Claude Code Digest — 2026-03-27 20:14:02
What the docs reveal
Process spawning is expensive. Previously, the matcher configuration filtered hook executions only at the broad tool-group level. This forced Claude Code to spawn a background process for irrelevant events. The new if field fixes this bottleneck. Available in version 2.1.85, the if field applies permission rule syntax to evaluate specific tool names and arguments before spawning a process. Anthropic restricts this field to tool-use events (PreToolUse, PostToolUse, PostToolUseFailure, and PermissionRequest). By bypassing the OS process overhead for unmatched events, local workflows will execute significantly faster.
Anthropic also enabled headless infrastructure for interactive workflows. The AskUserQuestion hook now accepts an updatedInput return value to answer prompts programmatically. Developers can finally execute tool-dependent Claude Code routines in CI/CD pipelines without hanging the terminal.
Corporate networks routinely break standard protocols. Internal identity providers often misconfigure OAuth discovery endpoints, silently dropping Model Context Protocol (MCP) server connections. You can now define a custom OIDC metadata URL to bypass broken discovery chains entirely.
Routing configuration receives a parallel upgrade. Developers managing multiple MCP servers previously maintained tangled directories of independent helpers. Claude Code now injects CLAUDE_CODE_MCP_SERVER_NAME and CLAUDE_CODE_MCP_SERVER_URL directly into the environment. You can build multiplexed helper scripts to route all MCP traffic through a single entry point.
Observability matures alongside these enterprise networking features. Organizations operating zero-trust networks can configure OpenTelemetry (OTLP) mTLS using explicit client key and certificate environment variables. To prevent high-frequency telemetry bursts from hammering authentication servers, developers can throttle dynamic header refreshes using the new CLAUDE_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS variable.
Logging tools still carry severe security risks. The documentation adds explicit warnings regarding OTEL_LOG_TOOL_DETAILS. Claude Code truncates telemetry inputs at 512 characters and payloads at 4KB, but truncation does not scrub secrets. API keys sit at the beginning of headers. Passwords define connection strings. Developers must implement backend redaction to prevent raw credentials from leaking into Datadog or Splunk.
Finally, the introduction of managed-settings.json signals a shift toward centralized IT compliance. Organizations can now block rogue plugin installations and hide unapproved packages from the marketplace entirely. Anthropic built Claude Code for developers, but enterprise adoption relies on satisfying security teams. This JSON file gives administrators the necessary kill switch.