← All changelogs v2.1.210 claude · claude-sonnet-4-6
Claude Code · Source-level changelog

Version 2.1.210

This is a large architectural release. The memory sync backend has been completely replaced — old personal and team sync is gone, replaced by an org memory discovery system that auto-provisions shared stores. A new SendFile tool lets Claude send files directly between Claude Code sessions. The /auto-mode-setup command gains a non-interactive wizard mode for scripted setup, and eval runs can now publish HTML reports. Several security and reliability improvements round out the release.

Official notes ✓ synced Package @anthropic-ai/claude-code Diff v2.1.209 → v2.1.210Provider claudeModel claude-sonnet-4-6
16
Features & Changes
4
Bug Fixes
0
In Development
0
Env Vars / Flags

Official Changelog

Official · Anthropic
Anthropic’s official release notes
Published verbatim by Anthropic for v2.1.210 — shown here alongside the source-level analysis below. Text is unmodified from the upstream changelog.
View on GitHub ↗
  • Added a live elapsed-time counter to the collapsed tool summary line so long-running tool calls visibly tick instead of looking stuck
  • Added a startup warning for Write(path), NotebookEdit(path), and Glob(path) permission rules — use Edit(path) or Read(path) instead
  • Fixed isolation: 'worktree' subagents being able to run git-mutating commands against the main repo checkout instead of their own isolated worktree
  • Fixed the ultracode keyword opt-in firing on non-human-originated input such as webhook payloads and relayed PR comments
  • Fixed a rendered text fragment leaking into crash telemetry when a UI component returned content outside a styled text element
  • Fixed paste markers leaking into external editors opened from Claude Code, which could appear as stray È/É characters around pasted text
  • Fixed claude attach sometimes failing with "job not found" or "agent is still starting" errors during session transitions — attach now waits for the daemon to settle, and terminal resizes during a slow attach are applied once it completes
  • Fixed a session crash when a tool's result renderer returned a numeric bigint value or plain text instead of a UI element
  • Fixed a hook callback timeout being misreported to the model as a user rejection, which made unattended sessions stop and wait
  • Fixed Claude assuming a cd took effect after its command was moved to the background; the tool result now states the working directory is unchanged
  • Fixed plugin-provided MCP servers being torn down when MCP servers are re-synced mid-session
  • Fixed plan approvals without edits being labeled "(edited by user)" and overwriting the plan file with a stale snapshot
  • Fixed /doctor skipping its auto-mode-default proposal on Bedrock, Vertex, and Foundry, where auto mode no longer needs an opt-in
  • Fixed Grep content mode claiming "No matches found" when paginating past the end of results
  • Fixed unmatched $1/$2 positional placeholders in skills and commands being silently stripped; they are now preserved verbatim
  • Fixed plugin cache writes leaving temp files behind on failure and failing on locked-file renames on Windows and network filesystems
  • Fixed background workers crash-looping when a client resets its connection to the background service
  • Fixed claude agents --effort ultracode not reaching dispatched sessions; the value was silently dropped
  • Fixed pressing ← to open the agents view dropping the task tracker when returning to the session
  • Fixed the agents dashboard retaining pasted images from abandoned reply drafts after their session was deleted
  • Fixed killed background sessions leaving a permanent git worktree lock behind; the periodic sweep now releases locks whose owning process is gone
  • Fixed SDK MCP servers registered via an initialize control request waiting until the next turn to start connecting
  • Fixed returning to the agents view from a session leaving overlapping ghost frames with CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1
  • Fixed late-appearing .claude/* symlinks not being reconciled into the sandbox deny-write list
  • Hardened the Agent tool against indirect prompt injection via content a subagent read
  • Improved the Bash/PowerShell tool message when a command hits its timeout and is auto-backgrounded, so the model can distinguish a hang from an explicit background request
  • Improved auto mode: the permission classifier now defaults to Sonnet 5 for external sessions, validated on the session's first request and pinned for the session
  • Improved the bundled dataviz skill's chart color validation with perceptual OKLab color difference and recalibrated color-blindness thresholds
  • Memory writes that leave a MEMORY.md index over its read limit now produce an explicit error instead of silent truncation
  • Screen reader mode now announces permission mode changes aloud when cycling modes with Shift+Tab
  • The agents footer hint now shows how many background agents are waiting on your input, with a brief color emphasis when the count changes
  • Agent view: the session you pressed ← from stays visibly marked even after mouse hover or arrow keys move the selection
  • Fable temporarily shows as unavailable in the advisor picker while a server-side issue causing Fable advisor failures is fixed
Source: anthropics/claude-code · CHANGELOG.md · 33 entries · synced automatically when Anthropic publishes official notes for a version.
Source-Level Analysis
Reverse-engineered from a diff of the bundled CLI — deeper, structured detail. Unofficial.

