Claude docs changes for July 10th, 2026 [diff]

Executive Summary

  • Managed Agents: self-hosted sandbox workers can now serve custom tools directly — including wrapping an internal-only MCP server as custom tools — without an MCP tunnel or exposing your Claude API key to the worker host.
  • Memory store endpoints (list/create/update/delete memories) move to their own agent-memory-2026-07-22 beta header, replacing managed-agents-2026-04-01 for those calls, with clearer depth/limit/path_prefix semantics — don't send both beta headers on the same request.
  • New API key expiration feature: Console and Admin API keys can now be created with a preset or custom expiration (or Never), with warning emails before expiry and automatic 401s once a key expires.
  • Claude Code 2.1.206 adds directory suggestions to /cd, a /doctor check that trims bloated checked-in CLAUDE.md files, gateway /login support for Anthropic-operated public endpoints, and a confirmation prompt before entering worktrees outside the project.
  • Custom tool descriptions across the Claude API can now be up to 4096 characters (up from 1024), and self-hosted work items no longer expose a secret credential field in their schema.

New Claude Code versions

2.1.206

New features

  • Added directory path suggestions to /cd, matching /add-dir behavior
  • Added a /doctor check that proposes trimming checked-in CLAUDE.md files by cutting content Claude could derive from the codebase
  • /commit-push-pr now auto-allows git push to the repo's configured push remote (remote.pushDefault, or the sole remote when only one is configured) in addition to origin
  • Gateway: /login now supports Anthropic-operated public gateway endpoints
  • EnterWorktree now asks for confirmation before entering a git worktree outside the project's .claude/worktrees/ directory

Existing feature improvements

  • Background agents now upgrade to a new version in the background right after a Claude Code update, instead of paying a slow stale-session upgrade when you attach
  • Improved /code-review findings quality on claude-opus-4-8 across all effort levels
  • Improved agents view: status column now uses full terminal width instead of truncating at 64 characters
  • Changed agents view: Ctrl+X now permanently removes a completed session, and sessions no longer render twice; deleted background jobs stay deleted

Major bug fixes

  • Fixed an expired login failing every model with a misleading "There's an issue with the selected model" error instead of prompting to run /login
  • Fixed claude --resume and --continue not responding to keyboard input on startup
  • Fixed MCP servers configured via --mcp-config or .mcp.json ignoring a per-server request_timeout_ms, which caused long-running MCP tool calls to time out at the 60s default in fresh sessions
  • Fixed CLAUDE_CODE_EXTRA_BODY being silently ignored by claude agents / --bg background workers; the shell-exported override now follows the dispatching session
  • Fixed OAuth MCP servers requiring manual re-authentication after a single failed token refresh
  • Fixed --permission-prompt-tool pointing at an MCP server crashing with "MCP tool not found" on cold start before the server finishes connecting
  • Fixed desktop sessions getting stuck showing "running" after a slash command was sent mid-turn
  • Bedrock: fixed a multi-minute startup hang when using an awsCredentialExport helper on networks with restricted egress

Claude Code changes

Changed documents

How the agent loop works [Source]

  • With streaming input, a message sent while a turn is still running now stays queued and starts its own turn when the max-turns limit ends the current one; before v2.1.205 such a message could be silently consumed and lost. [line 167] [Source]

Get structured output from agents [Source]

  • An invalid JSON Schema now fails the run at startup with an error naming the problem, instead of being silently ignored and returning unstructured text. [line 227] [Source]
  • The format keyword (e.g. "format": "email") is now accepted as an unenforced annotation instead of making the whole schema invalid. [line 228] [Source]

TypeScript SDK reference [Source]

  • interrupt() now resolves with a new SDKControlInterruptResponse (when the CLI advertises the interrupt_receipt_v1 capability) listing queued messages that survived the interrupt. [lines 476-590] [Source]
  • New capabilities field on SDKSystemMessage for feature-detecting protocol behaviors, including interrupt_receipt_v1. [lines 1139-1147] [Source]
  • SDKMessageOrigin's peer kind gains a body field alongside name (both require v2.1.205+). [lines 1282-1293] [Source]
  • ExitPlanModeInput.allowedPrompts is now deprecated and ignored; it previously requested prompt-based Bash permissions. [lines 2112-2120] [Source]

Manage multiple agents with agent view [Source]

