Add blockedMarketplaces to enterprise managed settings

Add support for blockedMarketplaces in enterprise managed settings,
allowing administrators to prevent specific plugin marketplaces from
being installed. This takes precedence over other marketplace settings.

ANT_ONLY_METADATA_USER_ID_SPEC.md

@@ -1,221 +0,0 @@
-# ANT_ONLY_METADATA_USER_ID Implementation Specification
-
-## Overview
-
-This document specifies the implementation of the `ANT_ONLY_METADATA_USER_ID` environment variable feature for Claude Code. This feature allows internal Anthropic jobs (like Claude Oracle, Oncall, Ambient, etc.) to pass custom metadata through Claude Code sessions to the Anthropic API for tracking, rate limiting, and incident triage purposes.
-
-## Background
-
-From the Slack discussion:
-- Internal API jobs launched via Claude Code currently lack user metadata showing `job_id` or `username` in `api_usage`
-- ~85% of requests from heavy CC users (like Closing The Loop org) have no user_metadata or job identifier
-- This metadata is critical for:
-  - Managing Internal API rate limits
-  - Triaging incidents
-  - Setting up alerting that pings the DRI researchers
-  - Understanding which jobs are driving token usage
-
-## Requirements
-
-1. **Environment Variable**: Claude Code must read an environment variable called `ANT_ONLY_METADATA_USER_ID`
-2. **API Integration**: The value must be passed to all Anthropic Messages API calls in the `metadata.user_id` field
-3. **Tree Shaking**: Only Anthropic internal builds should be able to use this feature
-4. **Format**: The expected format is a JSON object: `{"user": "<anthropic_username>", "job": "<job_name>"}`
-   - Example: `{"user": "tedm", "job": "tedm-1208-mu-g-18x"}`
-   - Or: `{"user": "vinke", "job": "claude-oracle:fluorine:vinke"}`
-
-## Implementation
-
-### 1. Environment Variable Reading
-
-In the appropriate configuration/env module (likely `src/config/env.ts` or similar):
-
-```typescript
-// Environment variable for Anthropic internal builds only
-// This is used to pass job metadata to the API for usage tracking
-export function getAntOnlyMetadataUserId(): string | undefined {
-  // Only available in Anthropic internal builds
-  if (!isAnthropicBuild()) {
-    return undefined;
-  }
-  return process.env.ANT_ONLY_METADATA_USER_ID;
-}
-```
-
-### 2. API Request Metadata
-
-When constructing API requests to the Anthropic Messages API, add the metadata:
-
-```typescript
-// In the API client module (e.g., src/api/anthropic.ts)
-import { getAntOnlyMetadataUserId } from '../config/env';
-
-function buildApiRequestMetadata(): Record<string, string> | undefined {
-  const metadataUserId = getAntOnlyMetadataUserId();
-
-  if (!metadataUserId) {
-    return undefined;
-  }
-
-  return {
-    user_id: metadataUserId
-  };
-}
-
-// When creating a message:
-const response = await client.messages.create({
-  model: selectedModel,
-  max_tokens: maxTokens,
-  messages: conversationMessages,
-  // ... other parameters
-  metadata: buildApiRequestMetadata()
-});
-```
-
-### 3. Tree Shaking for Internal Builds
-
-The feature should be conditionally compiled out for public builds using build-time flags:
-
-```typescript
-// Using a build-time constant
-declare const __ANT_INTERNAL_BUILD__: boolean;
-
-export function isAnthropicBuild(): boolean {
-  // This will be replaced at build time
-  // For internal builds: true
-  // For public builds: false (and the code will be tree-shaken)
-  if (typeof __ANT_INTERNAL_BUILD__ !== 'undefined') {
-    return __ANT_INTERNAL_BUILD__;
-  }
-  return false;
-}
-```
-
-In the build configuration (esbuild/webpack/rollup):
-
-```javascript
-// For public builds:
-define: {
-  '__ANT_INTERNAL_BUILD__': 'false'
-}
-
-// For internal builds:
-define: {
-  '__ANT_INTERNAL_BUILD__': 'true'
-}
-```
-
-### 4. Validation (Optional but Recommended)
-
-```typescript
-function validateMetadataUserId(value: string): boolean {
-  try {
-    const parsed = JSON.parse(value);
-    return typeof parsed.user === 'string' && typeof parsed.job === 'string';
-  } catch {
