2026年4月22日 06:15

26 ファイル変更 +844 -64

この更新の概要

管理者向けに組織全体でClaude Codeを導入・制御するための包括的なガイド admin-setup が新設されました。Agent SDKにセッション情報を外部ストレージへ保存する機能や、OpenTelemetryによる詳細なトレース・APIボディの記録オプションが追加されています。PythonとTypeScriptの両SDKで、サブエージェントの推論努力量や実行制限を詳細に制御できるようパラメータが拡充されました。また、組織ポリシーの適用優先順位や、サンドボックス環境でのネットワーク制限などの管理機能も強化されています。

admin-setup +129 -0

組織導入のための意思決定マップが追加され、APIプロバイダーの選択やポリシー強制、使用状況の監視方法が網羅されました。

@@ -0,0 +1,129 @@

---

title: admin-setup

source: https://code.claude.com/docs/en/admin-setup.md

---

# Set up Claude Code for your organization

> A decision map for administrators deploying Claude Code, covering API providers, managed settings, policy enforcement, usage monitoring, and data handling.

Claude Code enforces organization policy through managed settings that take precedence over local developer configuration. You deliver those settings from the Claude admin console, your mobile device management (MDM) system, or a file on disk. The settings control which tools, commands, servers, and network destinations Claude can reach.

This page walks through the deployment decisions in order. Each row links to the section below and to the reference page for that area.

SSO, SCIM provisioning, and seat assignment are configured at the Claude account level. See the [Claude Enterprise Administrator Guide](https://claude.com/resources/tutorials/claude-enterprise-administrator-guide) and [seat assignment](https://support.claude.com/en/articles/11845131-use-claude-code-with-your-team-or-enterprise-plan) for those steps.

| Decision | What you're choosing | Reference |

| :- | :- | :- |

| [Choose your API provider](#choose-your-api-provider) | Where Claude Code authenticates and how it's billed | [Authentication](/en/authentication), [Bedrock](/en/amazon-bedrock), [Vertex AI](/en/google-vertex-ai), [Foundry](/en/microsoft-foundry) |

| [Decide how settings reach devices](#decide-how-settings-reach-devices) | How managed policy reaches developer machines | [Server-managed settings](/en/server-managed-settings), [Settings files](/en/settings#settings-files) |

| [Decide what to enforce](#decide-what-to-enforce) | Which tools, commands, and integrations are allowed | [Permissions](/en/permissions), [Sandboxing](/en/sandboxing) |

| [Set up usage visibility](#set-up-usage-visibility) | How you track spend and adoption | [Analytics](/en/analytics), [Monitoring](/en/monitoring-usage), [Costs](/en/costs) |

| [Review data handling](#review-data-handling) | Data retention and compliance posture | [Data usage](/en/data-usage), [Security](/en/security) |

## Choose your API provider

Claude Code connects to Claude through one of several API providers. Your choice affects billing, authentication, and which compliance posture you inherit.

| Provider | Choose this when |

| :- | :- |

| Claude for Teams / Enterprise | You want Claude Code and claude.ai under one per-seat subscription with no infrastructure to run. This is the default recommendation. |

| Claude Console | You're API-first or want pay-as-you-go billing |

| Amazon Bedrock | You want to inherit existing AWS compliance controls and billing |

| Google Vertex AI | You want to inherit existing GCP compliance controls and billing |

| Microsoft Foundry | You want to inherit existing Azure compliance controls and billing |

For the full provider comparison covering authentication, regions, and feature parity, see the [enterprise deployment overview](/en/third-party-integrations). Each provider's auth setup is in [Authentication](/en/authentication).

Proxy and firewall requirements in [Network configuration](/en/network-config) apply regardless of provider. If you want a single endpoint in front of multiple providers or centralized request logging, see [LLM gateway](/en/llm-gateway).

## Decide how settings reach devices

Managed settings define policy that takes precedence over local developer configuration. Claude Code looks for them in four places and uses the first one it finds on a given device.

| :- | :- | :- | :- |

| File-based managed | macOS: `/Library/Application Support/ClaudeCode/managed-settings.json`Linux and WSL: `/etc/claude-code/managed-settings.json`Windows: `C:\Program Files\ClaudeCode\managed-settings.json` | Medium | All |

Server-managed settings reach devices at authentication time and refresh hourly during active sessions, with no endpoint infrastructure. They require a Claude for Teams or Enterprise plan, so deployments on other providers need one of the file-based or OS-level mechanisms instead.

If your organization mixes providers, configure [server-managed settings](/en/server-managed-settings) for Claude.ai users plus a [file-based or plist/registry fallback](/en/settings#settings-files) so other users still receive managed policy.

The plist and HKLM registry locations work with any provider and resist tampering because they require admin privileges to write. The Windows user registry at HKCU is writable without elevation, so treat it as a convenience default rather than an enforcement channel.

Whichever mechanism you choose, managed values take precedence over user and project settings. Array settings such as `permissions.allow` and `permissions.deny` merge entries from all sources, so developers can extend managed lists but not remove from them.

See [Server-managed settings](/en/server-managed-settings) and [Settings files and precedence](/en/settings#settings-files).

## Decide what to enforce

Managed settings can lock down tools, sandbox execution, restrict MCP servers and plugin sources, and control which hooks run. Each row is a control surface with the setting keys that drive it.

| Control | What it does | Key settings |

| :- | :- | :- |

| [Permission rules](/en/permissions) | Allow, ask, or deny specific tools and commands | `permissions.allow`, `permissions.deny` |

| [Permission lockdown](/en/permissions#managed-only-settings) | Only managed permission rules apply; disable `--dangerously-skip-permissions` | `allowManagedPermissionRulesOnly`, `permissions.disableBypassPermissionsMode` |

| [Sandboxing](/en/sandboxing) | OS-level filesystem and network isolation with domain allowlists | `sandbox.enabled`, `sandbox.network.allowedDomains` |

| [Managed policy CLAUDE.md](/en/memory#deploy-organization-wide-claude-md) | Org-wide instructions loaded in every session, cannot be excluded | File at the managed policy path |

| [MCP server control](/en/mcp#managed-mcp-configuration) | Restrict which MCP servers users can add or connect to | `allowedMcpServers`, `deniedMcpServers`, `allowManagedMcpServersOnly` |

| [Plugin marketplace control](/en/plugin-marketplaces#managed-marketplace-restrictions) | Restrict which marketplace sources users can add | `strictKnownMarketplaces`, `blockedMarketplaces` |

| [Hook restrictions](/en/settings#hook-configuration) | Only managed hooks load; restrict HTTP hook URLs | `allowManagedHooksOnly`, `allowedHttpHookUrls` |

| [Version floor](/en/settings) | Prevent auto-update from installing below an org-wide minimum | `minimumVersion` |

Permission rules and sandboxing cover different layers. Denying WebFetch blocks Claude's fetch tool, but if Bash is allowed, `curl` and `wget` can still reach any URL. Sandboxing closes that gap with a network domain allowlist enforced at the OS level.

For the threat model these controls defend against, see [Security](/en/security).

## Set up usage visibility

Choose monitoring based on what you need to report on.

| :- | :- | :- | :- |

Cloud providers expose spend through AWS Cost Explorer, GCP Billing, or Azure Cost Management. Claude for Teams and Enterprise plans include a usage dashboard at [claude.ai/analytics/claude-code](https://claude.ai/analytics/claude-code).

## Review data handling

On Team, Enterprise, Claude API, and cloud provider plans, Anthropic does not train models on your code or prompts. Your API provider determines retention and compliance posture.

| Topic | What to know | Where to start |

| :- | :- | :- |

| Data usage policy | What Anthropic collects, how long it's retained, what's never used for training | [Data usage](/en/data-usage) |

| Zero Data Retention (ZDR) | Nothing stored after the request completes. Available on Claude for Enterprise | [Zero data retention](/en/zero-data-retention) |

| Security architecture | Network model, encryption, authentication, audit trail | [Security](/en/security) |

If you need request-level audit logging or to route traffic by data sensitivity, place an [LLM gateway](/en/llm-gateway) between developers and your provider. For regulatory requirements and certifications, see [Legal and compliance](/en/legal-and-compliance).

