chore: Update CHANGELOG.md and feed.xml

Pin GitHub Actions to commit SHAs

.claude-plugin/marketplace.json

@@ -1,5 +1,5 @@
 {
-  "$schema": "https://anthropic.com/claude-code/marketplace.schema.json",
+  "$schema": "https://json.schemastore.org/claude-code-marketplace.json",
   "name": "claude-code-plugins",
   "version": "1.0.0",
   "description": "Bundled plugins for Claude Code including Agent SDK development tools, PR review toolkit, and commit workflows",

.claude/commands/dedupe.md

@@ -1,5 +1,5 @@
 ---
-allowed-tools: Bash(gh issue view:*), Bash(gh search:*), Bash(gh issue list:*), Bash(./scripts/comment-on-duplicates.sh:*)
+allowed-tools: Bash(./scripts/gh.sh:*), Bash(./scripts/comment-on-duplicates.sh:*)
 description: Find duplicate GitHub issues
 ---
 
@@ -13,11 +13,15 @@ To do this, follow these steps precisely:
 4. Next, feed the results from #1 and #2 into another agent, so that it can filter out false positives, that are likely not actually duplicates of the original issue. If there are no duplicates remaining, do not proceed.
 5. Finally, use the comment script to post duplicates:
    ```
-   ./scripts/comment-on-duplicates.sh --base-issue <issue-number> --potential-duplicates <dup1> <dup2> <dup3>
+   ./scripts/comment-on-duplicates.sh --potential-duplicates <dup1> <dup2> <dup3>
    ```
 
 Notes (be sure to tell this to your agents, too):
 
-- Use `gh` to interact with Github, rather than web fetch
-- Do not use other tools, beyond `gh` and the comment script (eg. don't use other MCP servers, file edit, etc.)
+- Use `./scripts/gh.sh` to interact with Github, rather than web fetch or raw `gh`. Examples:
+  - `./scripts/gh.sh issue view 123` — view an issue
+  - `./scripts/gh.sh issue view 123 --comments` — view with comments
+  - `./scripts/gh.sh issue list --state open --limit 20` — list issues
+  - `./scripts/gh.sh search issues "query" --limit 10` — search for issues
+- Do not use other tools, beyond `./scripts/gh.sh` and the comment script (eg. don't use other MCP servers, file edit, etc.)
 - Make a todo list first

.claude/commands/oncall-triage.md

@@ -1,40 +0,0 @@
----
-allowed-tools: Bash(gh issue list:*), Bash(gh issue view:*), Bash(gh issue edit:*), TodoWrite
-description: Triage GitHub issues and label critical ones for oncall
----
-
-You're an oncall triage assistant for GitHub issues. Your task is to identify critical issues that require immediate oncall attention and apply the "oncall" label.
-
-Repository: anthropics/claude-code
-
-Task overview:
-
-1. First, get all open bugs updated in the last 3 days with at least 50 engagements:
-   ```bash
-   gh issue list --repo anthropics/claude-code --state open --label bug --limit 1000 --json number,title,updatedAt,comments,reactions | jq -r '.[] | select((.updatedAt >= (now - 259200 | strftime("%Y-%m-%dT%H:%M:%SZ"))) and ((.comments | length) + ([.reactions[].content] | length) >= 50)) | "\(.number)"'
-   ```
-
-2. Save the list of issue numbers and create a TODO list with ALL of them. This ensures you process every single one.
-
-3. For each issue in your TODO list:
-   - Use `gh issue view <number> --repo anthropics/claude-code --json title,body,labels,comments` to get full details
-   - Read and understand the full issue content and comments to determine actual user impact
-   - Evaluate: Is this truly blocking users from using Claude Code?
-     - Consider: "crash", "stuck", "frozen", "hang", "unresponsive", "cannot use", "blocked", "broken"
-     - Does it prevent core functionality? Can users work around it?
-   - Be conservative - only flag issues that truly prevent users from getting work done
-
-4. For issues that are truly blocking and don't already have the "oncall" label:
-   - Use `gh issue edit <number> --repo anthropics/claude-code --add-label "oncall"`
-   - Mark the issue as complete in your TODO list
-
-5. After processing all issues, provide a summary:
-   - List each issue number that received the "oncall" label
-   - Include the issue title and brief reason why it qualified
-   - If no issues qualified, state that clearly
-
-Important:
-- Process ALL issues in your TODO list systematically
-- Don't post any comments to issues
-- Only add the "oncall" label, never remove it
-- Use individual `gh issue view` commands instead of bash for loops to avoid approval prompts

.claude/commands/triage-issue.md

@@ -0,0 +1,74 @@
+---
+allowed-tools: Bash(./scripts/gh.sh:*),Bash(./scripts/edit-issue-labels.sh:*)
+description: Triage GitHub issues by analyzing and applying labels
+---
+
+You're an issue triage assistant. Analyze the issue and manage labels.
+
+IMPORTANT: Don't post any comments or messages to the issue. Your only actions are adding or removing labels.
+
+Context:
+
+$ARGUMENTS
+
+TOOLS:
+- `./scripts/gh.sh` — wrapper for `gh` CLI. Only supports these subcommands and flags:
+  - `./scripts/gh.sh label list` — fetch all available labels
+  - `./scripts/gh.sh label list --limit 100` — fetch with limit
+  - `./scripts/gh.sh issue view 123` — read issue title, body, and labels
+  - `./scripts/gh.sh issue view 123 --comments` — read the conversation
+  - `./scripts/gh.sh issue list --state open --limit 20` — list issues
+  - `./scripts/gh.sh search issues "query"` — find similar or duplicate issues
+  - `./scripts/gh.sh search issues "query" --limit 10` — search with limit
+- `./scripts/edit-issue-labels.sh --add-label LABEL --remove-label LABEL` — add or remove labels (issue number is read from the workflow event)
+
+TASK:
+
+1. Run `./scripts/gh.sh label list` to fetch the available labels. You may ONLY use labels from this list. Never invent new labels.
+2. Run `./scripts/gh.sh issue view ISSUE_NUMBER` to read the issue details.
+3. Run `./scripts/gh.sh issue view ISSUE_NUMBER --comments` to read the conversation.
+
+**If EVENT is "issues" (new issue):**
+
+4. First, check if this issue is actually about Claude Code.
+   - Look for Claude Code signals in the issue BODY: a `Claude Code Version` field or `claude --version` output, references to the `claude` CLI command, terminal sessions, the VS Code/JetBrains extensions, `CLAUDE.md` files, `.claude/` directories, MCP servers, Cowork, Remote Control, or the web UI at claude.ai/code. If ANY such signal is present, this IS a Claude Code issue — proceed to step 5.
+   - Only if NO Claude Code signals are present: check whether a different Anthropic product (claude.ai chat, Claude Desktop/Mobile apps, the raw Anthropic API/SDK, or account billing with no CLI involvement) is the *subject* of the complaint, not merely mentioned for context. If so, apply `invalid` and stop. If ambiguous, proceed to step 5 WITHOUT applying `invalid`.
+   - The body text is authoritative. If a form dropdown (e.g. Platform) contradicts evidence in the body, trust the body — dropdowns are often mis-selected.
+
+5. Analyze and apply category labels:
+   - Type (bug, enhancement, question, etc.)
+   - Technical areas and platform
+   - Check for duplicates with `./scripts/gh.sh search issues`. Only mark as duplicate of OPEN issues.
+
+6. Evaluate lifecycle labels:
+   - `needs-repro` (bugs only, 7 days): Bug reports without clear steps to reproduce. A good repro has specific, followable steps that someone else could use to see the same issue.
+     Do NOT apply if the user already provided error messages, logs, file paths, or a description of what they did. Don't require a specific format — narrative descriptions count.
+     For model behavior issues (e.g. "Claude does X when it should do Y"), don't require traditional repro steps — examples and patterns are sufficient.
+   - `needs-info` (bugs only, 7 days): The issue needs something from the community before it can progress — e.g. error messages, versions, environment details, or answers to follow-up questions. Don't apply to questions or enhancements.
+     Do NOT apply if the user already provided version, environment, and error details. If the issue just needs engineering investigation, that's not `needs-info`.
+
+   Issues with these labels are automatically closed after the timeout if there's no response.
+   The goal is to avoid issues lingering without a clear next step.
+
+7. Apply all selected labels:
+   `./scripts/edit-issue-labels.sh --add-label "label1" --add-label "label2"`
+
+**If EVENT is "issue_comment" (comment on existing issue):**
+
+4. Evaluate lifecycle labels based on the full conversation:
+   - If the issue has `stale` or `autoclose`, remove the label — a new human comment means the issue is still active:
+     `./scripts/edit-issue-labels.sh --remove-label "stale" --remove-label "autoclose"`
+   - If the issue has `needs-repro` or `needs-info` and the missing information has now been provided, remove the label:
+     `./scripts/edit-issue-labels.sh --remove-label "needs-repro"`
+   - If the issue doesn't have lifecycle labels but clearly needs them (e.g., a maintainer asked for repro steps or more details), add the appropriate label.
+   - Comments like "+1", "me too", "same here", or emoji reactions are NOT the missing information. Only remove `needs-repro` or `needs-info` when substantive details are actually provided.
+   - Do NOT add or remove category labels (bug, enhancement, etc.) on comment events.
+
+GUIDELINES:
+- ONLY use labels from `./scripts/gh.sh label list` — never create or guess label names
+- DO NOT post any comments to the issue
+- Be conservative with lifecycle labels — only apply when clearly warranted
+- Only apply lifecycle labels (`needs-repro`, `needs-info`) to bugs — never to questions or enhancements
+- When in doubt, don't apply a lifecycle label — false positives are worse than missing labels
+- On new issues (EVENT "issues"), always apply exactly one of `bug`, `enhancement`, `question`, `invalid`, or `duplicate`. If unsure, pick the closest fit — an imperfect category label is better than none.
+- On comment events, it's okay to make no changes if nothing applies.

.github/workflows/auto-close-duplicates.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)
         with:
           bun-version: latest
 

.github/workflows/backfill-duplicate-comments.yml

@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@v4
       
       - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)
         with:
           bun-version: latest
       

.github/workflows/claude-dedupe-issues.yml

@@ -23,10 +23,13 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Claude Code slash command
-        uses: anthropics/claude-code-base-action@v1
+        uses: anthropics/claude-code-action@v1
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CLAUDE_CODE_SCRIPT_CAPS: '{"comment-on-duplicates.sh":1}'
         with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          allowed_non_write_users: "*"
           prompt: "/dedupe ${{ github.repository }}/issues/${{ github.event.issue.number || inputs.issue_number }}"
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           claude_args: "--model claude-sonnet-4-5-20250929"
@@ -35,10 +38,11 @@ jobs:
         if: always()
         env:
           STATSIG_API_KEY: ${{ secrets.STATSIG_API_KEY }}
+          ISSUE_NUMBER: ${{ github.event.issue.number || inputs.issue_number }}
+          REPO: ${{ github.repository }}
+          TRIGGERED_BY: ${{ github.event_name }}
+          WORKFLOW_RUN_ID: ${{ github.run_id }}
         run: |
-          ISSUE_NUMBER=${{ github.event.issue.number || inputs.issue_number }}
-          REPO=${{ github.repository }}
-          
           if [ -z "$STATSIG_API_KEY" ]; then
             echo "STATSIG_API_KEY not found, skipping Statsig logging"
             exit 0
@@ -48,7 +52,8 @@ jobs:
           EVENT_PAYLOAD=$(jq -n \
             --arg issue_number "$ISSUE_NUMBER" \
             --arg repo "$REPO" \
-            --arg triggered_by "${{ github.event_name }}" \
+            --arg triggered_by "$TRIGGERED_BY" \
+            --arg workflow_run_id "$WORKFLOW_RUN_ID" \
             '{
               events: [{
                 eventName: "github_duplicate_comment_added",
@@ -57,7 +62,7 @@ jobs:
                   repository: $repo,
                   issue_number: ($issue_number | tonumber),
                   triggered_by: $triggered_by,
-                  workflow_run_id: "${{ github.run_id }}"
+                  workflow_run_id: $workflow_run_id
                 },
                 time: (now | floor | tostring)
               }]

.github/workflows/claude-issue-triage.yml

@@ -1,13 +1,20 @@
 name: Claude Issue Triage
-description: Automatically triage GitHub issues using Claude Code
 on:
   issues:
     types: [opened]
+  issue_comment:
+    types: [created]
 
 jobs:
   triage-issue:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    if: >-
+      github.event_name == 'issues' ||
+      (github.event_name == 'issue_comment' && !github.event.issue.pull_request && github.event.comment.user.type != 'Bot')
+    concurrency:
+      group: issue-triage-${{ github.event.issue.number }}
+      cancel-in-progress: true
     permissions:
       contents: read
       issues: write
@@ -16,93 +23,17 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Create triage prompt
-        run: |
-          mkdir -p /tmp/claude-prompts
-          cat > /tmp/claude-prompts/triage-prompt.txt << 'EOF'
-          You're an issue triage assistant for GitHub issues. Your task is to analyze the issue and select appropriate labels from the provided list.
-
-          IMPORTANT: Don't post any comments or messages to the issue. Your only action should be to apply labels.
-
-          Issue Information:
-          - REPO: ${{ github.repository }}
-          - ISSUE_NUMBER: ${{ github.event.issue.number }}
-
-          TASK OVERVIEW:
-
-          1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.
-
-          2. Next, use the GitHub tools to get context about the issue:
-             - You have access to these tools:
-               - mcp__github__get_issue: Use this to retrieve the current issue's details including title, description, and existing labels
-               - mcp__github__get_issue_comments: Use this to read any discussion or additional context provided in the comments
-               - mcp__github__update_issue: Use this to apply labels to the issue (do not use this for commenting)
-               - mcp__github__search_issues: Use this to find similar issues that might provide context for proper categorization and to identify potential duplicate issues
-               - mcp__github__list_issues: Use this to understand patterns in how other issues are labeled
-             - Start by using mcp__github__get_issue to get the issue details
-
-          3. Analyze the issue content, considering:
-             - The issue title and description
-             - The type of issue (bug report, feature request, question, etc.)
-             - Technical areas mentioned
-             - Severity or priority indicators
-             - User impact
-             - Components affected
-
-          4. Select appropriate labels from the available labels list provided above:
-             - Choose labels that accurately reflect the issue's nature
-             - Be specific but comprehensive
-             - Select priority labels if you can determine urgency (high-priority, med-priority, or low-priority)
-             - Consider platform labels (android, ios) if applicable
-             - If you find similar issues using mcp__github__search_issues, consider using a "duplicate" label if appropriate. Only do so if the issue is a duplicate of another OPEN issue.
-
-          5. Apply the selected labels:
-             - Use mcp__github__update_issue to apply your selected labels
-             - DO NOT post any comments explaining your decision
-             - DO NOT communicate directly with users
-             - If no labels are clearly applicable, do not apply any labels
-
-          IMPORTANT GUIDELINES:
-          - Be thorough in your analysis
-          - Only select labels from the provided list above
-          - DO NOT post any comments to the issue
-          - Your ONLY action should be to apply labels using mcp__github__update_issue
-          - It's okay to not add any labels if none are clearly applicable
-          EOF
-
-      - name: Setup GitHub MCP Server
-        run: |
-          mkdir -p /tmp/mcp-config
-          cat > /tmp/mcp-config/mcp-servers.json << 'EOF'
-          {
-            "mcpServers": {
-              "github": {
-                "command": "docker",
-                "args": [
-                  "run",
-                  "-i",
-                  "--rm",
-                  "-e",
-                  "GITHUB_PERSONAL_ACCESS_TOKEN",
-                  "ghcr.io/github/github-mcp-server:sha-7aced2b"
-                ],
-                "env": {
-                  "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
-                }
-              }
-            }
-          }
-          EOF
-
       - name: Run Claude Code for Issue Triage
         timeout-minutes: 5
-        uses: anthropics/claude-code-base-action@v1
+        uses: anthropics/claude-code-action@v1
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
+          CLAUDE_CODE_SCRIPT_CAPS: '{"edit-issue-labels.sh":2}'
         with:
-          prompt_file: /tmp/claude-prompts/triage-prompt.txt
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          allowed_non_write_users: "*"
+          prompt: "/triage-issue REPO: ${{ github.repository }} ISSUE_NUMBER: ${{ github.event.issue.number }} EVENT: ${{ github.event_name }}"
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           claude_args: |
-            --model claude-sonnet-4-5-20250929
-            --mcp-config /tmp/mcp-config/mcp-servers.json
-            --allowedTools "Bash(gh label list),mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__update_issue,mcp__github__search_issues,mcp__github__list_issues"
+            --model claude-opus-4-6

.github/workflows/issue-lifecycle-comment.yml

@@ -0,0 +1,27 @@
+name: "Issue Lifecycle Comment"
+
+on:
+  issues:
+    types: [labeled]
+
+permissions:
+  issues: write
+
+jobs:
+  comment:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)
+        with:
+          bun-version: latest
+
+      - name: Post lifecycle comment
+        run: bun run scripts/lifecycle-comment.ts
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          LABEL: ${{ github.event.label.name }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}

.github/workflows/non-write-users-check.yml

@@ -0,0 +1,47 @@
+name: Non-write Users Check
+on:
+  pull_request:
+    paths:
+      - ".github/**"
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  allowed-non-write-check:
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - run: |
+          DIFF=$(gh pr diff "$PR_NUMBER" -R "$REPO" || true)
+
+          if ! echo "$DIFF" | grep -qE '^diff --git a/\.github/.*\.ya?ml'; then
+            exit 0
+          fi
+
+          MATCHES=$(echo "$DIFF" | grep "^+.*allowed_non_write_users" || true)
+
+          if [ -z "$MATCHES" ]; then
+            exit 0
+          fi
+
+          EXISTING=$(gh pr view "$PR_NUMBER" -R "$REPO" --json comments --jq '.comments[].body' \
+            | grep -c "<!-- non-write-users-check -->" || true)
+
+          if [ "$EXISTING" -gt 0 ]; then
+            exit 0
+          fi
+
+          gh pr comment "$PR_NUMBER" -R "$REPO" --body '<!-- non-write-users-check -->
+          **`allowed_non_write_users` detected**
+
+          This PR adds or modifies `allowed_non_write_users`, which allows users without write access to trigger Claude Code Action workflows. This can introduce security risks.
+
+          If this is a new flow, please make sure you actually need `allowed_non_write_users`. If you are editing an existing workflow, double check that you are not adding new Claude permissions which might lead to a vulnerability.
+
+          See existing workflows in this repo for safe usage examples, or contact the AppSec team.'
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO: ${{ github.repository }}

