLI sessions". [line 131] [Source]

Checkpointing [Source]

  • New section: the rewind menu now shows an entry to resume the session that was active before /clear ran, available until you exit Claude Code or resume a different session. Requires v2.1.191. [lines 35-38] [Source]

Claude Code on the web [Source]

  • Cloud sessions now receive server-managed settings fetched from Anthropic's servers at session start, documented in the availability table and availability notes. [lines 54-62] [Source]
  • Clarified that hooks in cloud sessions come from the repo and from server-managed settings (not just the repo). [line 194] [Source]

Costs [Source]

  • Updated guidance for cost tracking on Bedrock/Vertex/Foundry: replaced LiteLLM-specific recommendation with general note that organizations routing through an LLM gateway can track spend there. [line 32] [Source]

Desktop [Source]

  • Replaced the blanket statement that admin-console settings only reach CLI/IDE with a per-session-type breakdown: local sessions get both file-based and server-managed settings; cloud sessions get server-managed only; SSH sessions read managed settings from the remote host. [lines 543-549] [Source]
  • Added note that managedMcpServers must be delivered through the managed settings file or MDM in third-party deployments, since those don't receive admin-console settings. [line 545] [Source]

Discover plugins [Source]

  • New "Not used recently" group appears in the Installed tab for marketplace plugins not invoked in at least two weeks over at least 10 sessions; detail view also shows a "Last used" timestamp. Requires v2.1.187. [lines 278-280] [Source]

Environment variables [Source]

  • New variable: CLAUDE_CODE_MCP_TOOL_IDLE_TIMEOUT — idle timeout in milliseconds for remote MCP tool calls (default 300000 / 5 min); set to 0 to disable. Requires v2.1.187. [line 212] [Source]
  • Updated CLAUDE_CODE_SKIP_FOUNDRY_AUTH description: for gateways, use ANTHROPIC_FOUNDRY_API_KEY instead; without an API key, the variable leaves the Foundry client unable to send requests. [line 251] [Source]
  • Updated CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY to note that availableModels delivery for gateway configurations must use MDM or managed settings files (server-managed delivery is not available on gateway configurations). [line 185] [Source]

Errors [Source]

  • New error entry: Model ... is restricted by your organization's settings — covers both Console-disabled models and availableModels exclusions, with guidance on what to do. [lines 609-622] [Source]
  • New auto mode error variant: when a separate API safety check blocked the classifier request because of earlier conversation content, the error now explains this and advises switching permission modes or starting a fresh conversation. [lines 141-150] [Source]

Fast mode [Source]

  • Added exception: if a session is already running on an allowed Opus model that supports fast mode, /fast enables fast mode on the current model instead of refusing. [line 88] [Source]

Fullscreen rendering [Source]

  • Click to choose an option in select menus (permission prompts, /model, /config, etc.) is now supported in fullscreen mode. Requires v2.1.187. [line 40] [Source]

GitHub Actions [Source]

  • Updated /install-github-app description: the command installs the Claude GitHub App first, then optionally sets up GitHub Actions workflows. As of v2.1.187 you can skip the Actions setup and return to it later. [lines 28-29] [Source]

Glossary [Source]

  • Updated "Managed settings" definition to cover both server-delivered (admin console) and device-deployed (OS-level file) forms, with a note on eligibility requirements for server-managed delivery. [lines 128-129] [Source]

Hooks [Source]

  • Matchers now accept comma (,) as a list separator in addition to |, with optional surrounding whitespace. FileChanged and StopFailure events only accept |; all other events accept both. Requires v2.1.191. [lines 178-180] [Source]

Interactive mode [Source]

  • Vim mode / (reverse history search) now shows a hint to press Esc then i then / to open the command menu instead (v2.1.191). [line 136] [Source]
  • History search now loads the 100 most recent unique prompts, with duplicates collapsed to the newest occurrence. [line 220] [Source]
  • /btw overlay now supports Left/Right to step between earlier /btw answers from the session. Requires v2.1.187. [line 310] [Source]

LLM gateways [Source]

  • Major rewrite: the page is now a high-level overview of what gateways provide, how routing and credentials work, and the steps to roll one out. The detailed configuration content (LiteLLM setup, auth methods, provider pass-through examples) has moved to three new dedicated pages: llm-gateway-connect.md, llm-gateway-protocol.md, and llm-gateway-rollout.md. [full file]

MCP [Source]

  • Capability discovery requests (tools/list, prompts/list, resources/list) now retry transient errors up to three times with short backoff after a successful connection (v2.1.191). [line 152] [Source]
  • Remote MCP tool calls that send no response and no progress notification for 5 minutes now abort with an error; configurable with CLAUDE_CODE_MCP_TOOL_IDLE_TIMEOUT (v2.1.187). [line 170] [Source]
  • MCP OAuth (claude mcp login) now auto-detects when no local browser is available (SSH sessions, Linux without display server) and prints the authorization URL instead of trying to open a browser. --no-browser forces the URL prompt even when a browser is detected (v2.1.191). [line 484] [Source]