## Verify and onboard

After configuring managed settings, have a developer run `/status` inside Claude Code. The output includes a line beginning with `Enterprise managed settings` followed by the source in parentheses, one of `(remote)`, `(plist)`, `(HKLM)`, `(HKCU)`, or `(file)`. See [Verify active settings](/en/settings#verify-active-settings).

Share these resources to help developers get started:

- [Quickstart](/en/quickstart): first-session walkthrough from install to working with a project

- [Common workflows](/en/common-workflows): patterns for everyday tasks like code review, refactoring, and debugging

- [Claude 101](https://anthropic.skilljar.com/claude-101) and [Claude Code in Action](https://anthropic.skilljar.com/claude-code-in-action): self-paced Anthropic Academy courses

For login issues, point developers to [authentication troubleshooting](/en/troubleshooting#authentication-issues). The most common fixes are:

- Run `/logout` then `/login` to switch accounts

- Run `claude update` if the enterprise auth option is missing

- Restart the terminal after updating

If a developer sees "You haven't been added to your organization yet," their seat doesn't include Claude Code access and needs to be updated in the admin console.

## Next steps

With provider and delivery mechanism chosen, move on to detailed configuration:

- [Server-managed settings](/en/server-managed-settings): deliver managed policy from the Claude admin console

- [Settings reference](/en/settings): every setting key, file location, and precedence rule

- [Amazon Bedrock](/en/amazon-bedrock), [Google Vertex AI](/en/google-vertex-ai), [Microsoft Foundry](/en/microsoft-foundry): provider-specific deployment

- [Claude Enterprise Administrator Guide](https://claude.com/resources/tutorials/claude-enterprise-administrator-guide): SSO, SCIM, seat management, and rollout playbook

agent-sdk/observability +13 -2

SDKのトレース情報を親アプリケーションとリンクさせる仕組みや、APIの入出力内容をログとして出力する設定が追加されました。

@@ -137,7 +137,9 @@ Traces give you the most detailed view of an agent run. With `CLAUDE_CODE_ENHANC

- **`claude_code.interaction`:** wraps a single turn of the agent loop, from receiving a prompt to producing a response.

- **`claude_code.llm_request`:** wraps each call to the Claude API, with model name, latency, and token counts as attributes.

- **`claude_code.tool`:** wraps each tool invocation, with child spans for the permission wait (`claude_code.tool.blocked_on_user`) and the execution itself (`claude_code.tool.execution`).

- **`claude_code.hook`:** wraps each [hook](/en/agent-sdk/hooks) execution.

- **`claude_code.hook`:** wraps each [hook](/en/agent-sdk/hooks) execution. Requires detailed beta tracing (`ENABLE_BETA_TRACING_DETAILED=1` and `BETA_TRACING_ENDPOINT`) in addition to the variables above.

The `llm_request`, `tool`, and `hook` spans are children of the enclosing `claude_code.interaction` span. When the agent spawns a subagent through the Task tool, the subagent's `llm_request` and `tool` spans nest under the parent agent's `claude_code.tool` span, so the full delegation chain appears as one trace.

Spans carry a `session.id` attribute by default. When you make several `query()` calls against the same [session](/en/agent-sdk/sessions), filter on `session.id` in your backend to see them as one timeline. The attribute is omitted if `OTEL_METRICS_INCLUDE_SESSION_ID` is set to a falsy value.

@@ -145,6 +147,14 @@ Tracing is in beta. Span names and attributes may change between releases. See

[Traces (beta)](/en/monitoring-usage#traces-beta) in the Monitoring reference

for the trace exporter configuration variables.

## Link traces to your application

The SDK automatically propagates W3C trace context into the CLI subprocess. When you call `query()` while an OpenTelemetry span is active in your application, the SDK injects `TRACEPARENT` and `TRACESTATE` into the child process environment, and the CLI reads them so its `claude_code.interaction` span becomes a child of your span. The agent run then appears inside your application's trace instead of as a disconnected root.

The CLI also forwards `TRACEPARENT` to every Bash and PowerShell command it runs. If a command launched through the Bash tool emits its own OpenTelemetry spans, those spans nest under the `claude_code.tool.execution` span that wraps the command.

Auto-injection is skipped when you set `TRACEPARENT` explicitly in `options.env`, so you can pin a specific parent context if needed. Interactive CLI sessions ignore inbound `TRACEPARENT` entirely; only Agent SDK and `claude -p` runs honor it. See [Traces (beta)](/en/monitoring-usage#traces-beta) in the Monitoring reference for the full span and attribute reference.

## Tag telemetry from your agent

By default, the CLI reports `service.name` as `claude-code`. If you run several agents, or run the SDK alongside other services that export to the same collector, override the service name and add resource attributes so you can filter by agent in your backend.

@@ -175,13 +185,14 @@ const options = {

## Control sensitive data in exports

Telemetry is structural by default. Durations, model names, and tool names are recorded on every span; token counts are recorded when the underlying API request returns usage data, so spans for failed or aborted requests may omit them. The content your agent reads and writes is not recorded by default. Three opt-in variables add content to the exported data:

Telemetry is structural by default. Durations, model names, and tool names are recorded on every span; token counts are recorded when the underlying API request returns usage data, so spans for failed or aborted requests may omit them. The content your agent reads and writes is not recorded by default. These opt-in variables add content to the exported data:

| Variable | Adds |

| - | - |

| `OTEL_LOG_USER_PROMPTS=1` | Prompt text on `claude_code.user_prompt` events and on the `claude_code.interaction` span |

| `OTEL_LOG_TOOL_DETAILS=1` | Tool input arguments (file paths, shell commands, search patterns) on `claude_code.tool_result` events |

| `OTEL_LOG_TOOL_CONTENT=1` | Full tool input and output bodies as span events on `claude_code.tool`, truncated at 60 KB. Requires [tracing](#read-agent-traces) to be enabled |

| `OTEL_LOG_RAW_API_BODIES` | Full Anthropic Messages API request and response JSON as `claude_code.api_request_body` and `claude_code.api_response_body` log events. Set to `1` for inline bodies truncated at 60 KB, or `file:<dir>` for untruncated bodies on disk with a `body_ref` path in the event. Bodies include the entire conversation history and have extended-thinking content redacted. Enabling this implies consent to everything the three variables above would reveal |

Leave these unset unless your observability pipeline is approved to store the data your agent handles. See [Security and privacy](/en/monitoring-usage#security-and-privacy) in the Monitoring reference for the full list of attributes and redaction behavior.

agent-sdk/python +20 -4

サブエージェント定義に実行ターンの上限や推論努力量、バックグラウンド実行などの新しい設定項目が追加されました。

@@ -765,8 +765,9 @@ class ClaudeAgentOptions:

plugins: list[SdkPluginConfig] = field(default_factory=list)

max_thinking_tokens: int | None = None # Deprecated: use thinking instead

thinking: ThinkingConfig | None = None

effort: Literal["low", "medium", "high", "xhigh", "max"] | None = None

effort: Literal["low", "medium", "high", "max"] | None = None

enable_file_checkpointing: bool = False

session_store: SessionStore | None = None

```

@@ -807,7 +808,8 @@ class ClaudeAgentOptions:

| `setting_sources` | `list[SettingSource] \| None` | `None` (CLI defaults: all sources) | Control which filesystem settings to load. Pass `[]` to disable user, project, and local settings. Managed policy settings load regardless. See [Use Claude Code features](/en/agent-sdk/claude-code-features#what-settingsources-does-not-control) |

| `session_store` | [`SessionStore`](/en/agent-sdk/session-storage#the-session-store-interface) ` \| None` | `None` | Mirror session transcripts to an external backend so any host can resume them. See [Persist sessions to external storage](/en/agent-sdk/session-storage) |

### `OutputFormat`

@@ -978,10 +980,16 @@ class AgentDefinition:

description: str

prompt: str

tools: list[str] | None = None

model: Literal["sonnet", "opus", "haiku", "inherit"] | None = None

disallowedTools: list[str] | None = None

model: str | None = None

skills: list[str] | None = None

memory: Literal["user", "project", "local"] | None = None

mcpServers: list[str | dict[str, Any]] | None = None

initialPrompt: str | None = None

maxTurns: int | None = None

background: bool | None = None

effort: Literal["low", "medium", "high", "max"] | int | None = None

permissionMode: PermissionMode | None = None

