Version 2.1.178

A new slash command that authorizes design-system (claude.ai/design) access independently of the main session login. This is especially useful when Claude Code authenticates via an API key or provider token rather than a claude.ai subscription.

/design-login

• Opens a browser OAuth consent page specific to design-system scopes (user:design:read, user:design:write)
• On SSH or remote sessions (where a browser can't reach the local listener), the flow falls back to a manual code-paste method
• The credential is stored as a separate designOauth entry in settings, entirely separate from the main session token — signing out of claude.ai does not invalidate the design credential
• The credential auto-refreshes; if a refresh fails the command re-prompts
• Requires CLAUDE_CODE_DESIGN_OAUTH_CLIENT_ID to be set (or a build that includes the registered client id)
• A 5-minute browser-authorization timeout applies; after that, the manual /design-login flow is suggested

Design OAuth lock and flow (search for "Design login", ".design_oauth_refresh.lock", "design login — approving opens a browser OAuth consent")

The Agent tool's isolation parameter now accepts "remote" in addition to "worktree". This launches the agent in a remote cloud (CCR) environment, always as a background task.

// In a skill or agent prompt instructing Agent tool use:
isolation: "remote"

• Always runs in the background; you are notified when it completes
• Remote agents run against the repository's default branch if the current local branch is not pushed to origin
• Not available in all contexts: if CCR is unavailable, the tool reports [remote agent] isolation:'remote' is unavailable
• A local agent context or no git root causes automatic fallback to other isolation modes

Remote agent branch check (search for "[remote agent] local branch '", "isolation:'remote' is unavailable", "CLAUDE_CODE_REMOTE_SESSION_ID")

The /thinking command (which sets maximum thinking tokens) now accepts an optional thinking_display argument to set the thinking display mode for the rest of the session.

/thinking 10000 summarized
/thinking 10000 omitted
/thinking 10000          (keeps the session-start --thinking-display value)
/thinking 0              (disables extended thinking)

• summarized — shows collapsed thinking summaries
• omitted — hides thinking blocks entirely
• Passing null clears back to the API default
• When omitted the display mode from session start (--thinking-display) is preserved

Schema update for set_max_thinking_tokens (search for "thinking_display optionally sets the thinking display mode", "thinking_display")

The explicit TeamCreate and TeamDelete tools have been removed. Multi-agent coordination is now done entirely through the Agent tool's name parameter — no separate team-creation step is needed.

Before (v2.1.177):

// 1. Call TeamCreate to set up the team
// 2. Call Agent with team_name + name to spawn a teammate
// 3. Call TeamDelete when done

After (v2.1.178):

// Just call Agent with a name parameter
Agent({ name: "researcher", prompt: "..." })

• Agent swarms remain gated by the same feature flag as before
• The team_name field in TeammateIdle hook events is now deprecated (marked @deprecated) — sessions have a single implicit team; the field will be removed in a future release
• System prompt guidance now reads: "If this plan can be broken down into multiple independent tasks, consider spawning named teammates with the Agent tool (pass a name) to parallelize the work."
• "main" is now a reserved recipient name for SendMessage — it routes a message directly to the main conversation

Removal of TeamCreate/TeamDelete tools (search for "TeamCreate" absent from new file; guidance string search for "spawning named teammates with the"; reserved name message search for "SendMessage routes it to the main conversation")

The code review skill (/code-review) now runs a dedicated "conventions" finder angle that checks changed code against the CLAUDE.md files governing those files.

• Looks at user-level ~/.claude/CLAUDE.md, repo-root CLAUDE.md, and any ancestor-directory CLAUDE.md or CLAUDE.local.md relevant to changed files
• Only flags a violation when the exact rule can be quoted and the exact violating line identified — no vague style inferences
• Total finder angles increase: high effort goes from 7 to 8 independent angles; max effort goes from 9 to 10
• Cleanup/altitude/conventions candidates share the same finding shape; correctness bugs always rank higher when output cap forces a cut

Updated phase header strings (search for "3 correctness angles + 3 cleanup angles + 1 altitude angle + 1 conventions angle", "Pin the diff command, changed files, applicable CLAUDE.md files, and conventions")

The model selector and status messages around Fable 5's usage credits are significantly improved with clearer state communication.

• The model entry now dynamically shows either "Draws from usage credits" or "Included with your plan until [date]" depending on account state
• New fableOverageConsent consent flow: users are asked to explicitly enable usage credits before Fable 5 draws from them
• Consent is stored per organization UUID or account UUID in local settings
• Improved error messages distinguish between: credits not yet enabled, monthly limit reached (admin-adjustable vs. self-adjustable), credits unavailable for the account, and organization policy disabling credits
• A configurable bridge dialog timeout: CLAUDE_CODE_FABLE_BRIDGE_DIALOG_TIMEOUT_MS (default 60,000 ms)

Fable model description function (search for "Draws from usage credits", "Included with your plan until", "fableOverageConsent", "CLAUDE_CODE_FABLE_BRIDGE_DIALOG_TIMEOUT_MS")

DesignSync (and the DesignSync tool) now works even when the session authenticates with an API key or provider token, as long as a design credential has been stored via /design-login.

