Vendor changelog tracker. Hourly polling across Anthropic, Cloudflare, Vercel, and Supabase. Classified into capability adds, breaking changes, deprecations, pricing changes, and security fixes.
Fixed a PowerShell permission bypass where built-in cd functions changed the working directory undetected, allowing reads outside the workspace. Also fixed sandbox write allowlist in git worktrees covering the entire main repo root instead of only the shared .git directory.
/usage now shows a per-category breakdown of what drives limits usage (skills, subagents, plugins, per-MCP-server cost). Enterprise admins can also use the new allowAllClaudeAiMcps managed setting to load claude.ai cloud MCP connectors.
Fixes a PowerShell built-in `cd` permission bypass that allowed working-directory changes outside the workspace to go undetected, and corrects a sandbox write allowlist bug in git worktrees that covered the entire main repo root instead of only the shared `.git` directory.
Adds per-category usage breakdown in /usage, keyboard-scrollable /diff view, GFM task list checkbox rendering, and the new `allowAllClaudeAiMcps` enterprise managed setting for cloud MCP connectors.
Fixes a regression introduced in 2.1.147 where the Bash tool returned exit code 127 on every command for some users. This restores correct Bash tool behavior that was broken in the previous release.
Pinned background sessions (Ctrl+T in claude agents) now stay alive when idle, are restarted in place to apply Claude Code updates, and are shed under memory pressure only after non-pinned sessions.
The /simplify command has been removed and replaced by /code-review with different behavior; the old cleanup-and-fix behavior no longer exists. Users relying on /simplify must migrate to /code-review.
/simplify has been renamed to /code-review and now reports correctness bugs at a chosen effort level; pass --comment to post findings as inline GitHub PR comments. The old cleanup-and-fix behavior has been removed.
The `/simplify` command has been renamed to `/code-review` and its cleanup-and-fix behavior has been removed; it now reports correctness bugs at a chosen effort level. Users relying on the old `/simplify` behavior must update their workflows.
The new `vercel flags split` CLI command allows teams to configure weighted traffic splits for feature flags, directing a percentage of traffic to specific variants. It can be run interactively or via flags for environment, bucketing attribute, and variant weights.
Fixed forceLoginOrgUUID and forceLoginMethod managed settings not being enforced against third-party-provider and API-key sessions. This closes a bypass where enterprise login restrictions could be circumvented.
The /simplify command has been renamed to /code-review, now reporting correctness bugs at a configurable effort level and supporting --comment to post inline GitHub PR review comments. The old cleanup-and-fix behavior has been removed.
Pinned background sessions via Ctrl+T in claude agents now stay alive when idle, are restarted in place during updates, and are only shed under memory pressure after non-pinned sessions. This improves reliability of long-running background agent workflows.
Alibaba's Qwen 3.7 Max model is now accessible via Vercel AI Gateway, offering agentic coding, office workflow automation, and long-horizon autonomous execution capabilities. Use it by setting model to `alibaba/qwen-3.7-max` in the AI SDK.
The new `vercel alerts` CLI command lets you list and inspect anomaly alerts for a team or project, including AI investigation results via `--ai`, without leaving the terminal. Available on Observability Plus.
Fixed enterprise login restrictions (`forceLoginOrgUUID` and `forceLoginMethod` managed-settings) not being enforced against third-party-provider and API-key sessions, closing a potential authentication policy bypass.
Pinned background sessions now stay alive when idle and survive updates in place. The `/simplify` command has been renamed to `/code-review` with new correctness-bug reporting at configurable effort levels and optional inline GitHub PR comment posting.
Chat SDK now ships a built-in AI SDK toolset via the new `chat/ai` subpath, enabling a single `createChatTools(chat)` call to wire read/write actions into an agent with approval gates and role-based presets. Note that `toAiMessages` and its types have moved to `chat/ai`, with the old `chat` re-exports marked `@deprecated`.
A new WordPress plugin connects any WordPress site to Vercel AI Gateway, providing access to 40+ AI providers through a single API key via the WordPress 7.0 AI Client. Supports text, structured JSON, image generation, video, and automatic fallbacks.
xAI's Grok Build 0.1, a beta coding model designed for agentic coding tasks, is now available on Vercel AI Gateway. Use it by setting model to `xai/grok-build-0.1` in the AI SDK.
Chat SDK now ships a built-in AI SDK toolset via the `chat/ai` subpath, with `createChatTools()` wiring Chat SDK actions into agents. Write tools are approval-gated by default, and `toAiMessages` exports have moved to `chat/ai` with the old exports deprecated.
Chat SDK now exposes `message.subject` to read the parent issue or pull request when a bot is mentioned in Linear or GitHub comments. Platform adapters also expose their underlying SDKs directly; the previous `.client` getter is deprecated.
Chat SDK cards can now pause a Workflow run and resume it when a user clicks a button or submits a modal, using a new `callbackUrl` prop. This enables human-in-the-loop patterns directly within chat platforms.
Renamed 'extra usage' to 'usage credits' across CLI copy; /extra-usage is now /usage-credits (old name still works as an alias).