.github/workflows/oncall-triage.yml

@@ -1,121 +0,0 @@
-name: Oncall Issue Triage
-description: Automatically identify and label critical blocking issues requiring oncall attention
-on:
-  push:
-    branches:
-      - add-oncall-triage-workflow  # Temporary: for testing only
-  schedule:
-    # Run every 6 hours
-    - cron: '0 */6 * * *'
-  workflow_dispatch: # Allow manual trigger
-
-jobs:
-  oncall-triage:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      issues: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Create oncall triage prompt
-        run: |
-          mkdir -p /tmp/claude-prompts
-          cat > /tmp/claude-prompts/oncall-triage-prompt.txt << 'EOF'
-          You're an oncall triage assistant for GitHub issues. Your task is to identify critical issues that require immediate oncall attention.
-
-          Important: Don't post any comments or messages to the issues. Your only action should be to apply the "oncall" label to qualifying issues.
-
-          Repository: ${{ github.repository }}
-
-          Task overview:
-          1. Fetch all open issues updated in the last 3 days:
-             - Use mcp__github__list_issues with:
-               - state="open"
-               - first=5 (fetch only 5 issues per page)
-               - orderBy="UPDATED_AT"
-               - direction="DESC"
-             - This will give you the most recently updated issues first
-             - For each page of results, check the updatedAt timestamp of each issue
-             - Add issues updated within the last 3 days (72 hours) to your TODO list as you go
-             - Keep paginating using the 'after' parameter until you encounter issues older than 3 days
-             - Once you hit issues older than 3 days, you can stop fetching (no need to fetch all open issues)
-
-          2. Build your TODO list incrementally as you fetch:
-             - As you fetch each page, immediately add qualifying issues to your TODO list
-             - One TODO item per issue number (e.g., "Evaluate issue #123")
-             - This allows you to start processing while still fetching more pages
-
-          3. For each issue in your TODO list:
-             - Use mcp__github__get_issue to read the issue details (title, body, labels)
-             - Use mcp__github__get_issue_comments to read all comments
-             - Evaluate whether this issue needs the oncall label:
-               a) Is it a bug? (has "bug" label or describes bug behavior)
-               b) Does it have at least 50 engagements? (count comments + reactions)
-               c) Is it truly blocking? Read and understand the full content to determine:
-                  - Does this prevent core functionality from working?
-                  - Can users work around it?
-                  - Consider severity indicators: "crash", "stuck", "frozen", "hang", "unresponsive", "cannot use", "blocked", "broken"
-                  - Be conservative - only flag issues that truly prevent users from getting work done
-
-          4. For issues that meet all criteria and do not already have the "oncall" label:
-             - Use mcp__github__update_issue to add the "oncall" label
-             - Do not post any comments
-             - Do not remove any existing labels
-             - Do not remove the "oncall" label from issues that already have it
-
-          Important guidelines:
-          - Use the TODO list to track your progress through ALL candidate issues
-          - Process issues efficiently - don't read every single issue upfront, work through your TODO list systematically
-          - Be conservative in your assessment - only flag truly critical blocking issues
-          - Do not post any comments to issues
-          - Your only action should be to add the "oncall" label using mcp__github__update_issue
-          - Mark each issue as complete in your TODO list as you process it
-
-          7. After processing all issues in your TODO list, provide a summary of your actions:
-             - Total number of issues processed (candidate issues evaluated)
-             - Number of issues that received the "oncall" label
-             - For each issue that got the label: list issue number, title, and brief reason why it qualified
-             - Close calls: List any issues that almost qualified but didn't quite meet the criteria (e.g., borderline blocking, had workarounds)
-             - If no issues qualified, state that clearly
-             - Format the summary clearly for easy reading
-          EOF
-
-      - name: Setup GitHub MCP Server
-        run: |
-          mkdir -p /tmp/mcp-config
-          cat > /tmp/mcp-config/mcp-servers.json << 'EOF'
-          {
-            "mcpServers": {
-              "github": {
-                "command": "docker",
-                "args": [
-                  "run",
-                  "-i",
-                  "--rm",
-                  "-e",
-                  "GITHUB_PERSONAL_ACCESS_TOKEN",
-                  "ghcr.io/github/github-mcp-server:sha-7aced2b"
-                ],
-                "env": {
-                  "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
-                }
-              }
-            }
-          }
-          EOF
-
-      - name: Run Claude Code for Oncall Triage
-        timeout-minutes: 10
-        uses: anthropics/claude-code-base-action@v1
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          prompt_file: /tmp/claude-prompts/oncall-triage-prompt.txt
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          claude_args: |
-            --mcp-config /tmp/mcp-config/mcp-servers.json
-            --allowedTools "mcp__github__list_issues,mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__update_issue"

.github/workflows/stale-issue-manager.yml

@@ -1,157 +0,0 @@
-name: "Manage Stale Issues"
-
-on:
-  schedule:
-    # 2am Pacific = 9am UTC (10am UTC during DST)
-    - cron: "0 10 * * *"
-  workflow_dispatch:
-
-permissions:
-  issues: write
-
-concurrency:
-  group: stale-issue-manager
-
-jobs:
-  manage-stale-issues:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Manage stale issues
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const oneMonthAgo = new Date();
-            oneMonthAgo.setDate(oneMonthAgo.getDate() - 30);
-
-            const twoMonthsAgo = new Date();
-            twoMonthsAgo.setDate(twoMonthsAgo.getDate() - 60);
-
-            const warningComment = `This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.`;
-
-            const closingComment = `This issue has been automatically closed due to 60 days of inactivity. If you're still experiencing this issue, please open a new issue with updated information.`;
-
-            let page = 1;
-            let hasMore = true;
-            let totalWarned = 0;
-            let totalClosed = 0;
-            let totalLabeled = 0;
-
-            while (hasMore) {
-              // Get open issues sorted by last updated (oldest first)
-              const { data: issues } = await github.rest.issues.listForRepo({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                state: 'open',
-                sort: 'updated',
-                direction: 'asc',
-                per_page: 100,
-                page: page
-              });
-              
-              if (issues.length === 0) {
-                hasMore = false;
-                break;
-              }
-              
-              for (const issue of issues) {
-                // Skip if already locked
-                if (issue.locked) continue;
-                
-                // Skip pull requests
-                if (issue.pull_request) continue;
-                
-                // Check if updated more recently than 30 days ago
-                const updatedAt = new Date(issue.updated_at);
-                if (updatedAt > oneMonthAgo) {
-                  // Since issues are sorted by updated_at ascending, 
-                  // once we hit a recent issue, all remaining will be recent too
-                  hasMore = false;
-                  break;
-                }
-                
-                // Check if issue has autoclose label
-                const hasAutocloseLabel = issue.labels.some(label => 
-                  typeof label === 'object' && label.name === 'autoclose'
-                );
-                
-                try {
-                  // Get comments to check for existing warning
-                  const { data: comments } = await github.rest.issues.listComments({
-                    owner: context.repo.owner,
-                    repo: context.repo.repo,
-                    issue_number: issue.number,
-                    per_page: 100
-                  });
-                  
-                  // Find the last comment from github-actions bot
-                  const botComments = comments.filter(comment => 
-                    comment.user && comment.user.login === 'github-actions[bot]' &&
-                    comment.body && comment.body.includes('inactive for 30 days')
-                  );
-                  
-                  const lastBotComment = botComments[botComments.length - 1];
-                  
-                  if (lastBotComment) {
-                    // Check if the bot comment is older than 30 days (total 60 days of inactivity)
-                    const botCommentDate = new Date(lastBotComment.created_at);
-                    if (botCommentDate < oneMonthAgo) {
-                      // Close the issue - it's been stale for 60+ days
-                      console.log(`Closing issue #${issue.number} (stale for 60+ days): ${issue.title}`);
-                      
-                      // Post closing comment
-                      await github.rest.issues.createComment({
-                        owner: context.repo.owner,
-                        repo: context.repo.repo,
-                        issue_number: issue.number,
-                        body: closingComment
-                      });
-                      
-                      // Close the issue
-                      await github.rest.issues.update({
-                        owner: context.repo.owner,
-                        repo: context.repo.repo,
-                        issue_number: issue.number,
-                        state: 'closed',
-                        state_reason: 'not_planned'
-                      });
-                      
-                      totalClosed++;
-                    }
-                    // If bot comment exists but is recent, issue already has warning
-                  } else if (updatedAt < oneMonthAgo) {
-                    // No bot warning yet, issue is 30+ days old
-                    console.log(`Warning issue #${issue.number} (stale for 30+ days): ${issue.title}`);
-                    
-                    // Post warning comment
-                    await github.rest.issues.createComment({
-                      owner: context.repo.owner,
-                      repo: context.repo.repo,
-                      issue_number: issue.number,
-                      body: warningComment
-                    });
-                    
-                    totalWarned++;
-                    
-                    // Add autoclose label if not present
-                    if (!hasAutocloseLabel) {
-                      await github.rest.issues.addLabels({
-                        owner: context.repo.owner,
-                        repo: context.repo.repo,
-                        issue_number: issue.number,
-                        labels: ['autoclose']
-                      });
-                      totalLabeled++;
-                    }
-                  }
-                } catch (error) {
-                  console.error(`Failed to process issue #${issue.number}: ${error.message}`);
-                }
-              }
-              
-              page++;
-            }
-
-            console.log(`Summary:`);
-            console.log(`- Issues warned (30 days stale): ${totalWarned}`);
-            console.log(`- Issues labeled with autoclose: ${totalLabeled}`);
-            console.log(`- Issues closed (60 days stale): ${totalClosed}`);

.github/workflows/sweep.yml

@@ -0,0 +1,31 @@
+name: "Issue Sweep"
+
+on:
+  schedule:
+    - cron: "0 10,22 * * *"
+  workflow_dispatch:
+
+permissions:
+  issues: write
+
+concurrency:
+  group: daily-issue-sweep
+
+jobs:
+  sweep:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)
+        with:
+          bun-version: latest
+
+      - name: Enforce lifecycle timeouts
+        run: bun run scripts/sweep.ts
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          GITHUB_REPOSITORY_NAME: ${{ github.event.repository.name }}

SECURITY.md

@@ -5,8 +5,8 @@ Thank you for helping us keep Claude Code secure!
 
 The security of our systems and user data is Anthropic's top priority. We appreciate the work of security researchers acting in good faith in identifying and reporting potential vulnerabilities.
 
-Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/anthropic-vdp/reports/new?type=team&report_type=vulnerability).
+Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/4f1f16ba-10d3-4d09-9ecc-c721aad90f24/embedded_submissions/new).
 
-## Vulnerability Disclosure Program
+## Anthropic Bug Bounty
 
-Our Vulnerability Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic-vdp).
+Our Bug Bounty Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic).

examples/mdm/README.md

@@ -0,0 +1,28 @@
+# MDM Deployment Examples
+
+Example templates for deploying Claude Code [managed settings](https://code.claude.com/docs/en/settings#settings-files) through Jamf, Iru (Kandji), Intune, or Group Policy. Use these as starting points — adjust them to fit your needs.
+
+All templates encode the same minimal example (`permissions.disableBypassPermissionsMode`). See the [settings reference](https://code.claude.com/docs/en/settings#available-settings) for the full list of keys, and [`../settings`](../settings) for more complete example configurations.
+
+
+## Templates
+
+> [!WARNING]
+> These examples are community-maintained templates which may be unsupported or incorrect. You are responsible for the correctness of your own deployment configuration.
+
+| File | Use with |
+| :--- | :--- |
+| [`managed-settings.json`](./managed-settings.json) | Any platform. Deploy to the [system config directory](https://code.claude.com/docs/en/settings#settings-files). |
+| [`macos/com.anthropic.claudecode.plist`](./macos/com.anthropic.claudecode.plist) | Jamf or Iru (Kandji) **Custom Settings** payload. Preference domain: `com.anthropic.claudecode`. |
+| [`macos/com.anthropic.claudecode.mobileconfig`](./macos/com.anthropic.claudecode.mobileconfig) | Full configuration profile for local testing or MDMs that take a complete profile. |
+| [`windows/Set-ClaudeCodePolicy.ps1`](./windows/Set-ClaudeCodePolicy.ps1) | Intune **Platform scripts**. Writes `managed-settings.json` to `C:\Program Files\ClaudeCode\`. |
+| [`windows/ClaudeCode.admx`](./windows/ClaudeCode.admx) + [`en-US/ClaudeCode.adml`](./windows/en-US/ClaudeCode.adml) | Group Policy or Intune **Import ADMX**. Writes `HKLM\SOFTWARE\Policies\ClaudeCode\Settings` (REG_SZ, single-line JSON). |
+
+## Tips
+- Replace the placeholder `PayloadUUID` and `PayloadOrganization` values in the `.mobileconfig` with your own (`uuidgen`)
+- Before deploying to your fleet, test on a single machine and confirm `/status` lists the source under **Setting sources** — e.g. `Enterprise managed settings (plist)` on macOS or `Enterprise managed settings (HKLM)` on Windows
+- Settings deployed this way sit at the top of the precedence order and cannot be overridden by users
+
+## Full Documentation
+
+See https://code.claude.com/docs/en/settings#settings-files for complete documentation on managed settings and settings precedence.

examples/mdm/macos/com.anthropic.claudecode.mobileconfig

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadDisplayName</key>
+	<string>Claude Code Managed Settings</string>
+	<key>PayloadDescription</key>
+	<string>Configures managed settings for Claude Code.</string>
+	<key>PayloadIdentifier</key>
+	<string>com.anthropic.claudecode.profile</string>
+	<key>PayloadOrganization</key>
+	<string>Example Organization</string>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>DC3CBC17-3330-4CDE-94AC-D2342E9C88A3</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>Claude Code</string>
+			<key>PayloadIdentifier</key>
+			<string>com.anthropic.claudecode.profile.BEFD5F54-71FC-4012-82B2-94399A1E220B</string>
+			<key>PayloadType</key>
+			<string>com.apple.ManagedClient.preferences</string>
+			<key>PayloadUUID</key>
+			<string>BEFD5F54-71FC-4012-82B2-94399A1E220B</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+			<key>PayloadContent</key>
+			<dict>
+				<key>com.anthropic.claudecode</key>
+				<dict>
+					<key>Forced</key>
+					<array>
+						<dict>
+							<key>mcx_preference_settings</key>
+							<dict>
+								<key>permissions</key>
+								<dict>
+									<key>disableBypassPermissionsMode</key>
+									<string>disable</string>
+								</dict>
+							</dict>
+						</dict>
+					</array>
+				</dict>
+			</dict>
+		</dict>
+	</array>
+</dict>
+</plist>

examples/mdm/macos/com.anthropic.claudecode.plist

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>permissions</key>
+	<dict>
+		<key>disableBypassPermissionsMode</key>
+		<string>disable</string>
+	</dict>
+</dict>
+</plist>

examples/mdm/managed-settings.json

@@ -0,0 +1,5 @@
+{
+  "permissions": {
+    "disableBypassPermissionsMode": "disable"
+  }
+}

examples/mdm/windows/ClaudeCode.admx

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions"
+                   revision="1.0" schemaVersion="1.0">
+  <policyNamespaces>
+    <target prefix="claudecode" namespace="Anthropic.Policies.ClaudeCode" />
+    <using prefix="windows" namespace="Microsoft.Policies.Windows" />
+  </policyNamespaces>
+  <resources minRequiredRevision="1.0" />
+  <categories>
+    <category name="Cat_ClaudeCode" displayName="$(string.Cat_ClaudeCode)" />
+  </categories>
+  <policies>
+    <policy name="ManagedSettings"
+            class="Machine"
+            displayName="$(string.ManagedSettings)"
+            explainText="$(string.ManagedSettings_Explain)"
+            presentation="$(presentation.ManagedSettings)"
+            key="SOFTWARE\Policies\ClaudeCode">
+      <parentCategory ref="Cat_ClaudeCode" />
+      <supportedOn ref="windows:SUPPORTED_Windows_10_0" />
+      <elements>
+        <text id="SettingsJson" valueName="Settings" maxLength="1000000" required="true" />
+      </elements>
+    </policy>
+  </policies>
+</policyDefinitions>

examples/mdm/windows/Set-ClaudeCodePolicy.ps1

@@ -0,0 +1,28 @@
+<#
+Deploys Claude Code managed settings as a JSON file.
+
+Intune: Devices > Scripts and remediations > Platform scripts > Add (Windows 10 and later).
+  Run this script using the logged on credentials: No
+  Run script in 64 bit PowerShell Host: Yes
+
+Claude Code reads C:\Program Files\ClaudeCode\managed-settings.json at startup
+and treats it as a managed policy source. Edit the JSON below to change the
+deployed settings; see https://code.claude.com/docs/en/settings for available keys.
+#>
+
+$ErrorActionPreference = 'Stop'
+
+$dir = Join-Path $env:ProgramFiles 'ClaudeCode'
+New-Item -ItemType Directory -Path $dir -Force | Out-Null
+
+$json = @'
+{
+  "permissions": {
+    "disableBypassPermissionsMode": "disable"
+  }
+}
+'@
+
+$path = Join-Path $dir 'managed-settings.json'
+[System.IO.File]::WriteAllText($path, $json, (New-Object System.Text.UTF8Encoding($false)))
+Write-Output "Wrote $path"

examples/mdm/windows/en-US/ClaudeCode.adml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                            xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions"
+                            revision="1.0" schemaVersion="1.0">
+  <displayName>Claude Code</displayName>
+  <description>Claude Code policy settings</description>
+  <resources>
+    <stringTable>
+      <string id="Cat_ClaudeCode">Claude Code</string>
+      <string id="ManagedSettings">Managed settings (JSON)</string>
+      <string id="ManagedSettings_Explain">Configures managed settings for Claude Code.
+
+Enter the full settings configuration as a single line of JSON. The value is stored as a REG_SZ string at HKLM\SOFTWARE\Policies\ClaudeCode\Settings and is applied at the highest precedence; users cannot override these settings.
+
+Example:
+{"permissions":{"disableBypassPermissionsMode":"disable"}}
+
+For the list of available settings keys, see https://code.claude.com/docs/en/settings.
+
+If your configuration is large or you prefer to manage a JSON file directly, deploy C:\Program Files\ClaudeCode\managed-settings.json instead (see Set-ClaudeCodePolicy.ps1).</string>
+    </stringTable>
+    <presentationTable>
+      <presentation id="ManagedSettings">
+        <textBox refId="SettingsJson">
+          <label>Settings JSON:</label>
+        </textBox>
+      </presentation>
+    </presentationTable>
+  </resources>
+</policyDefinitionResources>

examples/settings/README.md

@@ -0,0 +1,35 @@
+# Settings Examples
+
+Example Claude Code settings files, primarily intended for organization-wide deployments. Use these as starting points — adjust them to fit your needs.
+
+These may be applied at any level of the [settings hierarchy](https://code.claude.com/docs/en/settings#settings-files), though certain properties only take effect if specified in enterprise settings (e.g. `strictKnownMarketplaces`, `allowManagedHooksOnly`, `allowManagedPermissionRulesOnly`).
+
+
+## Configuration Examples
+
+> [!WARNING]
+> These examples are community-maintained snippets which may be unsupported or incorrect. You are responsible for the correctness of your own settings configuration.
+
+| Setting | [`settings-lax.json`](./settings-lax.json) | [`settings-strict.json`](./settings-strict.json) | [`settings-bash-sandbox.json`](./settings-bash-sandbox.json) |
+|---------|:---:|:---:|:---:|
+| Disable `--dangerously-skip-permissions` | ✅ | ✅ | |
+| Block plugin marketplaces | ✅ | ✅ | |
+| Block user and project-defined permission `allow` / `ask` / `deny` | | ✅ | ✅ |
+| Block user and project-defined hooks | | ✅ | |
+| Deny web fetch and search tools | | ✅ | |
+| Bash tool requires approval | | ✅ | |
+| Bash tool must run inside of sandbox | | | ✅ |
+
+## Tips
+- Consider merging snippets of the above examples to reach your desired configuration
+- Settings files must be valid JSON
+- Before deploying configuration files to your organization, test them locally by applying to `managed-settings.json`, `settings.json` or `settings.local.json`
+- The `sandbox` property only applies to the `Bash` tool; it does not apply to other tools (like Read, Write, WebSearch, WebFetch, MCPs), hooks, or internal commands
+
+## Deploying via MDM
+
+To distribute these settings as enterprise-managed policy through Jamf, Iru (Kandji), Intune, or Group Policy, see the deployment templates in [`../mdm`](../mdm).
+
+## Full Documentation
+
+See https://code.claude.com/docs/en/settings for complete documentation on all available managed settings.