```

| Field | Required | Description |

@@ -989,10 +997,18 @@ class AgentDefinition:

| `description` | Yes | Natural language description of when to use this agent |

| `prompt` | Yes | The agent's system prompt |

| `tools` | No | Array of allowed tool names. If omitted, inherits all tools |

| `model` | No | Model override for this agent. If omitted, uses the main model |

| `disallowedTools` | No | Array of tool names to remove from the agent's tool set |

| `model` | No | Model override for this agent. Accepts an alias such as `"sonnet"`, `"opus"`, `"haiku"`, or `"inherit"`, or a full model ID. If omitted, uses the main model |

| `skills` | No | List of skill names available to this agent |

| `memory` | No | Memory source for this agent: `"user"`, `"project"`, or `"local"` |

| `mcpServers` | No | MCP servers available to this agent. Each entry is a server name or an inline `{name: config}` dict |

| `initialPrompt` | No | Auto-submitted as the first user turn when this agent runs as the main thread agent |

| `maxTurns` | No | Maximum number of agentic turns before the agent stops |

| `background` | No | Run this agent as a non-blocking background task when invoked |

| `effort` | No | Reasoning effort level for this agent. Accepts a named level or an integer |

| `permissionMode` | No | Permission mode for tool execution within this agent. See [`PermissionMode`](#permission-mode) |

`AgentDefinition` field names use camelCase, such as `disallowedTools`, `permissionMode`, and `maxTurns`. These names map directly to the wire format shared with the TypeScript SDK. This differs from `ClaudeAgentOptions`, which uses Python snake\_case for the equivalent top-level fields such as `disallowed_tools` and `permission_mode`. Because `AgentDefinition` is a dataclass, passing a snake\_case keyword raises a `TypeError` at construction time.

### `PermissionMode`

agent-sdk/session-storage +253 -0

セッションの履歴を外部データベースなどに永続化するためのインターフェースと実装方法が新たに公開されました。

(差分が大きいため省略しています)

agent-sdk/sessions +2 -0

異なる環境間でセッションを再開するために、セッションストア・アダプターの利用を推奨する説明が加わりました。

@@ -219,6 +219,8 @@ for await (const message of query({

If a `resume` call returns a fresh session instead of the expected history, the most common cause is a mismatched `cwd`. Sessions are stored under `~/.claude/projects/<encoded-cwd>/*.jsonl`, where `<encoded-cwd>` is the absolute working directory with every non-alphanumeric character replaced by `-` (so `/Users/me/proj` becomes `-Users-me-proj`). If your resume call runs from a different directory, the SDK looks in the wrong place. The session file also needs to exist on the current machine.

To resume sessions across machines or in serverless environments, mirror transcripts to shared storage with a [`SessionStore` adapter](/en/agent-sdk/session-storage).

### Fork to explore alternatives

Forking creates a new session that starts with a copy of the original's history but diverges from that point. The fork gets its own session ID; the original's ID and history stay unchanged. You end up with two independent sessions you can resume separately.

agent-sdk/subagents +9 -2

サブエージェントが使用できるツールの制限や、特定のモデルIDの直接指定が可能になったことが記載されました。

@@ -161,10 +161,17 @@ Focus on:

| `model` | `string` | No | Model override for this agent. Accepts an alias such as `'sonnet'`, `'opus'`, `'haiku'`, `'inherit'`, or a full model ID. Defaults to main model if omitted |

In the Python SDK, these field names use camelCase to match the wire format. See the [`AgentDefinition` reference](/en/agent-sdk/python#agent-definition) for details.

Subagents cannot spawn their own subagents. Don't include `Agent` in a subagent's `tools` array.

agent-sdk/typescript +13 -2

TypeScript SDKのAgentDefinitionに初期プロンプトや推論努力量などのオプションが追加され、機能が拡充されました。

@@ -354,6 +354,7 @@ Configuration object for the `query()` function.

| `sessionStore` | [`SessionStore`](/en/agent-sdk/session-storage#the-session-store-interface) | `undefined` | Mirror session transcripts to an external backend so any host can resume them. See [Persist sessions to external storage](/en/agent-sdk/session-storage) |

| `settingSources` | [`SettingSource`](#setting-source)`[]` | CLI defaults (all sources) | Control which filesystem settings to load. Pass `[]` to disable user, project, and local settings. Managed policy settings load regardless. See [Use Claude Code features](/en/agent-sdk/claude-code-features#what-settingsources-does-not-control) |

| `spawnClaudeCodeProcess` | `(options: SpawnOptions) => SpawnedProcess` | `undefined` | Custom function to spawn the Claude Code process. Use to run Claude Code in VMs, containers, or remote environments |

@@ -460,10 +461,15 @@ type AgentDefinition = {

tools?: string[];

disallowedTools?: string[];

prompt: string;

model?: "sonnet" | "opus" | "haiku" | "inherit";

model?: string;

mcpServers?: AgentMcpServerSpec[];

skills?: string[];

initialPrompt?: string;

maxTurns?: number;

background?: boolean;

memory?: "user" | "project" | "local";

permissionMode?: PermissionMode;

criticalSystemReminder_EXPERIMENTAL?: string;

