Claude Code Digest — 2026-03-18 00:36:05
What the docs reveal
Anthropic just formalized the Claude Code plugin lifecycle. The documentation introduces ${CLAUDE_PLUGIN_ROOT} for read-only bundled assets and ${CLAUDE_PLUGIN_DATA} for persistent state. Until now, plugins lacked standard directories, meaning developers either polluted the user's home directory or lost cached data during updates. This mirrors the VS Code extension architecture. You can now build heavy MCP plugins that download binaries, maintain local SQLite databases, or cache dependencies without risking data loss on upgrade. The uninstaller enforces this new contract, deleting the data directory by default unless you pass the --keep-data flag.
Users continually confuse behavioral prompts with security guardrails. Anthropic updated the memory and permissions documentation to address this liability directly. The new documentation draws a strict line: CLAUDE.md provides soft behavioral guidelines, while managed settings enforce hard technical constraints. More importantly, Anthropic exposed a critical security caveat regarding file access. File-system deny rules only restrict Claude's internal tools. If you deny access to .env in the settings, Claude's native file-reader obeys. If Claude executes cat .env through a shell command, the operating system allows the read. To restrict actions completely, developers must execute Claude Code inside an OS-level sandbox like Docker. You cannot prompt your way to hardware security.
Enterprise scaling requires decoupling models from the client application. Bedrock and Vertex AI users can now define specific Haiku versions using the ANTHROPIC_DEFAULT_HAIKU_MODEL variable (currently defaulting to claude-haiku-4-5-20251001-v1:0 on AWS). Hardcoding model IDs breaks production automation when cloud providers deprecate endpoints. This variable gives infrastructure teams control over their deployment targets without requiring Claude Code binary updates.
Claude Code continues its transition toward standalone native tooling. The network documentation now explicitly requires firewall access to downloads.claude.ai and storage.googleapis.com for automated updates. This points to a shift away from pure Node.js environments toward compiled native installers that fetch updates directly from GCP buckets.
Finally, Anthropic addressed a persistent annoyance for Windows developers. The platform now normalizes Windows paths to standard POSIX conventions. Developers must use the //c/**/ syntax to target files across drives. This establishes a universal standard for path matching, ending the backslash-escaping nightmare of previous versions.