Compliance API: List chats can now run organization-wide (no need to enumerate every user first) and gained an order_by=updated_at mode — the new recommended way to run and keep an eDiscovery export current.
Compliance API: organization owners (not just the parent's primary owner) can now create Compliance Access Keys, scoped to their own organization instead of the whole tenant.
Compliance API: the Code Artifacts endpoints moved to /v1/compliance/apps/code/artifacts and no longer require the organization_uuid query parameter; the Activity Feed schema grew by roughly 40 new activity types (RBAC, SSO, GHE, Marketplace, Design, Cowork, LTI, tunnels, Claude Code security scanning) plus a new SystemActor for automated background processing.
Structured Outputs docs now warn that Claude may return enum/const string values that differ from your schema only in capitalization — compare case-insensitively.
Claude Code 2.1.203 shipped a very large batch of reliability fixes for background sessions, worktrees, and the daemon, plus a login-expiry warning and a footer badge for manual permission mode; 2.1.204 followed with a fix for hooks going idle-reaped in headless sessions.
Added a warning when your login is about to expire, so you can re-authenticate before background sessions are interrupted
Added a grey ⏸ badge to the footer when in manual permission mode, making the active mode always visible
Added the session's additional working directories to MCP roots/list, with notifications/roots/list_changed sent when the set changes
[VSCode] Added a Settings toggle for "Enable Remote Control for all sessions"
Existing feature improvements
Improved responsiveness while long responses stream: live-preview updates no longer re-render the whole screen
Improved subagent behavior: agents are now less likely to re-delegate their entire task to another subagent
Reduced binary size by ~7 MB and startup memory by ~7 MB by loading a large bundled dependency lazily instead of inlining it
Changed left arrow to no longer close the background tasks, diff, and workflow detail views — press Esc instead
Changed the empty claude agents view to always show the organized sections (Needs input / Working / Completed) with descriptions
Removed the startup "claude command missing or broken" warnings — they now appear in /doctor and /status instead
Major bug fixes
Fixed opening or switching background agent sessions on macOS stalling for 15–20 seconds due to a false low-memory detection (regression in 2.1.196)
Fixed background sessions becoming permanently unresponsive to attach, replies, and stop when the daemon's session token went stale — the session now recovers automatically
Fixed returning to claude agents silently stopping running subagents and re-running the prompt from scratch — their work now carries over
Fixed a memory and per-turn CPU regression in interactive sessions: the context-usage indicator no longer re-analyzes the entire transcript after every turn
Fixed background agents inheriting a stale PATH from the daemon instead of the dispatching shell, causing missing tools on Windows
Fixed background and agent-view sessions dropping a shell-exported ANTHROPIC_BASE_URL, which sent API keys to the default endpoint and failed with 401
Fixed Bash failing with "argument list too long" in repos with many git worktrees
Fixed worktree-isolated subagents sometimes running shell commands in the parent checkout instead of their own worktree
Fixed worktree creation rejecting nested repositories in multi-repo workspaces, leaving background sessions unable to isolate and edit
Fixed background agents crash-looping when their working directory was deleted, replaced by a file, or became an invalid path — they now fail once with a clear error
Fixed a background daemon auto-upgrade failure silently killing all running background sessions
Fixed TaskStop and TaskOutput failing to find background agents spawned by another agent — errors now list running agents by id and description
Fixed the claude agents composer discarding your typed message when a slash command isn't available there
Fixed the agent list crashing when opening a stopped session whose conversation was already open in another session
Fixed background sessions showing "Needs input" in the agent list after the question was already answered
Fixed background agent startup failures showing only "exit_with_message" instead of the actual error
Fixed background sessions ignoring effortLevel changes in settings.json when forked through the daemon
Fixed attached background sessions ignoring CLAUDE_CODE_DISABLE_MOUSE and CLAUDE_CODE_DISABLE_MOUSE_CLICKS opt-outs
Fixed /exit incorrectly warning about running background agents after all named agents had completed
Fixed background sessions started from a non-git directory unable to edit files when a WorktreeCreate hook was configured
Fixed the @ directory picker in claude agents not showing registered git worktrees
Fixed background task output on Windows being permanently replaced by an empty file after /clear
Fixed content jumping when scrolling up through long transcript history
Fixed the terminal flickering and jumping while typing in bash mode when a shell-history suggestion was shown
