9 ファイル変更 +266 -89
この更新の概要
サブエージェントによるコードレビューやセキュリティ脆弱性の自動修正など、開発の正確性を高めるベストプラクティスが追加されました。CLIのストリーミング出力において詳細ログを表示するverboseフラグの指定が必須となり、コマンドリファレンスが更新されています。セキュリティガイダンスに関する詳細なプラグイン説明が新設され、他ファイルからのインポートにおける再帰的な深さの上限が5回から4回に変更されました。
@@ -43,6 +43,8 @@ UI changes can be verified using the [Claude in Chrome extension](/en/chrome). I
Your verification can also be a test suite, a linter, or a Bash command that checks output. Invest in making your verification rock-solid.
Have Claude show evidence rather than asserting success: the test output, the command it ran and what it returned, or a screenshot of the result. Reviewing evidence is faster than re-running the verification yourself, and it works for sessions you weren't watching.
***
## Explore first, then plan, then code
@@ -177,7 +179,7 @@ You can place CLAUDE.md files in several locations:
- **Project root (`./CLAUDE.md`)**: check into git to share with your team
- **Project root (`./CLAUDE.local.md`)**: personal project-specific notes; add this file to your `.gitignore` so it isn't shared with your team
- **Parent directories**: useful for monorepos where both `root/CLAUDE.md` and `root/foo/CLAUDE.md` are pulled in automatically
- **Child directories**: Claude pulls in child CLAUDE.md files on demand when working with files in those directories
- **Child directories**: Claude pulls in child CLAUDE.md files on demand when it reads a file in those directories
### Configure permissions
@@ -323,6 +325,8 @@ Keep interviewing until we've covered everything, then write a complete spec to
Once the spec is complete, start a fresh session to execute it. The new session has clean context focused entirely on implementation, and you have a written spec to reference.
The most useful specs are self-contained: they name the files and interfaces involved, state what is out of scope, and end with an end-to-end verification step that proves the feature works. Time spent making the spec precise pays off more than time spent watching the implementation.
***
## Manage your session
@@ -402,7 +406,7 @@ Everything so far assumes one human, one Claude, and one conversation. But Claud
### Run non-interactive mode
Use `claude -p "prompt"` in CI, pre-commit hooks, or scripts. Add `--output-format stream-json` for streaming JSON output.
Use `claude -p "prompt"` in CI, pre-commit hooks, or scripts. Add `--output-format stream-json --verbose` for streaming JSON output.
With `claude -p "your prompt"`, you can run Claude non-interactively, without a session. [Non-interactive mode](/en/headless) is how you integrate Claude into CI pipelines, pre-commit hooks, or any automated workflow. The output formats let you parse results programmatically: plain text, JSON, or streaming JSON.
@@ -414,7 +418,7 @@ claude -p "Explain what this project does"
claude -p "List all API endpoints" --output-format json
# Streaming for real-time processing
claude -p "Analyze this log file" --output-format stream-json
claude -p "Analyze this log file" --output-format stream-json --verbose
```
### Run multiple Claude sessions
@@ -475,6 +479,24 @@ claude --permission-mode auto -p "fix all lint errors"
For non-interactive runs with the `-p` flag, auto mode aborts if the classifier repeatedly blocks actions, since there is no user to fall back to. See [when auto mode falls back](/en/permission-modes#when-auto-mode-falls-back) for thresholds.
### Add an adversarial review step
Before treating a task as done, have a subagent review the diff in a fresh context and report gaps.
The longer Claude works unattended, the more an independent check matters before you count the work as done. A reviewer running in a fresh [subagent](/en/sub-agents) context sees only the diff and the criteria you give it, not the reasoning that produced the change, so it evaluates the result on its own terms.
For a correctness check, run the bundled [`/code-review` skill](/en/commands), which reviews the current diff for bugs in a fresh subagent and returns findings to the session. To check the diff against your plan instead, write the review prompt yourself. Name the work to check, the plan to check it against, and what counts as a finding:
```text
Use a subagent to review the rate limiter diff against PLAN.md. Check that
every requirement is implemented, the listed edge cases have tests, and
nothing outside the task's scope changed. Report gaps, not style preferences.