• Previously, design access required expanding the main OAuth token with design scopes — impossible with API keys
• Now there is a separate credential slot (designOauth) checked independently of the main session token
• Error messages are updated to reflect this: the new message for needing authorization is "Run /design-login to authorize it with your claude.ai account — this works even when this session authenticates with an API key or a provider token."
• The DesignSync tool description is updated to note the (or, for sessions without one, a dedicated design authorization from /design-login) path

DesignSync error message (search for "DesignSync needs design-system authorization. Run /design-login", "designOauth")

When running against an Azure AI Foundry deployment, Claude Code now detects unsupported capabilities at runtime and degrades gracefully instead of failing.

• Detects when Foundry returns a 400 error indicating features are unavailable (tool search, structured outputs, web search)
• Capabilities detected from Foundry error messages: tool_search_server, tool_search, structured_outputs, web_search
• On subsequent requests, the unsupported capabilities are stripped from the request (e.g. defer_loading and strict fields removed from tool definitions)
• Web search unavailability is reported as: "Web search is not available on this Foundry deployment."
• Tool search unavailability shows: "Tool search disabled: Foundry deployment for '…'"

Foundry capability detection (search for "[foundry-capabilities] deployment", "retry:foundry-capability-strip:", "fail:foundry-purpose-request", "not supported in your workspace")

The Artifact tool now wraps content in a <!doctype html>…<head>…</head><body> skeleton automatically at publish time, so content files should be written without those outer tags.

• Write the page content directly (body content, CSS, scripts) — no <!DOCTYPE>, <html>, <head>, or <body> tags of your own
• Unless the user specifies a location, the recommended place for artifact files is the scratchpad directory listed in the system prompt
• All other existing rules (self-contained, no external resources, responsive, favicon) are unchanged

Updated Artifact tool description (search for "wrapped in a", "<!doctype html>", "write the page content directly")

Skills can now be scoped to a specific directory subtree. When a scoped and unscoped variant of the same skill exist, the Skill tool picks the most-specific matching directory.

• Skill names with a directory scope appear as apps/web:deploy (directory prefix + colon + skill name)
• The Skill tool prompt now instructs the model: "When a skill name has both a scoped and an unscoped variant, pick by the files you are working on: if the files are under a variant's directory, invoke that variant (most specific directory wins)"
• Marketplace plugin entries can declare specific skill subdirectory paths relative to the plugin root

Skill tool prompt update (search for "Some skills are scoped to a directory", "most specific directory wins"); plugin schema (search for "Path to a skill directory, relative to the plugin root")

The Scratchpad Directory section is now always included in the system prompt when a scratchpad is available. It was previously gated by the tengu_scratch feature flag.

• Workers can read and write to the scratchpad without permission prompts
• The section is only added when a scratchpad directory is actually configured and not already present in the system prompt
• The # Scratchpad Directory marker is used to detect duplicate inclusion

Removal of tengu_scratch flag check (search for "# Scratchpad Directory", "Twf"); old code checked pz5() which called Y$("tengu_scratch", !1))

The Remote Control eligibility check (shown in claude doctor and related diagnostics) now shows more granular, correctly-labeled status for each check.

• Each check now shows a positive or negative label depending on its state, e.g. "Connected to the Anthropic API (api.anthropic.com)" vs. "Not connected to the Anthropic API (api.anthropic.com)"
• A new explicit org policy check: "Org policy allows Remote Control (allow_remote_control)" / "Org policy does not allow Remote Control" / "Org policy could not be verified"
• The rollout gate check now distinguishes between "rollout not enabled for this account" and "could not be verified for this account" (no server response)
• Remote Control is now blocked with a clearer message when the organization's compliance policy disallows it

Updated diagnostics function (search for "Connected to the Anthropic API (api.anthropic.com)", "Org policy allows Remote Control (allow_remote_control)", "Remote Control rollout enabled for this account")

Internal proxy component renamed from "egress-gateway" to "agent-proxy". All log messages now use the [agent-proxy] prefix.

• All [egress-gateway] log strings are replaced with [agent-proxy]
• No behavior change; this is a rename that aligns with the component's role in agent communication

Log string comparison (search for "[agent-proxy] enabled on 127.0.0.1:", "[agent-proxy] tunnel protocol v2 negotiated")

When a tool is called with an empty input object {} but the tool has required parameters, a helpful error message is now generated that shows the minimal valid call shape.