Model configuration [Source]

  • availableModels enforcement expanded: now also applies to skill/command model frontmatter, the advisor model, the --advisor flag, background agent model selection, and models restored when resuming a session. [lines 93-98] [Source]
  • New surface coverage table showing which delivery mechanism (server-managed vs endpoint-managed) reaches CLI/IDE, Desktop, cloud sessions, Agent SDK, and Cowork. [lines 110-122] [Source]
  • New section: Organization model restrictions — admins can disable models via the Claude Console, enforced server-side independently from availableModels. Requires v2.1.187. [lines 151-156] [Source]
  • New dedicated section for enforceAvailableModels with a code example and explanation of how Default resolves when the account-type default is excluded. [lines 128-143] [Source]
  • Fable 5 content-safety fallback target is now checked against availableModels; when blocked, no fallback occurs and the request ends with a refusal. [lines 248-252] [Source]
  • Merge behavior clarified: a specific version entry in availableModels disables that family's wildcard (e.g. ["sonnet", "claude-sonnet-4-5"] allows only 4.5 versions, not all Sonnet). [line 170] [Source]

Monitoring usage [Source]

  • Clarified retry exhaustion attempt count: it equals one more than the effective retry limit when all retries are exhausted (11 by default, never more than 16). [line 967] [Source]

Sandboxing [Source]

  • New section: sandbox.credentials — declare credential files (~/.aws/credentials, ~/.ssh) and secret environment variables (GITHUB_TOKEN, NPM_TOKEN) to block from sandboxed Bash commands. Requires v2.1.187. [lines 164-192] [Source]
  • Sandbox network permissions: "Yes" at the approval prompt now remembers the host for the rest of the session (v2.1.191). [line 208] [Source]

Server-managed settings [Source]

  • Delivery now explicitly requires an organization OAuth login or directly configured API key — keys returned by apiKeyHelper do not trigger the server-managed settings fetch. [line 186] [Source]
  • Added Claude Platform on AWS to the list of providers where server-managed settings are not available. [line 191] [Source]
  • forceRemoteSettingsRefresh is now honored when set in any managed source (v2.1.191), including MDM — an MDM-delivered value is not ignored when server-managed settings are also present. The settings fetch also sends Cache-Control: no-cache. [line 169] [Source]
  • Clarified that the HKCU (user-writable) Windows registry fallback does not count as an admin-deployed source for parentSettingsBehavior purposes. [line 187] [Source]

Settings [Source]

  • Managed settings scope description now clarifies that server-managed delivery applies to all organization members, while plist/HKLM/file delivery applies to all users on a machine, and HKCU registry applies only to the current user. [line 13] [Source]
  • New sandbox.credentials settings: credentials.files (credential files to block from sandboxed commands) and credentials.envVars (environment variables to unset before sandboxed commands run). Requires v2.1.187. [lines 358-359] [Source]
  • sandbox.credentials entries in managed settings that are individually invalid are stripped with a warning; a wholly invalid credentials value is dropped while the rest of sandbox still applies (v2.1.191). [line 160] [Source]
  • availableModels now also restricts skills. [line 197] [Source]
  • enforceAvailableModels description updated: it constrains the Default model to the first allowlisted entry and has no effect when availableModels is unset or empty. [line 224] [Source]
  • apiKeyHelper description updated to note it uses the system shell (cmd on Windows) not just /bin/sh. [line 200] [Source]
  • Array-merge note now lists two exceptions — fallbackModel and availableModels — separately with clear explanations. [lines 600-604] [Source]

Skills [Source]

  • Skill model frontmatter: a value excluded by availableModels is not used and the session keeps its current model. [line 208] [Source]

Sub-agents [Source]

  • availableModels allowlist now also checks the per-invocation model parameter, environment variable, and frontmatter values for subagents; excluded values fall back to the inherited model. [line 281] [Source]
  • Background subagent depth is now fixed at spawn time (v2.1.187): resuming a background subagent from a shallower context does not change its depth or allow additional nesting levels. [line 741] [Source]

Third-party integrations [Source]

  • Foundry LLM gateway example updated: replaced CLAUDE_CODE_SKIP_FOUNDRY_AUTH=1 with ANTHROPIC_FOUNDRY_API_KEY=your-gateway-key as the correct way to authenticate a gateway. [line 95] [Source]
  • Vertex AI LLM gateway example now includes ANTHROPIC_VERTEX_PROJECT_ID and CLOUD_ML_REGION in the configuration. [lines 127-128] [Source]

API changes

Changed documents

Adaptive thinking [Source]

  • Minor: updated obfuscated email link for contacting Anthropic sales about full thinking output.

Extended thinking [Source]

  • Minor: updated obfuscated email link for contacting Anthropic sales about full thinking output.

Files [Source]

  • Minor: updated obfuscated contact link for requesting higher rate limits during the beta period.