New Features

4 items

SendFile — Send Files Between Claude Code Sessions #

New
What

A new SendFile tool lets Claude send one or more local files to another Claude Code session — a peer session on the same machine or a Remote Control / cloud session on a different machine.

Details
  • Local sessions are addressed by name or by explicit uds:<socket> address. Cloud sessions use bridge:<session-id>.
  • Files are verified with a SHA-256 digest after transfer, so the receiver can confirm integrity.
  • Same-machine transfers travel over a Unix domain socket (no data leaves the host). Cross-machine transfers upload file contents through Anthropic servers; this path can be restricted with the isolatePeerMachines setting.
  • An optional message parameter delivers a short note alongside the files.
  • Agents within the same session are explicitly excluded — they already share the filesystem, so there is nothing to transfer.
  • When isolatePeerMachines is enabled, cross-machine sends require explicit approval before anything is uploaded.
  • To find available peer sessions, use the existing session-listing tool: Use <ListSessions> to see the sessions you can send files to.
Evidence

Tool definition with name "SendFile" (search for "Send one or more files to another Claude Code session")

Artifact Listing — Shared and All Scopes #

New
What

The Artifact listing tool now accepts a scope parameter with three values: mine (the default, unchanged), shared (artifacts that other people shared with you), or all (both together).

Details
  • scope only applies to the list action; publishing ignores it.
  • Listing shared artifacts requires one-time consent per session — the first call that touches the shared scope shows a confirmation prompt because it reads titles and links from other users' sessions.
  • A fresh consent prompt is shown only on the first shared or all listing per session; subsequent calls within the same session are silently permitted.
Evidence

New Pje scope resolver (search for "scope: shared —") and new consent flow (search for "First shared-scope artifact listing this session requires confirmation")

/auto-mode-setup Wizard and Proposal Workflow #

New
What

The /auto-mode-setup slash command gains a structured non-interactive mode via a --wizard flag and a two-phase propose/apply workflow.

Usage
/auto-mode-setup --wizard posture=<personal|open-source|enterprise|mixed> scope=<all|project> depth=<both|shell|repos|here> --propose
/auto-mode-setup --apply-file <absolute-path>
Details
  • --wizard sets up context without user questions. Posture values: personal (hobby/personal projects), open-source (public repos), enterprise (work/private repos), mixed.
  • --propose scans the repo and recent sessions, then asks the model to draft a settings proposal and writes it to a temp file. The proposal can be reviewed before applying.
  • --apply-file <path> reads a previously generated proposal file and writes it to user settings. The path must be inside the system temp directory or the Claude config directory.
  • The proposal now includes removeFromPermissionsAllow suggestions — broad or dangerous allow rules flagged during the scan can be removed as part of applying.
  • Scope all also reads sibling repos in the GitHub org via gh. Depth shell includes shell history; depth repos checks other checkouts in ~.
  • The wizard mode feeds all parameters non-interactively so agents and CI scripts can drive setup without keyboard interaction.
Evidence

Wizard mode and proposal flow (search for "--wizard posture=… scope=… depth=… --propose | --apply-file <path>" and "--apply-file needs a path to the reviewed proposal JSON")

Eval Report Publishing #

New
What

The claude plugin eval command can now export its results as a styled HTML report, optionally published as a private artifact on claude.ai.

