Claude docs changes for July 8th, 2026 [diff]

Executive Summary

  • Compliance API: List chats can now run organization-wide (no need to enumerate every user first) and gained an order_by=updated_at mode — the new recommended way to run and keep an eDiscovery export current.
  • Compliance API: organization owners (not just the parent's primary owner) can now create Compliance Access Keys, scoped to their own organization instead of the whole tenant.
  • Compliance API: the Code Artifacts endpoints moved to /v1/compliance/apps/code/artifacts and no longer require the organization_uuid query parameter; the Activity Feed schema grew by roughly 40 new activity types (RBAC, SSO, GHE, Marketplace, Design, Cowork, LTI, tunnels, Claude Code security scanning) plus a new SystemActor for automated background processing.
  • Structured Outputs docs now warn that Claude may return enum/const string values that differ from your schema only in capitalization — compare case-insensitively.
  • Claude Code 2.1.203 shipped a very large batch of reliability fixes for background sessions, worktrees, and the daemon, plus a login-expiry warning and a footer badge for manual permission mode; 2.1.204 followed with a fix for hooks going idle-reaped in headless sessions.

New Claude Code versions

2.1.203

New features

  • Added a warning when your login is about to expire, so you can re-authenticate before background sessions are interrupted
  • Added a grey ⏸ badge to the footer when in manual permission mode, making the active mode always visible
  • Added the session's additional working directories to MCP roots/list, with notifications/roots/list_changed sent when the set changes
  • [VSCode] Added a Settings toggle for "Enable Remote Control for all sessions"

Existing feature improvements

  • Improved responsiveness while long responses stream: live-preview updates no longer re-render the whole screen
  • Improved subagent behavior: agents are now less likely to re-delegate their entire task to another subagent
  • Reduced binary size by ~7 MB and startup memory by ~7 MB by loading a large bundled dependency lazily instead of inlining it
  • Changed left arrow to no longer close the background tasks, diff, and workflow detail views — press Esc instead
  • Changed the empty claude agents view to always show the organized sections (Needs input / Working / Completed) with descriptions
  • Removed the startup "claude command missing or broken" warnings — they now appear in /doctor and /status instead

Major bug fixes

  • Fixed opening or switching background agent sessions on macOS stalling for 15–20 seconds due to a false low-memory detection (regression in 2.1.196)
  • Fixed background sessions becoming permanently unresponsive to attach, replies, and stop when the daemon's session token went stale — the session now recovers automatically
  • Fixed returning to claude agents silently stopping running subagents and re-running the prompt from scratch — their work now carries over
  • Fixed a memory and per-turn CPU regression in interactive sessions: the context-usage indicator no longer re-analyzes the entire transcript after every turn
  • Fixed background agents inheriting a stale PATH from the daemon instead of the dispatching shell, causing missing tools on Windows
  • Fixed background and agent-view sessions dropping a shell-exported ANTHROPIC_BASE_URL, which sent API keys to the default endpoint and failed with 401
  • Fixed Bash failing with "argument list too long" in repos with many git worktrees
  • Fixed worktree-isolated subagents sometimes running shell commands in the parent checkout instead of their own worktree
  • Fixed worktree creation rejecting nested repositories in multi-repo workspaces, leaving background sessions unable to isolate and edit
  • Fixed background agents crash-looping when their working directory was deleted, replaced by a file, or became an invalid path — they now fail once with a clear error
  • Fixed a background daemon auto-upgrade failure silently killing all running background sessions
  • Fixed TaskStop and TaskOutput failing to find background agents spawned by another agent — errors now list running agents by id and description
  • Fixed the claude agents composer discarding your typed message when a slash command isn't available there
  • Fixed the agent list crashing when opening a stopped session whose conversation was already open in another session
  • Fixed background sessions showing "Needs input" in the agent list after the question was already answered
  • Fixed background agent startup failures showing only "exit_with_message" instead of the actual error
  • Fixed background sessions ignoring effortLevel changes in settings.json when forked through the daemon
  • Fixed attached background sessions ignoring CLAUDE_CODE_DISABLE_MOUSE and CLAUDE_CODE_DISABLE_MOUSE_CLICKS opt-outs
  • Fixed /exit incorrectly warning about running background agents after all named agents had completed
  • Fixed background sessions started from a non-git directory unable to edit files when a WorktreeCreate hook was configured
  • Fixed the @ directory picker in claude agents not showing registered git worktrees
  • Fixed background task output on Windows being permanently replaced by an empty file after /clear
  • Fixed content jumping when scrolling up through long transcript history
  • Fixed the terminal flickering and jumping while typing in bash mode when a shell-history suggestion was shown
  • Fixed literal ^[[I / ^[[O escape codes being printed when reattaching to a background session
  • Fixed LSP-only plugins being incorrectly flagged for disuse when their language servers deliver diagnostics or answer navigation requests