};

```

@@ -474,10 +480,15 @@ type AgentDefinition = {

| `tools` | No | Array of allowed tool names. If omitted, inherits all tools from parent |

| `disallowedTools` | No | Array of tool names to explicitly disallow for this agent |

| `prompt` | Yes | The agent's system prompt |

| `model` | No | Model override for this agent. If omitted or `'inherit'`, uses the main model |

| `model` | No | Model override for this agent. Accepts an alias such as `'sonnet'`, `'opus'`, `'haiku'`, `'inherit'`, or a full model ID. If omitted or `'inherit'`, uses the main model |

| `mcpServers` | No | MCP server specifications for this agent |

| `skills` | No | Array of skill names to preload into the agent context |

| `initialPrompt` | No | Auto-submitted as the first user turn when this agent runs as the main thread agent |

| `maxTurns` | No | Maximum number of agentic turns (API round-trips) before stopping |

| `background` | No | Run this agent as a non-blocking background task when invoked |

| `memory` | No | Memory source for this agent: `'user'`, `'project'`, or `'local'` |

| `effort` | No | Reasoning effort level for this agent. Accepts a named level or an integer |

| `permissionMode` | No | Permission mode for tool execution within this agent. See [`PermissionMode`](#permission-mode) |

| `criticalSystemReminder_EXPERIMENTAL` | No | Experimental: Critical reminder added to the system prompt |

### `AgentMcpServerSpec`

common-workflows +1 -1

思考プロセス実行中（Extended thinking）に表示されるステータスインジケーターの挙動についての説明が更新されました。

@@ -405,7 +405,7 @@ Tips:

## Use extended thinking (thinking mode)

[Extended thinking](https://platform.claude.com/docs/en/build-with-claude/extended-thinking) is enabled by default, giving Claude space to reason through complex problems step-by-step before responding. This reasoning is visible in verbose mode, which you can toggle on with `Ctrl+O`. During extended thinking, progress hints appear below the indicator to show that Claude is actively working.

[Extended thinking](https://platform.claude.com/docs/en/build-with-claude/extended-thinking) is enabled by default, giving Claude space to reason through complex problems step-by-step before responding. This reasoning is visible in verbose mode, which you can toggle on with `Ctrl+O`. During extended thinking, the spinner shows inline progress hints such as "still thinking" and "almost done thinking" to indicate Claude is actively working.

Additionally, [models that support effort](/en/model-config#adjust-effort-level) use adaptive reasoning: instead of a fixed thinking token budget, the model dynamically decides whether and how much to think based on your effort level setting and the task at hand. Adaptive reasoning lets Claude respond faster to routine prompts and reserve deeper thinking for steps that benefit from it.

env-vars +3 -2

最小限のシステムプロンプトのみを使用するための新しい環境変数 CLAUDE_CODE_SIMPLE_SYSTEM_PROMPT が追加されました。

@@ -129,6 +129,7 @@ Claude Code supports the following environment variables to control its behavior

| `CLAUDE_CODE_SHELL` | Override automatic shell detection. Useful when your login shell differs from your preferred working shell (for example, `bash` vs `zsh`) |

| `CLAUDE_CODE_SHELL_PREFIX` | Command prefix to wrap all bash commands (for example, for logging or auditing). Example: `/path/to/logger.sh` will execute `/path/to/logger.sh <command>` |

| `CLAUDE_CODE_SIMPLE` | Set to `1` to run with a minimal system prompt and only the Bash, file read, and file edit tools. MCP tools from `--mcp-config` are still available. Disables auto-discovery of hooks, skills, plugins, MCP servers, auto memory, and CLAUDE.md. The [`--bare`](/en/headless#start-faster-with-bare-mode) CLI flag sets this |

| `CLAUDE_CODE_SIMPLE_SYSTEM_PROMPT` | Set to `1` to use the minimal system prompt and collapsed tool descriptions from `CLAUDE_CODE_SIMPLE` without the other simple-mode changes. The full tool set, hooks, MCP servers, and CLAUDE.md discovery remain enabled |

| `CLAUDE_CODE_SKIP_BEDROCK_AUTH` | Skip AWS authentication for Bedrock (for example, when using an LLM gateway) |

| `CLAUDE_CODE_SKIP_FOUNDRY_AUTH` | Skip Azure authentication for Microsoft Foundry (for example, when using an LLM gateway) |

| `CLAUDE_CODE_SKIP_MANTLE_AUTH` | Skip AWS authentication for Bedrock Mantle (for example, when using an LLM gateway) |

@@ -194,9 +195,9 @@ Claude Code supports the following environment variables to control its behavior

| `MCP_TIMEOUT` | Timeout in milliseconds for MCP server startup (default: 30000, or 30 seconds) |

| `MCP_TOOL_TIMEOUT` | Timeout in milliseconds for MCP tool execution (default: 100000000, about 28 hours) |

| `NO_PROXY` | List of domains and IPs to which requests will be directly issued, bypassing proxy |

| `OTEL_LOG_RAW_API_BODIES` | Set to `1` to emit the full Anthropic Messages API request and response JSON as OpenTelemetry log events (`api_request_body`, `api_response_body`). Disabled by default; bodies include the entire conversation history. See [Monitoring](/en/monitoring-usage) |

| `OTEL_LOG_RAW_API_BODIES` | Emit Anthropic Messages API request and response JSON as `api_request_body` / `api_response_body` log events. Set to `1` for inline bodies truncated at 60 KB, or `file:<dir>` to write untruncated bodies to disk and emit a `body_ref` path instead. Disabled by default; bodies include the entire conversation history. See [Monitoring](/en/monitoring-usage#api-request-body-event) |

| `OTEL_LOG_TOOL_CONTENT` | Set to `1` to include tool input and output content in OpenTelemetry span events. Disabled by default to protect sensitive data. See [Monitoring](/en/monitoring-usage) |

| `OTEL_LOG_TOOL_DETAILS` | Set to `1` to include tool input arguments, MCP server names, and tool details in OpenTelemetry traces and logs. Disabled by default to protect PII. See [Monitoring](/en/monitoring-usage) |

| `OTEL_LOG_TOOL_DETAILS` | Set to `1` to include tool input arguments, MCP server names, raw error strings on tool failures, and other tool details in OpenTelemetry traces and logs. Disabled by default to protect PII. See [Monitoring](/en/monitoring-usage) |

| `OTEL_LOG_USER_PROMPTS` | Set to `1` to include user prompt text in OpenTelemetry traces and logs. Disabled by default (prompts are redacted). See [Monitoring](/en/monitoring-usage) |

| `OTEL_METRICS_INCLUDE_ACCOUNT_UUID` | Set to `false` to exclude account UUID from metrics attributes (default: included). See [Monitoring](/en/monitoring-usage) |

| `OTEL_METRICS_INCLUDE_SESSION_ID` | Set to `false` to exclude session ID from metrics attributes (default: included). See [Monitoring](/en/monitoring-usage) |

hooks-guide +3 -1

@@ -396,6 +396,7 @@ Hook events fire at specific lifecycle points in Claude Code. When an event fire

| :- | :- |

| `SessionStart` | When a session begins or resumes |

| `UserPromptSubmit` | When you submit a prompt, before Claude processes it |

| `UserPromptExpansion` | When a user-typed command expands into a prompt, before it reaches Claude. Can block the expansion |

| `PreToolUse` | Before a tool call executes. Can block it |

| `PermissionRequest` | When a permission dialog appears |

| `PermissionDenied` | When a tool call is denied by the auto mode classifier. Return `{retry: true}` to tell the model it may retry the denied tool call |

@@ -470,7 +471,7 @@ exit 0 # exit 0 = let it proceed

The exit code determines what happens next:

- **Exit 0**: the action proceeds. For `UserPromptSubmit` and `SessionStart` hooks, anything you write to stdout is added to Claude's context.

- **Exit 0**: the action proceeds. For `UserPromptSubmit`, `UserPromptExpansion`, and `SessionStart` hooks, anything you write to stdout is added to Claude's context.

- **Exit 2**: the action is blocked. Write a reason to stderr, and Claude receives it as feedback so it can adjust.

- **Any other exit code**: the action proceeds. The transcript shows a `<hook name> hook error` notice followed by the first line of stderr; the full stderr goes to the [debug log](/en/hooks#debug-hooks).

@@ -544,6 +545,7 @@ Each event type matches on a specific field:

| `Elicitation` | MCP server name | your configured MCP server names |

| `ElicitationResult` | MCP server name | same values as `Elicitation` |

| `UserPromptExpansion` | command name | your skill or command names |

| `UserPromptSubmit`, `Stop`, `TeammateIdle`, `TaskCreated`, `TaskCompleted`, `WorktreeCreate`, `WorktreeRemove`, `CwdChanged` | no matcher support | always fires on every occurrence |

A few more examples showing matchers on different event types:

hooks +57 -5

組織管理のフックのみを許可する設定や、特定のURLへのHTTPフック制限についての詳細が記載されました。

@@ -21,6 +21,7 @@ The table below summarizes when each event fires. The [Hook events](#hook-events

| :- | :- |

| `SessionStart` | When a session begins or resumes |

| `UserPromptSubmit` | When you submit a prompt, before Claude processes it |

| `UserPromptExpansion` | When a user-typed command expands into a prompt, before it reaches Claude. Can block the expansion |

| `PreToolUse` | Before a tool call executes. Can block it |

| `PermissionRequest` | When a permission dialog appears |

| `PermissionDenied` | When a tool call is denied by the auto mode classifier. Return `{retry: true}` to tell the model it may retry the denied tool call |

@@ -174,6 +175,7 @@ Each event type matches on a different field:

| `StopFailure` | error type | `rate_limit`, `authentication_failed`, `billing_error`, `invalid_request`, `server_error`, `max_output_tokens`, `unknown` |

| `InstructionsLoaded` | load reason | `session_start`, `nested_traversal`, `path_glob_match`, `include`, `compact` |

| `UserPromptExpansion` | command name | your skill or command names |

| `Elicitation` | MCP server name | your configured MCP server names |

| `ElicitationResult` | MCP server name | same values as `Elicitation` |

| `UserPromptSubmit`, `Stop`, `TeammateIdle`, `TaskCreated`, `TaskCompleted`, `WorktreeCreate`, `WorktreeRemove` | no matcher support | always fires on every occurrence |

@@ -481,7 +483,7 @@ The `tool_name` and `tool_input` fields are event-specific. Each [hook event](#h

The exit code from your hook command tells Claude Code whether the action should proceed, be blocked, or be ignored.

**Exit 0** means success. Claude Code parses stdout for [JSON output fields](#json-output). JSON output is only processed on exit 0. For most events, stdout is written to the debug log but not shown in the transcript. The exceptions are `UserPromptSubmit` and `SessionStart`, where stdout is added as context that Claude can see and act on.

**Exit 0** means success. Claude Code parses stdout for [JSON output fields](#json-output). JSON output is only processed on exit 0. For most events, stdout is written to the debug log but not shown in the transcript. The exceptions are `UserPromptSubmit`, `UserPromptExpansion`, and `SessionStart`, where stdout is added as context that Claude can see and act on.

**Exit 2** means a blocking error. Claude Code ignores stdout and any JSON in it. Instead, stderr text is fed back to Claude as an error message. The effect depends on the event: `PreToolUse` blocks the tool call, `UserPromptSubmit` rejects the prompt, and so on. See [exit code 2 behavior](#exit-code-2-behavior-per-event) for the full list.

@@ -513,6 +515,7 @@ Exit code 2 is the way a hook signals "stop, don't do this." The effect depends

| `PreToolUse` | Yes | Blocks the tool call |

| `PermissionRequest` | Yes | Denies the permission |

| `UserPromptSubmit` | Yes | Blocks prompt processing and erases the prompt |

| `UserPromptExpansion` | Yes | Blocks the expansion |

| `Stop` | Yes | Prevents Claude from stopping, continues the conversation |

| `SubagentStop` | Yes | Prevents the subagent from stopping |

| `TeammateIdle` | Yes | Prevents the teammate from going idle (teammate continues working) |

@@ -584,7 +587,7 @@ Not every event supports blocking or controlling behavior through JSON. The even

| Events | Decision pattern | Key fields |

| :- | :- | :- |

| UserPromptSubmit, PostToolUse, PostToolUseFailure, Stop, SubagentStop, ConfigChange, PreCompact | Top-level `decision` | `decision: "block"`, `reason` |

| UserPromptSubmit, UserPromptExpansion, PostToolUse, PostToolUseFailure, Stop, SubagentStop, ConfigChange, PreCompact | Top-level `decision` | `decision: "block"`, `reason` |

| TeammateIdle, TaskCreated, TaskCompleted | Exit code or `continue: false` | Exit code 2 blocks the action with stderr feedback. JSON `{"continue": false, "stopReason": "..."}` also stops the teammate entirely, matching `Stop` hook behavior |

| PreToolUse | `hookSpecificOutput` | `permissionDecision` (allow/deny/ask/defer), `permissionDecisionReason` |

| PermissionRequest | `hookSpecificOutput` | `decision.behavior` (allow/deny) |

@@ -596,7 +599,7 @@ Not every event supports blocking or controlling behavior through JSON. The even

Here are examples of each pattern in action:

Used by `UserPromptSubmit`, `PostToolUse`, `PostToolUseFailure`, `Stop`, `SubagentStop`, `ConfigChange`, and `PreCompact`. The only value is `"block"`. To allow the action to proceed, omit `decision` from your JSON, or exit 0 without any JSON at all:

Used by `UserPromptSubmit`, `UserPromptExpansion`, `PostToolUse`, `PostToolUseFailure`, `Stop`, `SubagentStop`, `ConfigChange`, and `PreCompact`. The only value is `"block"`. To allow the action to proceed, omit `decision` from your JSON, or exit 0 without any JSON at all:

```json theme={null}

{

@@ -818,6 +821,54 @@ To block a prompt, return a JSON object with `decision` set to `"block"`:

The JSON format isn't required for simple use cases. To add context, you can print plain text to stdout with exit code 0. Use JSON when you need to

block prompts or want more structured control.

### UserPromptExpansion

Runs when a user-typed slash command expands into a prompt before reaching Claude. Use this to block specific commands from direct invocation, inject context for a particular skill, or log which commands users invoke. For example, a hook matching `deploy` can block `/deploy` unless an approval file is present, or a hook matching a review skill can append the team's review checklist as `additionalContext`.

This event covers the path `PreToolUse` does not: a `PreToolUse` hook matching the `Skill` tool fires only when Claude calls the tool, but typing `/skillname` directly bypasses `PreToolUse`. `UserPromptExpansion` fires on that direct path.

Matches on `command_name`. Leave the matcher empty to fire on every prompt-type slash command.

#### UserPromptExpansion input

In addition to the [common input fields](#common-input-fields), UserPromptExpansion hooks receive `expansion_type`, `command_name`, `command_args`, `command_source`, and the original `prompt` string. The `expansion_type` field is `slash_command` for skill and custom commands, or `mcp_prompt` for MCP server prompts.

```json

{

"session_id": "abc123",

"transcript_path": "/Users/.../00893aaf.jsonl",

"cwd": "/Users/...",

"permission_mode": "default",

"hook_event_name": "UserPromptExpansion",

"expansion_type": "slash_command",

"command_name": "example-skill",

"command_args": "arg1 arg2",

"command_source": "plugin",

"prompt": "/example-skill arg1 arg2"

}

```

#### UserPromptExpansion decision control

`UserPromptExpansion` hooks can block the expansion or add context. All [JSON output fields](#json-output) are available.

| Field | Description |

| :- | :- |

| `decision` | `"block"` prevents the slash command from expanding. Omit to allow it to proceed |

| `reason` | Shown to the user when `decision` is `"block"` |

| `additionalContext` | String added to Claude's context alongside the expanded prompt |

```json

{

"decision": "block",

"reason": "This slash command is not available",

"hookSpecificOutput": {

"hookEventName": "UserPromptExpansion",

"additionalContext": "Additional context for this expansion"

}

```

### PreToolUse

Runs after Claude creates tool parameters and before processing the tool call. Matches on tool name: `Bash`, `Edit`, `Write`, `Read`, `Glob`, `Grep`, `Agent`, `WebFetch`, `WebSearch`, `AskUserQuestion`, `ExitPlanMode`, and any [MCP tool names](#match-mcp-tools).

@@ -1645,7 +1696,7 @@ ConfigChange hooks can block configuration changes from taking effect. Use exit

Runs when the working directory changes during a session, for example when Claude executes a `cd` command. Use this to react to directory changes: reload environment variables, activate project-specific toolchains, or run setup scripts automatically. Pairs with [FileChanged](#filechanged) for tools like [direnv](https://direnv.net/) that manage per-directory environment.

CwdChanged hooks have access to `CLAUDE_ENV_FILE`. Variables written to that file persist into subsequent Bash commands for the session, just as in [SessionStart hooks](#persist-environment-variables). Only `type: "command"` hooks are supported.

CwdChanged does not support matchers and fires on every directory change.

@@ -1683,7 +1734,7 @@ The `matcher` for this event serves two roles:

- **Build the watch list**: the value is split on `|` and each segment is registered as a literal filename in the working directory, so `".envrc|.env"` watches exactly those two files. Regex patterns are not useful here: a value like `^\.env` would watch a file literally named `^\.env`.

- **Filter which hooks run**: when a watched file changes, the same value filters which hook groups run using the standard [matcher rules](#matcher-patterns) against the changed file's basename.

FileChanged hooks have access to `CLAUDE_ENV_FILE`. Variables written to that file persist into subsequent Bash commands for the session, just as in [SessionStart hooks](#persist-environment-variables). Only `type: "command"` hooks are supported.

#### FileChanged input

@@ -2032,6 +2083,7 @@ Events that support all four hook types (`command`, `http`, `prompt`, and `agent

- `SubagentStop`

- `TaskCompleted`

- `TaskCreated`

- `UserPromptExpansion`

- `UserPromptSubmit`

Events that support `command` and `http` hooks but not `prompt` or `agent`:

interactive-mode +1 -1

@@ -296,7 +296,7 @@ Press **Space**, **Enter**, or **Escape** to dismiss the answer and return to th

When working on complex, multi-step work, Claude creates a task list to track progress. Tasks appear in the status area of your terminal with indicators showing what's pending, in progress, or complete.

