Rename VDP heading to Anthropic Bug Bounty

CHANGELOG.md

@@ -1,172 +1,5 @@
 # Changelog
 
-## 2.1.128
-
-- Bare `/color` (no args) now picks a random session color
-- `/mcp` now shows the tool count for connected servers and flags servers that connected with 0 tools
-- `--plugin-dir` now accepts `.zip` plugin archives in addition to directories
-- `--channels` now works with console (API key) authentication — console orgs with managed settings must set `channelsEnabled: true` to enable
-- Updated `/model` picker: collapsed duplicate Opus 4.7 entries, and current Opus now shows as "Opus" instead of "Opus 4.7"
-- Subprocesses (Bash, hooks, MCP, LSP) no longer inherit `OTEL_*` environment variables, so OTEL-instrumented apps run via the Bash tool no longer pick up the CLI's own OTLP endpoint
-- MCP: `workspace` is now a reserved server name — existing servers with that name will be skipped with a warning
-- Reconnecting MCP servers no longer flood the conversation with full tool-name lists on every reconnect — re-announced tools are summarized by server prefix
-- SDK hosts now receive a persistent `localSettings` suggestion for Bash permission prompts, so "Always allow" writes to `.claude/settings.local.json`
-- `EnterWorktree` now creates the new branch from local HEAD as documented, instead of `origin/<default-branch>` — unpushed commits are no longer dropped
-- Auto mode: when the classifier can't evaluate an action, the error now includes a hint (retry, `/compact`, or run with `--debug`)
-- Fixed focus mode briefly dimming the previous response when submitting a new prompt
-- Fixed stray "4;0;" desktop notification on every `/exit` in Kitty and other terminals that interpret OSC 9 as a notification
-- Fixed Remote Control showing an empty "Opening your options…" message on rate limit instead of actionable upsell options
-- Fixed drag-and-drop image upload hanging on "Pasting text…" when the image read fails
-- Fixed crash loop when piping very large input (>10 MB) to `claude -p` via stdin
-- Fixed long URLs not being individually clickable on every wrapped row in fullscreen mode
-- Fixed `/plugin` Components panel showing "Marketplace 'inline' not found" for plugins loaded via `--plugin-dir`
-- Fixed MCP tool results dropping images when the server returns both structured content and content blocks
-- Fixed fenced code blocks inside list items carrying leading whitespace into the clipboard on copy-paste
-- Fixed tab navigation in `/config` stranding focus — the tab header now stays focused so arrows and Esc keep working
-- Fixed markdown link labels being lost on terminals without OSC 8 hyperlink support — links now render as `label (url)` instead of just the URL
-- Fixed sessions on 1M-context models with a smaller autocompact window being falsely blocked with "Prompt is too long" before reaching the actual API limit
-- Fixed parallel shell tool calls: a failing read-only command (grep, git diff, ls) no longer cancels sibling calls
-- Fixed banner showing "with X effort" on models that don't support effort
-- Fixed `/fast` on 3P providers fuzzy-matching to an unrelated skill instead of showing "not available"
-- Fixed Bedrock default model resolving to `global.*` instead of the region-appropriate prefix
-- Fixed vim mode: `Space` in NORMAL mode now moves the cursor right, matching standard vi/vim behavior
-- Fixed terminal progress indicator (OSC 9;4) flickering off between tool calls — stays visible across the full turn
-- Fixed `/rename` without args failing on resumed sessions whose last entry is a compact boundary
-- Fixed stale "remote-control is active" status lines from prior sessions appearing after `--resume`/`--continue`
-- Fixed stale `installed_plugins.json` entries pointing at deleted cache directories polluting PATH
-- Fixed MCP stdio servers receiving corrupted arguments when `CLAUDE_CODE_SHELL_PREFIX` is set and an argument contains spaces or shell metacharacters
-- Fixed sub-agent progress summaries missing the prompt cache (~3× `cache_creation` reduction)
-- Fixed `/plugin update` never detecting new versions of npm-sourced plugins
-- Fixed sub-agent summaries firing repeatedly while a sub-agent's transcript is static, capping worst-case token cost on idle sub-agents
-- Headless `--output-format stream-json`: `init.plugin_errors` now includes `--plugin-dir` load failures in addition to dependency demotions
-
-## 2.1.126
-
-- The `/model` picker now lists models from your gateway's `/v1/models` endpoint when `ANTHROPIC_BASE_URL` points at an Anthropic-compatible gateway