-    // Also allow simple string format for backward compatibility
-    return typeof value === 'string' && value.length > 0;
-  }
-}
-
-export function getValidatedAntOnlyMetadataUserId(): string | undefined {
-  const value = getAntOnlyMetadataUserId();
-  if (value && !validateMetadataUserId(value)) {
-    console.warn('ANT_ONLY_METADATA_USER_ID has invalid format. Expected JSON: {"user": "...", "job": "..."}');
-    return undefined;
-  }
-  return value;
-}
-```
-
-## Usage by Internal Services
-
-Services like Claude Oracle should set this environment variable before launching Claude Code sessions:
-
-```python
-# In Claude Oracle / coo job code
-import os
-import json
-
-# Set the metadata before spawning Claude Code
-os.environ['ANT_ONLY_METADATA_USER_ID'] = json.dumps({
-    "user": username,  # Anthropic username
-    "job": job_name    # e.g., "claude-oracle:fluorine:vinke"
-})
-
-# Then launch Claude Code session...
-```
-
-Or via command line:
-
-```bash
-ANT_ONLY_METADATA_USER_ID='{"user":"tedm","job":"tedm-1208-mu-g-18x"}' claude --headless ...
-```
-
-## Data Flow
-
-```
-┌─────────────────────────────────────────────────────────────────┐
-│  COO Job / Oracle / Oncall / etc.                               │
-│  Sets: ANT_ONLY_METADATA_USER_ID='{"user":"..","job":".."}'    │
-└─────────────────────────────────────────────────────────────────┘
-                              │
-                              ▼
-┌─────────────────────────────────────────────────────────────────┐
-│  Claude Code CLI                                                │
-│  Reads: process.env.ANT_ONLY_METADATA_USER_ID                  │
-│  Adds to API calls: metadata: { user_id: "..." }               │
-└─────────────────────────────────────────────────────────────────┘
-                              │
-                              ▼
-┌─────────────────────────────────────────────────────────────────┐
-│  Anthropic API                                                  │
-│  Receives: metadata.user_id in request                         │
-│  Stores in: api_usage.metadata_user_id (BigQuery)              │
-└─────────────────────────────────────────────────────────────────┘
-                              │
-                              ▼
-┌─────────────────────────────────────────────────────────────────┐
-│  BigQuery: anthropic.api_production.api_usage                  │
-│  Fields populated:                                              │
-│  - metadata_user_id                                            │
-│  - device_id (if included)                                     │
-│  - claude_code_session_id (if included)                        │
-└─────────────────────────────────────────────────────────────────┘
-```
-
-## Testing
-
-1. **Unit Tests**:
-   - Test that `getAntOnlyMetadataUserId()` returns undefined when env var is not set
-   - Test that it returns the value when set (in internal builds)
-   - Test validation of JSON format
-
-2. **Integration Tests**:
-   - Verify metadata is included in API requests
-   - Verify tree-shaking removes the code in public builds
-
-3. **E2E Validation** (after deployment):
-   - Run a Claude Code session with the env var set
-   - Query BigQuery `anthropic.api_production.api_usage` to verify `metadata_user_id` is populated
-
-## Security Considerations
-
-1. **Internal Only**: The tree-shaking ensures this feature is not available in public builds
-2. **No Secrets**: The metadata should not contain sensitive information
-3. **Validation**: Input validation prevents injection attacks
-
-## Related Files to Modify (Internal Repo)
-
-Based on patterns in the bundled CLI, likely files to modify:
-
-1. `src/config/env.ts` or similar - Add env var reading
-2. `src/api/anthropic.ts` or similar - Add metadata to API requests
-3. `build.config.ts` or similar - Add build-time flag for internal builds
-4. Tests for the above
-
-## References
-
-- Slack thread: Internal API metadata discussion
-- BigQuery tables: `anthropic.api_production.api_usage`, `api_events`
-- Anthropic API docs: [Messages API metadata parameter](https://docs.anthropic.com/en/api/messages)

