claudekit / updates / claude-code-2-1-147
[ PATCH · ]

Claude Code 2.1.147

Added the `Workflow` tool for deterministic multi-agent orchestration, off by default and enabled with `CLAUDE_CODE_WORKFLOWS=1`. Pinned background sessions in `claude agents` now stay alive when idle and are restarted in place to apply updates. Renamed `/simplify` to `/code-review` — it now reports correctness bugs at a chosen effort level with `--comment` for inline PR comments. REPL and Workflow tool sandboxes are hardened, the auto-updater reports error category and OS code on failure, and a managed-settings bypass was closed where `forceLoginOrgUUID` and `forceLoginMethod` weren't enforced against third-party-provider and API-key sessions.

Claude Code
Official announcement →

This article is a summary based on official documentation.

What changed

Claude Code 2.1.147 shipped on May 21, 2026. The headline addition is the Workflow tool for deterministic multi-agent orchestration — off by default and enabled with CLAUDE_CODE_WORKFLOWS=1. Pinned background sessions get sharper lifecycle handling: they stay alive when idle, are restarted in place to apply updates, and are shed only after non-pinned sessions when memory is tight. /simplify is renamed to /code-review with new behavior (correctness bugs at a chosen effort level, optional --comment to post inline PR comments) and the old cleanup-and-fix flow is gone. The security fix in this release closes a managed-settings bypass where forceLoginOrgUUID and forceLoginMethod weren’t enforced against third-party-provider or API-key sessions. The rest is REPL/Workflow sandbox hardening, auto-updater diagnostics, large-file diff rendering performance, prompt-history dedup, and a wide bug-fix sweep across PowerShell, Windows, MCP pagination, plugins, and terminal UI.

New features

  • Workflow tool — deterministic multi-agent orchestration

    Stitching several agents together in a fixed order previously required external tooling or hand-rolled scripts. This release introduces a Workflow tool that handles deterministic orchestration directly. It’s off by default; set CLAUDE_CODE_WORKFLOWS=1 to enable it.

Improvements

  • Pinned background session lifecycle in claude agents

    Pinned sessions could be cleaned up while idle or come back somewhere unexpected after an update was applied, which broke the working context. Pinned sessions now stay alive when idle, are restarted in place to apply Claude Code updates (pin with Ctrl+T), and are shed under memory pressure only after non-pinned sessions.

  • /simplify renamed to /code-review, with effort-level correctness review and --comment for inline GitHub PR comments

    The old /simplify cleaned up and modified code, which didn’t match the workflow when you actually want to find correctness bugs. The command is now /code-review and reports correctness bugs at a chosen effort level (e.g. /code-review high), with --comment to post findings as inline GitHub PR comments. The old cleanup-and-fix behavior has been removed.

  • Hardened REPL and Workflow tool sandboxes against prototype-pollution and thenable-based escapes

    Both sandboxes had escape paths via prototype pollution and thenable patterns. This release closes both.

  • Auto-updater retries, error categories, OS error codes, and current-version reporting on failure

    Failed auto-updates were hard to diagnose. The updater now retries transient network failures and, on failure, reports specific error categories, OS error codes, and the currently installed version.

  • Diff rendering performance for large file edits

    Diff rendering noticeably slowed down on large edits. The rendering path is optimized so large edits stay responsive.

  • Prompt history no longer records consecutive duplicate entries

    Re-submitting the same prompt by recalling it with arrow-up used to append another copy to history, so scrolling back saw the same line repeated. Consecutive duplicates are now stored once.

Bug fixes

Security & enterprise auth

  • forceLoginOrgUUID and forceLoginMethod managed-settings not being enforced against third-party-provider and API-key sessions — enforcement now covers those session types.

Headless & SDK

  • Unknown slash commands silently doing nothing in headless/SDK mode — they now show an error message.
  • Uncaught exception at the end of streaming sessions when running via the Agent SDK — fixed.