- Press `Ctrl+T` to toggle the task list view. The display shows up to 10 tasks at a time

- Press `Ctrl+T` to toggle the task list view. The display shows up to 5 tasks at a time

- To see all tasks or clear them, ask Claude directly: "show me all tasks" or "clear all tasks"

- Tasks persist across context compactions, helping Claude stay organized on larger projects

- To share a task list across sessions, set `CLAUDE_CODE_TASK_LIST_ID` to use a named directory in `~/.claude/tasks/`: `CLAUDE_CODE_TASK_LIST_ID=my-project claude`

mcp +1 -1

@@ -649,7 +649,7 @@ Tips:

If you've logged into Claude Code with a [Claude.ai](https://claude.ai) account, MCP servers you've added in Claude.ai are automatically available in Claude Code:

Add servers at [claude.ai/settings/connectors](https://claude.ai/settings/connectors). On Team and Enterprise plans, only admins can add servers.

Add servers at [claude.ai/customize/connectors](https://claude.ai/customize/connectors). On Team and Enterprise plans, only admins can add servers.

Complete any required authentication steps in Claude.ai.

monitoring-usage +282 -17

OpenTelemetryを使用したセッションやトークン消費の監視方法、および詳細なトレース仕様について大幅に追記されました。

(差分が大きいため省略しています)

network-config +3 -3

@@ -101,10 +101,10 @@ Claude Code requires access to the following URLs:

Ensure these URLs are allowlisted in your proxy configuration and firewall rules. This is especially important when using Claude Code in containerized or restricted network environments.

The native installer and update checks also require the following URLs. Allowlist both, since the installer and auto-updater fetch from `storage.googleapis.com` while plugin downloads use `downloads.claude.ai`. If you install Claude Code through npm or manage your own binary distribution, end users may not need access:

The native installer and update checks also require the following URLs. Allowlist both, since clients running older Claude Code versions fetch from `storage.googleapis.com`. If you install Claude Code through npm or manage your own binary distribution, end users may not need access:

- `storage.googleapis.com`: download bucket for the Claude Code binary and auto-updater

- `downloads.claude.ai`: CDN hosting the install script, version pointers, manifests, signing keys, and plugin executables

- `downloads.claude.ai`: download host for the Claude Code binary, auto-updater, version pointers, manifests, install script, signing keys, and plugin executables

- `storage.googleapis.com`: legacy download host used by older clients

The [Chrome integration](/en/chrome) connects to the browser extension over a WebSocket bridge. If you use Claude in Chrome, allowlist `bridge.claudeusercontent.com` for outbound WebSocket connections.

permissions +1 -1

@@ -266,7 +266,7 @@ Use both for defense-in-depth:

- Filesystem restrictions in the sandbox use Read and Edit deny rules, not separate sandbox configuration

- Network restrictions combine WebFetch permission rules with the sandbox's `allowedDomains` and `deniedDomains` lists

When sandboxing is enabled with `autoAllowBashIfSandboxed: true`, which is the default, sandboxed Bash commands run without prompting even if your permissions include `ask: Bash(*)`. The sandbox boundary substitutes for the per-command prompt. Explicit deny rules still apply, and `rm` or `rmdir` commands that target `/`, your home directory, or other critical system paths still trigger a prompt. See [sandbox modes](/en/sandboxing#sandbox-modes) to change this behavior.

## Managed settings

plugin-dependencies +29 -2

プラグインの依存関係管理や、セキュリティのための検証プロセスに関する解説が強化されました。

@@ -9,7 +9,7 @@ source: https://code.claude.com/docs/en/plugin-dependencies.md

A plugin can depend on other plugins by listing them in `plugin.json` or in its marketplace entry. By default, a dependency tracks the latest available version, so an upstream release can change the dependency under your plugin without warning. Version constraints let you hold a dependency at a tested version range until you choose to move.

When you install a plugin that declares dependencies, Claude Code resolves and installs them automatically and lists which dependencies were added at the end of the install output.

When you install a plugin that declares dependencies, Claude Code resolves and installs them automatically and lists which dependencies were added at the end of the install output. If a dependency later goes missing, `/reload-plugins` and the background plugin auto-update install it automatically, provided its marketplace is already in your configured marketplaces. Dependencies from a marketplace you have not added are left unresolved.

This guide is for plugin authors who declare dependencies in `plugin.json` and for marketplace maintainers who tag releases. To install plugins that have dependencies, see [Discover and install plugins](/en/discover-plugins). For the full manifest schema, see the [Plugins reference](/en/plugins-reference).

@@ -46,10 +46,37 @@ An entry can be a bare string with only the plugin name, like `"audit-logger"` i

| :- | :- | :- |

| `name` | string | Plugin name. Resolves within the same marketplace as the declaring plugin. Required. |

| `version` | string | A [semver range](https://github.com/npm/node-semver#ranges) such as `~2.1.0`, `^2.0`, `>=1.4`, or `=2.1.0`. The dependency is fetched at the highest tagged version that satisfies this range. |

| `marketplace` | string | A different marketplace to resolve `name` in. Cross-marketplace dependencies are blocked unless the target marketplace is allowlisted in the root marketplace's `marketplace.json`. |

| `marketplace` | string | A different marketplace to resolve `name` in. Cross-marketplace dependencies are blocked unless the target marketplace is listed in [`allowCrossMarketplaceDependenciesOn`](#depend-on-a-plugin-from-another-marketplace) in the root marketplace's `marketplace.json`. |

The `version` field accepts any expression supported by Node's `semver` package, including caret, tilde, hyphen, and comparator ranges. Pre-release versions such as `2.0.0-beta.1` are excluded unless your range opts in with a pre-release suffix like `^2.0.0-0`.

## Depend on a plugin from another marketplace

By default, Claude Code refuses to auto-install a dependency that lives in a different marketplace than the plugin declaring it. This prevents one marketplace from silently pulling in plugins from a source you have not reviewed.

To allow it, the maintainer of the root marketplace adds the target marketplace name to `allowCrossMarketplaceDependenciesOn` in `marketplace.json`. The root marketplace is the one that hosts the plugin the user is installing; only its allowlist is consulted, so trust does not chain through intermediate marketplaces.

The following `marketplace.json` allows `deploy-kit` to depend on a plugin from `acme-shared`:

```json .claude-plugin/marketplace.json theme={null}

{

"name": "acme-tools",

"owner": { "name": "Acme" },

"allowCrossMarketplaceDependenciesOn": ["acme-shared"],

"plugins": [

{

"name": "deploy-kit",

"source": "./deploy-kit",

"dependencies": [

{ "name": "audit-logger", "marketplace": "acme-shared" }

]

}

]

}

```

If the field is missing or does not include the target marketplace, install fails with a `cross-marketplace` error naming the field to set. Users can still install the dependency manually first, which satisfies the constraint without changing the allowlist.