Added claude agents --json to list live Claude sessions as JSON, enabling scripting with tools like tmux-resurrect, status bars, and session pickers.
Fixed a permission-prompt bypass where bare variable assignments to non-allowlisted environment variables in Bash commands were auto-approved, potentially allowing unintended environment modifications.
Added /resume support for background sessions — sessions started via claude --bg or agent view now appear alongside interactive ones, marked with 'bg'. /model now changes the model for the current session only, with 'd' to set a default.
Fixes a permission-prompt bypass where bare variable assignments to non-allowlisted environment variables in Bash commands were being auto-approved without user confirmation.
Adds /resume support for background sessions started via `claude --bg` or agent view, and renames /extra-usage to /usage-credits (old name still works). Also fixes /model to change model for current session only, with `d` to set a default.
`/model` now changes the model for the current session only instead of persisting as the global default; users must press `d` in the model picker to set a persistent default for new sessions.
Adds `claude agents --json` for scripting live session lists, enriches OTEL spans with `agent_id`/`parent_agent_id`, and the /plugin Discover/Browse screens now show commands, agents, skills, hooks, and MCP/LSP servers before installation.
Added claude agents --json to list live Claude sessions as JSON, enabling integration with tools like tmux-resurrect, status bars, and session pickers. Improves scriptability of background session management.
Added /resume support for sessions started via claude --bg or agent view, which now appear alongside interactive sessions marked with 'bg'. Makes it easier to return to and manage background sessions.
The /model command now changes the model for the current session only; press 'd' in the model picker to set a default for new sessions. Previously /model changes could affect other concurrent sessions.
Renamed 'extra usage' to 'usage credits' across the CLI; the /extra-usage command is now /usage-credits. The old command name still works as an alias.
Fixed a permission-prompt bypass where bare variable assignments to non-allowlisted environment variables in Bash commands were auto-approved without a permission check. This prevents unintended environment variable changes from bypassing the permission system.
The Nuxt MCP Toolkit now supports MCP apps, allowing agent tools to return interactive HTML responses rendered inline by MCP clients like Claude and ChatGPT. Vue SFCs are bundled into self-contained HTML files at build time and served from the MCP endpoint.
Google's Gemini 3.5 Flash is now available on Vercel AI Gateway with improved coding proficiency, parallel agentic execution, and enhanced reasoning. Use it by setting model to `google/gemini-3.5-flash` in the AI SDK.
Vercel is offering a Flat Rate CDN option in Limited Beta for Pro teams, replacing usage-based CDN pricing (Edge Requests, Fast Data Transfer) with a fixed monthly fee to eliminate surprise bills from traffic spikes. Pro teams can join a waitlist for early access.
Added `claude agents --json` to list live Claude sessions as JSON for scripting use cases such as tmux-resurrect, status bars, and session pickers. Also added `agent_id` and `parent_agent_id` to OTEL spans for improved observability.
Fixed a permission-prompt bypass where bare variable assignments to non-allowlisted environment variables in Bash commands were auto-approved without presenting a permission prompt to the user.
Added `/resume` support for background sessions — sessions started via `claude --bg` or agent view now appear alongside interactive ones in the resume picker, marked with a `bg` indicator.
Monorepos can now opt in to a single consolidated commit status on GitHub pull requests instead of one status per project, simplifying branch protection configuration. Teams can manage which Vercel projects are required for merge from each project's settings.
Claude Managed Agents can now use Vercel Sandbox as their execution environment, running agent tool calls in isolated Firecracker microVMs with access to private APIs and internal services. Each session gets deny-by-default egress, credential brokering, and millisecond startup.
Monorepos can now opt in to a single consolidated commit status on pull requests instead of one per Vercel project, simplifying GitHub branch protection configuration for large monorepos.
Vercel now waives CDN Requests and Fast Data Transfer charges for any traffic denied, challenged, or rate-limited by the Web Application Firewall. This change applies automatically to all projects using Vercel Firewall with no configuration required.
PowerShell tool now passes -ExecutionPolicy Bypass by default, removing the need to configure execution policy separately. Opt out with CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1.
claude plugin disable now refuses when another enabled plugin depends on the target and provides a copy-pasteable disable-chain hint; claude plugin enable force-enables transitive dependencies.
Adds plugin dependency enforcement so disabling a plugin required by another is blocked with a hint, and introduces `worktree.bgIsolation: "none"` for repos where worktrees are impractical. PowerShell tool now passes `-ExecutionPolicy Bypass` by default.
The PowerShell tool is now enabled by default on Windows for Bedrock, Vertex, and Foundry users (opt out with CLAUDE_CODE_USE_POWERSHELL_TOOL=0). Brings feature parity with Anthropic API users on these platforms.
The PowerShell tool now passes -ExecutionPolicy Bypass by default, removing a common blocker for Windows users. Users can opt out with CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1.
Added enforcement of plugin dependencies: claude plugin disable now refuses when another enabled plugin depends on the target, and claude plugin enable force-enables transitive dependencies. Prevents broken plugin configurations.
Added plugin dependency enforcement: `claude plugin disable` now refuses when another enabled plugin depends on the target, and `claude plugin enable` force-enables transitive dependencies automatically.