```
Because the reviewer runs as a subagent, the implementing session receives the gaps directly and can fix them and re-review without you copying findings between windows. For longer autonomous runs, an [agent team](/en/agent-teams) can keep this loop going across many tasks while you spot-check the recorded findings.
A reviewer prompted to find gaps will usually report some, even when the work is sound, because that is what it was asked to do. Chasing every finding leads to over-engineering: extra abstraction layers, defensive code, and tests for cases that can't happen. Tell the reviewer to flag only gaps that affect correctness or the stated requirements, and treat the rest as optional.
***
## Avoid common failure patterns
@@ -76,8 +76,8 @@ Customize Claude Code's behavior with these command-line flags. `claude --help`
| `--ide` | Automatically connect to IDE on startup if exactly one valid IDE is available | `claude --ide` |
| `--init` | Run [Setup hooks](/en/hooks#setup) with the `init` matcher before the session (print mode only) | `claude -p --init "query"` |
| `--init-only` | Run [Setup](/en/hooks#setup) and `SessionStart` hooks, then exit without starting a conversation | `claude --init-only` |
| `--include-hook-events` | Include all hook lifecycle events in the output stream. Requires `--output-format stream-json` | `claude -p --output-format stream-json --include-hook-events "query"` |
| `--include-partial-messages` | Include partial streaming events in output. Requires `--print` and `--output-format stream-json` | `claude -p --output-format stream-json --include-partial-messages "query"` |
| `--include-hook-events` | Include all hook lifecycle events in the output stream. Requires `--output-format stream-json` | `claude -p --output-format stream-json --verbose --include-hook-events "query"` |
| `--include-partial-messages` | Include partial streaming events in output. Requires `--print` and `--output-format stream-json` | `claude -p --output-format stream-json --verbose --include-partial-messages "query"` |
| `--input-format` | Specify input format for print mode (options: `text`, `stream-json`) | `claude -p --output-format json --input-format stream-json` |
| `--json-schema` | Get validated JSON output matching a JSON Schema after agent completes its workflow (print mode only, see [structured outputs](/en/agent-sdk/structured-outputs)) | `claude -p --json-schema '{"type":"object","properties":{...}}' "query"` |
| `--maintenance` | Run [Setup hooks](/en/hooks#setup) with the `maintenance` matcher before the session (print mode only) | `claude -p --maintenance "query"` |
@@ -97,7 +97,7 @@ Customize Claude Code's behavior with these command-line flags. `claude --help`
| `--remote` | Create a new [web session](/en/claude-code-on-the-web) on claude.ai with the provided task description | `claude --remote "Fix the login bug"` |
| `--remote-control`, `--rc` | Start an interactive session with [Remote Control](/en/remote-control#start-a-remote-control-session) enabled so you can also control it from claude.ai or the Claude app. Optionally pass a name for the session | `claude --remote-control "My Project"` |
| `--remote-control-session-name-prefix <prefix>` | Prefix for auto-generated [Remote Control](/en/remote-control) session names when no explicit name is set. Defaults to your machine's hostname, producing names like `myhost-graceful-unicorn`. Set `CLAUDE_REMOTE_CONTROL_SESSION_NAME_PREFIX` for the same effect | `claude remote-control --remote-control-session-name-prefix dev-box` |
| `--replay-user-messages` | Re-emit user messages from stdin back on stdout for acknowledgment. Requires `--input-format stream-json` and `--output-format stream-json` | `claude -p --input-format stream-json --output-format stream-json --replay-user-messages` |
| `--replay-user-messages` | Re-emit user messages from stdin back on stdout for acknowledgment. Requires `--input-format stream-json` and `--output-format stream-json` | `claude -p --input-format stream-json --output-format stream-json --verbose --replay-user-messages` |
| `--resume`, `-r` | Resume a specific session by ID or name, or show an interactive picker to choose a session. Includes sessions that added this directory with `/add-dir`. As of v2.1.144, [background sessions](/en/agent-view) appear in the picker marked with `bg` | `claude --resume auth-refactor` |
| `--session-id` | Use a specific session ID for the conversation (must be a valid UUID) | `claude --session-id "550e8400-e29b-41d4-a716-446655440000"` |
| `--setting-sources` | Comma-separated list of setting sources to load (`user`, `project`, `local`) | `claude --setting-sources user,project` |
@@ -1,79 +0,0 @@
---
title: desktop-changelog
source: https://code.claude.com/docs/en/desktop-changelog.md
---
# Desktop changelog
> Release notes for Claude Code on Desktop, covering new features, improvements, and bug fixes by Desktop app version.
