• Hook matchers with hyphenated names silently changed from substring to exact match. If you have rules targeting code-reviewer or mcp__brave-search, they no longer catch child tool names; switch to mcp__brave-search__.* for wildcard behavior (more below).
• External plugins enabled by project .claude/settings.json now require install consent on every code path. One loader path skipped the prompt, so a malicious project config could silently activate a plugin.

New in 2.1.195

2.1.195 (June 27, 2026)

• Added CLAUDE_CODE_DISABLE_MOUSE_CLICKS to disable mouse click/drag/hover in fullscreen mode while keeping wheel scroll
• Fixed hook matchers with hyphenated identifiers (e.g. code-reviewer, mcp__brave-search) accidentally substring-matching, they now exact-match. Use mcp__brave-search__.* to match all tools from a hyphenated MCP server.
• Fixed voice dictation on macOS capturing silence in long-running sessions after the default input device changes
• Fixed voice dictation auto-submit never firing for languages written without spaces (Japanese, Chinese, Thai)
• Fixed external plugins enabled only by project .claude/settings.json not requiring explicit install consent on every loader path
• Fixed /plugin Enable/Disable not working when a plugin's plugin.json name differs from its marketplace entry name
• Fixed background jobs disappearing from claude agents or losing data when written by a newer Claude Code version
• Fixed reopening a crashed background task showing a blank screen for up to 5 seconds instead of its restart
• Fixed background agent daemons running unreachable when the control socket fails to start, blocking restarts
• Improved voice mode on Linux: now distinguishes "no microphone" from "SoX not installed" when SoX is present but no audio capture device exists
• Improved claude agents completed list to fill available vertical space; on short terminals the header compacts so live sessions stay visible
• Improved Remote session startup with a provisioning checklist while the container starts

Notes