Fixed MCP_TOOL_TIMEOUT not raising the per-request fetch timeout for remote HTTP and SSE MCP servers, which previously capped tool calls at 60 seconds regardless of configuration. Tool calls can now exceed 60 seconds when configured.
Adds `--add-dir`, `--settings`, `--mcp-config`, `--plugin-dir`, `--permission-mode`, `--model`, `--effort`, and `--dangerously-skip-permissions` flags to `claude agents` for configuring dispatched background sessions. Fast mode now defaults to Opus 4.7.
Fixes `MCP_TOOL_TIMEOUT` not raising the per-request fetch timeout for remote HTTP and SSE MCP servers, which previously capped tool calls at 60 seconds regardless of the configured value.
Fast mode now defaults to Opus 4.7 (previously Opus 4.6). Users can pin fast mode to Opus 4.6 by setting CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE=1.
Fixed MCP_TOOL_TIMEOUT not raising the per-request fetch timeout for remote HTTP and SSE MCP servers, which previously capped tool calls at 60 seconds regardless of configuration. Long-running MCP tool calls can now complete successfully.
Fast mode now uses Opus 4.7 by default (previously Opus 4.6). Users who need to pin to the previous model can set `CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE=1`.
Added ANTHROPIC_WORKSPACE_ID environment variable for workload identity federation, scoping the minted token to a specific workspace when a federation rule covers multiple workspaces. Improves security for enterprise CI/CD deployments.
Added terminalSequence field to hook JSON output, allowing hooks to emit desktop notifications, window titles, and bells without requiring a controlling terminal. Enables richer automation and notification workflows.
Added 'Summarize up to here' option in the Rewind menu, allowing users to compress earlier context while keeping recent turns intact for better context window management.
Added `ANTHROPIC_WORKSPACE_ID` environment variable for workload identity federation, scoping minted tokens to a specific workspace when a federation rule covers more than one workspace.
The Vercel Sandbox firewall now supports forwarding outbound sandbox traffic through a user-controlled proxy and using matchers to filter which requests are forwarded or have credentials brokered. Available in beta for Pro and Enterprise plans via the `@vercel/sandbox@beta` SDK.
Added `CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL` environment variable to re-enable the session quality survey for enterprises capturing responses through OpenTelemetry. Allows enterprises to collect user feedback alongside telemetry data.
Supabase is now an official ChatGPT app, allowing users to connect their Supabase projects to ChatGPT and manage database infrastructure through natural language. This enables AI-driven database management directly within the ChatGPT interface.
Vercel's Chat SDK now supports Facebook Messenger as a chat adapter, enabling agents that handle messages, reactions, multimedia downloads, postback buttons, and direct conversations with automatic display name resolution from user profiles.
Chat SDK now includes a web adapter for building browser-based chat UIs such as in-product assistants or support agents, with a preconfigured `@ai-sdk/react` `useChat` hook for live streaming replies to the browser.
Chat SDK now supports cross-platform conversation history via new `transcripts` and `identity` options, persisting user message history across all platform adapters. The `bot.transcripts` API exposes append, list, count, and delete methods backed by the existing state adapter.
Adds `settings.autoMode.hard_deny` for unconditional classifier block rules and `CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL` to re-enable session quality surveys for enterprises using OpenTelemetry. Also fixes numerous MCP OAuth token loss bugs, plan mode bypass issues, and rendering artifacts.
Fixed MCP OAuth refresh tokens being lost when multiple servers refresh concurrently, causing users with several remote MCP servers to need daily re-authentication. Also fixed a rare login loop where a concurrent credential write could overwrite a freshly-rotated OAuth token.
New `settings.autoMode.hard_deny` setting allows admins to configure auto mode classifier rules that block actions unconditionally, regardless of user intent or allow exceptions. Gives enterprises stricter policy enforcement over Claude Code actions.
Added `parentSettingsBehavior` admin-tier key (`'first-wins' | 'merge'`) allowing admins to opt SDK `managedSettings` (parent tier) into the policy merge. Provides finer-grained control over how managed settings interact with parent-tier policies.
Added `worktree.baseRef` setting (`fresh` | `head`) to control whether worktrees branch from `origin/<default>` or local `HEAD`. Note: the default `fresh` changes `EnterWorktree`'s base back to `origin/<default>`, reverting a regression from 2.1.128.
Hooks now receive the active effort level via `effort.level` JSON input field and `$CLAUDE_EFFORT` environment variable; Bash tool commands can also read `$CLAUDE_EFFORT`. Enables hooks and scripts to adapt behavior based on the current reasoning effort setting.
Adds `worktree.baseRef` setting (`fresh` | `head`) to control whether new worktrees branch from `origin/<default>` or local `HEAD`. Note: the default `fresh` changes `EnterWorktree` base back to `origin/<default>` — set `worktree.baseRef: "head"` to retain unpushed commits.
New `parentSettingsBehavior` admin-tier key (`'first-wins' | 'merge'`) allows admins to opt SDK `managedSettings` (parent tier) into the policy merge. Hooks now also receive the active effort level via `effort.level` JSON field and `$CLAUDE_EFFORT` environment variable.