CHANGELOG.md

@@ -1,5 +1,59 @@
 # Changelog
 
+## 2.0.71
+
+- Added `blockedMarketplaces` to enterprise managed settings, allowing administrators to prevent specific plugin marketplaces from being installed
+- Added /config toggle to enable/disable prompt suggestions
+- Added `/settings` as an alias for the `/config` command
+- Fixed @ file reference suggestions incorrectly triggering when cursor is in the middle of a path
+- Fixed MCP servers from `.mcp.json` not loading when using `--dangerously-skip-permissions`
+- Fixed permission rules incorrectly rejecting valid bash commands containing shell glob patterns (e.g., `ls *.txt`, `for f in *.png`)
+- Bedrock: Environment variable `ANTHROPIC_BEDROCK_BASE_URL` is now respected for token counting and inference profile listing
+- New syntax highlighting engine for native build
+
+## 2.0.70
+
+- Added Enter key to accept and submit prompt suggestions immediately (tab still accepts for editing)
+- Added wildcard syntax `mcp__server__*` for MCP tool permissions to allow or deny all tools from a server
+- Added auto-update toggle for plugin marketplaces, allowing per-marketplace control over automatic updates
+- Added `plan_mode_required` spawn parameter for teammates to require plan approval before implementing changes
+- Added `current_usage` field to status line input, enabling accurate context window percentage calculations
+- Fixed input being cleared when processing queued commands while the user was typing
+- Fixed prompt suggestions replacing typed input when pressing Tab
+- Fixed diff view not updating when terminal is resized
+- Improved memory usage by 3x for large conversations
+- Improved resolution of stats screenshots copied to clipboard (Ctrl+S) for crisper images
+- Removed # shortcut for quick memory entry (tell Claude to edit your CLAUDE.md instead)
+- Fix thinking mode toggle in /config not persisting correctly
+- Improve UI for file creation permission dialog
+
+## 2.0.69
+
+- Minor bugfixes
+
+## 2.0.68
+
+- Fixed IME (Input Method Editor) support for languages like Chinese, Japanese, and Korean by correctly positioning the composition window at the cursor
+- Fixed a bug where disallowed MCP tools were visible to the model
+- Fixed an issue where steering messages could be lost while a subagent is working
+- Fixed Option+Arrow word navigation treating entire CJK (Chinese, Japanese, Korean) text sequences as a single word instead of navigating by word boundaries
+- Improved plan mode exit UX: show simplified yes/no dialog when exiting with empty or missing plan instead of throwing an error
+- Add support for enterprise managed settings. Contact your Anthropic account team to enable this feature.
+
+## 2.0.67
+
+- Thinking mode is now enabled by default for Opus 4.5
+- Thinking mode configuration has moved to /config
+- Added search functionality to `/permissions` command with `/` keyboard shortcut for filtering rules by tool name
+- Show reason why autoupdater is disabled in `/doctor`
+- Fixed false "Another process is currently updating Claude" error when running `claude update` while another instance is already on the latest version
+- Fixed MCP servers from `.mcp.json` being stuck in pending state when running in non-interactive mode (`-p` flag or piped input)
+- Fixed scroll position resetting after deleting a permission rule in `/permissions`
+- Fixed word deletion (opt+delete) and word navigation (opt+arrow) not working correctly with non-Latin text such as Cyrillic, Greek, Arabic, Hebrew, Thai, and Chinese
+- Fixed `claude install --force` not bypassing stale lock files
+- Fixed consecutive @~/ file references in CLAUDE.md being incorrectly parsed due to markdown strikethrough interference
+- Windows: Fixed plugin MCP servers failing due to colons in log directory paths
+
 ## 2.0.65
 
 - Added ability to switch models while writing a prompt using alt+p (linux, windows), option+p (macos).

plugins/code-review/README.md

@@ -22,23 +22,29 @@ Performs automated code review on a pull request using multiple specialized agen
    - **Agent #4**: Analyze git blame/history for context-based issues
 5. Scores each issue 0-100 for confidence level
 6. Filters out issues below 80 confidence threshold
-7. Posts review comment with high-confidence issues only
+7. Outputs review (to terminal by default, or as PR comment with `--comment` flag)
 
 **Usage:**
 ```bash
-/code-review
+/code-review [--comment]
 ```
 
+**Options:**
+- `--comment`: Post the review as a comment on the pull request (default: outputs to terminal only)
+
 **Example workflow:**
 ```bash
-# On a PR branch, run:
+# On a PR branch, run locally (outputs to terminal):
 /code-review
 
+# Post review as PR comment:
+/code-review --comment
+
 # Claude will:
 # - Launch 4 review agents in parallel
 # - Score each issue for confidence
-# - Post comment with issues ≥80 confidence
-# - Skip posting if no high-confidence issues found
+# - Output issues ≥80 confidence (to terminal or PR depending on flag)
+# - Skip if no high-confidence issues found
 ```
 
 **Features:**
@@ -114,17 +120,23 @@ This plugin is included in the Claude Code repository. The command is automatica
 ### Standard PR review workflow:
 ```bash
 # Create PR with changes
+# Run local review (outputs to terminal)
 /code-review
 
 # Review the automated feedback
 # Make any necessary fixes
+
+# Optionally post as PR comment
+/code-review --comment
+
 # Merge when ready
 ```
 
 ### As part of CI/CD:
 ```bash
 # Trigger on PR creation or update
-# Automatically posts review comments
+# Use --comment flag to post review comments
+/code-review --comment
 # Skip if review already exists
 ```
 

plugins/code-review/commands/code-review.md

@@ -52,7 +52,9 @@ Note: Still review Claude generated PR's.
 
 6. Filter out any issues that were not validated in step 5. This step will give us our list of high signal issues for our review.
 
-7. Finally, comment on the pull request.
+7. Finally, output the review.
+   - If the `--comment` argument is provided, post the review as a comment on the pull request using `gh pr comment`
+   - Otherwise (default), output the review directly to the terminal for local viewing
    When writing your comment, follow these guidelines:
    a. Keep your output brief
    b. Avoid emojis
@@ -93,11 +95,6 @@ Found 3 issues:
 
 <link to file and line with full sha1 + line range for context>
 
-🤖 Generated with [Claude Code](https://claude.ai/code)
-
-
-<sub>- If this code review was useful, please react with 👍. Otherwise, react with 👎.</sub>
-
 ---
 
 - Or, if you found no issues:
@@ -108,8 +105,6 @@ Found 3 issues:
 
 No issues found. Checked for bugs and CLAUDE.md compliance.
 
-🤖 Generated with [Claude Code](https://claude.ai/code)
-
 ---
 
 - When linking to code, follow the following format precisely, otherwise the Markdown preview won't render correctly: https://github.com/anthropics/claude-code/blob/c21d3c10bc8e898b7ac1a2d745bdc9bc4e423afe/package.json#L10-L15