Plugins & skills

  • Plugin agents declaring multiple Agent(...) types in tools: frontmatter dropping all but the last entry — all entries are preserved.
  • Plugin component counts in claude plugin details and /plugin being doubled when a plugin’s manifest listed paths overlapping its default directories — counts are accurate.
  • Slash commands followed by a tab or newline being treated as an unknown command — now parsed correctly.

Terminal & UI

  • & in ! command output displaying as &, which broke copy-pasting URLs from commands like gcloud auth login on headless machines — the raw & is preserved.
  • /help rendering a broken tab header and showing only one command per page on small terminals when not in fullscreen mode — fixed.
  • /effort opening with the slider on the wrong level — it now starts at your current effort.
  • /theme “New custom theme” and color editor dialogs not responding to Esc — fixed.
  • GNOME Terminal right-click and middle-click paste not inserting text — fixed.
  • Several spacing and layout glitches in the /plugin, /status, /mobile, /sandbox, and /permissions menus — fixed.
  • Pasted text being delivered to agents as an unreadable [Pasted text #N] placeholder instead of the actual content — the real content is now passed through.
  • Stripped images prompting the model to repeatedly re-read media that was no longer present — fixed.

Shell snapshot

  • Shell snapshot dropping user functions whose names start with a single underscore, breaking aliases that referenced them — those functions are now retained.

PowerShell & Windows

  • Hook if conditions like PowerShell(git push*) never matching — only PowerShell(*) worked — patterns now match as written.
  • PowerShell tool dropping output for commands that rely on the default formatter — output is preserved.
  • On Windows, “Yes, and don’t ask again” for a PowerShell script invocation now writes a rule that actually matches on subsequent runs — fixed.
  • PowerShell tool failing on Windows with exit code 1 when pwsh is installed via winget or the Microsoft Store — fixed.
  • On Windows, removing a background-job worktree no longer follows NTFS junctions into the main repo — fixed.
  • Rare hang when waiting for scroll to settle on Windows — fixed.
  • Full-screen strobing in attached background sessions on Windows Terminal while Claude is streaming — fixed.
  • Stale and doubled rows in the agent view list on Windows when background session results contain wide (CJK) characters — fixed.

MCP

  • Paginating MCP servers dropping resources, templates, and prompts past page 1 — all pages are now retrieved. (Note: 2.1.144 fixed the same pagination drop for tools/list; this release completes the picture for resources, templates, and prompts.)

Background sessions & agents

  • /background refusing sessions whose only typed input was a skill or custom slash command — now accepted.
  • Auto mode suppressing AskUserQuestion when the user or a skill explicitly relies on it — the auto-mode classifier now sees the user’s answers as intent signal.
  • Backgrounded sessions re-prompting for tool permissions you already granted with “don’t ask again” — permissions are preserved.
  • CLAUDE_CODE_SUBAGENT_MODEL not applying to teammate processes spawned by agent teams — now applied to teammate processes as well.

Notes

  • Workflow tool is opt-in: deterministic multi-agent orchestration is gated behind CLAUDE_CODE_WORKFLOWS=1. The sandbox hardening (prototype-pollution and thenable-based escapes) applies once it’s enabled.
  • /simplify/code-review is a behavior change: the rename is not cosmetic. The old /simplify cleanup-and-fix flow has been removed in favor of correctness review at effort levels. Scripts that relied on /simplify need to be re-evaluated against the new behavior.
  • Managed-settings enforcement closed for third-party-provider and API-key sessions: forceLoginOrgUUID and forceLoginMethod were previously not enforced for those session types. If admin policies appeared to be bypassed in earlier versions, enforcement tightens with this release.
  • Second MCP pagination fix: 2.1.144 closed the pagination drop for tools/list, and this release closes it for resources, templates, and prompts. If a paginated MCP server seemed to surface fewer items than expected, re-check after upgrading.
  • Auto-updater diagnostics: failure reports now include error category, OS error code, and current installed version — useful when filing IT support tickets or release issues.
  • PowerShell hook matching: if conditions with argument patterns like PowerShell(git push*) never matched before, only PowerShell(*) did. Existing policy files may have been broader in practice than intended; verify intended narrowing after upgrading.