Fixed a bug where parallel sessions all dead-ended at 401 after a refresh-token race wiped shared credentials. Also fixed `HTTP(S)_PROXY` / `NO_PROXY` / mTLS not being respected for the full MCP OAuth flow.
A coordinated security release for Next.js addressing 13 advisories covering DoS, middleware/proxy auth bypass, SSRF, cache poisoning, and XSS vulnerabilities. All affected users on Next.js 13.x–16.x should upgrade immediately to 15.5.18 or 16.2.6.
Adds `worktree.baseRef` setting to control whether new worktrees branch from `origin/<default>` or local HEAD, exposes active effort level to hooks via `effort.level` JSON and `$CLAUDE_EFFORT` env var, and adds `sandbox.bwrapPath`/`sandbox.socatPath` managed settings for custom binary locations. Also fixes multiple session management, proxy, and permission bugs.
Vercel Flags now supports JSON value types in addition to boolean, string, and number, allowing multiple related flags to be collapsed into a single feature flag. This simplifies A/B testing and configuration management for complex objects like AI model parameters.
Added `CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE` environment variable that, when set on Homebrew or WinGet installations, runs the upgrade command in the background and prompts to restart. Simplifies keeping Claude Code up to date.
Added `CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1` environment variable to opt out of the fullscreen alternate-screen renderer and keep conversation output in the terminal's native scrollback buffer.
Added `CLAUDE_CODE_SESSION_ID` environment variable to the Bash tool subprocess environment, matching the `session_id` passed to hooks. Allows Bash scripts to identify the current Claude Code session.
Added `--plugin-url <url>` flag to fetch a plugin `.zip` archive from a remote URL for the current session. Enables easier plugin distribution without requiring local file installation.
A new @supabase/server package provides stateless auth, RLS-scoped clients, and CORS handling on the server without boilerplate. This simplifies server-side Supabase integration for frameworks and backend services.
The server name `workspace` is now reserved for MCP; existing servers configured with that name will be skipped with a warning. Users with an MCP server named `workspace` must rename it to continue using it.
Adds `CLAUDE_CODE_SESSION_ID` environment variable to Bash tool subprocess environments, matching the `session_id` passed to hooks. Also adds `CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1` to opt out of the fullscreen renderer.
Adds `--plugin-url <url>` flag to fetch a plugin `.zip` from a URL for the current session, and `CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE` to enable background auto-upgrades via Homebrew or WinGet with a restart prompt. Gateway model discovery is now opt-in via env var.
Native integration resources can now be restricted to Production environments only, protecting credentials as sensitive environment variables and removing non-production access. This prevents secret values from being readable via the dashboard or CLI outside of production contexts.
Pro teams can now configure automatic or manual approval for Git committers to private repositories being added to their Vercel team. Auto Approval adds members immediately and counts toward team seat pricing, while Manual Approval blocks deployments until an owner approves.
Adds CLAUDE_CODE_SESSION_ID to Bash tool subprocess environment and CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN opt-out for the fullscreen renderer, plus numerous terminal and MCP bug fixes including unbounded memory growth from non-protocol MCP stdout data.
Pro teams can now configure automatic or manual approval for Git committers to private repositories being added to their Vercel team. Auto Approval immediately adds committers and counts them toward team seats, while Manual Approval blocks deployments until an owner approves.
New @supabase/server package provides stateless auth, RLS-scoped clients, and CORS handling on the server without boilerplate. Simplifies server-side Supabase integration for developers.
Native integration resources can now be restricted to Production-only access, which removes non-production connections and protects credentials as sensitive environment variables so secret values are no longer readable from the dashboard or CLI. This reduces the risk of credential exposure in development and preview environments.
Adds `--plugin-url` flag to fetch plugin archives from a URL, `CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE` for background upgrades on Homebrew/WinGet, and `CLAUDE_CODE_FORCE_SYNC_OUTPUT` for terminals that miss auto-detection. Also fixes OAuth refresh races, prompt cache TTL downgrades, and numerous UI/permission bugs.
Adds `--plugin-url` flag to fetch plugin archives from URLs, `CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE` for background upgrades on Homebrew/WinGet, and multiple bug fixes including OAuth refresh race conditions and prompt cache TTL downgrade.
Marketplace integration resources can now be restricted to Production-only access, protecting credentials as sensitive environment variables that are no longer readable from the dashboard or CLI. Non-production connections are removed or blocked, and reverting requires Owner permissions plus potential MFA re-authentication.
Native integration resources can now be restricted to Production-only access, removing non-production connections and protecting credentials as sensitive environment variables so secret values are no longer readable from the dashboard or CLI. This helps teams enforce least-privilege access for third-party integration credentials.
A new `vercel metrics` command allows querying Observability Plus metrics from the CLI for any team or project. Coding agents can also use this command to analyze performance, reliability, and security issues.
`--channels` now works with console (API key) authentication. Console orgs with managed settings must set `channelsEnabled: true` to enable this feature.