-- - Added `claude project purge [path]` to delete all Claude Code state for a project (transcripts, tasks, file history, config entry) — supports `--dry-run`, `-y/--yes`, `-i/--interactive`, and `--all`
-- `--dangerously-skip-permissions` now bypasses prompts for writes to `.claude/`, `.git/`, `.vscode/`, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)
-- `claude auth login` now accepts the OAuth code pasted into the terminal when the browser callback can't reach localhost (WSL2, SSH, containers)
-- `claude_code.skill_activated` OpenTelemetry event now fires for user-typed slash commands and carries a new `invocation_trigger` attribute (`"user-slash"`, `"claude-proactive"`, or `"nested-skill"`)
-- Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running
-- Host-managed deployments (`CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST`) no longer auto-disable analytics on Bedrock/Vertex/Foundry
-- Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or `.NET global tool` is now detected
-- Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash
-- Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and "this is not malware" commentary on legacy models
-- **Security:** Fixed `allowManagedDomainsOnly` / `allowManagedReadPathsOnly` being ignored when a higher-priority managed-settings source lacked a `sandbox` block
-- Fixed pasting an image larger than 2000px breaking the session — images are now downscaled on paste, and oversized images in history are automatically removed and the request retried
-- Fixed showing the login screen for "OAuth not allowed for organization" errors — now shows guidance to contact your admin
-- Fixed OAuth login failing with timeout on slow or proxied connections, in IPv6-only devcontainers, and when the browser callback can't reach localhost
-- Fixed a rare race where a concurrent credential write could clear a valid OAuth refresh token
-- Fixed API retry countdown sticking at "0s" instead of counting down between attempts
-- Fixed "Stream idle timeout" error after waking Mac from sleep mid-request
-- Fixed background and remote sessions falsely aborting with "Stream idle timeout" during long model thinking pauses
-- Fixed a hang where the assistant could finish thinking but show no output after a run of empty turns
-- Fixed overly fast trackpad scrolling in Cursor and VS Code 1.92–1.104 integrated terminals
-- Fixed claude.ai MCP connectors being suppressed by manual servers stuck in needs-auth state
-- Fixed Japanese/Korean/Chinese text rendering as garbled characters on Windows in no-flicker mode
-- Fixed `Ctrl+L` clearing the prompt input — it now only forces a screen redraw, matching readline behavior
-- Fixed deferred tools (WebSearch, WebFetch, etc.) not being available to skills with `context: fork` and other subagents on their first turn
-- Fixed plan-mode tools being unavailable in interactive sessions launched with `--channels`
-- Fixed `/plugin` Uninstall reporting "Enabled" instead of "Uninstalled"
-- Bounded total size of file-modified reminders when a linter touches many files at once
-- Fixed `/remote-control` retries appearing stuck on "connecting…" — each retry now shows its result
-- Fixed Remote Control failure notification not showing the error reason for initial connection failures
-- Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes >22KB selections not reaching the clipboard
-- PowerShell tool: bare `--` (e.g. `git diff -- file`) is no longer mis-flagged as the `--%` stop-parsing token
-- Fixed Agent SDK hang when the model emits a malformed tool name in a parallel tool call batch
-
-## 2.1.123
-
-- Fixed OAuth authentication failing with a 401 retry loop when `CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1` is set
-
-## 2.1.122
-
-- Added `ANTHROPIC_BEDROCK_SERVICE_TIER` environment variable to select a Bedrock service tier (`default`, `flex`, or `priority`), sent as the `X-Amzn-Bedrock-Service-Tier` header
-- Pasting a PR URL into the `/resume` search box now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, and Bitbucket)
-- `/mcp` now shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate
-- Clarified the `/mcp` message shown when an MCP server is still unauthorized after the browser sign-in flow
-- OpenTelemetry: numeric attributes on `api_request`/`api_error` log events are now emitted as numbers, not strings
-- OpenTelemetry: added `claude_code.at_mention` log event for `@`-mention resolution
-- Fixed `/branch` producing forks that fail with "tool_use ids were found without tool_result blocks" when the source session contained entries from rewound timelines