Fixed literal ^[[I / ^[[O escape codes being printed when reattaching to a background session
Fixed LSP-only plugins being incorrectly flagged for disuse when their language servers deliver diagnostics or answer navigation requests
Clarified error handling: an uncaught handler exception no longer stops the agent loop — the SDK's in-process MCP server catches it and returns the raw exception message to Claude, so returning isError: true yourself only changes what message Claude reads, not whether the query survives. [lines 231-236] [Source]
Documented that the Python SDK drops audio blocks and binary (resource.blob) resources from tool results with a logged warning, instead of saving them like the TypeScript SDK does. [line 285] [line 335] [Source]
agent_id/agent_type are now documented as populated on more Python hook input types: optional on PreToolUse, PostToolUse, PostToolUseFailure, and PermissionRequest, and required on SubagentStart/SubagentStop. [line 177] [Source]
Clarified when can_use_tool needs a keep-alive hook: with a finite message stream (query(prompt=generator) or connect(prompt=async_iterable)), the SDK closes the input stream after the last message unless a hook or in-process MCP server keeps it open; connecting with no prompt and sending via ClaudeSDKClient.query() keeps the stream open on its own. [line 122] [Source]
Noted that tools from a plugin-bundled MCP server use a scoped name, such as mcp__plugin_my-plugin_db__query, when writing a hook matcher. [line 631] [Source]
Documented that a matcher written against the bare server key never fires for a plugin-bundled MCP server: the tool name is scoped as mcp__plugin_<plugin-name>_<server-name>__<tool>. [line 255] [Source]
Documented that an mcp_tool hook's server field must use the scoped name plugin:<plugin-name>:<server-name> for a plugin-bundled server, not the bare server key. [line 408] [Source]
Noted that transcript_path is written asynchronously and may lag the in-memory conversation; hooks that need the current turn's final assistant text should read last_assistant_message on Stop/SubagentStop instead. [line 560] [line 2004] [Source]
Documented short flag forms for claude mcp add: -s/--scope, -e/--env, and new -t/--transport and -H/--header short forms. [lines 171-176] [Source]
Clarified that a plugin-bundled MCP server registers under the scoped name plugin:<plugin-name>:<server-name>, needed for hook matchers and mcp_tool hooks' server field. [lines 249-250] [Source]
Added a note that hooks targeting a plugin's own bundled MCP server must use its scoped tool name and server field, since a bare-server-key matcher never fires. [line 134] [Source]
Minor edits (not itemized individually)
channels-reference.md had two CDN image URLs updated for the architecture and permission-relay diagrams (same images, new hosting path).
The API prerequisites no longer list code-execution-2025-08-25 as a required beta header — Skills now just need the code execution tool plus skills-2025-10-02 and files-api-2025-04-14. [line 174] [Source]
All examples switched from code_execution_20250825 (with the code-execution-2025-08-25 beta header) to the newer, generally-available code_execution_20260521 tool version, which needs no code-execution beta header — only skills-2025-10-02. [line 58] [line 81] [Source]
Added an order_by parameter (created_at default, or updated_at for org-wide queries) that determines the sort key and which time-filter bounds are valid. [lines 53-65] [Source]
The updated_at.* time filters no longer require user_ids[] — org-wide queries can now filter and sort by update time directly. [line 76] [Source]
Noted that before_id backward pagination is only supported for per-user queries (user_ids[] set); org-wide queries can't page backward. [line 165] [Source]
All three Code Artifact endpoints moved from /v1/compliance/code/artifacts to /v1/compliance/apps/code/artifacts. [line 17] [Source]
Removed the organization_uuid query parameter (previously "strongly recommended" to avoid a 400 on wide child-organization scans) from the delete and download-version endpoints, and dropped the deprecated organization_id field from Artifact objects in favor of organization_uuid. [line 30] [line 34] [Source]
List Code Artifacts is now sorted by identifier across the whole result set rather than "within each batch of child organizations" — the pagination and freshness caveats are unchanged. [line 9] [Source]
Added expires_at to Compliance API key objects (null when the key doesn't expire). [line 60] [Source]
Added a dozen new boolean setting names to track (chat_enabled, claude_ai_chat_sharing_enabled, claude_ai_integration_sharing_enabled, claude_code_desktop_enabled, claude_code_metrics_logging_enabled, claude_code_security_enabled, claude_code_web_enabled, claude_code_workflows_enabled, claude_design_enabled, inline_visualizations_enabled, member_usage_dashboard_visible, work_across_apps_enabled), a new String-typed setting (claude_code_default_worker_environment_id / ..._pool_id), and a new disabled_admin_request_types string-list setting. [line 91] [line 194] [Source]