`workspace` is now a reserved MCP server name — existing servers with that name will be skipped with a warning. Users with an MCP server named `workspace` must rename it to avoid it being silently ignored.
`--channels` flag now works with console (API key) authentication; console orgs with managed settings must set `channelsEnabled: true` to enable. Also adds bare `/color` for random session color and shows tool counts in `/mcp`.
`workspace` is now a reserved MCP server name; existing servers configured with that name will be skipped with a warning. Users must rename any MCP server currently using `workspace` to avoid losing access to its tools.
MCP server named 'workspace' is now a reserved name; existing servers with that name will be skipped with a warning, requiring users to rename their servers to avoid silent loss of tools.
MCP servers named `workspace` are now skipped with a warning, as the name is reserved by Claude Code. Users with existing MCP server configs using this name must rename their servers to avoid them being silently ignored.
Adds ZIP plugin archive support via --plugin-dir, enables --channels with console/API key auth, introduces persistent localSettings for Bash permissions, and fixes numerous MCP, session, and rendering bugs. The `workspace` MCP server name is now reserved, which is a behavioral breaking change for any server named `workspace`.
Vercel open-sourced 'deepsec', a coding-agent-powered security harness that scans codebases for vulnerabilities using Claude and Codex. It supports optional fanout to Vercel Sandboxes for parallel execution at scale, with a plugin system for custom scanners.
Vercel open-sourced `deepsec`, an AI-powered security scanning tool that uses coding agents (Claude/Codex) to find vulnerabilities in large codebases. It supports local execution and optional fanout to Vercel Sandboxes for parallel scanning at scale.
Supabase Branching without Git integration is now the default for all projects, making it easier to create isolated database branches without requiring a Git workflow.
The `claude_code.skill_activated` OpenTelemetry event now fires for user-typed slash commands and carries a new `invocation_trigger` attribute (`"user-slash"`, `"claude-proactive"`, or `"nested-skill"`). Improves observability of skill usage patterns.
Added `claude project purge [path]` command to delete all Claude Code state for a project including transcripts, tasks, file history, and config entries. Supports `--dry-run`, `-y/--yes`, `-i/--interactive`, and `--all` flags.
The `/model` picker now lists models from a gateway's `/v1/models` endpoint when `ANTHROPIC_BASE_URL` points at an Anthropic-compatible gateway, enabling model selection for custom deployments.
`--dangerously-skip-permissions` now bypasses prompts for writes to `.claude/`, `.git/`, `.vscode/`, shell config files, and other previously-protected paths. Catastrophic removal commands still prompt as a safety net.
`claude auth login` now accepts the OAuth code pasted directly into the terminal when the browser callback can't reach localhost, fixing login in WSL2, SSH, and container environments.
Fixed `allowManagedDomainsOnly` / `allowManagedReadPathsOnly` being ignored when a higher-priority managed-settings source lacked a `sandbox` block. This could allow unintended domain or path access in enterprise deployments relying on these restrictions.
New `claude project purge [path]` command deletes all Claude Code state for a project including transcripts, tasks, file history, and config entries. Supports `--dry-run`, `-y/--yes`, `-i/--interactive`, and `--all` flags.
`claude auth login` now accepts the OAuth code pasted directly into the terminal when the browser callback can't reach localhost (e.g. WSL2, SSH, containers). Previously, users in these environments could not complete OAuth login.
The `claude_code.skill_activated` OpenTelemetry event now fires for user-typed slash commands and carries a new `invocation_trigger` attribute (`"user-slash"`, `"claude-proactive"`, or `"nested-skill"`). Enables better observability for skill usage patterns.
`--dangerously-skip-permissions` now bypasses prompts for writes to `.claude/`, `.git/`, `.vscode/`, shell config files, and other previously-protected paths. Only catastrophic removal commands still prompt as a safety net — users relying on previous behavior may see unexpected writes.
The `/model` picker now lists models from a gateway's `/v1/models` endpoint when `ANTHROPIC_BASE_URL` points at an Anthropic-compatible gateway. This allows enterprise users routing through custom gateways to see and select all available models.
Fixed `allowManagedDomainsOnly` and `allowManagedReadPathsOnly` being ignored when a higher-priority managed-settings source lacked a `sandbox` block, potentially allowing unintended domain or path access in sandboxed environments.
Fixed `allowManagedDomainsOnly` / `allowManagedReadPathsOnly` being ignored when a higher-priority managed-settings source lacked a `sandbox` block, allowing unintended access to domains and paths outside the managed policy.
Fixed a security bug where `allowManagedDomainsOnly` and `allowManagedReadPathsOnly` settings were ignored when a higher-priority managed-settings source lacked a `sandbox` block. This could allow unintended domain/path access in managed deployments.
Vercel Sandbox's firewall now supports outbound Postgres connections by detecting the protocol's TLS upgrade sequence before applying domain policies. This allows sandboxes to connect to hosted Postgres providers like Neon, Supabase, and AWS RDS without code or config changes.
Vercel Sandbox's firewall now supports outbound Postgres connections by detecting the protocol's TLS upgrade sequence before applying domain policy. This allows sandboxes to connect to hosted Postgres providers like Neon, Supabase, and AWS RDS without code or database config changes.