Usage
claude plugin eval --report results.html          # write HTML to a local file
claude plugin eval --publish-report               # publish to claude.ai and print the link
claude plugin eval --json results.json            # existing flag, unchanged
Details
  • --report <path> writes a self-contained HTML file with per-case scores, prompts, grader verdicts, and summary statistics.
  • --publish-report uploads the HTML as a private artifact and prints the URL. Publishing is unavailable when claude.ai artifacts are turned off for the account or provider.
  • If the run is interrupted before all cases finish, the report is skipped rather than written with incomplete data.
  • --max-cost-usd ceiling is reported when it cuts the run short.
Evidence

New flag strings (search for "--publish-report" and "Write a self-contained HTML report (scores, prompts, grader verdicts) to <path>")

Improvements

9 items

Memory Architecture: Org Memory Discovery Replaces Personal/Team Sync #

New
What

The old personal and team memory sync backend — which replicated .md/.txt files against /api/claude_code/memory and /api/claude_code/team_memory — has been replaced by a new org memory system. Shared memory stores are now discovered automatically from the server; there is no more per-repo sync loop in the client.

Details
  • Claude Code calls a new /v1/code/local/memory/mounts endpoint to discover which org memory stores are available for the current account.
  • Discovered stores are cached locally in org-memory-discovery.json (under the cache directory) and refreshed once per hour.
  • Credential provisioning uses a new /v1/code/local/memory/credential endpoint, with a configurable token lifetime.
  • The feature is controlled by the tengu_haze_glass feature flag (off by default during rollout) and can be disabled with CLAUDE_CODE_DISABLE_ORG_MEMORY=1.
  • Directory listing now uses a streaming NDJSON protocol (exportMetadata) when the backend supports it, falling back to paged listing on older backends. The stream path can be disabled with CLAUDE_CODE_DISABLE_MEMORY_STREAM_LIST=1 or the tengu_memory_stream_list flag.
  • Mount directories that already contain unmanaged content before the store is mounted are suppressed with a warning rather than overwriting user files: "mount dir exists without a .memory-sync manifest and is not empty — suppressing sync".
  • The environment variable CLAUDE_CODE_DISABLE_ORG_MEMORY is new. CLAUDE_MEMORY_STORES still overrides store configuration.
  • ANTHROPIC_BEDROCK_MANTLE_API_KEY (an old Bedrock-specific key type) has been removed.
Evidence

Discovery endpoint (search for "/v1/code/local/memory/mounts"), credential endpoint (search for "/v1/code/local/memory/credential"), feature flag (search for "tengu_haze_glass")

MCP Connector Approval Retry (CCR / -32003) #

New
What

When an MCP connector returns a new -32003 needs_approval error code, Claude Code now surfaces a retroactive approval card instead of propagating the error. The user can approve or deny the call from within the normal permission flow.

Details
  • Previously, -32003 responses would surface as raw errors. Now they trigger a consent prompt with the connector name and a description of the required action.
  • If the user approves, the call is automatically retried; if they deny, an informative "Approval denied for <connector>" error is returned to the model.
  • Approval is surfaced as an "approval card" in the UI with the message "This connector call requires your approval to proceed.".
  • The feature is controlled by tengu_mcp_proxy_needs_approval_retry (default enabled).
  • If the approval was conditioned on edited arguments (which cannot safely be replayed), the tool raises a clear error: "The approval for X was conditioned on edited arguments, which can't be applied on this retroactive card".
Evidence

Error code constant (search for "-32003") and approval message (search for "connector requires approval for this call")

Stale Worktree Lock Auto-Cleanup #

New
What

Claude Code now automatically detects and releases worktree locks that were left behind by processes that have since exited, rather than leaving them to block future operations.