-- Fixed `/model` not showing the Effort option for Bedrock application inference profile ARNs, and those ARNs not receiving `output_config.effort`
-- Fixed Vertex AI / Bedrock returning `invalid_request_error: output_config: Extra inputs are not permitted` on session-title generation and other structured-output queries
-- Fixed Vertex AI `count_tokens` endpoint returning 400 errors for users behind proxy gateways
-- Fixed `spinnerTipsOverride.excludeDefault` not suppressing the time-based spinner tips
-- Fixed ToolSearch missing MCP tools that connected after session start in nonblocking mode
-- Fixed `!exit` / `!quit` in bash mode terminating the CLI instead of running as a shell command
-- Fixed images sent to newer models being resized to 2576px per side instead of the correct 2000px maximum
-- Fixed remote control session idle status redrawing twice per second, which could flood `tmux -CC` control pipes and pause the terminal
-- Fixed assistant messages appearing blank in some sessions due to a stale view preference
-- Fixed a malformed hooks entry in `settings.json` no longer invalidating the entire file
-- Voice mode: keybindings bound to Caps Lock now show an error since terminals don't deliver Caps Lock as a key event
-
-## 2.1.121
-
-- Added `alwaysLoad` option to MCP server config — when `true`, all tools from that server skip tool-search deferral and are always available
-- Added `claude plugin prune` to remove orphaned auto-installed plugin dependencies; `plugin uninstall --prune` cascades
-- Added a type-to-filter search box to `/skills` so you can find a skill in long lists without scrolling
-- PostToolUse hooks can now replace tool output for all tools via `hookSpecificOutput.updatedToolOutput` (previously MCP-only)
-- Fullscreen mode: typing into the prompt no longer jumps scroll back to the bottom after you've scrolled up to read earlier output
-- Dialogs that overflow the terminal are now scrollable with arrow keys, PgUp/PgDn, home/end, and mouse wheel in both fullscreen and non-fullscreen modes
-- Clicking any line of a long URL that wraps across rows in fullscreen mode now opens the full URL
-- SDK and `claude -p`: `CLAUDE_CODE_FORK_SUBAGENT=1` now works in non-interactive sessions
-- `--dangerously-skip-permissions` no longer prompts for writes to `.claude/skills/`, `.claude/agents/`, and `.claude/commands/`
-- `/terminal-setup` now enables iTerm2's "Applications in terminal may access clipboard" setting so `/copy` works, including from tmux
-- MCP servers that hit a transient error during startup now auto-retry up to 3 times instead of staying disconnected
-- The terminal tab session title is now generated in your configured `language` setting
-- Claude.ai connectors with the same upstream URL are now deduplicated instead of appearing as duplicates
-- Vertex AI: support X.509 certificate-based Workload Identity Federation (mTLS ADC)
-- Faster startup after upgrading: removed the Recent Activity panel from the release-notes splash
-- LSP diagnostic summaries now expand on click/ctrl+o and show the expand hint
-- SDK: `mcp_authenticate` now supports `redirectUri` for custom scheme completion and claude.ai connectors
-- OpenTelemetry: added `stop_reason`, `gen_ai.response.finish_reasons`, and `user_system_prompt` (gated behind `OTEL_LOG_USER_PROMPTS`) to LLM request spans
-- [VSCode] Voice dictation now respects the `accessibility.voice.speechLanguage` setting when no Claude Code language is configured
-- [VSCode] `/context` now opens a native token usage dialog
-- Fixed unbounded memory growth (multi-GB RSS) when processing many images in a session
-- Fixed `/usage` leaking up to ~2GB of memory on machines with large transcript histories
-- Fixed memory leak when long-running tools fail to emit a clear progress event
-- Fixed Bash tool becoming permanently unusable when the directory Claude was started in is deleted or moved mid-session
-- Fixed `--resume` crashing on startup in external builds
-- Fixed `--resume` failing on large sessions when a transcript line was corrupted by an unclean shutdown — the corrupt line is now skipped
-- Fixed `thinking.type.enabled is not supported` error when using Bedrock application inference profile ARNs
-- Fixed Microsoft 365 MCP OAuth failing with duplicate or unsupported `prompt` parameter
-- Fixed scrollback duplication when pressing Ctrl+L or triggering a redraw in non-fullscreen mode on tmux, GNOME Terminal, Windows Terminal, and Konsole
-- Fixed claude.ai MCP connectors silently disappearing when the connector-list fetch hits a transient auth error at startup