Vercel Sandbox's firewall now handles the Postgres TLS upgrade negotiation, allowing sandboxes to connect to hosted Postgres databases (Neon, Supabase, AWS RDS, etc.) with domain-based allow rules. No code or database configuration changes are required.
Fixed `allowManagedDomainsOnly` and `allowManagedReadPathsOnly` being silently ignored when a higher-priority managed-settings source lacked a `sandbox` block, potentially allowing unintended network or file access in managed deployments.
Adds `claude project purge` command, model picker integration with custom gateway `/v1/models`, OAuth paste-flow for WSL2/SSH/containers, and a security fix for `allowManagedDomainsOnly`/`allowManagedReadPathsOnly` being ignored when a higher-priority managed-settings source lacked a `sandbox` block.
Fixed `allowManagedDomainsOnly` and `allowManagedReadPathsOnly` being ignored when a higher-priority managed-settings source lacked a `sandbox` block, which could allow unintended domain or path access.
xAI's Grok 4.3 model with a 1M token context window is now available on Vercel AI Gateway, offering improvements in accuracy, tool calling, and instruction following. Users can access it via the AI SDK by setting model to `xai/grok-4.3`.
Grok 4.3 from xAI is now accessible via Vercel AI Gateway using the model identifier `xai/grok-4.3`. It features a 1M token context window, December 2025 knowledge cutoff, and improvements in accuracy, tool calling, and instruction following.
Vercel Sandbox now supports up to five custom tags per sandbox, enabling teams to organize, filter, and manage sandboxes at scale by environment, team, or customer. Useful for AI agent workflows, multi-tenant platforms, and cost attribution.
Developers can now sign up for or upgrade to the Vercel Pro plan directly from the Stripe CLI using shared payment tokens, enabling programmatic plan management without leaving the terminal. Supports both upgrade and downgrade flows.
Vercel Sandbox now supports up to five custom tags per sandbox, enabling teams to organize, filter, and manage sandboxes by environment, team, or customer. Useful for AI agents at scale, multi-tenant platforms, and cost attribution workflows.
Developers can now provision or upgrade to a Vercel Pro plan directly from the Stripe CLI using shared payment tokens, enabling end-to-end infrastructure setup and billing without switching dashboards.
Fixed OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set. This prevented users with that environment variable from authenticating successfully.
Git for Windows (Git Bash) is no longer required on Windows; Claude Code now uses PowerShell as the shell tool when Git Bash is absent. Also adds `claude ultrareview [target]` subcommand for non-interactive CI/script use.
Added `ANTHROPIC_BEDROCK_SERVICE_TIER` environment variable to select a Bedrock service tier (`default`, `flex`, or `priority`), forwarded as the `X-Amzn-Bedrock-Service-Tier` request header. Enables users to control throughput/priority on AWS Bedrock deployments.
Git for Windows (Git Bash) is no longer a prerequisite on Windows; Claude Code now falls back to PowerShell as the shell tool when Git Bash is absent. Also adds the `claude ultrareview` CI subcommand for non-interactive code review.
Added `alwaysLoad` option to MCP server config to bypass tool-search deferral, and `claude plugin prune` to remove orphaned auto-installed plugin dependencies. Also fixed multi-GB memory leaks on image-heavy sessions and large transcript histories.
Added `ANTHROPIC_BEDROCK_SERVICE_TIER` environment variable to select a Bedrock service tier (`default`, `flex`, or `priority`), sent as the `X-Amzn-Bedrock-Service-Tier` header, allowing users to control cost and performance trade-offs on AWS Bedrock.
Added `alwaysLoad` option to MCP server config so that all tools from that server skip tool-search deferral and are always available, giving users finer control over MCP tool availability.
Added `claude ultrareview [target]` subcommand to run `/ultrareview` non-interactively from CI or scripts, printing findings to stdout with optional `--json` output and exit codes, enabling automated code review workflows.
Claude Code on Windows no longer requires Git for Windows (Git Bash); when absent, PowerShell is used as the shell tool, lowering the barrier to entry for Windows users.
Adds ANTHROPIC_BEDROCK_SERVICE_TIER env var for selecting Bedrock service tiers (default/flex/priority), pasting PR URLs into /resume to find associated sessions, and OpenTelemetry improvements including numeric attributes and @-mention resolution events.
Vercel now supports running lint and typecheck natively on every deployment, in parallel with the build, for all teams. Failed checks can block production deployments and trigger Vercel Agent to suggest fixes on pull requests.
Git for Windows is no longer required on Windows — Claude Code falls back to PowerShell as the shell tool. Adds `claude ultrareview` subcommand for non-interactive CI code review with JSON output support.
Adds `alwaysLoad` option for MCP server configs to bypass tool-search deferral, allows PostToolUse hooks to replace tool output for all tools (not just MCP), and makes overflow dialogs scrollable. Also fixes multiple memory leaks and crash bugs.
Starting April 29th, Hobby plan deployment retention is capped at 30 days; deployments outside this window are automatically removed. The 10 most recent production deployments and aliased deployments remain exempt.