Details
  • On each sweep, the worktree registry is scanned for locks whose lock-reason string encodes a PID. Only reasons matching the pattern ^claude (?:agent|session) .{1,255} \(pid (\d{1,10})(?: start .{1,255})?\)$ (and no longer than 512 characters) are eligible; lock reasons that don't follow this format are skipped entirely.
  • If process.kill(pid, 0) returns ESRCH (no such process), the lock is treated as stale and released. Any other result (process exists, or PID ≤ 1 / non-integer) is treated as live and left alone.
  • The per-sweep cap is 50 releases: once 50 stale locks have been released in one sweep, the remainder are logged and deferred to a later sweep with the message "releaseStaleClaudeWorktreeLocks: per-sweep cap of 50 reached; remaining stale locks will be reconciled on later sweeps".
  • Worktrees with no .git file at their path are also skipped, preventing cleanup of already-removed trees.
  • The registry is re-read at release time (double-checked before each individual unlock) to prevent TOCTOU races where another process might have claimed the lock between the scan and the release.
  • The current session's own worktree is always excluded from cleanup (matched by resolved real path).
  • When at least one lock is released, a tengu_worktree_stale_lock_released telemetry event is emitted with { attempted: N }, and a debug log reports the count: "releaseStaleClaudeWorktreeLocks: attempted release of N stale liveness lock(s)".
Evidence

Cleanup function (search for "releaseStaleClaudeWorktreeLocks: attempted release of") and PID check logic (search for "stale liveness lock(s) in"); cap constant ($zc = 50); lock-reason regex (Mtt)

Subagent Output Instruction-Pattern Sanitization #

New
What

Text returned by subagents is now scanned for directive-shaped patterns — XML control tags, <function_calls> fences, and similar constructs that could be mistaken for instructions — before being relayed to the host session. Suspicious patterns are neutralized and flagged.

Details
  • Matched patterns have their < characters escaped to <\` so they render as inert text rather than live markup.
  • A harness note is prepended to the output when reportable patterns are found: "[harness: subagent output matched instruction-shaped pattern(s): ...]".
  • Non-reportable patterns (silently neutralized) are not surfaced to the user but are still counted in telemetry.
  • Findings are reported via tengu_subagent_output_flagged telemetry, keyed by pattern category.
Evidence

Sanitizer entry point (search for "Control tags below are neutralized") and the harness note (search for "[harness: subagent output matched instruction-shaped pattern(s):")

Cowork Setup Expanded to Six Steps #

New
What

The Setup Cowork skill prompt was expanded from four steps to six, adding "writing voice" and "wrap" as new configuration phases, and a checklist step before the first user-facing message.

Details
  • Old order: role, plugin, try a skill, connectors.
  • New order: role, plugins, connectors, try a skill, writing voice, wrap — plus a Step 0 checklist.
  • "Writing voice" captures style preferences that persist across sessions. "Wrap" closes the setup with a summary and next-steps message.
Evidence

Updated Cowork prompt (search for "Six steps — role, plugins, connectors, try a skill, writing voice, wrap")

CLAUDE_CODE_SYNC_SESSION_REFS Environment Variable #

New
What

A new environment variable CLAUDE_CODE_SYNC_SESSION_REFS enables session-reference syncing when set alongside a CLAUDE_CODE_SESSION_ID that passes validation.

Details
  • Session-reference syncing is activated only when CLAUDE_CODE_SYNC_SESSION_REFS is truthy AND CLAUDE_CODE_SESSION_ID passes the format validator (Kae(e) !== e — the session ID must produce a different canonical form when normalized).
  • When active, both skills sync and plugin sync bypass the regular account-based sync APIs (oto() / nto()) and instead fetch a pre-assigned manifest from GET /worker/skill-manifest on the ccr-session host. That host resolves to the CCR Remote session URL supplied via --sdk-url; if no --sdk-url is provided the request throws "ccr-session host requires --sdk-url".
  • The manifest response is a JSON object { skills: [...], plugins: [...] } where each entry carries {id, name, description, version, directory}. Only entries with a non-empty id are used.
  • A single manifest fetch is shared across both skills and plugins via a lazy singleton (YKb()), so only one HTTP round-trip is made per sync cycle; the request carries a 30-second timeout.
  • If the manifest fetch fails (no auth, HTTP ≥ 300, 503 unavailable, or malformed body), sync silently returns {success: false} and emits tengu_skills_sync_manifest_failed or tengu_plugins_sync_manifest_failed telemetry rather than raising an error.
  • The jot() helper — which gates whether skill invocation waits for skill materialization — returns true when either CLAUDE_CODE_SYNC_SKILLS is set OR session-refs mode is active, so skill-wait logic applies to session-ref sessions as well.
  • CLAUDE_CODE_SYNC_SESSION_REFS is also forwarded to spawned worker processes by the CCR preload layer alongside CLAUDE_CODE_SESSION_ID, so child sessions inherit the same sync path.
Evidence