• Controlled by the teasel_cove field in the juniper_shoal server config (feature flag)
• The error message format: "The [tool] tool was called with an empty input object ({}), but it has required parameters: param1, param2. Minimal valid call shape: {…}. Re-issue the call with real values for each required parameter."
• Works for Zod-validated tool schemas (ZodObject inputs)

New function generating the repair message (search for "tool was called with an empty input object ({})"; "teasel_cove" in juniper_shoal config)

Clickable hyperlinks in the UI are now filtered through a scheme allowlist. Links with non-allowlisted schemes are silently rejected rather than dispatched.

• Allowed schemes: https:, http:, vscode:, vscode-insiders:, cursor:, windsurf:, zed:, jetbrains:, idea:, slack:, linear:, notion:, figma:
• Non-allowlisted schemes produce a warning log: "[hyperlink] refusing to dispatch clicked link with non-allowlisted scheme"
• file: URLs are allowed but resolve to local filesystem paths only

Allowlist constant (search for "[hyperlink] refusing to dispatch clicked link with non-allowlisted scheme", "windsurf:", "figma:")

The NotebookEdit tool now supports ruleContentField: "notebook_path", meaning permission rules can match against the notebook path specifically.

• Previously, permission rules for NotebookEdit did not have a path-based content field
• Now, rules like NotebookEdit(path/to/notebook.ipynb) will correctly match the notebook path

Schema change for NotebookEdit tool definition (search for "notebook_path" in context of ruleContentField)

Memory stores are now periodically resynced in the background instead of relying solely on event-driven pushes.

• Controlled by the tengu_memory_store_resync_interval_minutes feature flag (minimum interval enforced)
• Can be disabled entirely with CLAUDE_CODE_DISABLE_MEMORY_PERIODIC_RESYNC=true
• A timer re-arms after each sync to schedule the next one; the mechanism uses unref() so it doesn't block process exit

New periodic resync logic (search for "memory-watcher: stale-store check failed:", "CLAUDE_CODE_DISABLE_MEMORY_PERIODIC_RESYNC", "tengu_memory_store_resync_interval_minutes")

The TODO reminder behavior can now be controlled via a new environment variable or feature flag.

CLAUDE_CODE_TODO_REMINDER_MODE=off claude     # disable TODO reminders
CLAUDE_CODE_TODO_REMINDER_MODE=baseline claude # default behavior

• Env var takes precedence over the tengu_soft_slate_nudge feature flag
• Feature flag values: "baseline" (default) or "off"
• When set to "off", TODO nudges are suppressed

New function reading the mode (search for "CLAUDE_CODE_TODO_REMINDER_MODE", "tengu_soft_slate_nudge")

• Bash prompt rule denials are now classified as safetyCheck type (rather than other) with classifierApprovable: false, ensuring auto-mode cannot override safety denials. (search for "Denied by Bash prompt rule")

• Precomputed compact is now correctly gated: it can activate for non-user-query sources that have a precomputed swap available, fixing cases where compaction would not trigger when it should. (search for "precomputed compact: arm gated")

• WIF (Workload Identity Federation) token refresh now checks sibling-process-rotated tokens before performing a new refresh grant, avoiding redundant token rotations in multi-process scenarios. (search for "wif: adopting sibling-rotated access token from credentials file")

• Agent list attachment is no longer gated by tengu_agent_list_attach — the check that previously required the feature flag is removed, making agent context more consistently available. (search for "tengu_agent_list_attach" absent from new code)

• Design OAuth credential error messages are improved: the expand_failed case now includes guidance to run /design-login as an alternative, rather than only suggesting /login. (search for "Could not add design scopes to the token", "or run /design-login to authorize design access separately")

| Variable | Purpose | |---|---| | CLAUDE_CODE_SESSION_ID | Identifies the current session (must start with cse_ or session_) | | CLAUDE_CODE_TODO_REMINDER_MODE | Set to off or baseline to control TODO nudges | | CLAUDE_CODE_FABLE_BRIDGE_DIALOG_TIMEOUT_MS | Timeout for the Fable usage-credits consent dialog (default 60000 ms) | | CLAUDE_CODE_DIAGNOSTICS_FILE | Path for writing diagnostics output | | CLAUDE_CODE_REPO_CHECKOUTS | Controls repository checkout behavior for remote agents | | CLAUDE_SESSION_INGRESS_TOKEN_FILE | Path to a session ingress token file | | CLAUDE_CODE_DESIGN_OAUTH_CLIENT_ID | Override the registered Design OAuth client ID | | CLAUDE_CODE_DISABLE_MEMORY_PERIODIC_RESYNC | Set to disable periodic memory store resyncs |

The removal of TeamCreate and TeamDelete is a breaking change for any workflow that explicitly called those tools. Update to use the Agent tool's name parameter directly. The team_name field in TeammateIdle hook event payloads is deprecated and will be removed in a future release.

The Artifact tool's content model changed: files should no longer include <!DOCTYPE html>, <html>, <head>, or <body> tags — the tool wraps the content in a skeleton automatically. Existing artifact files that include these tags may render with duplicate structure.