diff --git a/CHANGELOG.md b/CHANGELOG.md
index d648e61..deb7b41 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
 
+- **Threat database updated to v2.8.0** (`examples/commands/resources/threat-db.yaml`): 7 new entries covering March 2026 threats. **New campaigns**: GhostClaw (malicious npm `@openclaw-ai/openclawai`, GhostLoader RAT with SOCKS5 proxy + clipboard monitor, 178 downloads) and Fake OpenClaw Installer (Stealth Packer + GhostSocks via malicious GitHub repos indexed by Bing AI). **New malicious packages**: `@openclaw-ai/openclawai` and `ambar-src` (~50K downloads, evasion techniques). **New CVE**: CVE-2026-24910 (Bun runtime v<1.3.5, lifecycle scripts bypass origin validation). **New attack techniques**: T017 Shadow MCP (employees deploying unvetted MCP servers without IT oversight) and T018 AI Search Result Poisoning (AI-generated search results recommending malicious repos). **New scanning tools**: Jozu Agent Guard (zero-trust AI runtime, non-bypassable policies, 2026-03-17) and MCP Sentinel (RSAC 2026, request/arg scanning for sensitive data). **New defensive resource**: Jozu Agent Guard Runtime. `minimum_safe_versions` updated with `bun: 1.3.5`. Sources: THN, Huntress, itbrew, helpnetsecurity, SC World.
+
+- **Claude Code releases tracking updated to v2.1.78** (`machine-readable/claude-code-releases.yaml`, `guide/core/claude-code-releases.md`): StopFailure hook event, ${CLAUDE_PLUGIN_DATA} persistent plugin state, effort/maxTurns/disallowedTools frontmatter for plugin agents, streaming line-by-line, 3 security fixes (silent sandbox disable, MCP deny rules bypass, protected dirs writable in bypassPermissions mode).
+
 - **Skill descriptions improved — 19 skills updated** (`examples/skills/`): cleaner, action-oriented descriptions with explicit "Use when" triggers across the full skill library. Selective merge from @popey (Tessl) PR #9 (`tessl skill review`): kept improved `description:` lines across all 19 skills while preserving full reference documentation in template skills (audit-agents-skills, ccboard, design-patterns). Skills updated: guide-recap, landing-page-generator, pr-triage, release-notes-generator, skill-creator, voice-refine, talk-pipeline (7 stages), audit-agents-skills, ccboard, cyber-defense-team, design-patterns, issue-triage, rtk-optimizer.
 
 - **Fix — MCP vs CLI token overhead claim updated** (`guide/ecosystem/mcp-vs-cli.md`): corrected outdated token cost figures following v2.1.7 MCP Tool Search (lazy loading). The pre-v2.1.7 claim of "500-2,000 tokens per server" described eager loading, no longer the default. Updated: "Token cost of MCP schemas" section rewritten with lazy loading mechanics and measured 85% reduction benchmark (55K → 8.7K for 5-server setup); "Schema token cost" weakness nuanced; "Zero context overhead" CLI strength nuanced; guidance table "Tight context budget" row updated. Credit: Antoine Salesse for flagging the inconsistency with `architecture.md` §MCP Tool Search.
diff --git a/guide/core/claude-code-releases.md b/guide/core/claude-code-releases.md
index d52cf08..40b5917 100644
--- a/guide/core/claude-code-releases.md
+++ b/guide/core/claude-code-releases.md
@@ -10,13 +10,13 @@ tags: [reference, release]
 > **Full details**: [github.com/anthropics/claude-code/CHANGELOG.md](https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md)
 > **Machine-readable**: [claude-code-releases.yaml](../machine-readable/claude-code-releases.yaml)
 
-**Latest**: v2.1.77 | **Updated**: 2026-03-17
+**Latest**: v2.1.78 | **Updated**: 2026-03-18
 
 ---
 
 ## Quick Jump
 
-- [2.1.x Series (January-March 2026)](#21x-series-january-march-2026) — Worktree isolation, background agents, ConfigChange hook, Fast mode Opus 4.6, 1M context, claude.ai MCP connectors, remote-control, auto-memory, /copy command, HTTP hooks, worktree config sharing, ultrathink re-introduced, InstructionsLoaded hook, 4 security fixes, Agent model override restored, 12x SDK token cost reduction, /context actionable suggestions, modelOverrides setting, 1M context Opus 4.6 default for Max/Team/Enterprise, MCP elicitation, PostCompact hook, /effort command, Opus 4.6 64k/128k output tokens, allowRead sandbox setting, /branch command
+- [2.1.x Series (January-March 2026)](#21x-series-january-march-2026) — Worktree isolation, background agents, ConfigChange hook, Fast mode Opus 4.6, 1M context, claude.ai MCP connectors, remote-control, auto-memory, /copy command, HTTP hooks, worktree config sharing, ultrathink re-introduced, InstructionsLoaded hook, 4 security fixes, Agent model override restored, 12x SDK token cost reduction, /context actionable suggestions, modelOverrides setting, 1M context Opus 4.6 default for Max/Team/Enterprise, MCP elicitation, PostCompact hook, /effort command, Opus 4.6 64k/128k output tokens, allowRead sandbox setting, /branch command, StopFailure hook, streaming line-by-line
 - [2.0.x Series (Nov 2025 - Jan 2026)](#20x-series-november-2025---january-2026) — Opus 4.5, Claude in Chrome, Background agents
 - [Breaking Changes Summary](#breaking-changes-summary)
 - [Milestone Features](#milestone-features)
@@ -25,6 +25,29 @@ tags: [reference, release]
 
 ## 2.1.x Series (January-March 2026)
 
+### v2.1.78 (2026-03-18)
+
+- **New**: `StopFailure` hook event that fires when the turn ends due to an API error (rate limit, auth failure, etc.)
+- **New**: `${CLAUDE_PLUGIN_DATA}` variable for plugin persistent state that survives plugin updates; `/plugin uninstall` now prompts before deleting plugin data
+- **New**: `effort`, `maxTurns`, and `disallowedTools` frontmatter support for plugin-shipped agents
+- **New**: `ANTHROPIC_CUSTOM_MODEL_OPTION` env var to add a custom entry to the `/model` picker (with optional `_NAME` and `_DESCRIPTION` suffixed vars)
+- **New**: Terminal notifications (iTerm2/Kitty/Ghostty popups, progress bar) now reach the outer terminal when running inside tmux with `set -g allow-passthrough on`
+- **New**: Response text now streams line-by-line as it's generated
+- **Fixed**: ⚠️ **Security** — Silent sandbox disable when `sandbox.enabled: true` is set but dependencies are missing — now shows a visible startup warning
+- **Fixed**: ⚠️ **Security** — `deny: ["mcp__servername"]` permission rules were not removing MCP server tools before sending to the model, allowing it to see and attempt blocked tools
+- **Fixed**: ⚠️ **Security** — `.git`, `.claude`, and other protected directories were writable without a prompt in `bypassPermissions` mode
+- **Fixed**: Infinite loop when API errors triggered stop hooks that re-fed blocking errors to the model
+- **Fixed**: `cc log` and `--resume` silently truncating conversation history on large sessions (>5 MB) that used subagents
+- **Fixed**: `sandbox.filesystem.allowWrite` not working with absolute paths (previously required `//` prefix)
+- **Fixed**: `--worktree` flag not loading skills and hooks from the worktree directory
+- **Fixed**: `CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS` and `includeGitInstructions` setting not suppressing git status section in system prompt
+- **Fixed**: Bash tool not finding Homebrew and other PATH-dependent binaries when VS Code is launched from Dock/Spotlight
+- **Fixed**: Voice mode modifier-combo push-to-talk keybindings requiring a hold instead of activating immediately
+- **Fixed**: Voice mode not working on WSL2 with WSLg (Windows 11)
+- **Fixed**: `ANTHROPIC_BETAS` environment variable being silently ignored when using Haiku models
+- **VSCode**: Fixed "API Error: Rate limit reached" when selecting Opus — model dropdown no longer offers 1M context variant to subscribers whose plan tier is unknown
+- **Performance**: Improved memory usage and startup time when resuming large sessions
+
 ### v2.1.77 (2026-03-17)
 
 - **New**: ⭐ Opus 4.6 default maximum output tokens raised to 64k; upper bound for Opus 4.6 and Sonnet 4.6 raised to 128k tokens
diff --git a/machine-readable/claude-code-releases.yaml b/machine-readable/claude-code-releases.yaml
index c939106..66b6086 100644
--- a/machine-readable/claude-code-releases.yaml
+++ b/machine-readable/claude-code-releases.yaml
@@ -3,8 +3,8 @@
 # Purpose: Track Claude Code product releases for documentation sync
 # Maintained: Manual updates when new releases are announced
 
-latest: "2.1.77"
-updated: "2026-03-17"
+latest: "2.1.78"
+updated: "2026-03-18"
 
 # ════════════════════════════════════════════════════════════════
 # RELEASES (newest first, condensed highlights only)
@@ -15,6 +15,16 @@ releases:
   # 2.1.x Series (January-March 2026)
   # ─────────────────────────────────────────────────────────────
 
+  - version: "2.1.78"
+    date: "2026-03-18"
+    highlights:
+      - "StopFailure hook event fires when turn ends due to API error (rate limit, auth failure)"
+      - "${CLAUDE_PLUGIN_DATA} variable for persistent plugin state that survives plugin updates"
+      - "effort, maxTurns, disallowedTools frontmatter support for plugin-shipped agents"
+      - "Response text now streams line-by-line as generated"
+      - "Security: Fixed silent sandbox disable when sandbox.enabled:true but dependencies missing"
+      - "Fixed deny permission rules not removing MCP server tools before sending to model"
+
   - version: "2.1.77"
     date: "2026-03-17"
     highlights:
@@ -826,6 +836,7 @@ breaking_summary:
 # MILESTONE FEATURES (quick reference)
 # ════════════════════════════════════════════════════════════════
 milestones:
+  "2.1.78": "StopFailure hook, ${CLAUDE_PLUGIN_DATA} persistent state, streaming line-by-line, security: silent sandbox disable fix"
   "2.1.69": "InstructionsLoaded hook, ${CLAUDE_SKILL_DIR}, 4 security fixes, 15+ memory fixes, Voice STT 20 languages"
   "2.1.68": "ultrathink re-introduced, Opus 4.6 medium effort default, Opus 4/4.1 removed"
   "2.1.63": "HTTP hooks, worktree config sharing, /simplify + /batch bundled commands"