New constant check (search for "CLAUDE_CODE_SYNC_SESSION_REFS"); manifest fetch (search for "/worker/skill-manifest"); sync branch (search for "sync_session_refs_skills")

Daemon Service Launcher Self-Healing #

New
What

When the background daemon service finds that its launcher binary has been deleted or replaced (as happens after a version upgrade), it regenerates the service file from current settings rather than crash-looping.

Details
  • New logic distinguishes between three failure modes: the service file points at a binary that no longer exists, the launcher setting changed, and the daemon is running unwrapped (without the corporate launcher when required).
  • The "installed service starts through a launcher that was deleted or is no longer executable — regenerating the service file from the current settings" message indicates self-healing was triggered.
  • claude daemon install can be run manually to force a clean repair.
Evidence

Self-heal path (search for "installed service starts through a launcher that was deleted or is no longer executable — regenerating the service file from the current settings")

PreToolUse Hook Timeout Message Improved #

New
What

When a PreToolUse hook times out before the host client responds, the error message now explicitly states that the tool call was not executed and that other hooks may not have run.

Details
  • Old behavior: the hook timeout error was surfaced as a generic error with less context.
  • New message: "PreToolUse hook did not respond before its timeout (host client may be unreachable). The tool call was not executed; other configured hooks may not have completed."
Evidence

New message constant (search for "PreToolUse hook did not respond before its timeout")

/doctor Command Description Expanded #

New
What

The /doctor command description was updated to enumerate its capabilities: install health diagnostics, unused extension detection, memory file trimming, and slow hook identification.

Details
  • New description: "/doctor is a full setup checkup — it diagnoses install health, finds unused extensions that cost context at startup, trims bloated memory files, flags slow hooks, and can fix what it finds with your confirmation"
Evidence

Updated description string (search for "it diagnoses install health, finds unused extensions")

Bug Fixes

4 items
  • Background daemon no longer exits on ECONNRESET errors originating from the HTTP server's internal connection handling. The error is now swallowed with a debug log rather than causing a crash (search for "Swallowed unhandled http.Server ECONNRESET rejection")
  • MCP telemetry for claude-in-chrome and computer-use tools no longer logs tool names outside the known action set, preventing false positives in usage metrics (search for the updated Cee function which checks R3n(r.serverName))
  • Worktree branch deletion error messages now consistently include a configurable label rather than a hard-coded prefix, making them easier to attribute in logs (search for "Could not delete worktree branch" vs. the old hard-coded "Could not delete worktree branch:")
  • Auto-mode autoMode.environment validation now rejects entries that contain the "$defaults" template token, preventing placeholder tokens from being written verbatim into settings (search for "contains an entry with a literal \"<settings_\" template token")

Notes

3 items

The memory sync architecture change removes the following:

  • The ANTHROPIC_BEDROCK_MANTLE_API_KEY environment variable is no longer recognised.
  • The old /api/claude_code/memory and /api/claude_code/team_memory endpoints are no longer contacted by the client. If your infrastructure blocks outbound access to the new /v1/code/local/memory/mounts and /v1/code/local/memory/credential endpoints, org memory will not function. The CLAUDE_CODE_DISABLE_ORG_MEMORY=1 environment variable can disable the feature entirely.
  • The tengu_herring_clock feature flag (which gated the old personal memory sync) has been removed along with the sync implementation it guarded.