## Tag plugin releases for version resolution

Version constraints resolve against git tags on the marketplace repository. For Claude Code to find a dependency's available versions, the upstream plugin's releases must be tagged using a specific naming convention.

plugin-marketplaces +2 -1

@@ -150,13 +150,14 @@ Each plugin entry needs at minimum a `name` and `source` (where to fetch it from

### Optional metadata

### Optional fields

| Field | Type | Description |

| :- | :- | :- |

| `metadata.description` | string | Brief marketplace description |

| `metadata.version` | string | Marketplace version |

| `metadata.pluginRoot` | string | Base directory prepended to relative plugin source paths (for example, `"./plugins"` lets you write `"source": "formatter"` instead of `"source": "./plugins/formatter"`) |

| `allowCrossMarketplaceDependenciesOn` | array | Other marketplaces that plugins in this marketplace may depend on. Dependencies from a marketplace not listed here are blocked at install. See [Depend on a plugin from another marketplace](/en/plugin-dependencies#depend-on-a-plugin-from-another-marketplace). |

## Plugin entries

plugins-reference +1 -0

@@ -111,6 +111,7 @@ Plugin hooks respond to the same lifecycle events as [user-defined hooks](/en/ho

| :- | :- |

| `SessionStart` | When a session begins or resumes |

| `UserPromptSubmit` | When you submit a prompt, before Claude processes it |

| `UserPromptExpansion` | When a user-typed command expands into a prompt, before it reaches Claude. Can block the expansion |

| `PreToolUse` | Before a tool call executes. Can block it |

| `PermissionRequest` | When a permission dialog appears |

| `PermissionDenied` | When a tool call is denied by the auto mode classifier. Return `{retry: true}` to tell the model it may retry the denied tool call |

sandboxing +2 -2

@@ -90,13 +90,13 @@ You can enable sandboxing by running the `/sandbox` command:

This opens a menu where you can choose between sandbox modes. If required dependencies are missing (such as `bubblewrap` or `socat` on Linux), the menu displays installation instructions for your platform.

By default, if the sandbox cannot start (missing dependencies, unsupported platform, or platform restrictions), Claude Code shows a warning and runs commands without sandboxing. To make this a hard failure instead, set [`sandbox.failIfUnavailable`](/en/settings#sandbox-settings) to `true`. This is intended for managed deployments that require sandboxing as a security gate.

By default, if the sandbox cannot start (missing dependencies or unsupported platform), Claude Code shows a warning and runs commands without sandboxing. To make this a hard failure instead, set [`sandbox.failIfUnavailable`](/en/settings#sandbox-settings) to `true`. This is intended for managed deployments that require sandboxing as a security gate.

### Sandbox modes

Claude Code offers two sandbox modes:

**Auto-allow mode**: Bash commands will attempt to run inside the sandbox and are automatically allowed without requiring permission. Commands that cannot be sandboxed (such as those needing network access to non-allowed hosts) fall back to the regular permission flow. Explicit deny rules are always respected. Ask rules apply only to commands that fall back to the regular permission flow.

**Auto-allow mode**: Bash commands will attempt to run inside the sandbox and are automatically allowed without requiring permission. Commands that cannot be sandboxed (such as those needing network access to non-allowed hosts) fall back to the regular permission flow. Explicit deny rules are always respected, and `rm` or `rmdir` commands that target `/`, your home directory, or other critical system paths still trigger a permission prompt. Ask rules apply only to commands that fall back to the regular permission flow.

**Regular permissions mode**: All bash commands go through the standard permission flow, even when sandboxed. This provides more control but requires more approvals.

settings +3 -3

@@ -88,7 +88,7 @@ Code through hierarchical settings:

- **Server-managed settings**: delivered from Anthropic's servers via the Claude.ai admin console. See [server-managed settings](/en/server-managed-settings).

- **MDM/OS-level policies**: delivered through native device management on macOS and Windows:

- macOS: `com.anthropic.claudecode` managed preferences domain (deployed via configuration profiles in Jamf, Iru (Kandji), or other MDM tools)

- macOS: `com.anthropic.claudecode` managed preferences domain. The plist's top-level keys mirror `managed-settings.json`, with nested settings as dictionaries and arrays as plist arrays. Deploy via configuration profiles in Jamf, Iru (Kandji), or similar MDM tools.

- Windows: `HKLM\SOFTWARE\Policies\ClaudeCode` registry key with a `Settings` value (REG\_SZ or REG\_EXPAND\_SZ) containing JSON (deployed via Group Policy or Intune)

- Windows (user-level): `HKCU\SOFTWARE\Policies\ClaudeCode` (lowest policy priority, only used when no admin-level source exists)

- **File-based**: `managed-settings.json` and `managed-mcp.json` deployed to system directories:

@@ -279,7 +279,7 @@ Configure advanced sandboxing behavior. Sandboxing isolates bash commands from y

| Keys | Description | Example |

| :- | :- | :- |

| `enabled` | Enable bash sandboxing (macOS, Linux, and WSL2). Default: false | `true` |

| `failIfUnavailable` | Exit with an error at startup if `sandbox.enabled` is true but the sandbox cannot start (missing dependencies, unsupported platform, or platform restrictions). When false (default), a warning is shown and commands run unsandboxed. Intended for managed settings deployments that require sandboxing as a hard gate | `true` |

| `failIfUnavailable` | Exit with an error at startup if `sandbox.enabled` is true but the sandbox cannot start (missing dependencies or unsupported platform). When false (default), a warning is shown and commands run unsandboxed. Intended for managed settings deployments that require sandboxing as a hard gate | `true` |

| `autoAllowBashIfSandboxed` | Auto-approve bash commands when sandboxed. Default: true | `true` |

| `excludedCommands` | Commands that should run outside of the sandbox | `["docker *"]` |

| `allowUnsandboxedCommands` | Allow commands to run outside the sandbox via the `dangerouslyDisableSandbox` parameter. When set to `false`, the `dangerouslyDisableSandbox` escape hatch is completely disabled and all commands must run sandboxed (or be in `excludedCommands`). Useful for enterprise policies that require strict sandboxing. Default: true | `false` |

@@ -474,7 +474,7 @@ For example, if your user settings allow `Bash(npm run *)` but a project's share

### Verify active settings

Run `/status` inside Claude Code to see which settings sources are active and where they come from. The output shows each configuration layer (managed, user, project) along with its origin, such as `Enterprise managed settings (remote)`, `Enterprise managed settings (plist)`, `Enterprise managed settings (HKLM)`, or `Enterprise managed settings (file)`. If a settings file contains errors, `/status` reports the issue so you can fix it.

Run `/status` inside Claude Code to see which settings sources are active and where they come from. The output shows each configuration layer (managed, user, project) along with its origin, such as `Enterprise managed settings (remote)`, `Enterprise managed settings (plist)`, `Enterprise managed settings (HKLM)`, `Enterprise managed settings (HKCU)`, or `Enterprise managed settings (file)`. If a settings file contains errors, `/status` reports the issue so you can fix it.

### Key points about the configuration system

setup +1 -1

@@ -317,7 +317,7 @@ Confirm the output includes this fingerprint:

Set `VERSION` to the release you want to verify.

```bash theme={null}

REPO=https://storage.googleapis.com/claude-code-dist-86c565f3-f756-42ad-8dfa-d59b1c096819/claude-code-releases

REPO=https://downloads.claude.ai/claude-code-releases

VERSION=2.1.89

curl -fsSLO "$REPO/$VERSION/manifest.json"

curl -fsSLO "$REPO/$VERSION/manifest.json.sig"

skills +3 -1

@@ -179,10 +179,11 @@ All fields are optional. Only `description` is recommended so Claude knows when

| `description` | Recommended | What the skill does and when to use it. Claude uses this to decide when to apply the skill. If omitted, uses the first paragraph of markdown content. Front-load the key use case: the combined `description` and `when_to_use` text is truncated at 1,536 characters in the skill listing to reduce context usage. |

| `when_to_use` | No | Additional context for when Claude should invoke the skill, such as trigger phrases or example requests. Appended to `description` in the skill listing and counts toward the 1,536-character cap. |

| `argument-hint` | No | Hint shown during autocomplete to indicate expected arguments. Example: `[issue-number]` or `[filename] [format]`. |

| `arguments` | No | Named positional arguments for [`$name` substitution](#available-string-substitutions) in the skill content. Accepts a space-separated string or a YAML list. Names map to argument positions in order. |

| `disable-model-invocation` | No | Set to `true` to prevent Claude from automatically loading this skill. Use for workflows you want to trigger manually with `/name`. Default: `false`. |

| `user-invocable` | No | Set to `false` to hide from the `/` menu. Use for background knowledge users shouldn't invoke directly. Default: `true`. |

| `allowed-tools` | No | Tools Claude can use without asking permission when this skill is active. Accepts a space-separated string or a YAML list. |

| `model` | No | Model to use when this skill is active. |

| `model` | No | Model to use when this skill is active. The override applies for the rest of the current turn and is not saved to settings; the session model resumes on your next prompt. Accepts the same values as [`/model`](/en/model-config), or `inherit` to keep the active model. |

| `effort` | No | [Effort level](/en/model-config#adjust-effort-level) when this skill is active. Overrides the session effort level. Default: inherits from session. Options: `low`, `medium`, `high`, `xhigh`, `max`; available levels depend on the model. |

| `context` | No | Set to `fork` to run in a forked subagent context. |

| `agent` | No | Which subagent type to use when `context: fork` is set. |

@@ -199,6 +200,7 @@ Skills support string substitution for dynamic values in the skill content:

| `$ARGUMENTS` | All arguments passed when invoking the skill. If `$ARGUMENTS` is not present in the content, arguments are appended as `ARGUMENTS: <value>`. |

| `$ARGUMENTS[N]` | Access a specific argument by 0-based index, such as `$ARGUMENTS[0]` for the first argument. |

| `$N` | Shorthand for `$ARGUMENTS[N]`, such as `$0` for the first argument or `$1` for the second. |

| `$name` | Named argument declared in the [`arguments`](#frontmatter-reference) frontmatter list. Names map to positions in order, so with `arguments: [issue, branch]` the placeholder `$issue` expands to the first argument and `$branch` to the second. |

| `${CLAUDE_SESSION_ID}` | The current session ID. Useful for logging, creating session-specific files, or correlating skill output with sessions. |

| `${CLAUDE_SKILL_DIR}` | The directory containing the skill's `SKILL.md` file. For plugin skills, this is the skill's subdirectory within the plugin, not the plugin root. Use this in bash injection commands to reference scripts or files bundled with the skill, regardless of the current working directory. |

sub-agents +2 -2

@@ -462,7 +462,7 @@ Subagents can define [hooks](/en/hooks) that run during the subagent's lifecycle

Define hooks directly in the subagent's markdown file. These hooks only run while that specific subagent is active and are cleaned up when it finishes.

Frontmatter hooks fire when the agent is spawned as a subagent through the Agent tool or an @-mention. They do not fire when the agent runs as the main session via [`--agent`](#invoke-subagents-explicitly) or the `agent` setting. For session-wide hooks, configure them in [`settings.json`](/en/hooks).

Frontmatter hooks fire when the agent is spawned as a subagent through the Agent tool or an @-mention, and when the agent runs as the main session via [`--agent`](#invoke-subagents-explicitly) or the `agent` setting. In the main-session case they run alongside any hooks defined in [`settings.json`](/en/hooks).

All [hook events](/en/hooks#hook-events) are supported. The most common events for subagents are:

@@ -492,7 +492,7 @@ hooks:

---

```

`Stop` hooks in frontmatter are automatically converted to `SubagentStop` events.

When the agent is invoked as a subagent, `Stop` hooks in frontmatter are automatically converted to `SubagentStop` events.

#### Project-level hooks for subagent events

terminal-config +1 -1

@@ -30,7 +30,7 @@ In most terminals you can also press Shift+Enter, but support varies by terminal

| VS Code, Cursor, Windsurf, Alacritty, Zed | Run `/terminal-setup` once |

| Windows Terminal, gnome-terminal, JetBrains IDEs such as PyCharm and Android Studio | Not available; use Ctrl+J or `\` then Enter |

For VS Code, Cursor, Windsurf, Alacritty, and Zed, `/terminal-setup` writes Shift+Enter and other keybindings into the terminal's configuration file. If it reports a conflict such as `Found existing VSCode terminal Shift+Enter key binding`, remove that entry from the terminal's own keybindings file, for example VS Code's `keybindings.json`, and run the command again. Run `/terminal-setup` directly in the host terminal rather than inside tmux or screen, since it needs to write to the host terminal's configuration.

For VS Code, Cursor, Windsurf, Alacritty, and Zed, `/terminal-setup` writes Shift+Enter and other keybindings into the terminal's configuration file. In VS Code, Cursor, and Windsurf it also sets `terminal.integrated.mouseWheelScrollSensitivity` in the editor settings for smoother scrolling in [fullscreen mode](/en/fullscreen). Existing bindings and settings are left in place; if you see a message such as `VSCode terminal Shift+Enter key binding already configured`, no change was made. Run `/terminal-setup` directly in the host terminal rather than inside tmux or screen, since it needs to write to the host terminal's configuration.

If you are running inside tmux, Shift+Enter also requires the [tmux configuration below](#configure-tmux) even when the outer terminal supports it.

troubleshooting +9 -9

認証の問題を解決するための具体的な手順や、エンタープライズ認証が表示されない場合の対処法が整理されました。

@@ -40,15 +40,15 @@ If your issue isn't listed, work through these diagnostic steps.

### Check network connectivity

The installer downloads from `storage.googleapis.com`. Verify you can reach it:

The installer downloads from `downloads.claude.ai`. Verify you can reach it:

```bash

curl -sI https://storage.googleapis.com

curl -sI https://downloads.claude.ai

```

If this fails, your network may be blocking the connection. Common causes:

- Corporate firewalls or proxies blocking Google Cloud Storage

- Corporate firewalls or proxies blocking `downloads.claude.ai`

- Regional network restrictions: try a VPN or alternative network

- TLS/SSL issues: update your system's CA certificates, or check if `HTTPS_PROXY` is configured

@@ -264,9 +264,9 @@ The `curl ... | bash` command downloads the script and passes it directly to Bas

**Solutions:**

1. **Check network stability**: Claude Code binaries are hosted on Google Cloud Storage. Test that you can reach it:

1. **Check network stability**: Claude Code binaries are hosted at `downloads.claude.ai`. Test that you can reach it:

```bash theme={null}

curl -fsSL https://storage.googleapis.com -o /dev/null

curl -fsSL https://downloads.claude.ai -o /dev/null

```

If the command completes silently, your connection is fine and the issue is likely intermittent. Retry the install command. If you see an error, your network may be blocking the download.

@@ -322,15 +322,15 @@ Errors like `curl: (35) TLS connect error`, `schannel: next InitializeSecurityCo

```

Alternatively, install with `winget install Anthropic.ClaudeCode`, which avoids curl entirely.

### `Failed to fetch version from storage.googleapis.com`

### `Failed to fetch version from downloads.claude.ai`

The installer couldn't reach the download server. This typically means `storage.googleapis.com` is blocked on your network.

The installer couldn't reach the download server. This typically means `downloads.claude.ai` is blocked on your network.

**Solutions:**

1. **Test connectivity directly**:

```bash theme={null}

curl -sI https://storage.googleapis.com

curl -sI https://downloads.claude.ai

```

2. **If behind a proxy**, set `HTTPS_PROXY` so the installer can route through it. See [proxy configuration](/en/network-config#proxy-configuration) for details.

@@ -487,7 +487,7 @@ This can happen on glibc-based systems that have musl cross-compilation packages

```

If it shows `linux-vdso.so` or references to `/lib/x86_64-linux-gnu/`, you're on glibc. If it shows `musl`, you're on musl.

2. **If you're on glibc but got the musl binary**, remove the installation and reinstall. You can also manually download the correct binary from the GCS bucket at `https://storage.googleapis.com/claude-code-dist-86c565f3-f756-42ad-8dfa-d59b1c096819/claude-code-releases/{VERSION}/manifest.json`. File a [GitHub issue](https://github.com/anthropics/claude-code/issues) with the output of `ldd /bin/ls` and `ls /lib/libc.musl*`.

2. **If you're on glibc but got the musl binary**, remove the installation and reinstall. You can also manually download the correct binary using the manifest at `https://downloads.claude.ai/claude-code-releases/{VERSION}/manifest.json`. File a [GitHub issue](https://github.com/anthropics/claude-code/issues) with the output of `ldd /bin/ls` and `ls /lib/libc.musl*`.

3. **If you're actually on musl** (Alpine Linux), install the required packages:

```bash theme={null}