examples/settings/settings-bash-sandbox.json

@@ -0,0 +1,18 @@
+{
+  "allowManagedPermissionRulesOnly": true,
+  "sandbox": {
+    "enabled": true,
+    "autoAllowBashIfSandboxed": false,
+    "allowUnsandboxedCommands": false,
+    "excludedCommands": [],
+    "network": {
+      "allowUnixSockets": [],
+      "allowAllUnixSockets": false,
+      "allowLocalBinding": false,
+      "allowedDomains": [],
+      "httpProxyPort": null,
+      "socksProxyPort": null
+    },
+    "enableWeakerNestedSandbox": false
+  }
+}

examples/settings/settings-lax.json

@@ -0,0 +1,6 @@
+{
+  "permissions": {
+    "disableBypassPermissionsMode": "disable"
+  },
+  "strictKnownMarketplaces": []
+}

examples/settings/settings-strict.json

@@ -0,0 +1,28 @@
+{
+  "permissions": {
+    "disableBypassPermissionsMode": "disable",
+    "ask": [
+      "Bash"
+    ],
+    "deny": [
+      "WebSearch",
+      "WebFetch"
+    ]
+  },
+  "allowManagedPermissionRulesOnly": true,
+  "allowManagedHooksOnly": true,
+  "strictKnownMarketplaces": [],
+  "sandbox": {
+    "autoAllowBashIfSandboxed": false,
+    "excludedCommands": [],
+    "network": {
+      "allowUnixSockets": [],
+      "allowAllUnixSockets": false,
+      "allowLocalBinding": false,
+      "allowedDomains": [],
+      "httpProxyPort": null,
+      "socksProxyPort": null
+    },
+    "enableWeakerNestedSandbox": false
+  }
+}