Starting April 29th, Hobby plan deployment retention is capped at 30 days; older deployments are automatically removed. The 10 most recent production deployments and aliased deployments are exempt, but this is a breaking behavior change for Hobby users relying on longer retention.
Starting April 29th, Hobby plan deployment retention is capped at 30 days; older deployments are automatically removed except for the 10 most recent production deployments and aliased deployments. Pro and Enterprise plans are unaffected.
Starting April 29th, Hobby plan deployments are automatically removed after 30 days, excluding the 10 most recent production deployments and aliased deployments. Pro and Enterprise plans are unaffected.
Starting April 29th, Hobby plan deployment retention is capped at 30 days; deployments outside this window are automatically removed. The 10 most recent production deployments and aliased deployments are still preserved, but this is a forced limit for Hobby users who previously could retain deployments longer.
Starting April 29th, Hobby plan projects will have a maximum 30-day deployment retention policy; deployments outside this window are automatically removed. The 10 most recent production deployments and aliased deployments are exempt, but this is a forced cap that overrides any previously longer retention settings.
The V8 JavaScript engine used in Cloudflare Workers was updated to version 14.8, bringing the latest language features and performance improvements.
GPT-5.5 and GPT-5.5 Pro are now accessible via Vercel AI Gateway, offering improved agentic coding, long-horizon workflows, and token efficiency over previous GPT generations. Users can access them via the AI SDK using model identifiers `openai/gpt-5.5` and `openai/gpt-5.5-pro`.
OpenAI's GPT-5.5 and GPT-5.5 Pro models are now available via Vercel AI Gateway, offering improved agentic coding, long-horizon workflows, and token efficiency over previous generations. Users can access them via the AI SDK using model IDs `openai/gpt-5.5` or `openai/gpt-5.5-pro`.
Fixed `blockedMarketplaces` not correctly enforcing `hostPattern` and `pathPattern` entries, which could allow access to marketplaces that should have been blocked by policy.
Fixed a security bug where `blockedMarketplaces` policy entries with `hostPattern` and `pathPattern` were not correctly enforced, potentially allowing access to marketplaces that should have been blocked in managed deployments.
Settings configured via `/config` (theme, editor mode, verbose, etc.) now persist to `~/.claude/settings.json` and respect project/local/policy override precedence. `--from-pr` now accepts GitLab merge-request, Bitbucket pull-request, and GitHub Enterprise PR URLs.
Fixed `blockedMarketplaces` not correctly enforcing `hostPattern` and `pathPattern` entries, which could allow plugin installations from policy-blocked marketplace sources in managed deployments.
Adds vim visual and visual-line mode with operators, custom named themes (editable JSON or plugin-shipped), hooks that can invoke MCP tools directly via `type: "mcp_tool"`, and a new `DISABLE_UPDATES` env var that blocks all update paths including manual `claude update`.
Hooks can now invoke MCP tools directly via `type: "mcp_tool"`, enabling richer automation and post-processing workflows that leverage the full MCP tool ecosystem.
Users can now create and switch between named custom themes from `/theme` or by editing JSON files in `~/.claude/themes/`; plugins can also ship themes via a `themes/` directory, enabling visual customization of the Claude Code UI.
Added `DISABLE_UPDATES` environment variable to completely block all update paths including manual `claude update`, which is stricter than `DISABLE_AUTOUPDATER` and useful for locked-down enterprise environments.
`/config` settings such as theme, editor mode, and verbose now persist to `~/.claude/settings.json` and participate in project/local/policy override precedence, enabling consistent configuration across sessions.
`--from-pr` now accepts GitLab merge-request, Bitbucket pull-request, and GitHub Enterprise PR URLs in addition to github.com, broadening multi-platform support.
Fixed `blockedMarketplaces` not correctly enforcing `hostPattern` and `pathPattern` entries, which could allow plugin installations from blocked marketplace sources in managed deployments.
Added vim visual mode (`v`) and visual-line mode (`V`) with selection, operators, and visual feedback to the Claude Code terminal editor, improving parity with full vim for users who rely on keyboard-driven editing.
New DISABLE_UPDATES environment variable completely blocks all update paths including manual claude update, stricter than the existing DISABLE_AUTOUPDATER option for enterprise/managed environments.
DeepSeek V4 Pro and DeepSeek V4 Flash are now available on Vercel AI Gateway with a 1M token context window, targeting agentic coding, mathematical reasoning, and high-volume workloads respectively. Accessible via the AI SDK using `deepseek/deepseek-v4-pro` and `deepseek/deepseek-v4-flash`.
`--from-pr` now accepts GitLab merge-request, Bitbucket pull-request, and GitHub Enterprise PR URLs in addition to GitHub. PowerShell tool commands can now be auto-approved in permission mode, matching Bash behavior.
`blockedMarketplaces` now correctly enforces `hostPattern` and `pathPattern` entries, closing a gap where blocked marketplace rules were not properly applied.
Adds vim visual mode (`v`) and visual-line mode (`V`), custom named themes creatable from `/theme` or via plugin `themes/` directories, and the ability for hooks to invoke MCP tools directly via `type: "mcp_tool"`.
