Matins
← All briefs
Matins
Tuesday 16 June — v2.1.178
21 changes / 5 actionable / 2 deep dives
Claude Code

  • Permission rules now match tool parameters with Tool(param:value) syntax. Block specific subagent models (Agent(model:opus)), scope tool inputs with * wildcards, or write fine-grained allow/deny rules that inspect what a tool is doing, not just which tool it is. (more below)

  • Nested .claude/ directories now resolve closest-to-working-directory for agents, workflows, and output styles. Monorepo users can override per-subdirectory without top-level collisions; name clashes surface as <dir>:<name>.

  • Auto mode now classifies subagent spawns before launch. Previously a subagent could request a blocked action without classifier review; that gap is closed.

  • Compaction now honors --fallback-model. If you rely on fallback model chains (added in 2.1.166), compaction was silently ignoring them on overload or model-availability errors until now. (more below)

  • MCP server-level disallowedTools patterns work in subagents now. Specs like mcp__server, mcp__server__*, and mcp__* in subagent disallowedTools were silently ignored; they are now enforced.

New in 2.1.178

2.1.178 (June 16, 2026)

  • Added Tool(param:value) syntax for permission rules to match a tool's input parameters (with * wildcard), e.g. Agent(model:opus) to block Opus subagents
  • Skills in nested .claude/skills directories now load when working on files there; on a name clash, the nested skill appears as <dir>:<name> so both stay available
  • Nested .claude/ directories: the agent, workflow, and output-style closest to the working directory now wins when names collide; project-scope workflow saves now target the closest existing .claude/workflows/
  • Improved auto mode: subagent spawns are now evaluated by the classifier before launch, closing a gap where a subagent could request a blocked action without review
  • Improved /doctor with consistent flat tree layout across all sections, clearer section status icons, and highlighted command names
  • Improved the skill listing truncation warning to show how many skill descriptions are affected
  • Changed the workflow prompt keyword to use a purple shimmer highlight and trigger only on explicit phrases like "run a workflow" or "workflow:", not on any mention of the word
  • Improved Remote Control error messages: connection failures now show a persistent red "/rc failed" indicator in the footer, and the "not yet enabled" error now explains whether it's a gate, a check failure, stale entitlement, or org policy
  • /bug now requires a description before submitting, and no longer uses model-refusal text as the GitHub issue title
  • Fixed a crash (out-of-memory) when the CLI inherits a stale websocket/OAuth file-descriptor environment variable from a parent process
  • Fixed Claude in Chrome silently failing to connect when the OAuth token belongs to a different account than the Claude Code login
  • Fixed nested .claude/skills skills with directory-qualified names being blocked by permission prompts in non-interactive runs
  • Fixed several subagent issues: viewing a subagent's transcript now shows tool results and live progress, messages sent while it finishes its turn are no longer dropped, and backgrounding a running subagent (ctrl+b) no longer restarts it from scratch
  • Fixed claude agents workers failing with 401 Invalid bearer token when the daemon was started from a shell with a custom API gateway via ANTHROPIC_BASE_URL and ANTHROPIC_AUTH_TOKEN
  • Fixed compaction not honoring --fallback-model: compaction now falls back to the configured fallback model chain on overload or model-availability errors
  • Fixed model requests continuing to fail with auth errors after credentials were refreshed outside the session, due to a stale cached request configuration
  • Fixed background sessions created with /bg or ←← after a turn finished showing "Working" forever in the agents list
  • Fixed CLAUDE_CODE_PLUGIN_KEEP_MARKETPLACE_ON_FAILURE=1 preventing fresh marketplace installs from cloning
  • Fixed MCP server-level specs (mcp__server, mcp__server__*, mcp__*) in subagent disallowedTools being silently ignored
  • Fixed vim mode undo: u now steps through NORMAL/VISUAL-mode commands one at a time instead of merging commands in quick succession into a single undo step
  • Fixed statusline links with custom URI schemes (e.g. vscode://) not opening when clicked in claude agents
  • [VSCode] Fixed pressing Esc to dismiss a CJK IME candidate window canceling the running Claude task

Notes

Parameter-matching permission rules

This generalizes the domain-matching pattern that WebFetch(domain:...) introduced. In 2.1.172, Anthropic fixed WebFetch(domain:*.example.com) wildcards for allow, deny, and ask positions. 2.1.178 lifts that idea into a first-class Tool(param:value) syntax that works on any tool's input parameters, with * as a wildcard. The worked example in the changelog, Agent(model:opus), shows the immediate use case: enterprises and managed-settings admins can now block specific subagent model picks without blocking the Agent tool entirely.

Compaction and fallback model chains

The fallbackModel setting (2.1.166) was not wired into compaction. fallbackModel lets you configure up to three models tried in order when the primary is overloaded. Turn-level retries used the chain, but compaction (the step that summarizes context when a session nears its limit) did not. Long sessions on a busy model could fail to compact and error out even though a fallback was available. This is now fixed.