feed.xml

@@ -0,0 +1,691 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom">
+  <id>https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md</id>
+  <title>Claude Code Changelog</title>
+  <subtitle>Release notes for Claude Code</subtitle>
+  <author><name>Anthropic</name></author>
+  <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md"/>
+  <link rel="self" type="application/atom+xml" href="https://raw.githubusercontent.com/anthropics/claude-code/main/feed.xml"/>
+  <updated>2026-05-19T00:48:45Z</updated>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.144</id>
+    <title>Claude Code v2.1.144</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.144"/>
+    <updated>2026-05-19T00:48:45Z</updated>
+    <content type="html">&lt;p&gt;• Added /resume support for background sessions — sessions started via claude --bg or agent view now appear alongside interactive ones, marked with bg&lt;/p&gt;
+&lt;p&gt;• Added elapsed duration to background subagent completion notifications (e.g. "Agent completed · 3h 2m 5s")&lt;/p&gt;
+&lt;p&gt;• The /plugin browse and discover panes now show when a plugin was last updated&lt;/p&gt;
+&lt;p&gt;• /model now changes the model for the current session only; press d in the model picker to set a default for new sessions&lt;/p&gt;
+&lt;p&gt;• Renamed "extra usage" to "usage credits" across CLI copy; /extra-usage is now /usage-credits (old name still works)&lt;/p&gt;
+&lt;p&gt;• Fixed startup hanging up to 75s when api.anthropic.com is unreachable (captive portal, firewall, VPN issues) — side-channel API calls now time out after 15s&lt;/p&gt;
+&lt;p&gt;• Fixed garbled terminal output after a missed window-resize event (e.g. dragging a VS Code split-pane divider) — now self-heals on the next frame instead of requiring Ctrl+L&lt;/p&gt;
+&lt;p&gt;• Fixed progressive terminal display corruption (stale/garbled glyphs) that could appear in very long sessions and only cleared on terminal resize or restart&lt;/p&gt;
+&lt;p&gt;• Reduced terminal rendering glitches in VS Code by reducing spinner animation color count&lt;/p&gt;
+&lt;p&gt;• Fixed macOS background sessions crashing with "exit 1 before init" when the project lives under a Full Disk Access-protected folder (regression in 2.1.143)&lt;/p&gt;
+&lt;p&gt;• Fixed an unrecoverable conversation when reading a file whose image extension doesn't match its contents (e.g. HTML saved as .png) — now falls back to text&lt;/p&gt;
+&lt;p&gt;• Fewer spurious tool errors during search: head/tail file views now satisfy the read-before-edit check, and a "no matches" result (exit code 1) from egrep, fgrep, git grep, or git diff is no longer reported as a command failure&lt;/p&gt;
+&lt;p&gt;• Fixed /branch failing with "No conversation to branch" after entering a worktree or in some background sessions&lt;/p&gt;
+&lt;p&gt;• Fixed pressing Escape in the AskUserQuestion notes field aborting the turn instead of returning to answer selection&lt;/p&gt;
+&lt;p&gt;• Fixed model selection not applying when changed via the IDE model picker or applyFlagSettings after startup&lt;/p&gt;
+&lt;p&gt;• Resumed sessions now keep the model they were using instead of picking up another session's /model choice&lt;/p&gt;
+&lt;p&gt;• Fixed Bedrock and Vertex users unable to select "Opus (1M context)" from the /model picker (regression in v2.1.129)&lt;/p&gt;
+&lt;p&gt;• Fixed remote-session login failing with "Can't access this organization" for users with forceLoginMethod and forceLoginOrgUUID set&lt;/p&gt;
+&lt;p&gt;• Fixed MCP servers with paginated tools/list responses only returning the first page, silently dropping tools&lt;/p&gt;
+&lt;p&gt;• Fixed MCP images with unsupported MIME types (e.g. SVG) breaking the conversation — now saved to disk and referenced in the tool result&lt;/p&gt;
+&lt;p&gt;• Fixed file descriptor exhaustion when a build runs inside a skill directory — non-.md files no longer trigger skill reloads&lt;/p&gt;
+&lt;p&gt;• Fixed session title being generated from plugin monitor output instead of the user's first prompt&lt;/p&gt;
+&lt;p&gt;• Fixed Skill tool failing with permission error in headless mode (regression in v2.1.141)&lt;/p&gt;
+&lt;p&gt;• Fixed plugins enabled in your own settings showing "not cached" errors after first load on a fresh machine; plugins enabled only by a project's .claude/settings.json now show an actionable claude plugin install hint&lt;/p&gt;
+&lt;p&gt;• Fixed claude mcp list silently reporting no servers when .mcp.json can't be parsed (e.g. using VS Code's "servers" key instead of "mcpServers") — now shows configuration errors&lt;/p&gt;
+&lt;p&gt;• Fixed background side-queries on custom ANTHROPIC_BASE_URL setups and Bedrock Mantle not using Haiku — now falls back correctly when a first-party API key is configured or no Haiku model is set&lt;/p&gt;
+&lt;p&gt;• Fixed scrolling in attached background sessions on Windows — PgUp/PgDn, mouse wheel, and Ctrl+O transcript navigation now work&lt;/p&gt;
+&lt;p&gt;• Fixed a crash when closing the terminal while attached to a background session&lt;/p&gt;
+&lt;p&gt;• Fixed ! &amp;lt;cmd&amp;gt; exec sessions not responding to Ctrl+C while attached — now interrupts the running command&lt;/p&gt;
+&lt;p&gt;• Fixed agent view shell-command rows lingering under Working after completion, and pressing Enter on a completed row re-running the command after its output expired&lt;/p&gt;
+&lt;p&gt;• Fixed on Windows, pressing ← in claude agents leaving the list unresponsive to keyboard input&lt;/p&gt;
+&lt;p&gt;• Fixed ghost characters at the left edge when switching panes in Agent View on Windows Terminal with CJK content&lt;/p&gt;
+&lt;p&gt;• /bg and ←-detach now preserve directories added via /add-dir&lt;/p&gt;
+&lt;p&gt;• Fixed Edit/Write refusing with "background session hasn't isolated its changes yet" right after detaching a session that was already editing in place&lt;/p&gt;
+&lt;p&gt;• Fixed claude respawn &amp;lt;id&amp;gt; on a stopped background session showing "stopped" instead of running&lt;/p&gt;
+&lt;p&gt;• Fixed /resume picker not showing sessions forked from a background session&lt;/p&gt;
+&lt;p&gt;• Fixed opening a session from claude agents or running claude logs &amp;lt;id&amp;gt; hanging when the background service is unresponsive — now times out after 10s with a recovery hint&lt;/p&gt;
+&lt;p&gt;• Fixed background Bash tasks spawned by subagents staying "Running" in SDK task panels after the process exits&lt;/p&gt;
+&lt;p&gt;• Fixed completed or stopped background sessions briefly failing to wake being permanently marked as a startup crash&lt;/p&gt;
+&lt;p&gt;• Fixed markdown links in claude agents attached sessions rendering as plain text instead of clickable hyperlinks&lt;/p&gt;
+&lt;p&gt;• Fixed custom spinnerVerbs applying to the post-turn duration message — past-tense built-ins like "Worked for 5s" are restored there&lt;/p&gt;
+&lt;p&gt;• claude agents / --bg rejection messages now name the specific gate (non-TTY, env var, or setting) instead of a generic message&lt;/p&gt;
+&lt;p&gt;• claude --bg --name &amp;lt;label&amp;gt; now echoes the name in the post-spawn confirmation&lt;/p&gt;
+&lt;p&gt;• claude agents: renaming a background session with Ctrl+R now updates the attached session's banner immediately&lt;/p&gt;
+&lt;p&gt;• Background session worktree isolation guard now applies for non-git VCS users with WorktreeCreate hooks configured&lt;/p&gt;
+&lt;p&gt;• Plugin marketplace add/update now respects CLAUDE_CODE_PLUGIN_PREFER_HTTPS&lt;/p&gt;
+&lt;p&gt;• /plugin now returns to the Installed list after enabling, disabling, or uninstalling a plugin&lt;/p&gt;
+&lt;p&gt;• /doctor now shows an exec-form example when a command hook is missing the command field&lt;/p&gt;
+&lt;p&gt;• Skill-listing truncation is no longer shown as a startup notification — run /doctor for the full breakdown&lt;/p&gt;
+&lt;p&gt;• Improved recovery from rare pre-response stream stalls — now retries streaming once instead of falling back to a slower non-streaming request&lt;/p&gt;
+&lt;p&gt;• Improved SDK/headless MCP startup: pre-wait now overlaps startup instead of blocking before the first turn (up to 2s faster with slow MCP servers)&lt;/p&gt;
+&lt;p&gt;• The post-survey follow-up hint now appears after every non-dismiss survey response with context-aware copy, making it easier to share more detail via /feedback.&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.143</id>
+    <title>Claude Code v2.1.143</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.143"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added plugin dependency enforcement: claude plugin disable now refuses when another enabled plugin depends on the target (with a copy-pasteable disable-chain hint), and claude plugin enable force-enables transitive dependencies&lt;/p&gt;
+&lt;p&gt;• Added projected context cost (per-turn and per-invocation token estimates) to the /plugin marketplace browse pane&lt;/p&gt;
+&lt;p&gt;• Added worktree.bgIsolation: "none" setting to let background sessions edit the working copy directly without EnterWorktree, for repos where worktrees are impractical&lt;/p&gt;
+&lt;p&gt;• PowerShell tool now passes -ExecutionPolicy Bypass. Opt out with CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1&lt;/p&gt;
+&lt;p&gt;• Background sessions now preserve the model and effort level you set after waking from idle&lt;/p&gt;
+&lt;p&gt;• Shift+Tab in attached agent sessions now includes auto mode in the cycle&lt;/p&gt;
+&lt;p&gt;• Fixed a corrupt .credentials.json with a non-array scopes value hanging the CLI on startup or silently aborting OAuth token refresh&lt;/p&gt;
+&lt;p&gt;• Fixed right-click paste in claude agents on Windows Terminal and WSL&lt;/p&gt;
+&lt;p&gt;• Fixed stop hooks that block repeatedly looping forever — the turn now ends with a warning after 8 consecutive blocks (override via CLAUDE_CODE_STOP_HOOK_BLOCK_CAP)&lt;/p&gt;
+&lt;p&gt;• Fixed Esc/Ctrl+C not cancelling a pending /loop wakeup while Claude is idle between iterations&lt;/p&gt;
+&lt;p&gt;• Fixed /goal evaluator firing while background shells or delegated subagents are still running&lt;/p&gt;
+&lt;p&gt;• Fixed NO_COLOR/FORCE_COLOR in settings.json env stripping Claude Code's own UI colors — they now apply to subprocesses only&lt;/p&gt;
+&lt;p&gt;• Fixed agent view spawning repeated PowerShell processes on Windows when listing sessions&lt;/p&gt;
+&lt;p&gt;• Fixed /bg without a prompt sending "continue" to the forked session — the fork now waits for input&lt;/p&gt;
+&lt;p&gt;• Fixed --agent &amp;lt;name&amp;gt; not finding plugin-contributed agents without the plugin: prefix&lt;/p&gt;
+&lt;p&gt;• Fixed deleting a session from agent view not removing its transcript file&lt;/p&gt;
+&lt;p&gt;• Fixed stale-fragment rendering when scrolling in attached background sessions on Windows Terminal&lt;/p&gt;
+&lt;p&gt;• Fixed background agents false-positive worker-stall detection storm after host sleep or macOS App Nap&lt;/p&gt;
+&lt;p&gt;• Fixed 5xx error messages pointing at status.claude.com instead of naming the configured gateway or cloud provider&lt;/p&gt;
+&lt;p&gt;• The PowerShell tool is now enabled by default on Windows for Bedrock, Vertex, and Foundry users. Opt out with CLAUDE_CODE_USE_POWERSHELL_TOOL=0.&lt;/p&gt;
+&lt;p&gt;• claude agents now accepts --add-dir, --settings, --mcp-config, and --plugin-dir and applies them to the dashboard and to background sessions dispatched from it&lt;/p&gt;
+&lt;p&gt;• claude agents accepts --permission-mode, --model, --effort, and --dangerously-skip-permissions to set defaults for sessions dispatched from the view&lt;/p&gt;
+&lt;p&gt;• claude --bg --dangerously-skip-permissions now persists across retire→wake&lt;/p&gt;
+&lt;p&gt;• Fixed background sessions silently capturing IDE file references into the warm spare's input, which caused the reference to be prepended to the next prompt dispatched from claude agents&lt;/p&gt;
+&lt;p&gt;• Worktree cleanup no longer falls back to rm -rf when git worktree remove fails, preventing loss of gitignored or in-progress files&lt;/p&gt;
+&lt;p&gt;• Fixed background-job sessions on macOS getting "Operation not permitted" errors when reading files under ~/Documents, ~/Desktop, or ~/Downloads, even with Full Disk Access granted.&lt;/p&gt;
+&lt;p&gt;• /bg now preserves --mcp-config, --settings, --add-dir, --plugin-dir, and --strict-mcp-config, so backgrounded sessions keep their MCP servers and settings across respawn.&lt;/p&gt;
+&lt;p&gt;• Background sessions launched from claude agents now honor permissions.defaultMode from settings.json (was previously overridden to auto mode)&lt;/p&gt;
+&lt;p&gt;• Fixed: on Windows, pressing ← in claude agents while a response was streaming could leave the agents list unresponsive to all input&lt;/p&gt;
+&lt;p&gt;• /bg and ←-detach now preserve --fallback-model, so backgrounded workers degrade to the fallback model on overload instead of hard-failing.&lt;/p&gt;
+&lt;p&gt;• /bg and ←-detach now preserve --allow-dangerously-skip-permissions, so the forked worker keeps bypass-permissions available in its Shift+Tab cycle.&lt;/p&gt;
+&lt;p&gt;• Fixed: background daemon spawn now falls back to the running binary when the ~/.local/bin/claude launcher is missing or non-executable&lt;/p&gt;
+&lt;p&gt;• Fixed claude agents --allow-dangerously-skip-permissions defaulting dispatched sessions to bypass mode instead of making it available in the permission cycle&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.142</id>
+    <title>Claude Code v2.1.142</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.142"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added new claude agents flags: --add-dir, --settings, --mcp-config, --plugin-dir, --permission-mode, --model, --effort, and --dangerously-skip-permissions to configure dispatched background sessions&lt;/p&gt;
+&lt;p&gt;• Fast mode now uses Opus 4.7 by default (previously Opus 4.6). Set CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE=1 to pin fast mode to Opus 4.6&lt;/p&gt;
+&lt;p&gt;• Plugins with a root-level SKILL.md and no skills/ subdirectory are now surfaced as a skill&lt;/p&gt;
+&lt;p&gt;• The /plugin details pane and claude plugin details now show LSP servers a plugin provides&lt;/p&gt;
+&lt;p&gt;• /web-setup warns before replacing an existing GitHub App connection&lt;/p&gt;
+&lt;p&gt;• Fixed MCP_TOOL_TIMEOUT not raising the per-request fetch timeout for remote HTTP and SSE MCP servers, which capped tool calls at 60 seconds regardless of the configured value&lt;/p&gt;
+&lt;p&gt;• Fixed background sessions not recognizing pre-existing git worktrees, blocking Edit while EnterWorktree refused to create a duplicate&lt;/p&gt;
+&lt;p&gt;• Fixed background sessions disappearing and daemon reconnect failing after macOS sleep/wake — the daemon now detects clock jumps instead of treating them as elapsed idle time&lt;/p&gt;
+&lt;p&gt;• Fixed daemon not exiting cleanly after the binary is upgraded (e.g. brew upgrade), causing dispatched agents to crash-loop on the deleted path&lt;/p&gt;
+&lt;p&gt;• Fixed background agents crash-looping when the Claude-in-Chrome extension is connected without a shared tab&lt;/p&gt;
+&lt;p&gt;• Fixed clicking links in an attached claude agents session — the background worker's headless browser shim no longer applies while attached&lt;/p&gt;
+&lt;p&gt;• Fixed claude agents "v to open in editor" using the daemon's default editor instead of your shell's $EDITOR/$VISUAL&lt;/p&gt;
+&lt;p&gt;• Fixed claude agents deadlocking on Windows with network-drive working directories; Ctrl+C now works during startup&lt;/p&gt;
+&lt;p&gt;• Fixed background-color bleed when attaching to a claude agents session from Apple Terminal or other 256-color-only terminals&lt;/p&gt;
+&lt;p&gt;• Fixed claude --bg --dangerously-skip-permissions not persisting across retire/wake&lt;/p&gt;
+&lt;p&gt;• Fixed session titles being derived from the URL when the first message is a link&lt;/p&gt;
+&lt;p&gt;• Fixed redundant set_model requests from remote clients injecting duplicate /model breadcrumbs into the transcript&lt;/p&gt;
+&lt;p&gt;• Fixed plugins using skills: ["./"] showing a false "path escapes plugin directory" error&lt;/p&gt;
+&lt;p&gt;• Fixed plugin cache cleanup deleting the active plugin version directory when no installation metadata is present&lt;/p&gt;
+&lt;p&gt;• Fixed /plugin browse pane showing "0 installs" for newly published plugins&lt;/p&gt;
+&lt;p&gt;• Fixed plugin advisories not naming every plugin.json key that shadows a default folder&lt;/p&gt;
+&lt;p&gt;• Improved reactive compaction: the first summarize attempt now seeds from the original request's overflow size, avoiding a wasted near-full-context retry&lt;/p&gt;
+&lt;p&gt;• Improved hook configuration error: configuring a prompt- or agent-type hook for SessionStart/Setup/SubagentStart now shows a clear "use a command-type hook instead" error&lt;/p&gt;
+&lt;p&gt;• Removed stale /model claude-sonnet-4-20250514 suggestion from Usage Policy refusal messages&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.141</id>
+    <title>Claude Code v2.1.141</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.141"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added terminalSequence field to hook JSON output so hooks can emit desktop notifications, window titles, and bells without a controlling terminal&lt;/p&gt;
+&lt;p&gt;• Added CLAUDE_CODE_PLUGIN_PREFER_HTTPS to clone GitHub plugin sources over HTTPS instead of SSH, for environments without a GitHub SSH key&lt;/p&gt;
+&lt;p&gt;• Added ANTHROPIC_WORKSPACE_ID environment variable for workload identity federation — scopes the minted token to a specific workspace when the federation rule covers more than one&lt;/p&gt;
+&lt;p&gt;• Added claude agents --cwd &amp;lt;path&amp;gt; to scope the session list to a directory&lt;/p&gt;
+&lt;p&gt;• /feedback can now include recent sessions (last 24 hours or 7 days) for issues spanning more than the current session&lt;/p&gt;
+&lt;p&gt;• Rewind menu: added "Summarize up to here" to compress earlier context while keeping recent turns intact&lt;/p&gt;
+&lt;p&gt;• Auto mode permission dialog now explains when a permissions.ask rule caused the prompt&lt;/p&gt;
+&lt;p&gt;• Restored the "view diff in your IDE" option on file-edit permission prompts when an IDE is connected&lt;/p&gt;
+&lt;p&gt;• Background agents launched via /bg or ←← now preserve the current permission mode instead of reverting to default&lt;/p&gt;
+&lt;p&gt;• claude agents: agents that finish work but leave a background shell running now move to Completed instead of staying under Working&lt;/p&gt;
+&lt;p&gt;• Improved spinner feedback during long thinking periods — the spinner now warms to amber after 10 seconds to signal Claude is still working&lt;/p&gt;
+&lt;p&gt;• Improved plugin menu navigation: →/Tab switch tabs, ↑ moves to the tab strip, and tab headers and search box are clickable in fullscreen mode&lt;/p&gt;
+&lt;p&gt;• Fixed background side-queries sending an unavailable Haiku model ID on Bedrock/Vertex/Foundry/gateway when no ANTHROPIC_SMALL_FAST_MODEL override is set — now falls back to the main-loop model&lt;/p&gt;
+&lt;p&gt;• Fixed claude daemon status and /doctor on Windows throwing when the daemon pipe key file is locked or unreadable — now shows the underlying error instead of an opaque failure&lt;/p&gt;
+&lt;p&gt;• Fixed claude agents showing the agent-type list instead of the dashboard when launched through a wrapper that adds flags&lt;/p&gt;
+&lt;p&gt;• Fixed claude agents opening a crashed session firing redundant dispatches when the working directory was deleted&lt;/p&gt;
+&lt;p&gt;• Fixed background jobs on a custom ANTHROPIC_BASE_URL gateway not getting auto-named — the namer now uses the main model when no Haiku model is configured&lt;/p&gt;
+&lt;p&gt;• Fixed /model in one session silently changing the autocompact threshold in other concurrent sessions&lt;/p&gt;
+&lt;p&gt;• Fixed switching permission mode while a tool-permission prompt is open not auto-dismissing the prompt when the new setting permits the tool&lt;/p&gt;
+&lt;p&gt;• Fixed pressing Enter while a permission/dialog prompt is open also submitting text in the input box&lt;/p&gt;
+&lt;p&gt;• Fixed hooks receiving a non-existent transcript_path after EnterWorktree switches the working directory&lt;/p&gt;
+&lt;p&gt;• Fixed markdown tables with cell wrapping falling back to the vertical key-value layout instead of rendering as a bordered grid (regression in 2.1.136)&lt;/p&gt;
+&lt;p&gt;• Fixed cancelled prompts being removed from Up-arrow history when auto-restored into the input box, avoiding duplicate entries&lt;/p&gt;
+&lt;p&gt;• Fixed prompts cancelled with Ctrl+C/Esc before any response being dropped from Up-arrow history&lt;/p&gt;
+&lt;p&gt;• Fixed Ctrl+C not interrupting a running turn while in vim INSERT/VISUAL mode&lt;/p&gt;
+&lt;p&gt;• Fixed alternative chat:submit keybindings (e.g. meta+enter, ctrl+enter) not working when enter is rebound to chat:newline&lt;/p&gt;
+&lt;p&gt;• Fixed prompt suggestions being silently disabled when an output style was configured&lt;/p&gt;
+&lt;p&gt;• Fixed spinnerVerbs setting not being honored in turn-completion messages&lt;/p&gt;
+&lt;p&gt;• Fixed AskUserQuestion popup hiding the last line of preceding chat content&lt;/p&gt;
+&lt;p&gt;• Fixed Web Search status showing "Did 0 searches" when searches returned errors&lt;/p&gt;
+&lt;p&gt;• Fixed multi-line statusline output dropping or corrupting rows when any line exceeds terminal width&lt;/p&gt;
+&lt;p&gt;• Fixed light-ansi theme using invisible white for diff context lines on light backgrounds — now uses black&lt;/p&gt;
+&lt;p&gt;• Fixed error overlay dumping minified bundle source that hid the original error message&lt;/p&gt;
+&lt;p&gt;• Fixed pressing Enter after typing a feedback survey rating digit submitting it as a chat message instead of the rating&lt;/p&gt;
+&lt;p&gt;• Fixed pressing x on a selected subagent in the agent panel typing into the prompt instead of stopping the agent&lt;/p&gt;
+&lt;p&gt;• Fixed session title being derived from plugin monitor notifications before the user's first prompt&lt;/p&gt;
+&lt;p&gt;• Fixed "Allowed by PermissionRequest hook" repeating once per tool call under a collapsed read/search group&lt;/p&gt;
+&lt;p&gt;• Fixed /tui silently dropping running background shells and subagents — now refuses and asks to wait for them to finish&lt;/p&gt;
+&lt;p&gt;• Fixed welcome banner showing "API Usage Billing" on Bedrock, Vertex, Foundry, and other third-party providers — now shows the provider name&lt;/p&gt;
+&lt;p&gt;• Fixed /mcp server list not keeping the focused server visible in short terminals in fullscreen mode&lt;/p&gt;
+&lt;p&gt;• Fixed redaction in /feedback bundles producing invalid JSON for quoted values like session IDs&lt;/p&gt;
+&lt;p&gt;• Fixed desktop and third-party provider sessions incorrectly inheriting apiKeyHelper/ANTHROPIC_AUTH_TOKEN from host managed-settings&lt;/p&gt;
+&lt;p&gt;• Fixed early analytics events being silently dropped when fired before logger initialization&lt;/p&gt;
+&lt;p&gt;• Fixed claude plugin install failing for plugins whose marketplace ref no longer exists upstream when a sha is also pinned&lt;/p&gt;
+&lt;p&gt;• Fixed plugin details pane showing 0 MCP servers for plugins that declare them via .mcp.json&lt;/p&gt;
+&lt;p&gt;• Fixed plugin MCP servers with unset config variables showing a generic connection failure instead of a "config issue" message with a fix-it hint; malformed .mcp.json entries no longer drop other MCP servers&lt;/p&gt;
+&lt;p&gt;• Fixed MCP server configs using POSIX shell parameter expansions (e.g. ${var%pattern}) being incorrectly flagged as missing environment variables&lt;/p&gt;
+&lt;p&gt;• Fixed MCP HTTP/SSE servers returning 403 on connect showing as "failed" instead of "needs auth"&lt;/p&gt;
+&lt;p&gt;• Fixed remote MCP servers disconnecting unnecessarily when the optional server-events stream failed to reconnect — tool calls continue over POST&lt;/p&gt;
+&lt;p&gt;• Fixed Remote Control MCP connectors all failing with 401 when the worker session token rotated mid-session&lt;/p&gt;
+&lt;p&gt;• Fixed Remote Control automatically re-enrolling a trusted device when the server rejects a stale token, instead of looping through /login&lt;/p&gt;
+&lt;p&gt;• Fixed a race where early OTel spans could be silently dropped in SDK/headless mode with beta tracing enabled&lt;/p&gt;
+&lt;p&gt;• Fixed custom voice:pushToTalk keybindings and "space": null unbinds being silently ignored&lt;/p&gt;
+&lt;p&gt;• Fixed Windows Alt+V image paste reporting "no image found" when the clipboard contains a screenshot&lt;/p&gt;
+&lt;p&gt;• Fixed SDK "Claude Code native binary not found" on Linux when both glibc and musl platform packages are installed&lt;/p&gt;
+&lt;p&gt;• Bedrock: awsCredentialExport now always runs when configured instead of being skipped when ambient AWS credentials resolve, fixing auth for cross-account access&lt;/p&gt;
+&lt;p&gt;• [VSCode] Fixed in-chat mic showing no feedback when the microphone produced only silence — now shows "No audio detected"&lt;/p&gt;
+&lt;p&gt;• [VSCode] Voice mode: the WSL error now suggests installing sox libsox-fmt-pulse for WSLg users&lt;/p&gt;
+&lt;p&gt;• claude agents: launching a session no longer fails when the pre-warmed background worker is unhealthy — now falls back to a fresh launch&lt;/p&gt;
+&lt;p&gt;• claude agents no longer shows empty placeholder sessions left over from backgrounding a fresh REPL, and shows onboarding text when entered via ← with no other agents&lt;/p&gt;
+&lt;p&gt;• Empty idle background sessions left over from ← are now automatically retired by the daemon after 5 minutes&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.140</id>
+    <title>Claude Code v2.1.140</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.140"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Improved Agent tool subagent_type matching to accept case- and separator-insensitive values (e.g. "Code Reviewer" resolves to code-reviewer)&lt;/p&gt;
+&lt;p&gt;• Updated agent color palette&lt;/p&gt;
+&lt;p&gt;• Fixed /goal silently hanging when disableAllHooks or allowManagedHooksOnly is set — now shows a clear message instead of an indicator that never resolves&lt;/p&gt;
+&lt;p&gt;• Fixed a regression in settings hot-reload where symlinked settings files caused misattributed change events and spurious ConfigChange hooks&lt;/p&gt;
+&lt;p&gt;• Fixed claude --bg failing with "connection dropped mid-request" when the background service was about to idle-exit&lt;/p&gt;
+&lt;p&gt;• Fixed background service startup failing on machines with enterprise endpoint security by allowing more time&lt;/p&gt;
