What's changed Added `sandbox.credentials` setting to block sandboxed commands from reading credential files and secret environment variables Added org-configured model restrictions to the model picker, `--model`, `/model`, and `ANTHROPIC_MODEL`, with a "restricted by your organization's settings" message when a restricted model is selected Added mouse click support to select menus (permission prompts, `/model`, `/config`, etc.) in fullscreen mode Fixed `--resume` failing with "No conversation found" when the original `-p` run produced no model turns Fixed `--json-schema` and workflow `agent({schema})` structured output: the model can no longer re-call `StructuredOutput` indefinitely after a successful call, and follow-up turns now reliably return structured output Fixed remote MCP tool calls that hang with no response for 5 minutes — they now abort with an error instead of blocking indefinitely (override with `CLAUDE_CODE_MCP_TOOL_IDLE_TIMEOUT`) Fixed Claude Code Remote sessions taking ~2.7s longer to start after the agent proxy CA system-trust install was added Fixed pasted Korean/CJK text turning into mojibake in terminals that deliver paste as per-byte extended-key events…