-- Fixed "Always allow" rules for built-in tools in remote sessions not surviving worker restarts
-- Fixed `NO_PROXY` not being respected for all HTTP clients when set via `managed-settings.json` under the native build
-- Fixed managed settings approval prompt exiting the session even when accepted — now applies settings and continues
-- Fixed `/usage` returning "rate limited" after a stale OAuth token — now refreshes automatically
-- Fixed invalid legacy enum values in `settings.json` invalidating the entire settings file
-- Fixed `/usage` dialog content being clipped when no-flicker mode is off
-- Fixed `/focus` showing "Unknown command" when the fullscreen renderer is off — now explains how to enable it
-- Fixed embedded grep/find/rg shell wrappers failing when the running binary is deleted mid-session — now falls back to installed tools
-- Reduced peak file descriptor usage during `find` in the Bash tool on large directory trees
-
-## 2.1.120
-
-- Windows: Git for Windows (Git Bash) is no longer required — when absent, Claude Code uses PowerShell as the shell tool
-- Added `claude ultrareview [target]` subcommand to run `/ultrareview` non-interactively from CI or scripts — prints findings to stdout (`--json` for raw output) and exits 0 on completion or 1 on failure
-- Skills can now reference the current effort level with `${CLAUDE_EFFORT}` in their content
-- Set `AI_AGENT` environment variable for subprocesses so `gh` can attribute traffic to Claude Code
-- Spinner tips that recommend installing the desktop app or creating skills/agents are now hidden when you already have them
-- Show a "use PgUp/PgDn to scroll" hint when the terminal sends arrow keys instead of scroll events
-- Faster session start when you have many claude.ai connectors configured but not authorized
-- The auto mode denial message now links to the configuration docs
-- `claude plugin validate` now accepts `$schema`, `version`, and `description` at the top level of `marketplace.json` and `$schema` in `plugin.json`
-- Auto-compact in auto mode now displays `auto` (lowercase, no token count) instead of a misleading token value
-- Fixed pressing Esc during a stdio MCP tool call closing the entire server connection (regression in 2.1.105)
-- Fixed `/rewind` and other interactive overlays not responding to keyboard input after launching with `claude --resume`
-- Fixed terminal scrollback duplication in non-fullscreen mode (resize, dialog dismiss, long sessions)
-- Fixed `DISABLE_TELEMETRY` / `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC` not suppressing usage metrics telemetry for API and enterprise users
-- Fixed false-positive "Dangerous rm operation" permission prompts in auto mode for multi-line bash commands containing both a pipe and a redirect
-- Fixed long selection menus clipping below the terminal in fullscreen mode — the focused option now stays on screen as you scroll
-- Fixed Write tool output collapsing instead of expanding when clicking "+N lines" in fullscreen
-- Fixed slash command picker jumping while typing, and improved highlight to only match contiguous substrings in blue
-- Fixed `/plugin` marketplace failing to load when one entry uses an unrecognized source format — that entry is shown but installing it prompts you to update
-- [VSCode] `/usage` now opens the native Account & Usage dialog instead of returning plain-text session cost
-- [VSCode] Voice dictation now respects the `language` setting in `~/.claude/settings.json`
-- Fixed `find` in the Bash tool exhausting open file descriptors on large directory trees, causing host-wide crashes (macOS/Linux native builds)
-
 ## 2.1.119
 
 - `/config` settings (theme, editor mode, verbose, etc.) now persist to `~/.claude/settings.json` and participate in project/local/policy override precedence

SECURITY.md

@@ -5,8 +5,8 @@ Thank you for helping us keep Claude Code secure!
 
 The security of our systems and user data is Anthropic's top priority. We appreciate the work of security researchers acting in good faith in identifying and reporting potential vulnerabilities.
 
-Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/anthropic-vdp/reports/new?type=team&report_type=vulnerability).
+Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/4f1f16ba-10d3-4d09-9ecc-c721aad90f24/embedded_submissions/new).
 
-## Vulnerability Disclosure Program
+## Anthropic Bug Bounty
 
-Our Vulnerability Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic-vdp).
+Our Bug Bounty Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic).