Anthropic released Claude Code CLI version 2.1.205, a patch addressing roughly 15 bugs and adding several improvements. Notable safety-relevant changes include a new auto-mode rule blocking tampering with session transcript files, explicit notifications that background task approvals require human input (preventing fabricated in-transcript approvals), and a prompt before running unresolvable `rm -rf` commands. Infrastructure improvements include streaming binary downloads that cut updater peak memory usage by ~400 MB, and the `/doctor` command is now a full diagnostic and repair tool.
Anthropic released Claude Code version 2.1.199, a patch-heavy update addressing roughly 25 bugs across multi-agent orchestration, background agent lifecycle management, SSL/TLS error handling, and streaming response reliability. Key fixes include subagents silently swallowing errors or partial work on rate-limit/server failures, a Linux daemon self-termination bug every ~50 seconds after unclean shutdown, and a macOS SSH cold-start regression from 2.1.196. The release also improves retry behavior for transient 429 errors and raises default retry counts via CLAUDE_CODE_RETRY_WATCHDOG.
Claude Code version 2.1.183 introduces auto-mode safety guardrails that block destructive git and infrastructure commands (git reset --hard, terraform destroy, etc.) unless explicitly requested, and prevents amending commits not made by the agent in the current session. The release also adds a deprecated-model warning on stderr, a new attribution.sessionUrl config option, and fixes a range of bugs including empty WebSearch results in subagents, fullscreen TUI corruption on Windows Terminal, MCP auth-stub tool exposure in headless mode, and scheduled task triggers incorrectly acting as keyboard input.
Anthropic released Claude Code version 2.1.203, a substantial patch addressing over 25 bugs primarily affecting background agent sessions, subagent orchestration, and worktree isolation. Key fixes include automatic recovery when daemon session tokens go stale, correct subagent state carry-over when returning to sessions, and PATH/environment variable inheritance issues on Windows. The release also adds MCP roots/list integration for working directories and improves streaming responsiveness.
Anthropic released Claude Code version 2.1.200 with a notable default behavior change: the permission mode now defaults to 'Manual' across CLI, VS Code, and JetBrains integrations, replacing the previous auto-continue behavior for AskUserQuestion dialogs. The release includes extensive fixes for background agent reliability issues including daemon lock conflicts, session stalls after sleep/wake cycles, rate-limit handling, and MCP server configuration errors. Accessibility improvements for screen readers and terminal rendering fixes under tmux 3.4+ are also included.
Anthropic shipped Claude Code version 2.1.191 with a notable set of bug fixes and performance improvements. Key additions include /rewind support for resuming conversations before a /clear, roughly 37% CPU reduction during streaming via coalesced text updates, and improved MCP server reliability with retry logic for transient network errors. Several agent-related bugs were fixed, including background agents resurrecting after being stopped and slash commands being incorrectly forwarded to background sessions.
Anthropic released Claude Code version 2.1.181 with several new features including a /config key=value prompt syntax for setting any configuration option, an opt-in Apple Events sandbox permission on macOS, and a new CLAUDE_CLIENT_PRESENCE_FILE environment variable for suppressing mobile push notifications. The release also includes improvements to subagent panel UX (auto-hide, depth limits, elapsed time fixes), streaming of long paragraphs, and auto-retry on mid-thinking connection drops. Approximately 40 bug fixes address issues ranging from 0-byte file writes on network drives, macOS TUI freezes, startup regressions, and credential refresh loops.
Anthropic released Claude Code version 2.1.187 with a mix of security, reliability, and UX improvements. Notable additions include a sandbox.credentials setting to block credential file access in sandboxed commands, org-level model restriction enforcement in the model picker, and mouse click support in fullscreen menus. Key bug fixes address remote MCP tool calls hanging indefinitely (now abort after 5 minutes), subagent depth tracking on resume, leaked agent worktree registrations, and CJK text mojibake in certain terminals.
Anthropic released Claude Code version 2.1.195 with a collection of bug fixes and improvements. Key fixes include correcting hook matchers with hyphenated identifiers to use exact matching instead of substring matching, resolving voice dictation failures for space-less languages (Japanese, Chinese, Thai) and macOS device-change silence capture, and fixing background agent data loss and crash recovery issues. The release also adds a new environment variable to disable mouse interactions in fullscreen mode and improves Linux voice mode diagnostics and remote session startup UX.