Claude Code 2.1.98

💡

Vertex AI setup wizard, Perforce mode, Monitor tool, subprocess sandboxing, and significant Bash permission hardening.

#Claude Code#Update#Security
🔗 Official announcement →

This article is a summary based on official documentation.

What changed

Claude Code 2.1.98 (April 9, 2026) focuses on security hardening, Bash permission tightening, and expanded dev-environment support (Google Vertex AI, Perforce).

New features

  • Vertex AI setup wizard

    Pick “3rd-party platform” at login and the wizard walks you through GCP auth → project/region → credential verification → model pinning. No more manual Vertex AI wiring.

  • Perforce mode

    Set CLAUDE_CODE_PERFORCE_MODE to have Edit/Write fail on read-only files with a p4 edit hint — so Claude stops silently breaking P4 workflows.

  • Monitor tool

    Stream live output from long-running background scripts or processes inside Claude Code, no extra terminal needed.

  • Subprocess sandboxing (Linux)

    PID-namespace isolation prevents subprocesses from seeing other processes on the system. CLAUDE_CODE_SCRIPT_CAPS caps scripts per session to limit blast radius.

Notable fixes

Security

  • Bash permission bypasses — backslash-escape flags no longer auto-allow as read-only; compound commands can no longer skip the forced permission prompt.
  • Network redirects/dev/tcp/ and /dev/udp/ redirects now prompt for permission.

Compatibility

  • MCP OAuthoauth.authServerMetadataUrl is now respected on token refresh (fixes ADFS and similar IdPs).
  • Kitty keyboard protocol — xterm and the VS Code terminal no longer lowercase capital inputs.
  • macOS text replacement — system-level text substitutions now work inside Claude Code.

Notes

  • Security hardening is the big theme — if you relied on specific custom-permission behavior, it may now behave differently.
  • Streaming responses fall back to non-streaming on timeout.
  • Perforce users should set CLAUDE_CODE_PERFORCE_MODE.