Version 2.1.172

Claude can now render an HTML or Markdown file to a private, shareable web page hosted on claude.ai. The resulting URL can be shared with teammates.

Artifact(file_path="report.html", favicon="📊")
Artifact(file_path="notes.md", favicon="📝", label="v2")

• Accepts .html, .htm, and .md files; Markdown is converted to styled HTML automatically
• The favicon parameter (required) sets the browser-tab emoji icon — use one or two emoji, no markup
• The optional label parameter provides a human-readable version label shown in the version picker
• The optional url parameter lets Claude redeploy to an existing artifact URL the user provides
• A strict CSP blocks all external resources — inline all CSS/JS and embed assets as data: URIs
• Same file path → same URL on redeploy; different file path → new URL
• Controlled by the CLAUDE_CODE_DISABLE_ARTIFACT environment variable and the disableArtifact setting
• Gated by feature flag tengu_cobalt_plinth; enabled for eligible claude.ai accounts

Artifact tool implementation (search for "Render an HTML or Markdown file to an Artifact" and uAH = "Artifact")

A new --plugin-dir-no-mcp flag that loads a plugin directory without also reading its .mcp.json file. Useful when the SDK host already owns and manages the plugin's MCP connections.

claude --plugin-dir-no-mcp <path>

• Behaves exactly like --plugin-dir except the engine skips .mcp.json / mcpServers discovery for that plugin
• Equivalent behavior is also available as a setting: noMcp: true in the plugin frontmatter
• Intended for SDK hosts that register MCP servers themselves rather than delegating to the engine

New flag definition and help text (search for "Like --plugin-dir but the engine will not read this plugin's .mcp.json")

When ultra (cloud review) is unavailable, Claude Code now surfaces specific, actionable error messages depending on the exact auth state rather than a single generic message.

• API key auth → "ultra (cloud review) requires claude.ai account auth. Unset ANTHROPIC_API_KEY … to use ultra."
• Missing profile scope → "ultra (cloud review) requires a full-scope login token — run claude auth login to use it"
• Not yet in rollout → "ultra (cloud review) isn't enabled for your account yet — run claude auth login to refresh your entitlements"
• Unauthenticated entirely → "ultra (cloud review) requires a claude.ai account — sign in to claude.ai to use it"
• All error messages include a link to https://code.claude.com/docs/en/ultrareview

Error routing function (search for "ultra (cloud review) requires claude.ai account auth")

web_fetch now enforces a provenance check — it can only retrieve URLs that appeared in a user message or a prior web_fetch result. Attempts to fetch URLs outside this set present a permission prompt asking the user to approve.

• If the user approves, the fetch proceeds; if denied or timed out, Claude receives an error
• Timeout message: "The permission request for this URL was not answered in time. Ask the user to approve the fetch or include the URL in a message, then try again."
• The error type is PROVENANCE_REQUIRED
• Suppressed in bypassPermissions and dontAsk modes

Provenance enforcement and prompt (search for "URL not in provenance set. web_fetch can only retrieve URLs that appeared in a user message")

A new internal /memories/export route has been registered, enabling memory export functionality.

New constant (search for "/memories/export")

A new internal tool for Cowork onboarding that renders an interactive role-picker chip row. Users can tap a chip (e.g. "Legal", "Engineering") to select their role and trigger automatic plugin installation.

• Blocks until the user responds: chip click, free-form text entry, or dismissal
• Returns {"role": "..."} on selection, {"dismissed": true} on cancel, {} on confirm-without-role
• Only enabled in Cowork sessions; not available in normal conversations
• Gated via KOf (Cowork environment check)

Tool definition (search for "Render a clickable role-picker chip row during Cowork onboarding")

A new CLAUDE_CODE_CHILD_SESSION environment variable that marks a session as a child session, suppressing certain persistence behaviors (e.g. session data is not persisted when this is set alongside other child-session conditions).

New env var check (search for "CLAUDE_CODE_CHILD_SESSION")

A new environment variable that, when set, skips MCP server discovery for plugin directories during startup.

Log message (search for "CLAUDE_CODE_SKIP_PLUGIN_MCP_SERVERS is set")

The status-bar labels for the Remote Control / remote session feature have been shortened from "Remote Control active / connecting / failed / reconnecting" to /rc active, /rc connecting…, /rc failed, /rc reconnecting.

Status label function (search for "/rc active" and "/rc failed")

The Chrome browser automation system prompt now explicitly instructs Claude to load all needed tools in a single ToolSearch call using a comma-separated select: query, rather than one call per tool.

• New guidance: "Do NOT load tools one at a time; each separate ToolSearch call wastes a full round-trip"
• The recommended starter set covers tabs_context_mcp, navigate, computer, read_page, and tabs_create_mcp in one call
• Task-specific extras (recording, forms, console debugging) should be added to that same call when the task obviously needs them

Updated browser automation prompt (search for "batch every tool you expect to need into ONE ToolSearch call")

The team memory system prompt has been overhauled with clearer, step-by-step guidance for saving memories. When using indexed memory, the instructions now explicitly describe a two-step process (write the memory file, then add a pointer to the index).