This page covers Claude Code-specific changes in the Desktop app. For changes to the Claude Code CLI bundled inside the app, see the [CLI changelog](/en/changelog).
- Fixed auto-update hanging indefinitely on Relaunch to Update when popout windows refused to close.
- Fixed local sessions failing to start after a corrupted bundled Claude Code binary was cached.
- Fixed the credential helper opening duplicate browser sign-in tabs when starting a new conversation.
- Fixed Code tab PR status icons showing the wrong state for merged, merge-queued, and draft pull requests.
- Fixed Quick Entry dropping characters entered with a Korean, Japanese, or Chinese input method.
- Added an "Also delete files on disk" option to the scheduled task delete dialog; checking it removes the task's `SKILL.md` file and associated data from `~/.claude/scheduled-tasks/`.
- Added support for mouse back and forward buttons for navigating the chat view.
**3P managed deployments**
- Added an organization banner across the top of the app window, configured by IT administrators.
* Added MCP App widget rendering in Code tab sessions.
* Added an OS notification when a Code session finishes a task and you aren't currently viewing it.
* Added automatic detection and re-download of corrupted Claude Code CLI binaries on macOS.
* Added support for scheduled tasks to modify their own schedule or prompt during a run using the `update_scheduled_task` MCP tool.
* Updated the list of available MCP tools to reload automatically when the local MCP configuration changes.
* Updated PR auto-fix to post a reply on each review thread it addresses and mark the thread resolved.
* Improved SSH session startup speed by preconnecting saved SSH configurations at app launch.
* Fixed pasting a code block into a busy terminal; the app now opens a new terminal tab when the existing one has a process running.
* Fixed PR bar issues in Code sessions: each row now shows its own diff, and the sidebar status icon updates when a PR is merged.
* Fixed garbled scrollback, such as stray `%` marks and half-wrapped prompts, when opening the terminal pane after running a code block.
* Fixed Code session links opening with overlapping window controls when reached via Handoff or share links.
* Fixed git commit signing failing in local sessions when the signing key is held by 1Password or Secretive.
* Fixed locally installed plugins disappearing from sessions after the plugin registry file became corrupted by concurrent writes.
* Fixed scheduled tasks running with auto-approve echoing tool-use suggestions into the session.
* Fixed SSH plugin sync so a single problematic plugin no longer blocks sync for the rest.
**3P managed deployments**
- Added support for stdio-transport local MCP servers via the `managedMcpServers` managed-settings key; the connector detail panel now shows the command and arguments, and environment variable values are masked outside the admin Setup screen.
- Added a managed-settings option to disable `claude://` deep-link handling.
- Added support for customizing model display names in the model picker via `labelOverride`.
- Fixed per-tool MCP server policies set by administrators not being enforced in all session types.
* Fixed scheduled tasks failing to run when a previous run was stuck waiting on a permission prompt.
* Fixed scheduled tasks repeatedly retrying a failed run instead of waiting for the next scheduled time.
* Fixed scheduled-task history incorrectly showing "computer asleep" for runs skipped due to a concurrency limit.
* Added per-plugin auto-install for organization-provisioned plugins via the plugin manifest.
* Added Unarchive to the Code session context menu; sending a message in an archived session now restores it automatically.
* Added a warning when archiving a Code session that has uncommitted changes in its worktree.
* Added a warning when quitting or restarting the app while local Code sessions are running.
* Added csh and tcsh login shell support when connecting to remote SSH hosts.
* Fixed folder permission rules failing to match when the connected folder is a drive root.
* Fixed Windows installs leaving an empty folder under `%LOCALAPPDATA%`.
- Code sessions now default the working directory to the home folder when none is configured.
- `settings.json` project settings now cascade from the SSH host for SSH Code sessions.
- "Always allow" tool permissions now persist across app restarts and display their scope.
