claudekit / updates / claude-code-2-1-178
[ PATCH · ]

Claude Code 2.1.178

Permission rules gain `Tool(param:value)` syntax (with `*` wildcard) to match a tool's input parameters — e.g. `Agent(model:opus)` to block Opus subagents. Skills in nested `.claude/skills` directories now load automatically when working on files there, and on a name clash the nested one is exposed as `<dir>:<name>` so both stay available. Plus a wide round of fixes — a CLI OOM crash when a parent process leaks a stale websocket/OAuth file-descriptor env var, `claude agents` workers failing with `401 Invalid bearer token` under custom API gateways, compaction not honoring `--fallback-model`, and MCP server-level specs in subagent `disallowedTools` being silently ignored.

Claude Code
Official announcement →

This article is a summary based on official documentation.

What changed

Claude Code 2.1.178 shipped on June 15, 2026. It pairs two additions — parameter-aware permission rules and working-directory-aware nested skill loading — with refinements to nested .claude/ precedence, auto-mode subagent classification, /doctor and /bug UX, and Remote Control error messages, plus a wide round of fixes. Several regressions are operationally meaningful: a CLI out-of-memory crash from a stale parent-process env var, claude agents workers failing with 401 Invalid bearer token when the daemon was started behind a custom API gateway, and compaction silently ignoring --fallback-model.

New features

  • Tool(param:value) — permission rules that match input parameters

    Permission rules could only match a tool’s name, leaving no way to express “block this tool only when called with a particular parameter value.” Rules can now match a tool’s input parameters with Tool(param:value) syntax (with * wildcard) — e.g. Agent(model:opus) to block Opus subagents while leaving the rest of Agent alone.

  • Nested .claude/skills load when working on files there

    Skills under a nested .claude/skills were not picked up while working in that directory, which made monorepo-style per-package skill setups painful. Nested-directory skills now load automatically when working on files there, and if a name collides with a higher-up skill the nested one is exposed as <dir>:<name> so both stay available.

Improvements

  • Nested .claude/ directories — closest definition wins

    When agents, workflows, and output-styles in nested .claude/ directories collided by name, which one applied was hard to predict. The agent, workflow, and output-style closest to the working directory now wins, and project-scope workflow saves now target the closest existing .claude/workflows/.

  • Auto mode — subagent spawns evaluated by the classifier before launch

    In auto mode, the classifier only saw a subagent after it had already spawned, leaving a gap where a subagent could request a blocked action without review. Subagent spawns are now evaluated by the classifier before launch, closing that gap.

  • /doctor layout and icons

    /doctor output used different indentation and icons across sections, which made it harder to scan. All sections now share a consistent flat tree layout with clearer section status icons and highlighted command names.

  • Skill listing truncation warning shows the affected count

    When skill descriptions were truncated, there was no way to tell how many were affected. The warning now shows how many skill descriptions are affected.

  • Workflow prompt keyword triggers only on explicit phrases

    The workflow keyword fired on any mention of the word, including incidental ones. It now uses a purple shimmer highlight and triggers only on explicit phrases like “run a workflow” or “workflow:”.

  • Remote Control error messages

    Remote Control connection failures and the “not yet enabled” error left users guessing at the cause. Connection failures now show a persistent red “/rc failed” indicator in the footer, and the “not yet enabled” error explains whether it’s a gate, a check failure, a stale entitlement, or org policy.

  • /bug requires a description and no longer uses refusal text as the title

    /bug could be submitted with no description, and model-refusal text sometimes ended up as the GitHub issue title. /bug now requires a description before submitting, and model-refusal text is no longer used as the title.

Bug fixes

Auth & credentials

  • CLI crash (out-of-memory) when the CLI inherits a stale websocket/OAuth file-descriptor environment variable from a parent process — fixed.
  • Claude in Chrome silently failing to connect when the OAuth token belongs to a different account than the Claude Code login — fixed.
  • claude agents workers failing with 401 Invalid bearer token when the daemon was started from a shell with a custom API gateway via ANTHROPIC_BASE_URL and ANTHROPIC_AUTH_TOKEN — fixed.
  • Model requests continuing to fail with auth errors after credentials were refreshed outside the session, due to a stale cached request configuration — fixed.

Subagents & background sessions

  • Several subagent issues — fixed: viewing a subagent’s transcript now shows tool results and live progress, messages sent while it finishes its turn are no longer dropped, and backgrounding a running subagent (ctrl+b) no longer restarts it from scratch.
  • Background sessions created with /bg or ←← after a turn finished showing “Working” forever in the agents list — fixed.

Skills, permissions & MCP

  • Nested .claude/skills skills with directory-qualified names being blocked by permission prompts in non-interactive runs — fixed.
  • MCP server-level specs (mcp__server, mcp__server__*, mcp__*) in subagent disallowedTools being silently ignored — fixed.

Models & compaction

  • Compaction not honoring --fallback-model — fixed; compaction now falls back to the configured fallback model chain on overload or model-availability errors.

Plugins

  • CLAUDE_CODE_PLUGIN_KEEP_MARKETPLACE_ON_FAILURE=1 preventing fresh marketplace installs from cloning — fixed.

UI & input

  • Vim mode undo merging multiple NORMAL/VISUAL-mode commands in quick succession into a single undo step — fixed; u now steps through them one at a time.
  • Statusline links with custom URI schemes (e.g. vscode://) not opening when clicked in claude agents — fixed.
  • [VSCode] Pressing Esc to dismiss a CJK IME candidate window canceling the running Claude task — fixed.

Notes

  • Tool(param:value) permission rules — use this to express finer-grained policy than a tool name alone allows. Agent(model:opus) blocks Opus subagents while leaving the rest of Agent alone; * wildcards are supported.
  • Nested .claude/skills auto-load — for monorepo-style setups with per-directory skills, the nested one joins automatically when you’re working in that directory. On a name clash, the nested one is exposed as <dir>:<name> — leave both in place if you want both available.
  • Auto-mode pre-launch classification — the classifier now evaluates a subagent before it spawns, closing the gap where a blocked action could be requested via a subagent without review. Recommended for installations that rely on deny policy.
  • claude agents worker 401s — if you run Claude Code behind a custom API gateway via ANTHROPIC_BASE_URL and ANTHROPIC_AUTH_TOKEN, restart the background daemon on this release to pick up the fix.
  • Compaction --fallback-model — if you configured a fallback model chain for overload, this release extends it to compaction as well.
  • MCP wildcards in subagent disallowedTools — policies using mcp__* or mcp__server__* to deny MCP tools at the server level were not being enforced. Verify on this release that they now block as intended.
  • CLAUDE_CODE_PLUGIN_KEEP_MARKETPLACE_ON_FAILURE=1 — if marketplace installs were stuck on a fresh clone with this env var set, retry on this release.