+&lt;p&gt;• Fixed remote managed settings not retrying on 401 — now retries once with a force-refreshed token&lt;/p&gt;
+&lt;p&gt;• Fixed managed extraKnownMarketplaces auto-update policy not being persisted to known_marketplaces.json&lt;/p&gt;
+&lt;p&gt;• Fixed /loop scheduling redundant wakeups to poll for background tasks that already notify on completion&lt;/p&gt;
+&lt;p&gt;• Fixed a recurring event-loop stall on Windows when a missing executable (e.g. gh) triggered synchronous where.exe re-spawns on every check&lt;/p&gt;
+&lt;p&gt;• Fixed Read tool calls failing validation when offset is passed as a whitespace-padded or +-prefixed string&lt;/p&gt;
+&lt;p&gt;• Fixed native terminal cursor not staying at the input caret when the terminal loses focus&lt;/p&gt;
+&lt;p&gt;• Plugins now warn when a default component folder (e.g. commands/) is silently ignored because plugin.json sets the matching key. Shown in /doctor, claude plugin list, and /plugin.&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.139</id>
+    <title>Claude Code v2.1.139</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.139"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added agent view (Research Preview): a single list of every Claude Code session — running, blocked on you, or done. Run claude agents to get started. See https://code.claude.com/docs/en/agent-view&lt;/p&gt;
+&lt;p&gt;• Added /goal command: set a completion condition and Claude keeps working across turns until it's met. Works in interactive, -p, and Remote Control. Shows live elapsed/turns/tokens as an overlay panel&lt;/p&gt;
+&lt;p&gt;• Added /scroll-speed command to tune mouse wheel scroll speed with a live preview&lt;/p&gt;
+&lt;p&gt;• Added claude plugin details &amp;lt;name&amp;gt; to show a plugin's component inventory and projected per-session token cost&lt;/p&gt;
+&lt;p&gt;• Added transcript view navigation: ? for keyboard shortcuts, {/} to jump between user prompts, v to toggle shortcut panel&lt;/p&gt;
+&lt;p&gt;• Added hook args: string[] field (exec form) that spawns the command directly without a shell, so path placeholders never need quoting&lt;/p&gt;
+&lt;p&gt;• Added hook continueOnBlock config option for PostToolUse — set to true to feed the hook's rejection reason back to Claude and continue the turn&lt;/p&gt;
+&lt;p&gt;• MCP stdio servers now receive CLAUDE_PROJECT_DIR in their environment, matching hooks. Plugin configs can reference ${CLAUDE_PROJECT_DIR} in commands&lt;/p&gt;
+&lt;p&gt;• Compaction prompt now asks the model to preserve sensitive user instructions&lt;/p&gt;
+&lt;p&gt;• /mcp Reconnect now picks up .mcp.json edits without a restart, and shows the HTTP status and URL when reconnecting fails&lt;/p&gt;
+&lt;p&gt;• /context all per-skill token estimates now account for the model's tokenizer and show rounded values&lt;/p&gt;
+&lt;p&gt;• claude plugin install &amp;lt;name&amp;gt;@&amp;lt;marketplace&amp;gt; now auto-refreshes the marketplace and retries before reporting a plugin as not found&lt;/p&gt;
+&lt;p&gt;• /plugin installed-plugin details now show hook event names and MCP server names cleanly&lt;/p&gt;
+&lt;p&gt;• /context now shows the providing plugin's name for plugin-sourced skills&lt;/p&gt;
+&lt;p&gt;• Remote MCP server reconnect retry on transient failures is now enabled for all users&lt;/p&gt;
+&lt;p&gt;• API requests from subagents now carry x-claude-code-agent-id / x-claude-code-parent-agent-id headers, and claude_code.llm_request OTEL spans include agent_id / parent_agent_id attributes&lt;/p&gt;
+&lt;p&gt;• Remote Control, /schedule, claude.ai MCP connectors, and notification preferences are now disabled when ANTHROPIC_API_KEY / apiKeyHelper / ANTHROPIC_AUTH_TOKEN is set, even if a Claude.ai login also exists. Unset the API key to use these features&lt;/p&gt;
+&lt;p&gt;• Fixed a deadlock where expired credentials and the forceRemoteSettingsRefresh policy setting blocked claude auth login/logout/status with no way to recover&lt;/p&gt;
+&lt;p&gt;• Fixed autoAllowBashIfSandboxed not auto-approving commands with shell expansions like $VAR and $(cmd)&lt;/p&gt;
+&lt;p&gt;• Fixed a bug where a hook writing to the terminal could corrupt an on-screen interactive prompt; hooks now run without terminal access&lt;/p&gt;
+&lt;p&gt;• Fixed unbounded memory growth when an HTTP/SSE MCP server streams non-protocol data — response bodies now capped at 16 MB per SSE frame&lt;/p&gt;
+&lt;p&gt;• Fixed Skill(name *) permission rules — the wildcard form now works as a prefix match, matching Bash(ls *) behavior&lt;/p&gt;
+&lt;p&gt;• Fixed settings hot-reload not detecting edits to symlinked ~/.claude/settings.json&lt;/p&gt;
+&lt;p&gt;• Fixed plugin details failing to load when the marketplace key differs from the manifest name&lt;/p&gt;
+&lt;p&gt;• Fixed /model picker "Default" row not reflecting ANTHROPIC_DEFAULT_OPUS_MODEL/ANTHROPIC_DEFAULT_SONNET_MODEL overrides&lt;/p&gt;
+&lt;p&gt;• Fixed spurious "stream idle timeout" 5 minutes after a response completed, caused by the watchdog timer not being cleared on stream cancellation&lt;/p&gt;
+&lt;p&gt;• Fixed silent exit 1 when 10+ MCP servers are configured and the cache directory is unwritable — the error message now includes the underlying cause&lt;/p&gt;
+&lt;p&gt;• Fixed a typing cursor blinking on tab names, list pointers, and select rows in dialogs&lt;/p&gt;
+&lt;p&gt;• Fixed transcript view letter shortcuts not working after mouse click&lt;/p&gt;
+&lt;p&gt;• Fixed Bash-mode up-arrow history repeating the first entry and clobbering the in-progress draft&lt;/p&gt;
+&lt;p&gt;• Fixed pasting or dropping multiple images only inserting the last one&lt;/p&gt;
+&lt;p&gt;• Fixed hyperlinks using unreadable dark navy on dark themes — they now adapt to the active theme&lt;/p&gt;
+&lt;p&gt;• Fixed model picker showing a redundant "Current model" row for third-party users whose model is set to the opus alias&lt;/p&gt;
+&lt;p&gt;• Fixed legacy Opus picker entry on PAYG 3P providers resolving to the same model as the default entry&lt;/p&gt;
+&lt;p&gt;• Fixed mouse wheel scrolling speed in Cursor and VS Code 1.92–1.104; the trackpad now scrolls at a steady rate and the mouse wheel keeps ~3 lines per notch&lt;/p&gt;
+&lt;p&gt;• Fixed scroll behavior in Windows Terminal and VS Code when attached to background sessions&lt;/p&gt;
+&lt;p&gt;• Fixed MCP resources from disconnected servers lingering in @server: autocomplete&lt;/p&gt;
+&lt;p&gt;• Fixed two-file diff snippets over-reporting the number of truncated lines by one&lt;/p&gt;
+&lt;p&gt;• Fixed Grep results not relativizing Windows drive-letter paths and count mode reporting wrong totals for single-file paths&lt;/p&gt;
+&lt;p&gt;• Fixed border-embedded text overflowing on CJK/emoji due to visual cell width miscalculation&lt;/p&gt;
+&lt;p&gt;• Fixed fuzzy-match highlighting splitting emoji and astral-plane characters mid-pair&lt;/p&gt;
+&lt;p&gt;• Fixed skill argument names containing regex metacharacters breaking argument substitution&lt;/p&gt;
+&lt;p&gt;• Fixed ProgressBar rendering a full block for an almost-full fractional cell&lt;/p&gt;
+&lt;p&gt;• Fixed task polling and fs.watch being resurrected when the last subscriber leaves while a fetch is in flight&lt;/p&gt;
+&lt;p&gt;• Fixed plugin dependency resolution leaving a stale count when the manifest name differs from the source identifier&lt;/p&gt;
+&lt;p&gt;• Fixed Insights Time-of-Day chart skewing when a session has an unparseable timestamp&lt;/p&gt;
+&lt;p&gt;• Fixed keybindings using only the cmd/super/win modifier being flagged as unparseable&lt;/p&gt;
+&lt;p&gt;• Fixed claude_code.active_time.total OpenTelemetry metric not being emitted in --print mode&lt;/p&gt;
+&lt;p&gt;• Fixed claude plugin update not preserving cross-plugin symlinks inside a marketplace&lt;/p&gt;
+&lt;p&gt;• [VSCode] Press Cmd/Ctrl+Shift+T to reopen the most recently closed session tab, configurable via claudeCode.enableReopenClosedSessionShortcut&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.138</id>
+    <title>Claude Code v2.1.138</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.138"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Internal fixes&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.137</id>
+    <title>Claude Code v2.1.137</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.137"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• [VSCode] Fixed extension failing to activate on Windows&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.136</id>
+    <title>Claude Code v2.1.136</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.136"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL to re-enable the session quality survey for enterprises capturing responses through OpenTelemetry&lt;/p&gt;
+&lt;p&gt;• Added settings.autoMode.hard_deny for auto mode classifier rules that block unconditionally regardless of user intent or allow exceptions&lt;/p&gt;
+&lt;p&gt;• Fixed MCP servers configured in .mcp.json, plugins, and claude.ai connectors silently disappearing after /clear in the VS Code extension, JetBrains plugin, and Agent SDK&lt;/p&gt;
+&lt;p&gt;• Fixed a rare login loop where a concurrent credential write could overwrite a freshly-rotated OAuth token and force re-login&lt;/p&gt;
+&lt;p&gt;• Fixed MCP OAuth refresh tokens being lost when multiple servers refresh concurrently — users with several remote MCP servers should no longer need daily re-authentication&lt;/p&gt;
+&lt;p&gt;• Fixed an API error (400) when extended thinking emitted a redacted thinking block after a tool call&lt;/p&gt;
+&lt;p&gt;• Fixed --resume / --continue not finding sessions when the project path contains underscores&lt;/p&gt;
+&lt;p&gt;• Fixed plan mode not blocking file writes when a matching Edit(...) allow rule exists&lt;/p&gt;
+&lt;p&gt;• WSL2: image paste from Windows clipboard now works via a PowerShell fallback when xclip/wl-paste cannot read image data&lt;/p&gt;
+&lt;p&gt;• Fixed plugin Stop/UserPromptSubmit hooks failing when cache cleanup deletes a version still in use by a running session&lt;/p&gt;
+&lt;p&gt;• Improved visual consistency across slash command dialogs: standardized footer hints, dialog spacing, and arrow-key styling, and the dialog frame now appears immediately during loading instead of popping in after&lt;/p&gt;
+&lt;p&gt;• Fixed colors appearing at wrong positions in bash command output and markdown code blocks&lt;/p&gt;
+&lt;p&gt;• Fixed ReasonML diffs rendering corrupted "undefined" text artifacts at word-diff boundaries&lt;/p&gt;
+&lt;p&gt;• Fixed worktree exit dialog warning about uncommitted files in the wrong directory after worktree removal&lt;/p&gt;
+&lt;p&gt;• Fixed @ file picker not matching files created mid-session in small non-git directories&lt;/p&gt;
+&lt;p&gt;• Fixed @-mention file picker not finding files in directories with more than 100 entries&lt;/p&gt;
+&lt;p&gt;• Fixed failed tool calls not being click-to-expand in fullscreen mode when their output was truncated&lt;/p&gt;
+&lt;p&gt;• Fixed Backspace and Ctrl+Backspace getting swapped after using Ctrl+G to open an external editor on terminals with persistent extended-key modes&lt;/p&gt;
+&lt;p&gt;• Fixed /usage weekly reset showing time of day instead of the calendar date&lt;/p&gt;
+&lt;p&gt;• Fixed welcome banner ellipsis causing column overflow on CJK terminals&lt;/p&gt;
+&lt;p&gt;• Fixed /insights crash when session history contains tool calls with malformed input fields&lt;/p&gt;
+&lt;p&gt;• Fixed a renderer crash when a tool's collapsibility classification changes mid-session&lt;/p&gt;
+&lt;p&gt;• Fixed a skills entry in plugin.json hiding the plugin's default skills/ directory, and listing a file path now shows an error instead of failing silently&lt;/p&gt;
+&lt;p&gt;• Fixed IDE shell-integration lock files not respecting CLAUDE_CONFIG_DIR&lt;/p&gt;
+&lt;p&gt;• Fixed trailing whitespace in copied terminal output during streaming&lt;/p&gt;
+&lt;p&gt;• Fixed plugin uninstall and enable/disable not matching slugs case-insensitively&lt;/p&gt;
+&lt;p&gt;• Fixed tool error truncation marker showing a negative count for surrogate-pair strings&lt;/p&gt;
+&lt;p&gt;• Fixed env vars from CLAUDE_ENV_FILE SessionStart hooks going stale after /resume or /clear&lt;/p&gt;
+&lt;p&gt;• Fixed /branch saving a multi-line session title when given a pasted multi-line name&lt;/p&gt;
+&lt;p&gt;• Fixed a stray leading space on the second line of wrapped text at the column boundary&lt;/p&gt;
+&lt;p&gt;• Fixed Esc not dismissing dialogs in /install-github-app, /desktop, /resume, and /web-setup&lt;/p&gt;
+&lt;p&gt;• Fixed /doctor MCP schema errors not naming the missing field or showing the source file path&lt;/p&gt;
+&lt;p&gt;• Fixed Bash permission prompts showing an internal parser diagnostic instead of a user-readable explanation&lt;/p&gt;
+&lt;p&gt;• Fixed plugin slash commands with spaces (e.g. /myplugin review) not resolving to their namespaced form&lt;/p&gt;
+&lt;p&gt;• Fixed AskUserQuestion discarding multi-select answers when supplied as an array&lt;/p&gt;
+&lt;p&gt;• Fixed /clear &amp;lt;name&amp;gt; not labeling the cleared session for /resume&lt;/p&gt;
+&lt;p&gt;• Fixed CronList output missing qualifiers and the scheduled prompt&lt;/p&gt;
+&lt;p&gt;• Fixed "Jump to bottom" overlay leaving color artifacts on CJK characters in fullscreen mode&lt;/p&gt;
+&lt;p&gt;• Fixed wide markdown tables leaving a stale bordered render in terminal scrollback while streaming&lt;/p&gt;
+&lt;p&gt;• Fixed pasted text being silently dropped when a long prompt with a pasted-text placeholder was auto-truncated&lt;/p&gt;
+&lt;p&gt;• Fixed /release-notes getting stuck on an old version after a failed changelog refresh&lt;/p&gt;
+&lt;p&gt;• Fixed /mcp server list not scrolling when there are more servers than fit in the terminal&lt;/p&gt;
+&lt;p&gt;• Fixed mid-input slash command autocomplete not working after an initial slash command&lt;/p&gt;
+&lt;p&gt;• Fixed scrolling to bottom re-engaging auto-follow with autoScrollEnabled: false&lt;/p&gt;
+&lt;p&gt;• Fixed prompt suggestions being auto-submitted by Enter on an empty input instead of requiring Tab or arrow to accept&lt;/p&gt;
+&lt;p&gt;• Fixed keyboard shortcut hints not reflecting rebound keys from keybindings.json&lt;/p&gt;
+&lt;p&gt;• Fixed /settings language change being reverted on Escape after confirming&lt;/p&gt;
+&lt;p&gt;• Fixed /terminal-setup only appearing in autocomplete on exact name match instead of partial prefixes&lt;/p&gt;
+&lt;p&gt;• Fixed "Chat about this" on an AskUserQuestion dialog erasing the question text&lt;/p&gt;
+&lt;p&gt;• Fixed MCP tool results being invisible when the server returns content blocks&lt;/p&gt;
+&lt;p&gt;• Improved error message when --worktree collides with an existing or stale worktree&lt;/p&gt;
+&lt;p&gt;• Changed plugin marketplace removal key to d (matching delete elsewhere) instead of r which collided with retry&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.133</id>
+    <title>Claude Code v2.1.133</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.133"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added worktree.baseRef setting (fresh | head) to choose whether --worktree, EnterWorktree, and agent-isolation worktrees branch from origin/&amp;lt;default&amp;gt; or local HEAD. Note: the default fresh changes EnterWorktree's base back to origin/&amp;lt;default&amp;gt; (it has been local HEAD since 2.1.128) — set worktree.baseRef: "head" to keep unpushed commits in new worktrees&lt;/p&gt;
+&lt;p&gt;• Added sandbox.bwrapPath and sandbox.socatPath managed settings (Linux/WSL) to specify custom bubblewrap and socat binary locations&lt;/p&gt;
+&lt;p&gt;• Added parentSettingsBehavior admin-tier key ('first-wins' | 'merge') to let admins opt SDK managedSettings (parent tier) into the policy merge&lt;/p&gt;
+&lt;p&gt;• Hooks now receive the active effort level via the effort.level JSON input field and the $CLAUDE_EFFORT environment variable, and Bash tool commands can read $CLAUDE_EFFORT&lt;/p&gt;
+&lt;p&gt;• Improved focus mode behavior&lt;/p&gt;
+&lt;p&gt;• Improved memory usage by releasing warm-spare background workers under memory pressure&lt;/p&gt;
+&lt;p&gt;• Fixed parallel sessions all dead-ending at 401 after a refresh-token race wiped shared credentials&lt;/p&gt;
+&lt;p&gt;• Fixed Edit/Write allow rules scoped to a drive root (C:\) or POSIX / matching incorrectly and always prompting&lt;/p&gt;
+&lt;p&gt;• Fixed an unhandled rejection (ECOMPROMISED) when a history or session-log file lock is compromised by clock skew or slow disk&lt;/p&gt;
+&lt;p&gt;• Fixed pressing Esc during conversation compaction showing a spurious "Error compacting conversation" notification&lt;/p&gt;
+&lt;p&gt;• Fixed HTTP(S)_PROXY / NO_PROXY / mTLS not being respected for the full MCP OAuth flow including discovery, dynamic client registration, token exchange, and token refresh&lt;/p&gt;
+&lt;p&gt;• Fixed Read/Write/Edit being denied on mapped network drives passed via --add-dir / SDK additionalDirectories&lt;/p&gt;
+&lt;p&gt;• Fixed Remote Control stop/interrupt from claude.ai not fully canceling the CLI session the same way local Esc does, causing queued messages to never advance after interrupting a stuck tool or prompt&lt;/p&gt;
+&lt;p&gt;• Fixed /effort in one session unexpectedly changing the effort level of other concurrent sessions, and a related issue where an IDE effort change could be silently dropped&lt;/p&gt;
+&lt;p&gt;• Fixed subagents not discovering project, user, or plugin skills via the Skill tool&lt;/p&gt;
+&lt;p&gt;• claude --help now lists --remote-control alongside --remote-control-session-name-prefix&lt;/p&gt;
+&lt;p&gt;• [VSCode] Fixed claudeCode.claudeProcessWrapper failing with "Unsupported platform" when the extension build doesn't bundle a Claude binary&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.132</id>
+    <title>Claude Code v2.1.132</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.132"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added CLAUDE_CODE_SESSION_ID environment variable to the Bash tool subprocess environment, matching the session_id passed to hooks&lt;/p&gt;
+&lt;p&gt;• Added CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1 env var to opt out of the fullscreen alternate-screen renderer and keep the conversation in the terminal's native scrollback&lt;/p&gt;
+&lt;p&gt;• Added a "Pasting…" footer hint while a Ctrl+V image paste is being read from the clipboard&lt;/p&gt;
+&lt;p&gt;• Fixed external SIGINT (e.g. IDE stop button, kill -INT) not running graceful shutdown — terminal modes are now restored and the --resume hint is printed instead of an abrupt exit&lt;/p&gt;
+&lt;p&gt;• Fixed an uncaught exception when the terminal is closed or SSH disconnects mid-session under the native build&lt;/p&gt;
+&lt;p&gt;• Fixed --resume failing with no low surrogate in string when a tool error truncation split an emoji; pre-corrupted sessions are sanitized on load&lt;/p&gt;
+&lt;p&gt;• Fixed --permission-mode flag being ignored when resuming a plan-mode session with -p --continue/--resume, and plan mode not being re-applied after ExitPlanMode within the same session&lt;/p&gt;
+&lt;p&gt;• Fixed fullscreen mode showing a blank screen after laptop sleep/wake or Ctrl+Z/fg until the next keystroke or stream output&lt;/p&gt;
+&lt;p&gt;• Fixed cursor landing mid-grapheme on Ctrl+E/A/K/U/arrow keys when an Indic conjunct or ZWJ emoji wraps across lines&lt;/p&gt;
+&lt;p&gt;• Fixed vim operators corrupting text containing decomposed (NFD) accented characters&lt;/p&gt;
+&lt;p&gt;• Fixed pasting text starting with / silently swallowing the input or triggering an unknown-command reply&lt;/p&gt;
+&lt;p&gt;• Fixed pasting dumping stray escape sequences into the prompt when focus events or mouse-tracking reports interleave with the bracketed paste&lt;/p&gt;
+&lt;p&gt;• Fixed mouse wheel scrolling being too fast in Cursor and VS Code 1.92–1.104 due to an upstream xterm.js bug&lt;/p&gt;
+&lt;p&gt;• Fixed scroll-wheel handling in JetBrains IDE 2025.2 terminals (spurious arrow keys, wrong-direction events, runaway acceleration)&lt;/p&gt;
+&lt;p&gt;• Fixed /usage Ctrl+S hanging when copying the stats screenshot to the clipboard on Linux/X11&lt;/p&gt;
+&lt;p&gt;• Fixed /terminal-setup showing a contradictory error in Windows Terminal — Shift+Enter is natively supported there&lt;/p&gt;
+&lt;p&gt;• Fixed /effort picker not reflecting the CLAUDE_CODE_EFFORT_LEVEL env var override&lt;/p&gt;
+&lt;p&gt;• Fixed /status showing the wrong default model for some users&lt;/p&gt;
+&lt;p&gt;• Fixed slash command autocomplete popup being capped at ~3–5 visible commands instead of scaling with terminal height&lt;/p&gt;
+&lt;p&gt;• Fixed statusline context_window token counts reflecting cumulative session totals instead of current context usage&lt;/p&gt;
+&lt;p&gt;• Fixed Alt+T (thinking toggle) not working on macOS terminals without "Option as Meta" enabled (iTerm2, Terminal.app defaults)&lt;/p&gt;
+&lt;p&gt;• Fixed dead keyboard input on Windows after re-opening a background session from claude agents&lt;/p&gt;
+&lt;p&gt;• Fixed unbounded memory growth (10GB+ RSS) when a stdio MCP server writes non-protocol data to stdout&lt;/p&gt;
+&lt;p&gt;• Fixed MCP servers that connect but fail tools/list silently showing 0 tools — they now retry once and show "connected · tools fetch failed" in /mcp&lt;/p&gt;
+&lt;p&gt;• Fixed unauthorized claude.ai MCP connectors showing as "failed" instead of "needs auth", and headless -p mode retrying non-transient 4xx connection failures&lt;/p&gt;
+&lt;p&gt;• Improved visual consistency in slash command dialogs and /login, /upgrade, /extra-usage dialog spacing&lt;/p&gt;
+&lt;p&gt;• Updated the /tui fullscreen startup banner to describe additional renderer benefits (lower memory usage, mouse support, auto-copy on select)&lt;/p&gt;
+&lt;p&gt;• Fixed Bedrock and Vertex 400 errors when ENABLE_PROMPT_CACHING_1H is set&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.131</id>
+    <title>Claude Code v2.1.131</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.131"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Fixed VS Code extension failing to activate on Windows due to a hardcoded build path in the bundled SDK (createRequire polyfill bug)&lt;/p&gt;
+&lt;p&gt;• Fixed Mantle endpoint authentication failing with missing x-api-key header&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.129</id>
+    <title>Claude Code v2.1.129</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.129"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added --plugin-url &amp;lt;url&amp;gt; flag to fetch a plugin .zip archive from a URL for the current session&lt;/p&gt;
+&lt;p&gt;• Added CLAUDE_CODE_FORCE_SYNC_OUTPUT=1 env var to force-enable synchronized output on terminals that auto-detection misses (e.g. Emacs eat)&lt;/p&gt;
+&lt;p&gt;• Added CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE: when set on Homebrew or WinGet installations, Claude Code runs the upgrade command in the background and prompts to restart&lt;/p&gt;
+&lt;p&gt;• Plugin manifests: themes and monitors should now be declared under "experimental": { ... }. Top-level declarations still work but claude plugin validate will warn&lt;/p&gt;
+&lt;p&gt;• Gateway /v1/models discovery for the /model picker is now opt-in via CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY=1 (was automatic in 2.1.126–2.1.128)&lt;/p&gt;
+&lt;p&gt;• Ctrl+R history picker now defaults to searching all prompts across all projects, matching pre-2.1.124 behavior. Press Ctrl+S to narrow to the current project or session&lt;/p&gt;
+&lt;p&gt;• Third-party deployments (Bedrock, Vertex, Foundry, or ANTHROPIC_BASE_URL gateway) no longer see spinner tips pointing at first-party Anthropic surfaces&lt;/p&gt;
+&lt;p&gt;• skillOverrides setting now works: off hides from model and /, user-invocable-only hides from model only, name-only collapses description&lt;/p&gt;
+&lt;p&gt;• The claude_code.pull_request.count OTel metric now counts PRs/MRs created via MCP tools, not just shell commands&lt;/p&gt;
+&lt;p&gt;• Policy refusal error messages now include the API Request ID for easier support debugging&lt;/p&gt;
+&lt;p&gt;• Fixed API errors with unrecognized 400 status codes showing raw JSON instead of the underlying error message&lt;/p&gt;
+&lt;p&gt;• Fixed /clear not resetting the terminal tab title after a conversation&lt;/p&gt;
+&lt;p&gt;• Fixed session title chip from /rename disappearing while a permission or other dialog is active&lt;/p&gt;
+&lt;p&gt;• Fixed agent panel below the prompt being hidden when subagents are running (regression in 2.1.122)&lt;/p&gt;
+&lt;p&gt;• Fixed external-editor handoff (Ctrl+G) blanking the conversation history above the prompt&lt;/p&gt;
+&lt;p&gt;• Fixed /context dumping its rendered ASCII visualization grid into the conversation, wasting ~1.6k tokens per call&lt;/p&gt;
+&lt;p&gt;• Fixed /agents Library list arrow-key navigation: the highlighted agent now stays visible when the list exceeds the viewport&lt;/p&gt;
+&lt;p&gt;• Fixed /branch success message not including the new branch's session id for /resume&lt;/p&gt;
+&lt;p&gt;• Fixed bold headers with keycap/ZWJ/skin-tone emoji losing trailing characters in fullscreen mode&lt;/p&gt;
+&lt;p&gt;• Fixed server-managed settings policy not applying for enterprise/team users whose stored OAuth credentials lacked the user:inference scope&lt;/p&gt;
+&lt;p&gt;• Fixed OAuth refresh race after wake-from-sleep that could log out all running sessions&lt;/p&gt;
+&lt;p&gt;• Fixed 1-hour prompt cache TTL being silently downgraded to 5 minutes&lt;/p&gt;
+&lt;p&gt;• Fixed cache-miss warning appearing spuriously after /clear or compaction when changing /effort or /model&lt;/p&gt;
+&lt;p&gt;• Fixed Bash(mkdir *), Bash(touch *) and similar allow rules not being honored for in-project paths&lt;/p&gt;
+&lt;p&gt;• Fixed deniedMcpServers patterns with a *:// scheme wildcard not matching mixed-case hostnames&lt;/p&gt;
+&lt;p&gt;• Fixed harmless WebSocket warning being logged as an error in --debug during voice mode&lt;/p&gt;
+&lt;p&gt;• [VSCode] Fixed /clear not clearing the conversation context and displayed transcript&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.128</id>
+    <title>Claude Code v2.1.128</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.128"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Bare /color (no args) now picks a random session color&lt;/p&gt;
+&lt;p&gt;• /mcp now shows the tool count for connected servers and flags servers that connected with 0 tools&lt;/p&gt;
+&lt;p&gt;• --plugin-dir now accepts .zip plugin archives in addition to directories&lt;/p&gt;