• Step 1: Write memory to its own file using the frontmatter format
• Step 2: Add a pointer entry (- [Title](file.md) — one-line hook) to the index file
• Index entries are capped at ~150 characters
• Clarified that team memory directories already exist — no need to run mkdir
• Read-only sessions now receive: "If the user asks you to remember something, explain that memory is read-only in this session."

New team memory prompt builder (search for "Step 1 — write the memory to its own file in")

The AWS region display in Bedrock configuration now shows where the region came from — environment variable, AWS shared config file, or the built-in default — rather than just the region name.

• us-east-1 (from environment) → shown as-is
• From ~/.aws/config → shown as us-east-1 (from AWS config)
• Default fallback → shown as us-east-1 (default — set AWS_REGION or add a region to your AWS config)

Region source display function (search for "(from AWS config)" and "(default — set AWS_REGION or add a region to your AWS config)")

The error shown when combining --bg with another backend flag now distinguishes between --pool and --cloud.

• Using --bg with --pool: "Use claude -p '<task>' --pool <pool_id> directly to start a session on the pool."
• Using --bg with --cloud: "Use claude --cloud '<task>' directly to start a cloud session."

Updated error message function (search for "--bg and --pool are different backends")

The consent UI string "Help improve Claude" has been renamed to "Help improve our AI models" across all display states (ON, OFF, OFF for domain emails).

String changes (search for "Help improve our AI models" — previously "Help improve Claude")

Claude Code now tracks the last time each plugin was used (lastUsedAt and lastUsedNumStartups). This data enables the tip system to surface a warning when a plugin hasn't been used in a while.

• Tip shown: "You haven't used the [plugin] in a while. It still adds startup and context cost — review it with…"
• Tracks both calendar days and session count since last use

Plugin usage tracking functions (search for "plugin in a while. It still adds startup and context cost")

When clearing MCP OAuth tokens, Claude Code can now optionally preserve the client registration (client ID) while discarding only the access/refresh tokens. This avoids a full re-registration flow when tokens simply need refreshing.

• When preserveClientRegistration: true is passed, only accessToken, refreshToken, expiresAt, and scope are cleared
• Log message: "Cleared stored tokens (preserved client registration)"

Updated token-clear function (search for "Cleared stored tokens (preserved client registration)")

The fullscreen mode exit survey prompt has been simplified. The old prompt included the parenthetical "(optional, Enter to skip)"; the new prompt is more direct.

String change (old: "To help us make fullscreen mode better, what made you switch back? (optional, Enter to skip)" → new: "To help us make fullscreen mode better, what made you switch back?")

When a model fallback causes structured output to be retracted and no retry succeeds, Claude Code now surfaces a more specific error message instead of the previous "the cloud agent called StructuredOutput but every attempt failed schema validation."

New message: "the cloud agent called StructuredOutput but no attempt produced a surviving valid output (failed schema validation, or retracted by a model fallback)"

Updated error string (search for "retracted by a model fallback and no retry produced a valid result")

When a subagent is configured with a model that is not in the availableModels allowlist, the warning message now distinguishes between inheriting the parent model vs. using the default teammate model.

• Subagent case: "Subagent model X is not in the availableModels allowlist; inheriting the parent model instead"
• Teammate case: "Teammate model X is not in the availableModels allowlist; using the default teammate model instead"

New warning functions (search for "Subagent model" and "Teammate model" with allowlist messages)

The "not enrolled as a trusted device" error message is now generated from a single function, ensuring consistent text: "this device is not enrolled as a trusted device; run /login to enroll".

Centralized message function (search for "this device is not enrolled as a trusted device; run /login to enroll")

When a session's status changes, a separate statusUpdatedAt timestamp is now recorded alongside the general updatedAt timestamp, enabling more precise tracking of status transition times.

Updated session state function (search for "statusUpdatedAt" alongside "updatedAt")

• Deep-link injection guard: --handle-uri invocations with extra arguments after the URI are now rejected with an explanatory message, blocking URI-based argument injection. (search for "claude: rejected deep-link invocation — unexpected arguments after the URI")

• Artifact upload precondition retry: Uploading an artifact now detects HTTP 412 (create-only precondition failed) and returns a clear message: "upload 412: this version was already written (create-only precondition). Re-run publish to mint a fresh version." (search for "this version was already written (create-only precondition)")

• Transcript third-party marker filtering: When sharing session history, transcripts containing third-party markers are now silently excluded rather than included verbatim. The raw transcript and recent sessions lists are independently filtered. (search for "rawTranscriptJsonl withheld from session history: contains_3p_transcript_markers")

• Model [1m] suffix handling made case-insensitive: Functions that strip or normalize the [1m] model suffix now use case-insensitive matching (/\[1m\]/i), preventing edge cases where mixed-case suffixes were not recognized. (search for "/\\[1m\\]/i")

• Interactive command detection message updated: The message shown when a command appears blocked on an interactive prompt now says "Stop this task" instead of "Kill this task", matching the updated UI terminology. (search for "The command is likely blocked on an interactive prompt. Stop this task")

• tmux session cleanup label corrected: The worktree cleanup option now reads "Keep worktree, end tmux session" instead of the previous "Keep worktree, kill tmux session". (search for "Keep worktree, end tmux session")