Claude Code v2.1.162 to v2.1.165 Major Updates

This is Ishikawa from the Cloud Business Division. Here is a summary of the Claude Code updates for v2.1.162 / v2.1.163 / v2.1.165 (2026/6/3 – 2026/6/5; v2.1.164 was not published to npm).

Update Summary

This covers 3 versions (v2.1.162 / v2.1.163 / v2.1.165, 2026/6/3 – 2026/6/5) with a total of 51 changes. There are multiple security fixes closing loopholes in permission rules, along with the addition of admin settings to enforce version ranges across organizations, stability improvements around claude agents (background agents), and fixes for claude -p (headless execution). No breaking changes or deprecations were noted.

Notable Updates

• New features: Admin settings requiredMinimumVersion / requiredMaximumVersion to enforce the allowed Claude Code version range (v2.1.163); Stop / SubagentStop hooks can now return additionalContext to continue the turn (v2.1.163)
• Bug fixes: claude -p hanging indefinitely when background commands don't terminate (v2.1.163); "ANTHROPIC_API_KEY required" error in Bedrock / Vertex / Microsoft Foundry + CI=true environments (v2.1.163)
• Security: Permission rules not being applied to pre-approved domains in WebFetch (v2.1.162); deny rules for ~/ being bypassed via $HOME references (v2.1.163); organization-managed permission rules sometimes not being applied (v2.1.163)

Target Versions and Period

v2.1.164 was not published to npm. The CHANGELOG for v2.1.165 only states "Bug fixes and reliability improvements" with no individual items listed.

New Features

Enforce Version Ranges via Admin Settings (v2.1.163)

requiredMinimumVersion and requiredMaximumVersion have been added to managed settings. If the Claude Code version falls outside the allowed range, startup itself is rejected and users are directed to an approved version.

Managed settings is a mechanism for organization administrators to distribute policies that cannot be overridden by users. They are placed at /Library/Application Support/ClaudeCode/ on macOS, /etc/claude-code/ on Linux/WSL, and C:\Program Files\ClaudeCode\ on Windows.

The existing minimumVersion setting "prevents auto-updates or claude update from installing versions older than this," whereas the new requiredMinimumVersion / requiredMaximumVersion rejects startup entirely for out-of-range versions. This is intended for organizations that need to restrict usage to verified versions. Note that at the time of writing, these settings have not yet been added to the official documentation's settings page, so please check for future documentation updates for details.

Stop / SubagentStop Hooks Can Now Return additionalContext (v2.1.163)

Stop and SubagentStop hooks can now return hookSpecificOutput.additionalContext. This allows feedback to be passed to Claude and the turn to continue without being treated as a hook error.

Previously, Stop / SubagentStop hooks only supported returning decision: "block" and reason to prevent stopping, while additionalContext was only supported for certain hook events such as SessionStart and UserPromptSubmit. This change makes it possible to "pass only additional context without taking the form of an error or block, and let work continue" in Stop / SubagentStop hooks as well — for example, making it easier to write hooks that pass validation results to Claude before stopping and have it continue working.

Other New Features

• A /plugin list command has been added to list installed plugins. --enabled / --disabled filters are also available (v2.1.163)
• A waitingFor field has been added to claude agents --json output, enabling programmatic retrieval of what a waiting session is blocked on (such as permission prompts) (v2.1.162)
• A "copy with c" shortcut has been added to /btw, allowing you to copy the raw Markdown of a response to the clipboard while preserving formatting (v2.1.163)
• A \$ escape syntax has been added to Skills command bodies for writing a literal $ before a number (v2.1.163)

Security-Related Fixes

Four fixes have been made for permission rules being applied more loosely than intended. Since all of these are fixes to properly apply restrictions that were not being enforced through certain paths, operations that previously passed may now trigger permission prompts or denials after updating.

• Fixed permission rules not being applied to pre-approved domains in WebFetch (v2.1.162): Explicit WebFetch(domain:...) deny / ask / allow rules now take priority over domains that are automatically allowed by default.
• Fixed permission rules not matching on Windows (v2.1.162): Fixed issues where rules would not match at all for paths using backslash notation (~\, \\server\share) or different letter casing, and where Read deny rules would not hide files from Glob / Grep results.
• Fixed organization-managed permission rules sometimes not being applied (v2.1.163): Fixed an issue where, if managed settings retrieval completed during startup in a new config directory, organization-managed permission rules would not be applied for the entire session.
• Fixed deny rules for ~/ being bypassed via $HOME references (v2.1.163): Fixed an issue where deny rules for home directory paths such as Read(~/Desktop/**) would not block Bash commands that reference paths via $HOME.