+&lt;p&gt;• --channels now works with console (API key) authentication — console orgs with managed settings must set channelsEnabled: true to enable&lt;/p&gt;
+&lt;p&gt;• Updated /model picker: collapsed duplicate Opus 4.7 entries, and current Opus now shows as "Opus" instead of "Opus 4.7"&lt;/p&gt;
+&lt;p&gt;• Subprocesses (Bash, hooks, MCP, LSP) no longer inherit OTEL_* environment variables, so OTEL-instrumented apps run via the Bash tool no longer pick up the CLI's own OTLP endpoint&lt;/p&gt;
+&lt;p&gt;• MCP: workspace is now a reserved server name — existing servers with that name will be skipped with a warning&lt;/p&gt;
+&lt;p&gt;• Reconnecting MCP servers no longer flood the conversation with full tool-name lists on every reconnect — re-announced tools are summarized by server prefix&lt;/p&gt;
+&lt;p&gt;• SDK hosts now receive a persistent localSettings suggestion for Bash permission prompts, so "Always allow" writes to .claude/settings.local.json&lt;/p&gt;
+&lt;p&gt;• EnterWorktree now creates the new branch from local HEAD as documented, instead of origin/&amp;lt;default-branch&amp;gt; — unpushed commits are no longer dropped&lt;/p&gt;
+&lt;p&gt;• Auto mode: when the classifier can't evaluate an action, the error now includes a hint (retry, /compact, or run with --debug)&lt;/p&gt;
+&lt;p&gt;• Fixed focus mode briefly dimming the previous response when submitting a new prompt&lt;/p&gt;
+&lt;p&gt;• Fixed stray "4;0;" desktop notification on every /exit in Kitty and other terminals that interpret OSC 9 as a notification&lt;/p&gt;
+&lt;p&gt;• Fixed Remote Control showing an empty "Opening your options…" message on rate limit instead of actionable upsell options&lt;/p&gt;
+&lt;p&gt;• Fixed drag-and-drop image upload hanging on "Pasting text…" when the image read fails&lt;/p&gt;
+&lt;p&gt;• Fixed crash loop when piping very large input (&amp;gt;10 MB) to claude -p via stdin&lt;/p&gt;
+&lt;p&gt;• Fixed long URLs not being individually clickable on every wrapped row in fullscreen mode&lt;/p&gt;
+&lt;p&gt;• Fixed /plugin Components panel showing "Marketplace 'inline' not found" for plugins loaded via --plugin-dir&lt;/p&gt;
+&lt;p&gt;• Fixed MCP tool results dropping images when the server returns both structured content and content blocks&lt;/p&gt;
+&lt;p&gt;• Fixed fenced code blocks inside list items carrying leading whitespace into the clipboard on copy-paste&lt;/p&gt;
+&lt;p&gt;• Fixed tab navigation in /config stranding focus — the tab header now stays focused so arrows and Esc keep working&lt;/p&gt;
+&lt;p&gt;• Fixed markdown link labels being lost on terminals without OSC 8 hyperlink support — links now render as label (url) instead of just the URL&lt;/p&gt;
+&lt;p&gt;• Fixed sessions on 1M-context models with a smaller autocompact window being falsely blocked with "Prompt is too long" before reaching the actual API limit&lt;/p&gt;
+&lt;p&gt;• Fixed parallel shell tool calls: a failing read-only command (grep, git diff, ls) no longer cancels sibling calls&lt;/p&gt;
+&lt;p&gt;• Fixed banner showing "with X effort" on models that don't support effort&lt;/p&gt;
+&lt;p&gt;• Fixed /fast on 3P providers fuzzy-matching to an unrelated skill instead of showing "not available"&lt;/p&gt;
+&lt;p&gt;• Fixed Bedrock default model resolving to global.* instead of the region-appropriate prefix&lt;/p&gt;
+&lt;p&gt;• Fixed vim mode: Space in NORMAL mode now moves the cursor right, matching standard vi/vim behavior&lt;/p&gt;
+&lt;p&gt;• Fixed terminal progress indicator (OSC 9;4) flickering off between tool calls — stays visible across the full turn&lt;/p&gt;
+&lt;p&gt;• Fixed /rename without args failing on resumed sessions whose last entry is a compact boundary&lt;/p&gt;
+&lt;p&gt;• Fixed stale "remote-control is active" status lines from prior sessions appearing after --resume/--continue&lt;/p&gt;
+&lt;p&gt;• Fixed stale installed_plugins.json entries pointing at deleted cache directories polluting PATH&lt;/p&gt;
+&lt;p&gt;• Fixed MCP stdio servers receiving corrupted arguments when CLAUDE_CODE_SHELL_PREFIX is set and an argument contains spaces or shell metacharacters&lt;/p&gt;
+&lt;p&gt;• Fixed sub-agent progress summaries missing the prompt cache (~3× cache_creation reduction)&lt;/p&gt;
+&lt;p&gt;• Fixed /plugin update never detecting new versions of npm-sourced plugins&lt;/p&gt;
+&lt;p&gt;• Fixed sub-agent summaries firing repeatedly while a sub-agent's transcript is static, capping worst-case token cost on idle sub-agents&lt;/p&gt;
+&lt;p&gt;• Headless --output-format stream-json: init.plugin_errors now includes --plugin-dir load failures in addition to dependency demotions&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.126</id>
+    <title>Claude Code v2.1.126</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.126"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• The /model picker now lists models from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway&lt;/p&gt;
+&lt;p&gt;• - Added claude project purge [path] to delete all Claude Code state for a project (transcripts, tasks, file history, config entry) — supports --dry-run, -y/--yes, -i/--interactive, and --all&lt;/p&gt;
+&lt;p&gt;• --dangerously-skip-permissions now bypasses prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)&lt;/p&gt;
+&lt;p&gt;• claude auth login now accepts the OAuth code pasted into the terminal when the browser callback can't reach localhost (WSL2, SSH, containers)&lt;/p&gt;
+&lt;p&gt;• claude_code.skill_activated OpenTelemetry event now fires for user-typed slash commands and carries a new invocation_trigger attribute ("user-slash", "claude-proactive", or "nested-skill")&lt;/p&gt;
+&lt;p&gt;• Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running&lt;/p&gt;
+&lt;p&gt;• Host-managed deployments (CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST) no longer auto-disable analytics on Bedrock/Vertex/Foundry&lt;/p&gt;
+&lt;p&gt;• Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or .NET global tool is now detected&lt;/p&gt;
+&lt;p&gt;• Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash&lt;/p&gt;
+&lt;p&gt;• Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and "this is not malware" commentary on legacy models&lt;/p&gt;
+&lt;p&gt;• Security: Fixed allowManagedDomainsOnly / allowManagedReadPathsOnly being ignored when a higher-priority managed-settings source lacked a sandbox block&lt;/p&gt;
+&lt;p&gt;• Fixed pasting an image larger than 2000px breaking the session — images are now downscaled on paste, and oversized images in history are automatically removed and the request retried&lt;/p&gt;
+&lt;p&gt;• Fixed showing the login screen for "OAuth not allowed for organization" errors — now shows guidance to contact your admin&lt;/p&gt;
+&lt;p&gt;• Fixed OAuth login failing with timeout on slow or proxied connections, in IPv6-only devcontainers, and when the browser callback can't reach localhost&lt;/p&gt;
+&lt;p&gt;• Fixed a rare race where a concurrent credential write could clear a valid OAuth refresh token&lt;/p&gt;
+&lt;p&gt;• Fixed API retry countdown sticking at "0s" instead of counting down between attempts&lt;/p&gt;
+&lt;p&gt;• Fixed "Stream idle timeout" error after waking Mac from sleep mid-request&lt;/p&gt;
+&lt;p&gt;• Fixed background and remote sessions falsely aborting with "Stream idle timeout" during long model thinking pauses&lt;/p&gt;
+&lt;p&gt;• Fixed a hang where the assistant could finish thinking but show no output after a run of empty turns&lt;/p&gt;
+&lt;p&gt;• Fixed overly fast trackpad scrolling in Cursor and VS Code 1.92–1.104 integrated terminals&lt;/p&gt;
+&lt;p&gt;• Fixed claude.ai MCP connectors being suppressed by manual servers stuck in needs-auth state&lt;/p&gt;
+&lt;p&gt;• Fixed Japanese/Korean/Chinese text rendering as garbled characters on Windows in no-flicker mode&lt;/p&gt;
+&lt;p&gt;• Fixed Ctrl+L clearing the prompt input — it now only forces a screen redraw, matching readline behavior&lt;/p&gt;
+&lt;p&gt;• Fixed deferred tools (WebSearch, WebFetch, etc.) not being available to skills with context: fork and other subagents on their first turn&lt;/p&gt;
+&lt;p&gt;• Fixed plan-mode tools being unavailable in interactive sessions launched with --channels&lt;/p&gt;
+&lt;p&gt;• Fixed /plugin Uninstall reporting "Enabled" instead of "Uninstalled"&lt;/p&gt;
+&lt;p&gt;• Bounded total size of file-modified reminders when a linter touches many files at once&lt;/p&gt;
+&lt;p&gt;• Fixed /remote-control retries appearing stuck on "connecting…" — each retry now shows its result&lt;/p&gt;
+&lt;p&gt;• Fixed Remote Control failure notification not showing the error reason for initial connection failures&lt;/p&gt;
+&lt;p&gt;• Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes &amp;gt;22KB selections not reaching the clipboard&lt;/p&gt;
+&lt;p&gt;• PowerShell tool: bare -- (e.g. git diff -- file) is no longer mis-flagged as the --% stop-parsing token&lt;/p&gt;
+&lt;p&gt;• Fixed Agent SDK hang when the model emits a malformed tool name in a parallel tool call batch&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.123</id>
+    <title>Claude Code v2.1.123</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.123"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Fixed OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.122</id>
+    <title>Claude Code v2.1.122</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.122"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added ANTHROPIC_BEDROCK_SERVICE_TIER environment variable to select a Bedrock service tier (default, flex, or priority), sent as the X-Amzn-Bedrock-Service-Tier header&lt;/p&gt;
+&lt;p&gt;• Pasting a PR URL into the /resume search box now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, and Bitbucket)&lt;/p&gt;
+&lt;p&gt;• /mcp now shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate&lt;/p&gt;
+&lt;p&gt;• Clarified the /mcp message shown when an MCP server is still unauthorized after the browser sign-in flow&lt;/p&gt;
+&lt;p&gt;• OpenTelemetry: numeric attributes on api_request/api_error log events are now emitted as numbers, not strings&lt;/p&gt;
+&lt;p&gt;• OpenTelemetry: added claude_code.at_mention log event for @-mention resolution&lt;/p&gt;
+&lt;p&gt;• Fixed /branch producing forks that fail with "tool_use ids were found without tool_result blocks" when the source session contained entries from rewound timelines&lt;/p&gt;
+&lt;p&gt;• Fixed /model not showing the Effort option for Bedrock application inference profile ARNs, and those ARNs not receiving output_config.effort&lt;/p&gt;
+&lt;p&gt;• Fixed Vertex AI / Bedrock returning invalid_request_error: output_config: Extra inputs are not permitted on session-title generation and other structured-output queries&lt;/p&gt;
+&lt;p&gt;• Fixed Vertex AI count_tokens endpoint returning 400 errors for users behind proxy gateways&lt;/p&gt;
+&lt;p&gt;• Fixed spinnerTipsOverride.excludeDefault not suppressing the time-based spinner tips&lt;/p&gt;
+&lt;p&gt;• Fixed ToolSearch missing MCP tools that connected after session start in nonblocking mode&lt;/p&gt;
+&lt;p&gt;• Fixed !exit / !quit in bash mode terminating the CLI instead of running as a shell command&lt;/p&gt;
+&lt;p&gt;• Fixed images sent to newer models being resized to 2576px per side instead of the correct 2000px maximum&lt;/p&gt;
+&lt;p&gt;• Fixed remote control session idle status redrawing twice per second, which could flood tmux -CC control pipes and pause the terminal&lt;/p&gt;
+&lt;p&gt;• Fixed assistant messages appearing blank in some sessions due to a stale view preference&lt;/p&gt;
+&lt;p&gt;• Fixed a malformed hooks entry in settings.json no longer invalidating the entire file&lt;/p&gt;
+&lt;p&gt;• Voice mode: keybindings bound to Caps Lock now show an error since terminals don't deliver Caps Lock as a key event&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.121</id>
+    <title>Claude Code v2.1.121</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.121"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Added alwaysLoad option to MCP server config — when true, all tools from that server skip tool-search deferral and are always available&lt;/p&gt;
+&lt;p&gt;• Added claude plugin prune to remove orphaned auto-installed plugin dependencies; plugin uninstall --prune cascades&lt;/p&gt;
+&lt;p&gt;• Added a type-to-filter search box to /skills so you can find a skill in long lists without scrolling&lt;/p&gt;
+&lt;p&gt;• PostToolUse hooks can now replace tool output for all tools via hookSpecificOutput.updatedToolOutput (previously MCP-only)&lt;/p&gt;
+&lt;p&gt;• Fullscreen mode: typing into the prompt no longer jumps scroll back to the bottom after you've scrolled up to read earlier output&lt;/p&gt;
+&lt;p&gt;• Dialogs that overflow the terminal are now scrollable with arrow keys, PgUp/PgDn, home/end, and mouse wheel in both fullscreen and non-fullscreen modes&lt;/p&gt;
+&lt;p&gt;• Clicking any line of a long URL that wraps across rows in fullscreen mode now opens the full URL&lt;/p&gt;
+&lt;p&gt;• SDK and claude -p: CLAUDE_CODE_FORK_SUBAGENT=1 now works in non-interactive sessions&lt;/p&gt;
+&lt;p&gt;• --dangerously-skip-permissions no longer prompts for writes to .claude/skills/, .claude/agents/, and .claude/commands/&lt;/p&gt;
+&lt;p&gt;• /terminal-setup now enables iTerm2's "Applications in terminal may access clipboard" setting so /copy works, including from tmux&lt;/p&gt;
+&lt;p&gt;• MCP servers that hit a transient error during startup now auto-retry up to 3 times instead of staying disconnected&lt;/p&gt;
+&lt;p&gt;• The terminal tab session title is now generated in your configured language setting&lt;/p&gt;
+&lt;p&gt;• Claude.ai connectors with the same upstream URL are now deduplicated instead of appearing as duplicates&lt;/p&gt;
+&lt;p&gt;• Vertex AI: support X.509 certificate-based Workload Identity Federation (mTLS ADC)&lt;/p&gt;
+&lt;p&gt;• Faster startup after upgrading: removed the Recent Activity panel from the release-notes splash&lt;/p&gt;
+&lt;p&gt;• LSP diagnostic summaries now expand on click/ctrl+o and show the expand hint&lt;/p&gt;
+&lt;p&gt;• SDK: mcp_authenticate now supports redirectUri for custom scheme completion and claude.ai connectors&lt;/p&gt;
+&lt;p&gt;• OpenTelemetry: added stop_reason, gen_ai.response.finish_reasons, and user_system_prompt (gated behind OTEL_LOG_USER_PROMPTS) to LLM request spans&lt;/p&gt;
+&lt;p&gt;• [VSCode] Voice dictation now respects the accessibility.voice.speechLanguage setting when no Claude Code language is configured&lt;/p&gt;
+&lt;p&gt;• [VSCode] /context now opens a native token usage dialog&lt;/p&gt;
+&lt;p&gt;• Fixed unbounded memory growth (multi-GB RSS) when processing many images in a session&lt;/p&gt;
+&lt;p&gt;• Fixed /usage leaking up to ~2GB of memory on machines with large transcript histories&lt;/p&gt;
+&lt;p&gt;• Fixed memory leak when long-running tools fail to emit a clear progress event&lt;/p&gt;
+&lt;p&gt;• Fixed Bash tool becoming permanently unusable when the directory Claude was started in is deleted or moved mid-session&lt;/p&gt;
+&lt;p&gt;• Fixed --resume crashing on startup in external builds&lt;/p&gt;
+&lt;p&gt;• Fixed --resume failing on large sessions when a transcript line was corrupted by an unclean shutdown — the corrupt line is now skipped&lt;/p&gt;
+&lt;p&gt;• Fixed thinking.type.enabled is not supported error when using Bedrock application inference profile ARNs&lt;/p&gt;
+&lt;p&gt;• Fixed Microsoft 365 MCP OAuth failing with duplicate or unsupported prompt parameter&lt;/p&gt;
+&lt;p&gt;• Fixed scrollback duplication when pressing Ctrl+L or triggering a redraw in non-fullscreen mode on tmux, GNOME Terminal, Windows Terminal, and Konsole&lt;/p&gt;
+&lt;p&gt;• Fixed claude.ai MCP connectors silently disappearing when the connector-list fetch hits a transient auth error at startup&lt;/p&gt;
+&lt;p&gt;• Fixed "Always allow" rules for built-in tools in remote sessions not surviving worker restarts&lt;/p&gt;
+&lt;p&gt;• Fixed NO_PROXY not being respected for all HTTP clients when set via managed-settings.json under the native build&lt;/p&gt;
+&lt;p&gt;• Fixed managed settings approval prompt exiting the session even when accepted — now applies settings and continues&lt;/p&gt;
+&lt;p&gt;• Fixed /usage returning "rate limited" after a stale OAuth token — now refreshes automatically&lt;/p&gt;
+&lt;p&gt;• Fixed invalid legacy enum values in settings.json invalidating the entire settings file&lt;/p&gt;
+&lt;p&gt;• Fixed /usage dialog content being clipped when no-flicker mode is off&lt;/p&gt;
+&lt;p&gt;• Fixed /focus showing "Unknown command" when the fullscreen renderer is off — now explains how to enable it&lt;/p&gt;
+&lt;p&gt;• Fixed embedded grep/find/rg shell wrappers failing when the running binary is deleted mid-session — now falls back to installed tools&lt;/p&gt;
+&lt;p&gt;• Reduced peak file descriptor usage during find in the Bash tool on large directory trees&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.120</id>
+    <title>Claude Code v2.1.120</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.120"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• Windows: Git for Windows (Git Bash) is no longer required — when absent, Claude Code uses PowerShell as the shell tool&lt;/p&gt;
+&lt;p&gt;• Added claude ultrareview [target] subcommand to run /ultrareview non-interactively from CI or scripts — prints findings to stdout (--json for raw output) and exits 0 on completion or 1 on failure&lt;/p&gt;
+&lt;p&gt;• Skills can now reference the current effort level with ${CLAUDE_EFFORT} in their content&lt;/p&gt;
+&lt;p&gt;• Set AI_AGENT environment variable for subprocesses so gh can attribute traffic to Claude Code&lt;/p&gt;
+&lt;p&gt;• Spinner tips that recommend installing the desktop app or creating skills/agents are now hidden when you already have them&lt;/p&gt;
+&lt;p&gt;• Show a "use PgUp/PgDn to scroll" hint when the terminal sends arrow keys instead of scroll events&lt;/p&gt;
+&lt;p&gt;• Faster session start when you have many claude.ai connectors configured but not authorized&lt;/p&gt;
+&lt;p&gt;• The auto mode denial message now links to the configuration docs&lt;/p&gt;
+&lt;p&gt;• claude plugin validate now accepts $schema, version, and description at the top level of marketplace.json and $schema in plugin.json&lt;/p&gt;
+&lt;p&gt;• Auto-compact in auto mode now displays auto (lowercase, no token count) instead of a misleading token value&lt;/p&gt;
+&lt;p&gt;• Fixed pressing Esc during a stdio MCP tool call closing the entire server connection (regression in 2.1.105)&lt;/p&gt;
+&lt;p&gt;• Fixed /rewind and other interactive overlays not responding to keyboard input after launching with claude --resume&lt;/p&gt;
+&lt;p&gt;• Fixed terminal scrollback duplication in non-fullscreen mode (resize, dialog dismiss, long sessions)&lt;/p&gt;
+&lt;p&gt;• Fixed DISABLE_TELEMETRY / CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC not suppressing usage metrics telemetry for API and enterprise users&lt;/p&gt;
+&lt;p&gt;• Fixed false-positive "Dangerous rm operation" permission prompts in auto mode for multi-line bash commands containing both a pipe and a redirect&lt;/p&gt;
+&lt;p&gt;• Fixed long selection menus clipping below the terminal in fullscreen mode — the focused option now stays on screen as you scroll&lt;/p&gt;
+&lt;p&gt;• Fixed Write tool output collapsing instead of expanding when clicking "+N lines" in fullscreen&lt;/p&gt;
+&lt;p&gt;• Fixed slash command picker jumping while typing, and improved highlight to only match contiguous substrings in blue&lt;/p&gt;
+&lt;p&gt;• Fixed /plugin marketplace failing to load when one entry uses an unrecognized source format — that entry is shown but installing it prompts you to update&lt;/p&gt;
+&lt;p&gt;• [VSCode] /usage now opens the native Account &amp;amp; Usage dialog instead of returning plain-text session cost&lt;/p&gt;
+&lt;p&gt;• [VSCode] Voice dictation now respects the language setting in ~/.claude/settings.json&lt;/p&gt;
+&lt;p&gt;• Fixed find in the Bash tool exhausting open file descriptors on large directory trees, causing host-wide crashes (macOS/Linux native builds)&lt;/p&gt;</content>
+  </entry>
+  <entry>
+    <id>https://github.com/anthropics/claude-code/releases/tag/v2.1.119</id>
+    <title>Claude Code v2.1.119</title>
+    <link rel="alternate" type="text/html" href="https://github.com/anthropics/claude-code/releases/tag/v2.1.119"/>
+    <updated>2026-05-18T01:52:01Z</updated>
+    <content type="html">&lt;p&gt;• /config settings (theme, editor mode, verbose, etc.) now persist to ~/.claude/settings.json and participate in project/local/policy override precedence&lt;/p&gt;
+&lt;p&gt;• Added prUrlTemplate setting to point the footer PR badge at a custom code-review URL instead of github.com&lt;/p&gt;
+&lt;p&gt;• Added CLAUDE_CODE_HIDE_CWD environment variable to hide the working directory in the startup logo&lt;/p&gt;
+&lt;p&gt;• --from-pr now accepts GitLab merge-request, Bitbucket pull-request, and GitHub Enterprise PR URLs&lt;/p&gt;
+&lt;p&gt;• --print mode now honors the agent's tools: and disallowedTools: frontmatter, matching interactive-mode behavior&lt;/p&gt;
+&lt;p&gt;• --agent &amp;lt;name&amp;gt; now honors the agent definition's permissionMode for built-in agents&lt;/p&gt;
+&lt;p&gt;• PowerShell tool commands can now be auto-approved in permission mode, matching Bash behavior&lt;/p&gt;
+&lt;p&gt;• Hooks: PostToolUse and PostToolUseFailure hook inputs now include duration_ms (tool execution time, excluding permission prompts and PreToolUse hooks)&lt;/p&gt;
+&lt;p&gt;• Subagent and SDK MCP server reconfiguration now connects servers in parallel instead of serially&lt;/p&gt;
+&lt;p&gt;• Plugins pinned by another plugin's version constraint now auto-update to the highest satisfying git tag&lt;/p&gt;
+&lt;p&gt;• Vim mode: Esc in INSERT no longer pulls a queued message back into the input; press Esc again to interrupt&lt;/p&gt;
+&lt;p&gt;• Slash command suggestions now highlight the characters that matched your query&lt;/p&gt;
+&lt;p&gt;• Slash command picker now wraps long descriptions onto a second line instead of truncating&lt;/p&gt;
+&lt;p&gt;• owner/repo#N shorthand links in output now use your git remote's host instead of always pointing at github.com&lt;/p&gt;
+&lt;p&gt;• Security: blockedMarketplaces now correctly enforces hostPattern and pathPattern entries&lt;/p&gt;
+&lt;p&gt;• OpenTelemetry: tool_result and tool_decision events now include tool_use_id; tool_result also includes tool_input_size_bytes&lt;/p&gt;
+&lt;p&gt;• Status line: stdin JSON now includes effort.level and thinking.enabled&lt;/p&gt;
+&lt;p&gt;• Fixed pasting CRLF content (Windows clipboards, Xcode console) inserting an extra blank line between every line&lt;/p&gt;
+&lt;p&gt;• Fixed multi-line paste losing newlines in terminals using kitty keyboard protocol sequences inside bracketed paste&lt;/p&gt;
+&lt;p&gt;• Fixed Glob and Grep tools disappearing on native macOS/Linux builds when the Bash tool is denied via permissions&lt;/p&gt;
+&lt;p&gt;• Fixed scrolling up in fullscreen mode snapping back to the bottom every time a tool finishes&lt;/p&gt;
+&lt;p&gt;• Fixed MCP HTTP connections failing with "Invalid OAuth error response" when servers returned non-JSON bodies for OAuth discovery requests&lt;/p&gt;
+&lt;p&gt;• Fixed Rewind overlay showing "(no prompt)" for messages with image attachments&lt;/p&gt;
+&lt;p&gt;• Fixed auto mode overriding plan mode with conflicting "Execute immediately" instructions&lt;/p&gt;
+&lt;p&gt;• Fixed async PostToolUse hooks that emit no response payload writing empty entries to the session transcript&lt;/p&gt;
+&lt;p&gt;• Fixed spinner staying on when a subagent task notification is orphaned in the queue&lt;/p&gt;
+&lt;p&gt;• Tool search is now disabled by default on Vertex AI to avoid an unsupported beta header error (opt in with ENABLE_TOOL_SEARCH)&lt;/p&gt;
+&lt;p&gt;• Fixed @-file Tab completion replacing the entire prompt when used inside a slash command with an absolute path&lt;/p&gt;
+&lt;p&gt;• Fixed a stray p character appearing at the prompt on startup in macOS Terminal.app via Docker or SSH&lt;/p&gt;
+&lt;p&gt;• Fixed ${ENV_VAR} placeholders in headers for HTTP/SSE/WebSocket MCP servers not being substituted before requests&lt;/p&gt;
+&lt;p&gt;• Fixed MCP OAuth client secret stored via --client-secret not being sent during token exchange for servers requiring client_secret_post&lt;/p&gt;
+&lt;p&gt;• Fixed /skills Enter key closing the dialog instead of pre-filling /&amp;lt;skill-name&amp;gt; in the prompt&lt;/p&gt;
+&lt;p&gt;• Fixed /agents detail view mislabeling built-in tools unavailable to subagents as "Unrecognized"&lt;/p&gt;
+&lt;p&gt;• Fixed MCP servers from plugins not spawning on Windows when the plugin cache was incomplete&lt;/p&gt;
+&lt;p&gt;• Fixed /export showing the current default model instead of the model the conversation actually used&lt;/p&gt;
+&lt;p&gt;• Fixed verbose output setting not persisting after restart&lt;/p&gt;
+&lt;p&gt;• Fixed /usage progress bars overlapping with their "Resets …" labels&lt;/p&gt;
+&lt;p&gt;• Fixed plugin MCP servers failing when ${user_config.*} references an optional field left blank&lt;/p&gt;
+&lt;p&gt;• Fixed list items containing a sentence-final number wrapping the number onto its own line&lt;/p&gt;
+&lt;p&gt;• Fixed /plan and /plan open not acting on the existing plan when entering plan mode&lt;/p&gt;
+&lt;p&gt;• Fixed skills invoked before auto-compaction being re-executed against the next user message&lt;/p&gt;
+&lt;p&gt;• Fixed /reload-plugins and /doctor reporting load errors for disabled plugins&lt;/p&gt;
+&lt;p&gt;• Fixed Agent tool with isolation: "worktree" reusing stale worktrees from prior sessions&lt;/p&gt;
+&lt;p&gt;• Fixed disabled MCP servers appearing as "failed" in /status&lt;/p&gt;
+&lt;p&gt;• Fixed TaskList returning tasks in arbitrary filesystem order instead of sorted by ID&lt;/p&gt;
+&lt;p&gt;• Fixed spurious "GitHub API rate limit exceeded" hints when gh output contained PR titles mentioning "rate limit"&lt;/p&gt;
+&lt;p&gt;• Fixed SDK/bridge read_file not correctly enforcing size cap on growing files&lt;/p&gt;
+&lt;p&gt;• Fixed PR not linked to session when working in a git worktree&lt;/p&gt;
+&lt;p&gt;• Fixed /doctor warning about MCP server entries overridden by a higher-precedence scope&lt;/p&gt;
+&lt;p&gt;• Windows: removed false-positive "Windows requires 'cmd /c' wrapper" MCP config warning&lt;/p&gt;
+&lt;p&gt;• [VSCode] Fixed voice dictation's first recording producing nothing on macOS while the microphone permission prompt is showing&lt;/p&gt;</content>
+  </entry>
+</feed>

