Anthropic released Claude Code version 2.1.187 with a mix of security, reliability, and UX improvements. Notable additions include a sandbox.credentials setting to block credential file access in sandboxed commands, org-level model restriction enforcement in the model picker, and mouse click support in fullscreen menus. Key bug fixes address remote MCP tool calls hanging indefinitely (now abort after 5 minutes), subagent depth tracking on resume, leaked agent worktree registrations, and CJK text mojibake in certain terminals.
Anthropic released Claude Code version 2.1.196 with a notable security fix preventing untrusted workspace .mcp.json servers from auto-spawning, and added support for organization-level default model configuration via the admin console. The release includes significant background agent reliability improvements — long-running workflows now survive process restarts on all platforms including Windows — plus a streaming idle watchdog enabled by default that aborts and retries stalled response streams after 5 minutes. Numerous bug fixes address agent session state management, MCP OAuth scope handling, PowerShell compatibility, and a /code-review token usage reduction of ~25%.
Anthropic released Claude Code version 2.1.203, a substantial patch addressing over 25 bugs primarily affecting background agent sessions, subagent orchestration, and worktree isolation. Key fixes include automatic recovery when daemon session tokens go stale, correct subagent state carry-over when returning to sessions, and PATH/environment variable inheritance issues on Windows. The release also adds MCP roots/list integration for working directories and improves streaming responsiveness.
Anthropic released Claude Code version 2.1.176 with a mix of new features and bug fixes. Notable additions include session titles generated in the conversation language, a new footerLinksRegexes setting, and improved AWS Bedrock credential caching. Key fixes address model allowlist enforcement (alias models can no longer bypass blocked-model restrictions), auto-mode fallback for organizations without Opus 4.8 enabled, hook path pattern matching, and numerous Remote Control and background-session reliability issues across Linux, Windows, and tmux environments.
Anthropic released Claude Code version 2.1.181 with several new features including a /config key=value prompt syntax for setting any configuration option, an opt-in Apple Events sandbox permission on macOS, and a new CLAUDE_CLIENT_PRESENCE_FILE environment variable for suppressing mobile push notifications. The release also includes improvements to subagent panel UX (auto-hide, depth limits, elapsed time fixes), streaming of long paragraphs, and auto-retry on mid-thinking connection drops. Approximately 40 bug fixes address issues ranging from 0-byte file writes on network drives, macOS TUI freezes, startup regressions, and credential refresh loops.
Claude Code version 2.1.186 ships new CLI commands for authenticating MCP servers without the interactive menu (`claude mcp login/logout`), including SSH-compatible stdin redirect support. Agent-team behavior is improved: background subagents now surface permission prompts in the main session rather than auto-denying, teammate spawns inherit the leader's effort level, and subagents looping on schema validation failures now abort after 5 attempts. The release also fixes over 20 bugs spanning streaming reliability, subagent transcript handling, Chrome tab-group isolation, and session cost display for Enterprise/Team subscribers.
Anthropic released Claude Code version 2.1.200 with a notable default behavior change: the permission mode now defaults to 'Manual' across CLI, VS Code, and JetBrains integrations, replacing the previous auto-continue behavior for AskUserQuestion dialogs. The release includes extensive fixes for background agent reliability issues including daemon lock conflicts, session stalls after sleep/wake cycles, rate-limit handling, and MCP server configuration errors. Accessibility improvements for screen readers and terminal rendering fixes under tmux 3.4+ are also included.
Anthropic released Claude Code CLI version 2.1.205, a patch addressing roughly 15 bugs and adding several improvements. Notable safety-relevant changes include a new auto-mode rule blocking tampering with session transcript files, explicit notifications that background task approvals require human input (preventing fabricated in-transcript approvals), and a prompt before running unresolvable `rm -rf` commands. Infrastructure improvements include streaming binary downloads that cut updater peak memory usage by ~400 MB, and the `/doctor` command is now a full diagnostic and repair tool.
Anthropic released Claude Code version 2.1.199, a patch-heavy update addressing roughly 25 bugs across multi-agent orchestration, background agent lifecycle management, SSL/TLS error handling, and streaming response reliability. Key fixes include subagents silently swallowing errors or partial work on rate-limit/server failures, a Linux daemon self-termination bug every ~50 seconds after unclean shutdown, and a macOS SSH cold-start regression from 2.1.196. The release also improves retry behavior for transient 429 errors and raises default retry counts via CLAUDE_CODE_RETRY_WATCHDOG.