Added a new SystemActor actor type for automated background processing performed by Anthropic systems without a user or customer credential, replacing what was previously described only as FederatedIdentityActor-style workload auth in this slot. [line 90] [Source]
Expanded activity_types from 342 to 384 documented values, adding roughly 40 new activity types across Claude Code agent proxy (CCR) credentials/profiles/Slack bindings, Claude Code security scanning, RBAC roles, SSO/SCIM/GHE directory sync, marketplaces and plugin directory submissions, design projects, Cowork settings, LTI integrations, and tunnels. [line 21] [line 25] [Source]
Added Go and Ruby SDK support and an Azure RBAC role prerequisite (Foundry User or Cognitive Services User) alongside the existing Azure CLI note. [lines 29-34] [Source]
Noted the C# SDK always builds its base URL from the resource name and ignores ANTHROPIC_FOUNDRY_BASE_URL. [line 134] [Source]
Added "Next steps" (Features overview, Pricing, Model deprecations) and expanded "Additional resources" cards at the bottom of the page. [line 340] [Source]
Updated example model IDs to the current lineup (claude-sonnet-5 in the quickstart, data-zone, and raw-response examples; anthropic.claude-haiku-4-5 in the Bedrock-migration comparison table, replacing claude-sonnet-4-6/claude-opus-4-6). [line 320] [line 555] [Source]
Added a "Next steps" section and expanded "Additional resources" cards. [line 663] [Source]
Added an "Enum value casing" note: Claude may return an enum/const string value that differs from the schema only in capitalization (typically the first letter after a space), with no error and no special stop_reason — compare case-insensitively and avoid enum values that differ only by case. [lines 452-467] [Source]
Documented that a Claude Enterprise organization owner (not just the parent's primary owner) can now create a key — restricted to Compliance API scopes and their own organization, while the primary owner can still create a key spanning every linked organization with any scope combination. [line 16] [line 47] [Source]
Renamed from "Get access to the Compliance API" and restructured around a single "Set up the Compliance API" flow: enable the API, then decide the key's scope (parent-organization-wide vs. single organization) before signing in with the matching role — an organization owner can now create a Compliance Access Key restricted to their own organization, in addition to the primary owner's parent-wide key. [line 1] [lines 44-60] [Source]
Rewrote the chat-listing guidance to recommend the new organization-wide, order_by=updated_at query (no user_ids[] enumeration needed) as the way to run and keep an export current, moving the older per-user user_ids[] + created_at.gte example to a "scope to specific users" subsection for legal holds on named custodians. [lines 487-549] [Source]
Reworded the policy-violation retention carve-out: Anthropic may retain flagged inputs/outputs for up to 2 years when content is "flagged by Anthropic's automated trust and safety systems," rather than specifically "flagged for a Usage Policy violation or malicious use." [line 208] [Source]
Clarified that the worker's bash tool invokes /bin/bash directly without consulting PATH; the TypeScript SDK needs unzip/tar on PATH, while Python and now Go SDKs use their standard libraries for archive extraction. [line 54] [Source]
Documented that CLI/SDK workers now preserve executable permissions recorded in a skill bundle at extraction time, rather than marking every downloaded skill file executable. [line 586] [Source]
Added Linux release-binary curl install instructions alongside the Homebrew option, with a link to the CLI's GitHub releases page. [lines 121-152] [Source]
Clarified EnvironmentWorker.handle_item() now handles one claimed work item using either explicit IDs or the ANTHROPIC_* variables set by ant beta:worker poll --on-work, and that reclaim_older_than_ms re-claims work claimed but never acknowledged within that window. [line 639] [Source]
A streaming-classifier refusal now includes a stop_details object with a category and a human-readable explanation you can surface to users (delivered on the message_delta event when streaming); stop_details can still be null, so branch on stop_reason and keep your own fallback messaging. [lines 26-42] [Source]
Minor edits (not itemized individually)
Roughly 35 Compliance API pages (api/compliance.md, api/compliance/apps*.md, api/compliance/groups*.md, api/compliance/organizations*.md, manage-claude/compliance-errors.md, compliance-org-data.md, compliance-activity-feed.md, compliance-api.md, compliance-faq.md, compliance-integration-patterns.md, admin-api.md, analytics-api.md) had their "Get access to the Compliance API" links renamed to "Set up the Compliance API", matching the renamed page.
api/api/compliance/apps/chats/messages.md and .../messages/list.md reworded the truncated field descriptions for tool_use/tool_result blocks to speak generically about "the endpoint's max parameter" instead of naming specific query-parameter names.
adaptive-thinking.md, extended-thinking.md, and build-with-claude/files.md had their obfuscated "contact sales/us" email-protection hashes regenerated (same visible mailto links).