
Main Updates in Claude Code v2.1.211
This page has been translated by machine translation. View original
This is Ishikawa from the Cloud Business Division. Claude Code v2.1.211 (released 2026-07-15) has been released. This release focuses primarily on fixing a prompt cache overbilling regression and background agent-related bugs, and also includes a fix for a vulnerability that allowed the appearance of approval messages to be spoofed.
Update Summary
v2.1.211 includes 37 changes. There is only one new feature — an enhancement to stream-json output — while the majority of changes are bug fixes related to background agents, authentication, and Claude in Chrome integration, along with security fixes for permission confirmation preview spoofing and hook evaluation during chat integration.
Highlights
- New Feature: Added the
--forward-subagent-textflag and environment variable to include subagent text and reasoning in stream-json output (v2.1.211) - Bug Fixes: Fixed a regression where prompt cache was incorrectly billed as new input tokens on Bedrock, Vertex, Mantle, and Foundry (v2.1.211). Also fixed a bug where background agents stopped by the user would automatically restart and re-execute old prompts (v2.1.211)
- Security: Fixed a bug where permission confirmation previews relayed to chat channels could be visually spoofed using confusable characters, and a bug where auto mode was overriding PreToolUse hook
askdecisions (v2.1.211)
Update Details
New Features
- Added the
--forward-subagent-textflag andCLAUDE_CODE_FORWARD_SUBAGENT_TEXTenvironment variable to include subagent text and reasoning in stream-json output. This can be used when you want to make the internal behavior of agents visible from external tools.
Previously, in headless execution via claude -p --output-format stream-json, text and reasoning generated internally by subagents were not included in the output — only the final result returned to the parent agent could be observed. Enabling this flag forwards subagent assistant messages (text and thinking) to the stream-json output as well, and they can be identified by associating them with the parent tool call via parent_tool_use_id.
There are three main use cases. First, observability use cases where subagent progress is streamed to a logging infrastructure in real time during CI or pipeline execution. Second, building custom frontends that display nested conversations in a proprietary UI based on the Agent SDK. Third, debugging and validation use cases where subagent reasoning is observed directly from the stream.
Improvements
- Improved terminal layout and rendering performance.
- Improved background agent result reporting so that results are not fabricated for agents still running, and status is reported only after actual completion.
- Changed the save location for "always allow" permission rules to the repository root, so that permissions granted within a git worktree are now preserved across sessions and worktrees.
- Integer environment variables such as timeout, token budget, and retry count now accept exponential notation like
1e6and digit separator notation like64_000. - Additional minor improvements include Vim mode
s/Snow behaving as expected in NORMAL mode, and/usage-creditsnow prompting for confirmation before sending a request to the organization administrator.
Security
- Fixed a bug where permission confirmation previews relayed to chat channels did not sanitize bidirectional override characters, zero-width characters, or confusable quotation marks, allowing the appearance of tool input to be spoofed and approval messages to be manipulated.
- Fixed a bug where auto mode was overriding PreToolUse hook
askdecisions for Bash outside the sandbox, ensuring that a hookaskalways escalates to a prompt confirmation. - Strengthened path validation for file uploads in Claude in Chrome.
Fixes
- Fixed prompt cache overbilling: Fixed a regression on Bedrock, Vertex, Mantle, and Foundry where the trailing system context block was being billed as new input tokens on every request.
- Fixed unintended background agent restarts: Fixed a bug where background agents stopped by the user would automatically restart, and the revived agent would re-execute old prompts from old sessions.
- Fixed background job failures with LLM gateway authentication: Fixed a bug where, in environments using
ANTHROPIC_AUTH_TOKENandANTHROPIC_BASE_URL, background jobs would display "Not logged in" after a daemon restart. - Fixed inability to delete
claude agentsjobs: Fixed a bug where jobs became completely undeletable when git could no longer recognize the worktree, and the reason why deletion is not possible is now displayed inline. - Fixed empty conversations when resuming background sessions: Fixed a bug where reopening a background session from the agents view immediately after stopping it would start an empty conversation under the same session ID.
- Fixed simultaneous logouts across concurrent sessions: Fixed a bug where a large number of sessions sharing a single credential store would all be logged out simultaneously after waking from sleep.
- Fixed cost display after
/clear: Fixed a bug where the session cost counter was not reset after executing/clear, causing the cost display in the status line to not correctly start from$0. - Fixed crash in Windows headless print mode: Fixed a bug where the application would crash or exit silently when standard input could not be read.
- Additionally, numerous minor bugs have been fixed related to MCP server reconnection, model startup behavior on Bedrock/Vertex, Claude in Chrome integration, accessibility (screen reader notification sounds), and session display after
/loopexecution.
Closing
While v2.1.211 has few new features, it is a release centered on bug fixes with significant impact on production use, including a prompt cache overbilling regression for users accessing cache via the cloud and unintended re-execution of background agents. It also includes a security fix for visual spoofing of permission confirmation previews. We recommend that users of cloud models on Bedrock, Vertex, Mantle, or Foundry, or those making active use of the background agent feature, update as soon as possible.
References