- Added automatic detection and re-download of corrupted Claude Code CLI binaries on Windows.
- The PR bar now shows stacked and sibling pull requests alongside the branch's own PR.
- Messages sent while a turn is running are now queued rather than dropped.
- Opening a Code session link on iOS now continues the session on macOS via Handoff.
* Disabling the org Skills toggle in the admin console now removes the skill management tools `list_skills`, `save_skill`, and `propose_skills` from Code sessions.
* The preview pane now opens automatically when a session's working directory is a symlink.
* Improved login-shell PATH extraction for more reliable tool discovery.
- Added a multi-tab terminal pane; click **+** in the terminal pane header to open a second tab, or right-click a folder in the chat to choose **Open in terminal**.
- Fixed worktree pool re-lease creating a fresh worktree on checkout failure instead of re-using an existing one.
- Fixed rewind selecting the wrong assistant message after a previous rewind created a fork.
* Added `list_sessions`, `search_session_transcripts`, and `archive_session` MCP tools for managing Code sessions from within a session.
* Improved SSH wake-path reliability and surfaced `ProxyCommand` stderr output for easier debugging.
* Fixed login-shell PATH extraction for fish shell users. It was returning a newline-separated list instead of a colon-separated one.
* Fixed the SSH remote control socket directory permissions so `~/.claude/remote` is no longer world-traversable.
* PR review bodies and issue comments are now forwarded to the auto-fix engine.
* Added a category-driven error UI for Code sessions that groups failures by type and surfaces actionable recovery steps.
@@ -81,6 +81,10 @@ These plugins bundle pre-configured [MCP servers](/en/mcp) so you can connect Cl
- **Communication**: `slack`
- **Monitoring**: `sentry`
### Automatic security review
The `security-guidance` plugin reviews each change Claude makes for common vulnerabilities and instructs Claude to fix what it finds in the same session. See [Catch security issues as Claude writes code](/en/security-guidance) for what it checks and how to add project-specific rules.
### Development workflows
Plugins that add skills and agents for common development tasks:
@@ -82,6 +82,8 @@ Each example includes a ready-to-use configuration block that you add to a [sett
- [Reload environment when directory or files change](#reload-environment-when-directory-or-files-change)
- [Auto-approve specific permission prompts](#auto-approve-specific-permission-prompts)
For a production example of hooks that run a separate model review and feed findings back into the session, see [how the `security-guidance` plugin integrates with Claude Code](/en/security-guidance#how-the-plugin-integrates-with-claude-code).
### Get notified when Claude needs input
Get a desktop notification whenever Claude finishes working and needs your input, so you can switch to other tasks without checking the terminal.
@@ -93,7 +93,7 @@ CLAUDE.md files are loaded into the context window at the start of every session
CLAUDE.md files can import additional files using `@path/to/import` syntax. Imported files are expanded and loaded into context at launch alongside the CLAUDE.md that references them.
Both relative and absolute paths are allowed. Relative paths resolve relative to the file containing the import, not the working directory. Imported files can recursively import other files, with a maximum depth of five hops.
Both relative and absolute paths are allowed. Relative paths resolve relative to the file containing the import, not the working directory. Imported files can recursively import other files, with a maximum depth of four hops.
To pull in a README, package.json, and a workflow guide, reference them with `@` syntax anywhere in your CLAUDE.md:
@@ -933,9 +933,9 @@ The output shows two cost figures for each component:
This example shows what the output looks like for a plugin with two skills:
```
security-guidance 1.2.0
Real-time security analysis for Claude Code sessions
Source: security-guidance@claude-code-marketplace
dependency-guard 1.2.0
Dependency analysis for Claude Code sessions
Source: dependency-guard@example-marketplace
Component inventory
Skills (2) scan-dependencies, review-changes
@@ -134,6 +134,7 @@ If you discover a security vulnerability in Claude Code:
## Related resources
- [Security guidance plugin](/en/security-guidance): have Claude review and fix vulnerabilities in its own code changes during the session
- [Sandbox environments](/en/sandbox-environments): compare isolation approaches and choose one for your threat model
- [Sandboxing](/en/sandboxing): filesystem and network isolation for Bash commands
- [Permissions](/en/permissions): configure permissions and access controls