New `DISABLE_UPDATES` environment variable completely blocks all update paths including manual `claude update`, providing stricter control than the existing `DISABLE_AUTOUPDATER` for enterprise/managed deployments.
DeepSeek V4 Pro and DeepSeek V4 Flash are now available on Vercel AI Gateway with a 1M token context window, targeting agentic coding, mathematical reasoning, and high-volume latency-sensitive workloads respectively. Accessible via AI SDK with model IDs `deepseek/deepseek-v4-pro` and `deepseek/deepseek-v4-flash`.
Forked subagents can now be enabled on external builds via `CLAUDE_CODE_FORK_SUBAGENT=1`, and agent frontmatter `mcpServers` are now loaded for main-thread agent sessions via `--agent`. Startup is faster with concurrent local and claude.ai MCP server connections now enabled by default.
Supabase has achieved ISO/IEC 27001:2022 certification covering its information security management system across the entire platform. This provides enterprise customers with third-party validation of Supabase's security controls and practices.
On macOS and Linux native builds, the Glob and Grep tools are replaced by embedded `bfs` and `ugrep` for faster searches without a separate tool round-trip. Default effort for Pro/Max subscribers on Opus 4.6 and Sonnet 4.6 is raised to `high`.
Supabase has been certified to ISO/IEC 27001:2022, covering the information security management system across the entire platform. This certification validates Supabase's security controls and processes for enterprise customers.
GPT Image 2 from OpenAI is now available on Vercel AI Gateway, supporting up to 2K resolution image generation with fine-grained text rendering, multiple visual styles, and non-English text. Accessible via the AI SDK using `openai/gpt-image-2`.
OpenAI's GPT Image 2 model is now available on Vercel AI Gateway, supporting up to 2K resolution image generation with detailed instruction following, dense text rendering, and multiple visual styles. Accessible via AI SDK with model ID `openai/gpt-image-2`.
Kimi K2.6 from Moonshot AI is now available on Vercel AI Gateway, focusing on long-horizon coding tasks and autonomous agentic workflows across multiple languages and domains. Accessible via the AI SDK using `moonshotai/kimi-k2.6`.
Fixed a security issue where sandbox auto-allow was bypassing the dangerous-path safety check for `rm`/`rmdir` targeting `/`, `$HOME`, or other critical system directories.
`/resume` on large sessions is up to 67% faster. Claude Code and the installer now use a new download URL (`https://downloads.claude.ai/claude-code-releases`) replacing the old Google Storage bucket URL.
Moonshot AI's Kimi K2.6 model is now available on Vercel AI Gateway, focused on long-horizon coding tasks across Rust, Go, and Python as well as autonomous agentic workflows. Accessible via AI SDK with model ID `moonshotai/kimi-k2.6`.
Workers now allow passing custom limits when creating dynamic workers, giving developers more fine-grained control over resource constraints for programmatically created Worker instances.
Deployment retention policies no longer delete the latest preview deployment for branches with open or unmerged pull requests, allowing teams to safely use shorter retention windows without losing active previews.
Deployment retention policies no longer delete the latest preview deployment for branches with open or unmerged pull requests, allowing teams to safely use shorter retention windows without losing active previews.
The CLI now spawns a native Claude Code binary via per-platform optional dependencies instead of running bundled JavaScript, improving startup performance and enabling platform-specific optimizations.
New `sandbox.network.deniedDomains` setting lets administrators block specific domains even when a broader `allowedDomains` wildcard would otherwise permit them, enabling finer-grained network policy control.
Deployment retention policies now automatically preserve the latest preview deployment for branches with open or unmerged pull requests, preventing accidental deletion of active previews when using short retention windows. This applies to all plans.
V8 was updated to version 14.7 and support was added for passing custom limits when creating dynamic workers, giving developers finer control over resource allocation for dynamically spawned Workers.
Claude Opus 4.7 from Anthropic is now available on Vercel AI Gateway, optimized for long-running agentic tasks with improved tool-calling, high-resolution image support, and a new task budgets feature for controlling token usage across agentic turns. Accessible via the AI SDK using `anthropic/claude-opus-4.7`.
Anthropic's Claude Opus 4.7 is now available on Vercel AI Gateway, introducing task budgets (`taskBudget`) for agentic token management, an `xhigh` effort level, and improved memory and image processing for long-running agents. Accessible via AI SDK with model ID `anthropic/claude-opus-4.7`.
Vercel Flags, a built-in feature flag provider with targeting rules, user segments, and environment controls, is now generally available. The Flags SDK supports Next.js and SvelteKit natively and also integrates with the OpenFeature standard for other frameworks.
Supabase Agent Skills is an open-source set of instructions that teach AI coding agents how to build on Supabase correctly. This helps ensure AI-generated code follows Supabase best practices for security, schema design, and API usage.
Supabase Auth now supports connecting any OpenID Connect identity provider, including GitHub Enterprise and regional providers. This allows organizations to integrate custom or internal identity systems with Supabase authentication.
The V8 JavaScript engine used in Cloudflare Workers was updated to version 14.6, delivering the latest JavaScript language features and engine improvements.