Claude Code 2.1.97: Focus View, MCP Fixes, Permissions Hardening

TL;DR

• Focus view toggle (Ctrl+O) in NO_FLICKER mode shows prompt, tool summary, and response in one screen
• Major permissions hardening: fixed prototype pollution bug, env-var bypass, and mid-session setting changes
• MCP fixes: OAuth token refresh, HTTP buffer leaks, 429 retry backoff, and plugin update detection
• Resume picker and transcript persistence fixes across multiple edge cases

New

• Focus view toggle (Ctrl+O) — In NO_FLICKER mode, shows prompt, one-line tool summary with edit diffstats, and final response without scrolling
• refreshInterval status line setting — Re-run the status line command every N seconds for live updates
• workspace.git_worktree status line variable — Detects when the current directory is inside a linked git worktree
• Running agent indicator — `/agents` now shows `● N running` next to agent types with live subagent instances
• Cedar policy syntax highlighting — Added support for `.cedar` and `.cedarpolicy` files

Fixed

• Permissions bypass via --dangerously-skip-permissions — Flag was silently downgraded to accept-edits mode after approving a write to a protected path; now stays in full bypass mode
• Bash tool permissions hardening — Tightened checks around env-var prefixes and network redirects, reducing false permission prompts on common commands
• Prototype pollution in permission rules — Rules with names matching JavaScript prototype properties (e.g. `toString`) were silently breaking `settings.json` parsing
• Managed-settings allow rules persisting — Removed rules remained active until process restart
• permissions.additionalDirectories mid-session changes — Settings changes now apply immediately instead of requiring restart
• Directory revocation bug — Removing a directory from `settings.permissions.additionalDirectories` was incorrectly revoking access to the same directory passed via `--add-dir`
• MCP HTTP/SSE buffer leak — Connections were accumulating ~50 MB/hr of unreleased buffers on server reconnect
• MCP OAuth token refresh — `oauth.authServerMetadataUrl` was ignored after restart, breaking ADFS and similar IdPs; now honored on token refresh
• 429 retry backoff — Retries were burning all attempts in ~13 seconds when server returned small `Retry-After`; exponential backoff now applies as minimum
• Rate-limit upgrade options disappearing — Options vanished after context compaction
• Resume picker issues — Fixed `--resume` opening uneditable, Ctrl+A reload wiping search, empty list swallowing navigation, task-status text replacing conversation summary, and cross-project staleness
• File-edit diffs disappearing on resume — Diffs were lost when edited file exceeded 10KB
• Resume cache misses — Attachment messages weren't being saved to transcript, causing lost mid-turn input
• Messages typed during Claude work not persisting — User input while Claude is working is now saved to transcript
• Prompt-type hook failures on long sessions — `Stop`/`SubagentStop` hooks were failing; hook evaluator API errors now display actual message instead of "JSON validation failed"
• Subagent working directory leaks — Subagents with worktree isolation or `cwd:` override were leaking their working directory back to parent session's Bash tool
• Compaction duplicate files — Writing duplicate multi-MB subagent transcript files on prompt-too-long retries
• Plugin update detection — `claude plugin update` was reporting "already at the latest version" for git-based marketplace plugins when remote had newer commits
• Slash command picker with YAML boolean names — Picker broke when plugin frontmatter `name` was a YAML boolean keyword
• Wrapped URL copying in NO_FLICKER — Copying wrapped URLs was inserting spaces at line breaks
• NO_FLICKER scroll artifacts in zellij — Fixed rendering glitches when running inside zellij
• NO_FLICKER crash on MCP tool hover — Hovering over MCP tool results caused crash
• NO_FLICKER memory leak on API retries — Retries left stale streaming state
• NO_FLICKER slow scrolling on Windows Terminal — Mouse-wheel scrolling was sluggish
• Custom status line on short terminals — Not displaying in NO_FLICKER mode on terminals shorter than 24 rows
• NO_FLICKER keyboard shortcuts in Warp — Shift+Enter and Alt/Cmd+arrow shortcuts weren't working
• Unicode text corruption in NO_FLICKER on Windows — Korean/Japanese/Unicode text became garbled when copied
• Bedrock SigV4 auth with empty env vars — Authentication was failing when `AWS_BEARER_TOKEN_BEDROCK` or `ANTHROPIC_BEDROCK_BASE_URL` set to empty strings (as GitHub Actions does for unset inputs)

Improved

• Accept Edits mode auto-approval — Now auto-approves filesystem commands prefixed with safe env vars or process wrappers (e.g. `LANG=C rm foo`, `timeout 5 mkdir out`)
• Auto mode and bypass-permissions mode — Auto-approve sandbox network access prompts
• Sandbox network lookup on macOS — `sandbox.network.allowMachLookup` now takes effect
• Image handling — Pasted and attached images are now compressed to the same token budget as images read via the Read tool
• Slash command and @-mention completion — Now triggers after CJK sentence punctuation, so Japanese/Chinese input no longer requires a space before `/` or `@`
• Bridge sessions — Now show the local git repo, branch, and working directory on the claude.ai session card
• Footer layout — Indicators (Focus, notifications) now stay on the mode-indicator row instead of wrapping below
• Context-low warning — Now shows as a transient footer notification instead of a persistent row
• Markdown blockquotes — Now show a continuous left bar across wrapped lines
• Session transcript size — Improved by skipping empty hook entries and capping stored pre-edit file copies
• Transcript accuracy — Per-block entries now carry the final token usage instead of the streaming placeholder
• Bash tool OTEL tracing — Subprocesses now inherit a W3C `TRACEPARENT` env var when tracing is enabled
• /claude-api skill — Updated to cover Managed Agents alongside the Claude API

Update Claude Code: npm install -g @anthropic-ai/claude-code@latest or check your IDE's extension marketplace.

Source: Claude Code