Improvements

• Clicking a slash command in the autocomplete menu now inserts it into the prompt instead of executing it immediately. Press Enter to execute. This prevents unintended immediate execution (v2.1.162)
• Startup display has been cleaned up. Notifications are now grouped by importance and quieter, startup warnings have been rewritten to be shorter with specific remediation steps, and unnecessary startup messages such as "Claude in Chrome enabled" have been removed. Warnings for deep links and pre-filled prompts are now pinned below the input field until the user takes action (v2.1.162)
• Background service startup and claude update validation now wait for endpoint security products to finish scanning new binaries instead of failing after 5 seconds. This is relevant for update failures in environments where binary scanning takes time (v2.1.162)
• Background agent sessions now update to new Claude Code versions in the background, so opening a session after an update no longer requires waiting for a cold restart (v2.1.163)
• stdio MCP servers now receive the same CLAUDE_CODE_SESSION_ID as hooks and Bash on --resume. This makes it easier to implement MCP servers that manage logs or state keyed by session ID (v2.1.163)
• Following the editor rebranding, the name Windsurf has been changed to Devin Desktop in the /ide menu, /terminal-setup, and /scroll-speed. Cognition announced the rebranding of Windsurf to Devin Desktop on June 2, 2026 (see their blog post in References), and this change follows suit (v2.1.162)
• Other minor usability improvements include a confirmation display when retaining the default at /effort selection (v2.1.162), Remote Control becoming a persistent footer pill (v2.1.162), clarified descriptions in the / menu (v2.1.163), and more.

Fixes (Major Items)

Here is a selection of fixes related to stability and usability.

• Fixed claude -p hanging indefinitely: Fixed an issue where the process would not exit after outputting the final result when a backgrounded command never terminates. The background shell is now terminated approximately 5 seconds after the result, once stdin is closed. This is relevant for headless execution from CI or scripts (v2.1.163)
• Fixed API key error on Bedrock / Vertex / Microsoft Foundry: Fixed an issue where claude -p would fail with "ANTHROPIC_API_KEY required" in environments with CI=true and no Anthropic API key set. This affects users running from CI via Amazon Bedrock, Google Vertex AI, or Microsoft Foundry (v2.1.163)
• Fixed startup hang with non-writable config directory: Fixed an issue where startup would hang silently when the config directory was read-only. Startup now proceeds with an in-memory config and displays a startup error (v2.1.162)
• Fixed Grep / Glob specified via --tools being ignored: Fixed an issue in native builds with embedded search where explicitly specifying Grep / Glob via --tools would be silently ignored. Dedicated search tools are now provided (v2.1.162)
• Fixed interrupts being lost in SDK sessions: Fixed an issue in stream-json / SDK sessions where an interrupt (Esc) immediately after a turn started would be silently discarded and the turn would continue executing (v2.1.162)
• Fixed sub-millisecond MCP timeout settings interrupting tool calls: Fixed an issue where server-specific timeout settings under 1000ms would be rounded to a 1-second watchdog, causing all tool calls to be interrupted. Values under 1000ms are now ignored and fall back to MCP_TOOL_TIMEOUT or the default (v2.1.162)
• Fixed LSP workspaceSymbol returning no results: The query parameter is now accepted and passed to the language server (v2.1.162)
• Fixed conversation being lost on backgrounding: Fixed an issue where conversations would be silently lost when backgrounding a session with the ← key while the background service could not start. Sessions now remain in the list as a failed entry and can be resumed with Enter (v2.1.162)
• Fixed regression with $TMPDIR being overwritten: Fixed an issue (regression from v2.1.154) where $TMPDIR was being overwritten to /tmp/claude-{uid} for all commands, not just sandboxed ones, causing failures in bazel and EDR-protected Go workflows (v2.1.163)
• Fixed EEXIST error on Windows: Fixed an issue where Bash commands would fail with "EEXIST: file already exists" when the session-env directory had a read-only attribute or was inside OneDrive (v2.1.163)
• Fixed background tasks being lost after update: Fixed an issue where, after a Claude Code update, re-attaching to claude agents background sessions would cause running background tasks to be lost (v2.1.163)
• Fixed keyboard becoming unresponsive after paste: Fixed an issue where keyboard input would become permanently unresponsive if the paste end marker was discarded by the terminal (v2.1.163)
• Fixed hook if: "Bash(...)" conditions misfiring: Fixed an issue where conditions would incorrectly fire for all Bash commands containing $() or $VAR. Conditions now correctly match commands inside subshells and backticks (v2.1.163)
• Numerous other minor bugs have also been fixed, including claude agents display width, attachment, and image paste issues; API 400 errors with strings containing emoji; and display corruption after panel dialogs (v2.1.162–v2.1.163). Note that the v2.1.165 CHANGELOG only states "Bug fixes and reliability improvements" with no individual items listed.

Closing

The highlights of this update range were the security fixes closing loopholes in permission rules and the addition of version control via requiredMinimumVersion / requiredMaximumVersion. Organizations managing Claude Code are encouraged to test before deploying, keeping in mind that permission rule enforcement has become stricter. There are also relevant fixes for those using claude -p in CI or accessing via Bedrock / Vertex / Microsoft Foundry. If anything catches your interest, try updating and checking it out.

Recent Updates

https://dev.classmethod.jp/articles/20260524-claude-code-updates-v2-1-150/

https://dev.classmethod.jp/articles/20260524-claude-code-updates-v2-1-152/

https://dev.classmethod.jp/articles/20260528-claude-code-updates-v2-1-153/

https://dev.classmethod.jp/articles/20260529-cc-updates-v2-1-158/

https://dev.classmethod.jp/articles/20260602-cc-updates-v2-1-160/

https://dev.classmethod.jp/articles/20260603-cc-updates-v2-1-161/

References

https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md

https://code.claude.com/docs/en/changelog

https://code.claude.com/docs/en/settings

https://code.claude.com/docs/en/hooks

https://devin.ai/blog/windsurf-is-now-devin-desktop/