plugins/code-review/commands/code-review.md

@@ -6,7 +6,7 @@ description: Code review a pull request
 Provide a code review for the given pull request.
 
 **Agent assumptions (applies to all agents and subagents):**
-- All tools are functional and will work without error. Do not test tools or make exploratory calls.
+- All tools are functional and will work without error. Do not test tools or make exploratory calls. Make sure this is clear to every subagent that is launched.
 - Only call a tool if it is required to complete the task. Every tool call should have a clear purpose.
 
 To do this, follow these steps precisely:
@@ -56,15 +56,23 @@ Note: Still review Claude generated PR's.
 
 6. Filter out any issues that were not validated in step 5. This step will give us our list of high signal issues for our review.
 
-7. If issues were found, skip to step 8 to post inline comments directly.
+7. Output a summary of the review findings to the terminal:
+   - If issues were found, list each issue with a brief description.
+   - If no issues were found, state: "No issues found. Checked for bugs and CLAUDE.md compliance."
 
-   If NO issues were found, post a summary comment using `gh pr comment` (if `--comment` argument is provided):
-   "No issues found. Checked for bugs and CLAUDE.md compliance."
+   If `--comment` argument was NOT provided, stop here. Do not post any GitHub comments.
 
-8. Post inline comments for each issue using `mcp__github_inline_comment__create_inline_comment`. For each comment:
+   If `--comment` argument IS provided and NO issues were found, post a summary comment using `gh pr comment` and stop.
+
+   If `--comment` argument IS provided and issues were found, continue to step 8.
+
+8. Create a list of all comments that you plan on leaving. This is only for you to make sure you are comfortable with the comments. Do not post this list anywhere.
+
+9. Post inline comments for each issue using `mcp__github_inline_comment__create_inline_comment` with `confirmed: true`. For each comment:
    - Provide a brief description of the issue
    - For small, self-contained fixes, include a committable suggestion block
    - For larger fixes (6+ lines, structural changes, or changes spanning multiple locations), describe the issue and suggested fix without a suggestion block
+   - Never post a committable suggestion UNLESS committing the suggestion fixes the issue entirely. If follow up steps are required, do not leave a committable suggestion.
 