  • Row summaries now refresh from the session's own output every 15s without a model request, with full model rewrites at turn end and periodic mid-turn rewrites, truncated at 64 columns. [lines 125-129] [Source]
  • Pull-request linking expanded: sessions that edit/comment/close/ready an existing PR via gh are now linked to it, a push links a PR regardless of branch-name match, and PRs found in truncated command output are now linked too. [lines 134-136] [Source]
  • claude attach now waits up to ~60 seconds for a session that's mid-restart instead of failing immediately. [line 209] [Source]

Configure auto mode [Source]

  • Auto mode now also blocks by default: writes to Claude Code's own session transcript files, and recursive forced deletes targeting an unassigned shell variable or glob. [lines 225-228] [Source]
  • The "Repository visibility" classifier now reads only your messages and Claude's commands, not command output — a gh repo view result alone no longer counts as evidence a repo is public. [lines 238-239] [Source]

Use Claude Code on the web [Source]

  • Cloud sessions now support /model, /effort, /fast, /color, and /rename with a value argument (e.g. /model sonnet), and /config key=value, instead of requiring the terminal picker. [line 645] [Source]

CLI reference [Source]

  • New claude doctor command for read-only installation/settings diagnostics from the terminal without starting a session. [line 25] [Source]
  • New --append-subagent-system-prompt flag to append text to every subagent's system prompt in non-interactive mode. [line 54] [Source]
  • --json-schema and --max-turns now document the invalid-schema error and the queued-message-on-limit behavior described in the SDK docs above. [lines 84-87] [Source]

Commands [Source]

  • /doctor is rewritten as a "setup checkup" skill: it finds unused skills/MCP servers/plugins, deduplicates CLAUDE.md files, migrates guidance into skills, flags slow hooks, and asks for confirmation before changing anything — replacing the old read-only diagnostics screen. [line 57] [Source]
  • /effort, /fast, /color, /mcp, /model, and /rename now document non-interactive (-p) support with value arguments; /usage-credits now opens/prints the billing URL. [lines 44-126] [Source]

Debug your configuration [Source]

  • /doctor reference rewritten to "Setup checkup": installation health, invalid settings, unused extensions, and duplicate subagent names, with proposed fixes applied only after confirmation; also documents the new claude doctor terminal command. [lines 18-32] [Source]
  • An array-value schema error in settings.json now rejects the whole file in user/project/local scope, but only strips the invalid entry in managed settings. [lines 48-52] [Source]

Desktop application [Source]

  • Permission modes renamed: "Ask permissions" → "Manual", "Auto accept edits" → "Accept edits", "Plan mode" → "Plan"; bypass-permissions now also covers safety-classifier prompts when Claude acts on external sites. [lines 58-73] [Source]
  • "Preview pane" renamed to "Browser pane", with a new "Browse external sites" feature: tabbed browsing, per-site approval (Allow once/Always allow/Deny), safety classifiers on write actions, and org-level allowlist/blocklist controls via a new browserExternalPageTools managed setting. [lines 80-115] [Source]

Get started with the desktop app [Source]

  • Permission mode list restructured to Manual/Accept edits/Plan, and the "Preview" pane is now the "Browser" pane, which can also open external sites. [lines 85-108] [Source]

Environment variables [Source]

  • New CLAUDE_CODE_ENABLE_APPEND_SUBAGENT_PROMPT variable, auto-set by --append-subagent-system-prompt. [line 189] [Source]
  • DISABLE_DOCTOR_COMMAND now hides the /doctor setup-checkup skill and its /checkup alias instead of the old diagnostics screen; it doesn't affect claude doctor. [line 197] [Source]

Error reference [Source]

  • New "The --json-schema value is not a valid JSON Schema" section: an invalid schema now exits with code 1 and a diagnostic instead of silently producing unstructured output. [lines 909-931] [Source]
  • New "Could not import a server from Claude Desktop" section: claude mcp add-from-claude-desktop now imports the other selected servers and reports each one it couldn't add, instead of aborting the whole import on the first failure. [lines 933-944] [Source]
  • New "Plugin errors" section covering a marketplace registered under a name reserved for official Anthropic marketplaces — Claude Code now re-checks reserved names on every load, not just when the marketplace is added. [lines 946-963] [Source]
  • A download that stays connected but doesn't finish within 10 minutes now fails with Download timed out: exceeded the total deadline and isn't retried automatically. [line 886] [Source]
  • Documents that a restricted model-family alias (opus/sonnet/haiku/fable) now resolves to the newest permitted version under an org's allowlist instead of being substituted/rejected based on the family's newest release alone. [line 769] [Source]