2.1.204

Major bug fixes

  • Fixed hook events not streaming during SessionStart hooks in headless sessions, which could cause remote workers to be idle-reaped mid-hook

Claude Code changes

Changed documents

Agent loop [Source]

  • The "auto" permission mode is no longer marked TypeScript-only in the permission-mode table. [line 172] [Source]

Custom tools [Source]

  • Clarified error handling: an uncaught handler exception no longer stops the agent loop — the SDK's in-process MCP server catches it and returns the raw exception message to Claude, so returning isError: true yourself only changes what message Claude reads, not whether the query survives. [lines 231-236] [Source]
  • Documented that the Python SDK drops audio blocks and binary (resource.blob) resources from tool results with a logged warning, instead of saving them like the TypeScript SDK does. [line 285] [line 335] [Source]

Hooks (Agent SDK) [Source]

  • agent_id/agent_type are now documented as populated on more Python hook input types: optional on PreToolUse, PostToolUse, PostToolUseFailure, and PermissionRequest, and required on SubagentStart/SubagentStop. [line 177] [Source]

Permissions (Agent SDK) [Source]

  • The auto permission mode is no longer marked TypeScript-only. [line 103] [Source]

Python SDK reference [Source]

  • Added "auto" to the PermissionMode literal type, matching the mode's TypeScript-parity change. [line 1041] [Source]
  • Added optional agent_id/agent_type fields to PermissionRequestHookInput. [line 2105] [Source]

Quickstart (Agent SDK) [Source]

  • The auto permission mode row no longer says "TypeScript only". [line 279] [Source]

Handling user input [Source]

  • Clarified when can_use_tool needs a keep-alive hook: with a finite message stream (query(prompt=generator) or connect(prompt=async_iterable)), the SDK closes the input stream after the last message unless a hook or in-process MCP server keeps it open; connecting with no prompt and sending via ClaudeSDKClient.query() keeps the stream open on its own. [line 122] [Source]

Claude Code on Claude Platform on AWS [Source]

  • Re-added the "Deploying Claude Code across your organization? Talk to sales..." enterprise promo banner at the top of the page. [lines 1-4] [Source]

Hooks how-to guide [Source]

  • Noted that tools from a plugin-bundled MCP server use a scoped name, such as mcp__plugin_my-plugin_db__query, when writing a hook matcher. [line 631] [Source]

Hooks reference [Source]

  • Documented that a matcher written against the bare server key never fires for a plugin-bundled MCP server: the tool name is scoped as mcp__plugin_<plugin-name>_<server-name>__<tool>. [line 255] [Source]
  • Documented that an mcp_tool hook's server field must use the scoped name plugin:<plugin-name>:<server-name> for a plugin-bundled server, not the bare server key. [line 408] [Source]
  • Noted that transcript_path is written asynchronously and may lag the in-memory conversation; hooks that need the current turn's final assistant text should read last_assistant_message on Stop/SubagentStop instead. [line 560] [line 2004] [Source]

Connect Claude Code to tools via MCP [Source]

  • Documented short flag forms for claude mcp add: -s/--scope, -e/--env, and new -t/--transport and -H/--header short forms. [lines 171-176] [Source]
  • Clarified that a plugin-bundled MCP server registers under the scoped name plugin:<plugin-name>:<server-name>, needed for hook matchers and mcp_tool hooks' server field. [lines 249-250] [Source]

Plugins reference [Source]

  • Added a note that hooks targeting a plugin's own bundled MCP server must use its scoped tool name and server field, since a bare-server-key matcher never fires. [line 134] [Source]

Minor edits (not itemized individually)

  • channels-reference.md had two CDN image URLs updated for the architecture and permission-relay diagrams (same images, new hosting path).

API changes

Changed documents

Agent Skills overview [Source]

  • The API prerequisites no longer list code-execution-2025-08-25 as a required beta header — Skills now just need the code execution tool plus skills-2025-10-02 and files-api-2025-04-14. [line 174] [Source]

Agent Skills quickstart [Source]

  • All examples switched from code_execution_20250825 (with the code-execution-2025-08-25 beta header) to the newer, generally-available code_execution_20260521 tool version, which needs no code-execution beta header — only skills-2025-10-02. [line 58] [line 81] [Source]

Deploy MCP tunnels with Docker Compose [Source]

  • Bumped the mcp-proxy image digest referenced in the docker-compose.yaml example (setup and proxy containers). [line 89] [line 133] [Source]

Deploy MCP tunnels with Helm [Source]

  • Bumped the referenced mcp-tunnel Helm chart version from 2.0.0 to 2.0.1 throughout the install/upgrade examples. [line 131] [Source]

MCP tunnels quickstart [Source]

  • Bumped the mcp-proxy image digest in the two-container docker-compose.yaml example. [line 149] [Source]

Advisor tool [Source]

  • Added Java to the SDK tabs for the quick-start example and the two follow-up code samples. [line 54] [Source]

Tool combinations [Source]

  • The web-search-plus-code-execution example now uses the code_execution_20260521 tool version instead of code_execution_20250825. [line 19] [Source]

List chats [Source]

  • Added an order_by parameter (created_at default, or updated_at for org-wide queries) that determines the sort key and which time-filter bounds are valid. [lines 53-65] [Source]
  • The updated_at.* time filters no longer require user_ids[] — org-wide queries can now filter and sort by update time directly. [line 76] [Source]
  • Noted that before_id backward pagination is only supported for per-user queries (user_ids[] set); org-wide queries can't page backward. [line 165] [Source]

Code Artifacts, List, Delete, Download version [Source]

  • All three Code Artifact endpoints moved from /v1/compliance/code/artifacts to /v1/compliance/apps/code/artifacts. [line 17] [Source]
  • Removed the organization_uuid query parameter (previously "strongly recommended" to avoid a 400 on wide child-organization scans) from the delete and download-version endpoints, and dropped the deprecated organization_id field from Artifact objects in favor of organization_uuid. [line 30] [line 34] [Source]
  • List Code Artifacts is now sorted by identifier across the whole result set rather than "within each batch of child organizations" — the pagination and freshness caveats are unchanged. [line 9] [Source]

Settings, Get effective organization settings [Source]

  • Added expires_at to Compliance API key objects (null when the key doesn't expire). [line 60] [Source]
  • Added a dozen new boolean setting names to track (chat_enabled, claude_ai_chat_sharing_enabled, claude_ai_integration_sharing_enabled, claude_code_desktop_enabled, claude_code_metrics_logging_enabled, claude_code_security_enabled, claude_code_web_enabled, claude_code_workflows_enabled, claude_design_enabled, inline_visualizations_enabled, member_usage_dashboard_visible, work_across_apps_enabled), a new String-typed setting (claude_code_default_worker_environment_id / ..._pool_id), and a new disabled_admin_request_types string-list setting. [line 91] [line 194] [Source]

Activities, Query compliance activities [Source]

  • Added a new SystemActor actor type for automated background processing performed by Anthropic systems without a user or customer credential, replacing what was previously described only as FederatedIdentityActor-style workload auth in this slot. [line 90] [Source]
  • Expanded activity_types from 342 to 384 documented values, adding roughly 40 new activity types across Claude Code agent proxy (CCR) credentials/profiles/Slack bindings, Claude Code security scanning, RBAC roles, SSO/SCIM/GHE directory sync, marketplaces and plugin directory submissions, design projects, Cowork settings, LTI integrations, and tunnels. [line 21] [line 25] [Source]

Claude in Microsoft Foundry [Source]

  • Added Go and Ruby SDK support and an Azure RBAC role prerequisite (Foundry User or Cognitive Services User) alongside the existing Azure CLI note. [lines 29-34] [Source]
  • Noted the C# SDK always builds its base URL from the resource name and ignores ANTHROPIC_FOUNDRY_BASE_URL. [line 134] [Source]
  • Added "Next steps" (Features overview, Pricing, Model deprecations) and expanded "Additional resources" cards at the bottom of the page. [line 340] [Source]

Claude Platform on AWS [Source]

  • Updated example model IDs to the current lineup (claude-sonnet-5 in the quickstart, data-zone, and raw-response examples; anthropic.claude-haiku-4-5 in the Bedrock-migration comparison table, replacing claude-sonnet-4-6/claude-opus-4-6). [line 320] [line 555] [Source]
  • Added a "Next steps" section and expanded "Additional resources" cards. [line 663] [Source]

Structured Outputs [Source]

  • Added an "Enum value casing" note: Claude may return an enum/const string value that differs from the schema only in capitalization (typically the first letter after a space), with no error and no special stop_reason — compare case-insensitively and avoid enum values that differ only by case. [lines 452-467] [Source]

Admin API keys [Source]

  • Documented that a Claude Enterprise organization owner (not just the parent's primary owner) can now create a key — restricted to Compliance API scopes and their own organization, while the primary owner can still create a key spanning every linked organization with any scope combination. [line 16] [line 47] [Source]

Set up the Compliance API [Source]

  • Renamed from "Get access to the Compliance API" and restructured around a single "Set up the Compliance API" flow: enable the API, then decide the key's scope (parent-organization-wide vs. single organization) before signing in with the matching role — an organization owner can now create a Compliance Access Key restricted to their own organization, in addition to the primary owner's parent-wide key. [line 1] [lines 44-60] [Source]

Retrieve and delete chats, files, and projects [Source]

  • Rewrote the chat-listing guidance to recommend the new organization-wide, order_by=updated_at query (no user_ids[] enumeration needed) as the way to run and keep an export current, moving the older per-user user_ids[] + created_at.gte example to a "scope to specific users" subsection for legal holds on named custodians. [lines 487-549] [Source]

API and data retention [Source]

  • Reworded the policy-violation retention carve-out: Anthropic may retain flagged inputs/outputs for up to 2 years when content is "flagged by Anthropic's automated trust and safety systems," rather than specifically "flagged for a Usage Policy violation or malicious use." [line 208] [Source]

Self-hosted sandboxes [Source]

  • Clarified that the worker's bash tool invokes /bin/bash directly without consulting PATH; the TypeScript SDK needs unzip/tar on PATH, while Python and now Go SDKs use their standard libraries for archive extraction. [line 54] [Source]
  • Documented that CLI/SDK workers now preserve executable permissions recorded in a skill bundle at extraction time, rather than marking every downloaded skill file executable. [line 586] [Source]
  • Added Linux release-binary curl install instructions alongside the Homebrew option, with a link to the CLI's GitHub releases page. [lines 121-152] [Source]
  • Clarified EnvironmentWorker.handle_item() now handles one claimed work item using either explicit IDs or the ANTHROPIC_* variables set by ant beta:worker poll --on-work, and that reclaim_older_than_ms re-claims work claimed but never acknowledged within that window. [line 639] [Source]

Handle streaming refusals [Source]

  • A streaming-classifier refusal now includes a stop_details object with a category and a human-readable explanation you can surface to users (delivered on the message_delta event when streaming); stop_details can still be null, so branch on stop_reason and keep your own fallback messaging. [lines 26-42] [Source]

Minor edits (not itemized individually)

  • Roughly 35 Compliance API pages (api/compliance.md, api/compliance/apps*.md, api/compliance/groups*.md, api/compliance/organizations*.md, manage-claude/compliance-errors.md, compliance-org-data.md, compliance-activity-feed.md, compliance-api.md, compliance-faq.md, compliance-integration-patterns.md, admin-api.md, analytics-api.md) had their "Get access to the Compliance API" links renamed to "Set up the Compliance API", matching the renamed page.
  • api/api/compliance/apps/chats/messages.md and .../messages/list.md reworded the truncated field descriptions for tool_use/tool_result blocks to speak generically about "the endpoint's max parameter" instead of naming specific query-parameter names.
  • adaptive-thinking.md, extended-thinking.md, and build-with-claude/files.md had their obfuscated "contact sales/us" email-protection hashes regenerated (same visible mailto links).