    **IMPORTANT: Only post ONE comment per unique issue. Do not post duplicate comments.**
 
@@ -82,7 +90,7 @@ Notes:
 - Use gh CLI to interact with GitHub (e.g., fetch pull requests, create comments). Do not use web fetch.
 - Create a todo list before starting.
 - You must cite and link each issue in inline comments (e.g., if referring to a CLAUDE.md, include a link to it).
-- If no issues are found, post a comment with the following format:
+- If no issues are found and `--comment` argument is provided, post a comment with the following format:
 
 ---
 

scripts/comment-on-duplicates.sh

@@ -1,22 +1,28 @@
 #!/usr/bin/env bash
 #
 # Comments on a GitHub issue with a list of potential duplicates.
-# Usage: ./comment-on-duplicates.sh --base-issue 123 --potential-duplicates 456 789 101
+# Usage: ./comment-on-duplicates.sh --potential-duplicates 456 789 101
+#
+# The base issue number is read from the workflow event payload.
 #
 
 set -euo pipefail
 
 REPO="anthropics/claude-code"
-BASE_ISSUE=""
+
+# Read from event payload so the issue number is bound to the triggering event.
+# Falls back to workflow_dispatch inputs for manual runs.
+BASE_ISSUE=$(jq -r '.issue.number // .inputs.issue_number // empty' "${GITHUB_EVENT_PATH:?GITHUB_EVENT_PATH not set}")
+if ! [[ "$BASE_ISSUE" =~ ^[0-9]+$ ]]; then
+  echo "Error: no issue number in event payload" >&2
+  exit 1
+fi
+
 DUPLICATES=()
 
 # Parse arguments
 while [[ $# -gt 0 ]]; do
   case $1 in
-    --base-issue)
-      BASE_ISSUE="$2"
-      shift 2
-      ;;
     --potential-duplicates)
       shift
       while [[ $# -gt 0 && ! "$1" =~ ^-- ]]; do
@@ -25,23 +31,12 @@ while [[ $# -gt 0 ]]; do
       done
       ;;
     *)
-      echo "Unknown option: $1" >&2
+      echo "Error: unknown argument (only --potential-duplicates is accepted)" >&2
       exit 1
       ;;
   esac
 done
 
-# Validate base issue
-if [[ -z "$BASE_ISSUE" ]]; then
-  echo "Error: --base-issue is required" >&2
-  exit 1
-fi
-
-if ! [[ "$BASE_ISSUE" =~ ^[0-9]+$ ]]; then
-  echo "Error: --base-issue must be a number, got: $BASE_ISSUE" >&2
-  exit 1
-fi
-
 # Validate duplicates
 if [[ ${#DUPLICATES[@]} -eq 0 ]]; then
   echo "Error: --potential-duplicates requires at least one issue number" >&2

scripts/edit-issue-labels.sh

@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+#
+# Edits labels on a GitHub issue.
+# Usage: ./edit-issue-labels.sh --add-label bug --add-label needs-triage --remove-label untriaged
+#
+# The issue number is read from the workflow event payload.
+#
+
+set -euo pipefail
+
+# Read from event payload so the issue number is bound to the triggering event.
+# Falls back to workflow_dispatch inputs for manual runs.
+ISSUE=$(jq -r '.issue.number // .inputs.issue_number // empty' "${GITHUB_EVENT_PATH:?GITHUB_EVENT_PATH not set}")
+if ! [[ "$ISSUE" =~ ^[0-9]+$ ]]; then
+  echo "Error: no issue number in event payload" >&2
+  exit 1
+fi
+
+ADD_LABELS=()
+REMOVE_LABELS=()
+
+# Parse arguments
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --add-label)
+      ADD_LABELS+=("$2")
+      shift 2
+      ;;
+    --remove-label)
+      REMOVE_LABELS+=("$2")
+      shift 2
+      ;;
+    *)
+      echo "Error: unknown argument (only --add-label and --remove-label are accepted)" >&2
+      exit 1
+      ;;
+  esac
+done
+
+if [[ ${#ADD_LABELS[@]} -eq 0 && ${#REMOVE_LABELS[@]} -eq 0 ]]; then
+  exit 1
+fi
+
+# Fetch valid labels from the repo
+VALID_LABELS=$(gh label list --limit 500 --json name --jq '.[].name')
+
+# Filter to only labels that exist in the repo
+FILTERED_ADD=()
+for label in "${ADD_LABELS[@]}"; do
+  if echo "$VALID_LABELS" | grep -qxF "$label"; then
+    FILTERED_ADD+=("$label")
+  fi
+done
+
+FILTERED_REMOVE=()
+for label in "${REMOVE_LABELS[@]}"; do
+  if echo "$VALID_LABELS" | grep -qxF "$label"; then
+    FILTERED_REMOVE+=("$label")
+  fi
+done
+
+if [[ ${#FILTERED_ADD[@]} -eq 0 && ${#FILTERED_REMOVE[@]} -eq 0 ]]; then
+  exit 0
+fi
+
+# Build gh command arguments
+GH_ARGS=("issue" "edit" "$ISSUE")
+
+for label in "${FILTERED_ADD[@]}"; do
+  GH_ARGS+=("--add-label" "$label")
+done
+
+for label in "${FILTERED_REMOVE[@]}"; do
+  GH_ARGS+=("--remove-label" "$label")
+done
+
+gh "${GH_ARGS[@]}"
+
+if [[ ${#FILTERED_ADD[@]} -gt 0 ]]; then
+  echo "Added: ${FILTERED_ADD[*]}"
+fi
+if [[ ${#FILTERED_REMOVE[@]} -gt 0 ]]; then
+  echo "Removed: ${FILTERED_REMOVE[*]}"
+fi

scripts/gh.sh

@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Wrapper around gh CLI that only allows specific subcommands and flags.
+# All commands are scoped to the current repository via GH_REPO or GITHUB_REPOSITORY.
+#
+# Usage:
+#   ./scripts/gh.sh issue view 123
+#   ./scripts/gh.sh issue view 123 --comments
+#   ./scripts/gh.sh issue list --state open --limit 20
+#   ./scripts/gh.sh search issues "search query" --limit 10
+#   ./scripts/gh.sh label list --limit 100
+
+export GH_HOST=github.com
+
+REPO="${GH_REPO:-${GITHUB_REPOSITORY:-}}"
+if [[ -z "$REPO" || "$REPO" == */*/* || "$REPO" != */* ]]; then
+  echo "Error: GH_REPO or GITHUB_REPOSITORY must be set to owner/repo format (e.g., GITHUB_REPOSITORY=anthropics/claude-code)" >&2
+  exit 1
+fi
+export GH_REPO="$REPO"
+
+ALLOWED_FLAGS=(--comments --state --limit --label)
+FLAGS_WITH_VALUES=(--state --limit --label)
+
+SUB1="${1:-}"
+SUB2="${2:-}"
+CMD="$SUB1 $SUB2"
+case "$CMD" in
+  "issue view"|"issue list"|"search issues"|"label list")
+    ;;
+  *)
+    echo "Error: only 'issue view', 'issue list', 'search issues', 'label list' are allowed (e.g., ./scripts/gh.sh issue view 123)" >&2
+    exit 1
+    ;;
+esac
+
+shift 2
+
+# Separate flags from positional arguments
+POSITIONAL=()
+FLAGS=()
+skip_next=false
+for arg in "$@"; do
+  if [[ "$skip_next" == true ]]; then
+    FLAGS+=("$arg")
+    skip_next=false
+  elif [[ "$arg" == -* ]]; then
+    flag="${arg%%=*}"
+    matched=false
+    for allowed in "${ALLOWED_FLAGS[@]}"; do
+      if [[ "$flag" == "$allowed" ]]; then
+        matched=true
+        break
+      fi
+    done
+    if [[ "$matched" == false ]]; then
+      echo "Error: only --comments, --state, --limit, --label flags are allowed (e.g., ./scripts/gh.sh issue list --state open --limit 20)" >&2
+      exit 1
+    fi
+    FLAGS+=("$arg")
+    # If flag expects a value and isn't using = syntax, skip next arg
+    if [[ "$arg" != *=* ]]; then
+      for vflag in "${FLAGS_WITH_VALUES[@]}"; do
+        if [[ "$flag" == "$vflag" ]]; then
+          skip_next=true
+          break
+        fi
+      done
+    fi
+  else
+    POSITIONAL+=("$arg")
+  fi
+done
+
+if [[ "$CMD" == "search issues" ]]; then
+  QUERY="${POSITIONAL[0]:-}"
+  QUERY_LOWER=$(echo "$QUERY" | tr '[:upper:]' '[:lower:]')
+  if [[ "$QUERY_LOWER" == *"repo:"* || "$QUERY_LOWER" == *"org:"* || "$QUERY_LOWER" == *"user:"* ]]; then
+    echo "Error: search query must not contain repo:, org:, or user: qualifiers (e.g., ./scripts/gh.sh search issues \"bug report\" --limit 10)" >&2
+    exit 1
+  fi
+  gh "$SUB1" "$SUB2" "$QUERY" --repo "$REPO" "${FLAGS[@]}"
+elif [[ "$CMD" == "issue view" ]]; then
+  if [[ ${#POSITIONAL[@]} -ne 1 ]] || ! [[ "${POSITIONAL[0]}" =~ ^[0-9]+$ ]]; then
+    echo "Error: issue view requires exactly one numeric issue number (e.g., ./scripts/gh.sh issue view 123)" >&2
+    exit 1
+  fi
+  gh "$SUB1" "$SUB2" "${POSITIONAL[0]}" "${FLAGS[@]}"
+else
+  if [[ ${#POSITIONAL[@]} -ne 0 ]]; then
+    echo "Error: issue list and label list do not accept positional arguments (e.g., ./scripts/gh.sh issue list --state open, ./scripts/gh.sh label list --limit 100)" >&2
+    exit 1
+  fi
+  gh "$SUB1" "$SUB2" "${FLAGS[@]}"
+fi

scripts/issue-lifecycle.ts

@@ -0,0 +1,38 @@
+// Single source of truth for issue lifecycle labels, timeouts, and messages.
+
+export const lifecycle = [
+  {
+    label: "invalid",
+    days: 3,
+    reason: "this doesn't appear to be about Claude Code",
+    nudge: "This doesn't appear to be about [Claude Code](https://github.com/anthropics/claude-code). For general Anthropic support, visit [support.anthropic.com](https://support.anthropic.com).",
+  },
+  {
+    label: "needs-repro",
+    days: 7,
+    reason: "we still need reproduction steps to investigate",
+    nudge: "We weren't able to reproduce this. Could you provide steps to trigger the issue — what you ran, what happened, and what you expected?",
+  },
+  {
+    label: "needs-info",
+    days: 7,
+    reason: "we still need a bit more information to move forward",
+    nudge: "We need more information to continue investigating. Can you make sure to include your Claude Code version (`claude --version`), OS, and any error messages or logs?",
+  },
+  {
+    label: "stale",
+    days: 14,
+    reason: "inactive for too long",
+    nudge: "This issue has been automatically marked as stale due to inactivity.",
+  },
+  {
+    label: "autoclose",
+    days: 14,
+    reason: "inactive for too long",
+    nudge: "This issue has been marked for automatic closure.",
+  },
+] as const;
+
+export type LifecycleLabel = (typeof lifecycle)[number]["label"];
+
+export const STALE_UPVOTE_THRESHOLD = 10;

scripts/lifecycle-comment.ts

@@ -0,0 +1,53 @@
+#!/usr/bin/env bun
+
+// Posts a comment when a lifecycle label is applied to an issue,
+// giving the author a heads-up and a chance to respond before auto-close.
+
+import { lifecycle } from "./issue-lifecycle.ts";
+
+const DRY_RUN = process.argv.includes("--dry-run");
+const token = process.env.GITHUB_TOKEN;
+const repo = process.env.GITHUB_REPOSITORY; // owner/repo
+const label = process.env.LABEL;
+const issueNumber = process.env.ISSUE_NUMBER;
+
+if (!DRY_RUN && !token) throw new Error("GITHUB_TOKEN required");
+if (!repo) throw new Error("GITHUB_REPOSITORY required");
+if (!label) throw new Error("LABEL required");
+if (!issueNumber) throw new Error("ISSUE_NUMBER required");
+
+const entry = lifecycle.find((l) => l.label === label);
+if (!entry) {
+  console.log(`No lifecycle entry for label "${label}", skipping`);
+  process.exit(0);
+}
+
+const body = `${entry.nudge} This issue will be closed automatically if there's no activity within ${entry.days} days.`;
+
+// --
+
+if (DRY_RUN) {
+  console.log(`Would comment on #${issueNumber} for label "${label}":\n\n${body}`);
+  process.exit(0);
+}
+
+const response = await fetch(
+  `https://api.github.com/repos/${repo}/issues/${issueNumber}/comments`,
+  {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: "application/vnd.github.v3+json",
+      "Content-Type": "application/json",
+      "User-Agent": "lifecycle-comment",
+    },
+    body: JSON.stringify({ body }),
+  }
+);
+
+if (!response.ok) {
+  const text = await response.text();
+  throw new Error(`GitHub API ${response.status}: ${text}`);
+}
+
+console.log(`Commented on #${issueNumber} for label "${label}"`);

scripts/sweep.ts

@@ -0,0 +1,168 @@
+#!/usr/bin/env bun
+
+import { lifecycle, STALE_UPVOTE_THRESHOLD } from "./issue-lifecycle.ts";
+
+// --
+
+const NEW_ISSUE = "https://github.com/anthropics/claude-code/issues/new/choose";
+const DRY_RUN = process.argv.includes("--dry-run");
+
+const CLOSE_MESSAGE = (reason: string) =>
+  `Closing for now — ${reason}. Please [open a new issue](${NEW_ISSUE}) if this is still relevant.`;
+
+// --
+
+async function githubRequest<T>(
+  endpoint: string,
+  method = "GET",
+  body?: unknown
+): Promise<T> {
+  const token = process.env.GITHUB_TOKEN;
+  if (!token) throw new Error("GITHUB_TOKEN required");
+
+  const response = await fetch(`https://api.github.com${endpoint}`, {
+    method,
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: "application/vnd.github.v3+json",
+      "User-Agent": "sweep",
+      ...(body && { "Content-Type": "application/json" }),
+    },
+    ...(body && { body: JSON.stringify(body) }),
+  });
+
+  if (!response.ok) {
+    if (response.status === 404) return {} as T;
+    const text = await response.text();
+    throw new Error(`GitHub API ${response.status}: ${text}`);
+  }
+
+  return response.json();
+}
+
+// --
+
+async function markStale(owner: string, repo: string) {
+  const staleDays = lifecycle.find((l) => l.label === "stale")!.days;
+  const cutoff = new Date();
+  cutoff.setDate(cutoff.getDate() - staleDays);
+
+  let labeled = 0;
+
+  console.log(`\n=== marking stale (${staleDays}d inactive) ===`);
+
+  for (let page = 1; page <= 10; page++) {
+    const issues = await githubRequest<any[]>(
+      `/repos/${owner}/${repo}/issues?state=open&sort=updated&direction=asc&per_page=100&page=${page}`
+    );
+    if (issues.length === 0) break;
+
+    for (const issue of issues) {
+      if (issue.pull_request) continue;
+      if (issue.locked) continue;
+      if (issue.assignees?.length > 0) continue;
+
+      const updatedAt = new Date(issue.updated_at);
+      if (updatedAt > cutoff) return labeled;
+
+      const alreadyStale = issue.labels?.some(
+        (l: any) => l.name === "stale" || l.name === "autoclose"
+      );
+      if (alreadyStale) continue;
+
+      const thumbsUp = issue.reactions?.["+1"] ?? 0;
+      if (thumbsUp >= STALE_UPVOTE_THRESHOLD) continue;
+
+      const base = `/repos/${owner}/${repo}/issues/${issue.number}`;
+
+      if (DRY_RUN) {
+        const age = Math.floor((Date.now() - updatedAt.getTime()) / 86400000);
+        console.log(`#${issue.number}: would label stale (${age}d inactive) — ${issue.title}`);
+      } else {
+        await githubRequest(`${base}/labels`, "POST", { labels: ["stale"] });
+        console.log(`#${issue.number}: labeled stale — ${issue.title}`);
+      }
+      labeled++;
+    }
+  }
+
+  return labeled;
+}
+
+async function closeExpired(owner: string, repo: string) {
+  let closed = 0;
+
+  for (const { label, days, reason } of lifecycle) {
+    const cutoff = new Date();
+    cutoff.setDate(cutoff.getDate() - days);
+    console.log(`\n=== ${label} (${days}d timeout) ===`);
+
+    for (let page = 1; page <= 10; page++) {
+      const issues = await githubRequest<any[]>(
+        `/repos/${owner}/${repo}/issues?state=open&labels=${label}&sort=updated&direction=asc&per_page=100&page=${page}`
+      );
+      if (issues.length === 0) break;
+
+      for (const issue of issues) {
+        if (issue.pull_request) continue;
+        if (issue.locked) continue;
+
+        const thumbsUp = issue.reactions?.["+1"] ?? 0;
+        if (thumbsUp >= STALE_UPVOTE_THRESHOLD) continue;
+
+        const base = `/repos/${owner}/${repo}/issues/${issue.number}`;
+
+        const events = await githubRequest<any[]>(`${base}/events?per_page=100`);
+
+        const labeledAt = events
+          .filter((e) => e.event === "labeled" && e.label?.name === label)
+          .map((e) => new Date(e.created_at))
+          .pop();
+
+        if (!labeledAt || labeledAt > cutoff) continue;
+
+        // Skip if a non-bot user commented after the label was applied.
+        // The triage workflow should remove lifecycle labels on human
+        // activity, but check here too as a safety net.
+        const comments = await githubRequest<any[]>(
+          `${base}/comments?since=${labeledAt.toISOString()}&per_page=100`
+        );
+        const hasHumanComment = comments.some(
+          (c) => c.user && c.user.type !== "Bot"
+        );
+        if (hasHumanComment) {
+          console.log(
+            `#${issue.number}: skipping (human activity after ${label} label)`
+          );
+          continue;
+        }
+
+        if (DRY_RUN) {
+          const age = Math.floor((Date.now() - labeledAt.getTime()) / 86400000);
+          console.log(`#${issue.number}: would close (${label}, ${age}d old) — ${issue.title}`);
+        } else {
+          await githubRequest(`${base}/comments`, "POST", { body: CLOSE_MESSAGE(reason) });
+          await githubRequest(base, "PATCH", { state: "closed", state_reason: "not_planned" });
+          console.log(`#${issue.number}: closed (${label})`);
+        }
+        closed++;
+      }
+    }
+  }
+
+  return closed;
+}
+
+// --
+
+const owner = process.env.GITHUB_REPOSITORY_OWNER;
+const repo = process.env.GITHUB_REPOSITORY_NAME;
+if (!owner || !repo)
+  throw new Error("GITHUB_REPOSITORY_OWNER and GITHUB_REPOSITORY_NAME required");
+
+if (DRY_RUN) console.log("DRY RUN — no changes will be made\n");
+
+const labeled = await markStale(owner, repo);
+const closed = await closeExpired(owner, repo);
+
+console.log(`\nDone: ${labeled} ${DRY_RUN ? "would be labeled" : "labeled"} stale, ${closed} ${DRY_RUN ? "would be closed" : "closed"}`);