Speed up responses with fast mode [Source]

  • /fast now works in non-interactive (-p) mode only when the session was launched with fast mode enabled via --settings, applying to that session only. [line 26] [Source]

Run Claude Code programmatically [Source]

  • Documents the new --json-schema validation error and that format is accepted but unenforced. [line 108] [Source]
  • The system/init event now carries an optional capabilities array for feature-detecting protocol behaviors such as interrupt_receipt_v1. [line 153] [Source]

Hooks reference [Source]

  • ExitPlanMode's tool_input.allowedPrompts field is now deprecated and ignored by Claude Code. [lines 1378-1384] [Source]
  • WorktreeCreate command hooks must now print the path as the last non-empty line of stdout; a bad or relative path fails cleanly with an error instead of crashing the session or stalling ~30s in -p mode. [lines 2344-2348] [Source]

How Claude Code works [Source]

  • Permission mode names updated (Default → Manual, Auto-accept edits → Accept edits, Plan mode → Plan, Auto mode → Auto), and /doctor is now described as running a setup checkup that can fix problems it finds. [lines 127-146] [Source]

Customize keyboard shortcuts [Source]

  • The dedicated Doctor keybinding context and doctor:fix action are removed along with the old diagnostics screen; keybinding validation warnings now go to the debug log instead of /doctor. [lines 63-467] [Source]

Connect Claude Code to an LLM gateway [Source]

  • Points to the Remote Control section of claude doctor (instead of /doctor) to find which credential variable to unset. [line 238] [Source]

Connect Claude Code to tools via MCP [Source]

  • Reserves more MCP server names (claude-in-chrome, computer-use, Claude Preview, Claude Browser); claude mcp add now rejects reserved names with an error. [lines 153-154] [Source]
  • Claude Code now surfaces MCP connection failures to the model (including in ToolSearch results) instead of silently treating the server as never configured. [line 164] [Source]
  • claude mcp add-from-claude-desktop now reports and skips servers with invalid names instead of aborting the whole import. [line 748] [Source]

Start with Opus [Source]

  • Model family aliases (opus/sonnet/haiku/fable) restricted by an availableModels allowlist now resolve to the newest permitted version instead of being rejected outright; Claude Code only rejects /model <alias> when every version of the family is restricted. [lines 113-276] [Source]
  • opusplan (and the Haiku→Sonnet plan-mode upgrade) now uses the newest permitted version of the upgrade family instead of falling back to the session's model whenever the newest version is excluded. [line 276] [Source]
  • Clarifies /effort set non-interactively (-p) applies to that session only, and reports Not applied when it can't override a model-default effort hold on Fable 5/Opus 4.8/4.7. [lines 353-354] [Source]

Monitoring [Source]

  • Credential-helper failure errors are now reported via /status output instead of /doctor. [line 270] [Source]

Choose a permission mode [Source]

  • Auto mode now also blocks writes to Claude Code's own session transcript files, and recursive forced deletes targeting an unassigned shell variable or glob, by default. [lines 225-228] [Source]

Create and distribute a plugin marketplace [Source]

  • Two more marketplace names are reserved (first-party-plugins, healthcare), and Claude Code now re-checks reserved names on every marketplace load, not just when it's added. [line 164] [Source]

Plugins reference [Source]

  • New LSP config fields shutdownTimeout and restartOnCrash, which previously caused the server to be silently skipped if set. [lines 231-236] [Source]
  • Documents that when multiple LSP servers claim the same file extension, the first registered wins, and a server that fails to initialize is skipped without blocking other valid servers on the same extension. [lines 237-239] [Source]

Continue local sessions from any device with Remote Control [Source]

  • /model, /effort, /fast, /color, and /rename now work from mobile/web with a value argument instead of being local-only. [lines 230-232] [Source]

Claude Code settings [Source]

  • New managed-only setting browserExternalPageTools to disable Claude's tools on external pages in the Desktop Browser pane. [line 207] [Source]
  • disableBundledSkills now documents that /doctor is exempt and stays typable, hidden only via DISABLE_DOCTOR_COMMAND. [line 219] [Source]

Extend Claude with skills [Source]

  • /doctor is now listed as a bundled skill that stays typable even when disableBundledSkills is on. [lines 12-13] [Source]
  • Skill-description-overflow guidance updated: /doctor now gives an estimate/biggest-contributors view, and overflow warnings are also written to the debug log. [lines 227-228] [Source]

Customize your status line [Source]

  • subagentStatusLine task objects gain new model and contextWindowSize fields for rendering a per-row context-usage percentage. [lines 1007-1008] [Source]

Create custom subagents [Source]

  • Clarifies duplicate subagent-name resolution: within one .claude/agents/ directory the winner is filesystem read order; across nested project directories the closest-to-cwd definition wins; /doctor now proposes renaming or removing duplicates. [line 148] [Source]
  • Resuming a stopped subagent via SendMessage now correctly shows it as "running" again instead of keeping a stale failed/completed status. [line 773] [Source]

Troubleshoot installation and login [Source]

  • Notes that on FreeBSD the installer now correctly reports the platform as unsupported, instead of misdetecting it as Linux and downloading a binary that couldn't run. [line 661] [Source]

Troubleshooting [Source]

  • /doctor guidance updated to reflect that it now proposes fixes you apply after confirmation, with MCP server status checks split out to /mcp. [lines 17-106] [Source]

Run parallel sessions with worktrees [Source]

  • If Claude Code can't enter a worktree directory at startup, it now prints an error and exits cleanly instead of crashing or stalling ~30s under -p. [line 30] [Source]
  • On Windows, worktree removal now strips NTFS junctions/symlinks at any depth as link entries before deleting, fixing a bug where a nested junction could delete files outside the worktree. [line 86] [Source]

Minor edits (not itemized individually)

  • feature-availability.md, plugin-dependencies.md, and web-quickstart.md picked up small consequences of the permission-mode rename and a "Cowork on 3P" → "Claude Desktop on 3P" product rename, with no new information beyond what's covered above.
  • permissions.md, platforms.md, vs-code.md, llm-gateway-rollout.md, and sandboxing.md had only cosmetic tweaks (wording/link touch-ups).

API changes

Changed documents

Tool Runner (SDK) [Source]

  • Clarified the runner only appends the assistant message and tool results, and continues, when the response actually contains tool calls; with no tool calls, the loop just exits. [line 173] [Source]
  • The linked "Parallel tool use" guide now also covers disabling parallel tool calls, not just enabling/formatting them. [line 474] [Source]

Agents, Sessions [Source]

  • Custom tool description limit raised from 1024 to 4096 characters (also reflected across the C#, Ruby, PHP, Go, and TypeScript reference pages). [line 1153] [line 483] [Source]

Beta, Webhooks [Source]

  • Removed the environment.* and memory_store.* webhook event types and their event-data schemas entirely, dropping the documented event-data union from 40 variants to 33 (also removed from the language-specific webhook reference pages). [line 944] [line 250] [Source]

Work, Acknowledge Work, List Work Items, Poll for Work, Get Work Item, Stop Work, Update Work Item [Source]

  • Removed the secret field (the credential payload for self-hosted workers) from the BetaSelfHostedWork schema across every work endpoint, including polling (also removed from the C#, Ruby, and PHP reference pages). [line 63] [Source]

Create Skill, Create Skill Version [Source]

  • --file / file is now a required parameter instead of optional when creating a skill or a skill version (also reflected across the C#, Ruby, PHP, and TypeScript reference pages). [line 21] [line 29] [Source]

List memories [Source]

  • Documented real semantics for depth (0/omitted = whole subtree, 1 = immediate children only), limit (1-100, default 20, capped at 20 for view=full), page (opaque cursor), and path_prefix (must end with /, segment-aligned) — previously placeholder text. [lines 23-39] [Source]
  • Removed the order and order_by query parameters entirely — results are now returned in a stable, server-defined order instead. [lines 22-39] [Source]

Memory [Source]

  • Memory store endpoints now require a dedicated agent-memory-2026-07-22 beta header instead of managed-agents-2026-04-01 — sending both on the same request returns a 400 error; session endpoints (including attaching a memory store to a session) keep using managed-agents-2026-04-01. [lines 11-15] [Source]
  • On July 22, 2026, managed-agents-2026-04-01 adopts the same list behavior on GET /v1/memory_stores/{id}/memories; page cursors from requests made without a header aren't valid once that behavior is opted into. [line 17] [Source]
  • path_prefix must end with / and match whole path segments; depth accepts only 0 (whole subtree) or 1 (immediate children), returning 400 otherwise; results come back in a stable, server-defined order. [lines 112-114] [Source]

Define outcomes [Source]

  • Same memory-store beta-header split documented here. [line 15] [Source]
  • span.outcome_evaluation_ongoing events now include an iteration field. [line 155] [Source]
  • max_iterations_reached now triggers one final acknowledgment turn before the session goes idle, instead of ending evaluation immediately. [line 186] [Source]
  • New "Next steps" section linking to Vaults, Events and streaming, and Adding files. [line 252] [Source]

Self-hosted sandboxes, Tools [Source]

  • New "Serve custom tools from your sandbox" section: the SDK worker can implement a custom tool itself, so the tool call reaches only the credentials and network the sandbox is configured with, and the Claude API key never touches the worker host. [line 318] [Source]
  • New "Wrap an MCP server as custom tools" guide: expose an internal-network-only MCP server to the agent, with no inbound connectivity or tunnel required, by having the worker act as the MCP client and forward calls. [line 388] [Source]

Agent setup, Cloud sandboxes reference, Environments, Events and streaming, Files, GitHub, MCP connector, Multi-agent systems, Onboarding, Permission policies, Quickstart, Reference, Session operations, Sessions, Skills, Vaults [Source]

  • All now note that memory store endpoints require the new agent-memory-2026-07-22 beta header instead of managed-agents-2026-04-01, linking to the Beta headers page. [line 13] [Source]

Admin API [Source]

  • Documents the new expires_at field on Admin API key list/retrieve responses, and recommends auditing it alongside key rotation. [line 189] [line 278] [Source]

Admin API keys [Source]

  • Key-creation walkthrough now includes choosing an expiration for Console-issued Admin API keys. [line 36] [Source]

API and data retention [Source]

  • Clarifies this page covers the Claude API and Claude Platform on AWS (Anthropic as data processor); Bedrock, Google Cloud's Agent Platform, and Microsoft Foundry are covered by their own cloud provider as data processor instead. [line 7] [Source]
  • New ZDR detail: Claude Code's metrics-logging productivity data is exempt from Zero Data Retention and may still be retained even when ZDR is enabled; Claude Platform on AWS follows the same retention policy as the first-party API but ZDR there must be requested through an Anthropic account rep. [lines 28-29] [Source]
  • Notes Claude for Excel isn't ZDR-eligible yet, and that ZDR organizations can't use CORS — browser-based apps need a backend proxy instead. [lines 37-40] [Source]

Authentication [Source]

  • New "Key expiration" feature: keys can be created with a preset (3 hours/1 day/7 days/30 days), a custom duration, or Never, subject to org-level maximum-expiration policies. [lines 44-46] [Source]
  • Expiring keys trigger warning emails to the creator: 7 days before expiry for keys with a lifetime of 14+ days, 1 day before for 7+ day keys; shorter-lived keys get no warning. [line 48] [Source]
  • After expiration, requests return 401 authentication_error and the key can't be reactivated — a new key must be created; the Console keys table and Admin API now expose each key's expires_at. [lines 50-52] [Source]

CMEK [Source]

  • CMEK can now be combined with Zero Data Retention on both Claude Platform and Claude Enterprise, replacing the previous requirement to disable ZDR (or enable 30-day per-workspace retention) before attaching a customer-managed key. [line 33] [Source]

Claude on Amazon Bedrock (legacy) [Source]

  • AWS now requires newer Claude models to be called through cross-region inference profiles; requests using the base model ID get an HTTP 400, and the doc now explains how to construct the inference-profile ID/ARN instead. [lines 92-100] [Source]

Claude Platform on AWS [Source]

  • The model ID comparison table now describes Bedrock's us./global. prefix as a required "inference profile prefix" rather than optional, matching the new cross-region inference requirement. [line 555] [Source]

Minor edits (not itemized individually)

  • Roughly 230 per-language SDK reference pages under api/api/csharp/beta/**, api/api/ruby/beta/**, api/api/php/beta/**, api/api/go/beta/**, and api/api/typescript/beta/** mirror the tool-description-length increase, the secret-field removal from self-hosted work items, the new agent-memory-2026-07-22 beta header, and/or the removed webhook event types described above for the equivalent cli/beta pages.
  • adaptive-thinking.md, extended-thinking.md, and build-with-claude/files.md only had their obfuscated email-protection hashes regenerated (same visible mailto links).