Claude Code 2.1.118
**Hooks invoking MCP tools directly** (`type: "mcp_tool"`) — hooks can now call MCP servers as first-class invocations, enabling agent verifiers, auto-mode rule checkers, and session orchestration logic to reach external services without wrapping them in bash or shimming through tool-call syntax. This unlocks tighter MCP integration into the Claude Code control plane.
New primitives
vim visual mode (v, V)capabilitySelect text and apply operators in visual and visual-line mode with selection and visual feedback
/theme + ~/.claude/themes/ + plugin themescapabilityCreate, switch between, hand-edit named custom themes; plugins can ship themes via a `themes/` directory
type: "mcp_tool" hookshookHooks can invoke MCP tools directly instead of wrapping them in bash
DISABLE_UPDATES env varenv-varCompletely block all update paths including manual `claude update` — stricter than `DISABLE_AUTOUPDATER`
wslInheritsWindowsSettings policy keysettingWSL on Windows can inherit Windows-side managed settings
autoMode "$defaults" tokensettingInclude `"$defaults"` in `autoMode.allow`, `autoMode.soft_deny`, or `autoMode.environment` to add custom rules alongside the built-in list
claude plugin tag commandcommandCreate release git tags for plugins with version validation
Workflow recipes
Hooks invoking MCP tools directly, combined with the ability to layer custom auto-allow rules alongside built-ins, unlock verifier hooks that can consult external services (MCP-backed databases, APIs, permission servers) before accepting or auto-allowing a user's command.
Configure a Stop hook with type: "mcp_tool" to query an MCP-connected policy server; use "$defaults" in autoMode.allow to add org-specific auto-allow patterns (e.g., "if MCP policy server says ✓, allow") alongside the default rules. This decouples permission logic from the Claude Code hardcoded rules and lets orgs implement dynamic, MCP-backed policies.
Plugins can now ship custom themes, and developers have a version-validated release mechanism (claude plugin tag) to ensure theme definitions are stable across plugin versions. This enables agent scaffolding tools to brand their plugin environments (color palette, UI theme) and release them alongside code updates.
A plugin that vends agent scaffolding or verification logic can include a themes/ directory with branded themes (e.g., "agent-verifier-dark", "audit-trail-minimal"). Use claude plugin tag to create a versioned release; users installing the plugin get the bundled theme auto-available in /theme, and agents running in the plugin's namespace can switch to the branded theme via session config or hook logic.
Agentic relevance
The `type: "mcp_tool"` hook primitive enables agent-driven MCP integration at the Claude Code control plane level — verifier hooks can now invoke MCP servers directly to validate or query state without wrapping calls in bash. The `"$defaults"` auto-mode token and custom theme shipping via plugins compose with this to unlock plugin-defined verification rules and branded agent environments. This is the strongest agent-facing win in the release.
Hardening & fixes (27)
- Merged `/cost` and `/stats` into `/usage` — both remain as typing shortcuts that open the relevant tab
- Added a "Don't ask again" option to the auto mode opt-in prompt
- `--continue`/`--resume` now find sessions that added the current directory via `/add-dir`
- `/color` now syncs the session accent color to claude.ai/code when Remote Control is connected
- The `/model` picker now honors `ANTHROPIC_DEFAULT_*_MODEL_NAME`/`_DESCRIPTION` overrides when using a custom `ANTHROPIC_BASE_URL` gateway
- When auto-update skips a plugin due to another plugin's version constraint, the skip now appears in `/doctor` and the `/plugin` Errors tab
- Fixed `/mcp` menu hiding OAuth Authenticate/Re-authenticate actions for servers configured with `headersHelper`, and HTTP/SSE MCP servers with custom headers being stuck in "needs authentication" after a transient 401
- Fixed MCP servers whose OAuth token response omits `expires_in` requiring re-authentication every hour
- Fixed MCP step-up authorization silently refreshing instead of prompting for re-consent when the server's `insufficient_scope` 403 names a scope the current token already has
- Fixed an unhandled promise rejection when an MCP server's OAuth flow times out or is cancelled
- Fixed MCP OAuth refresh proceeding without its cross-process lock under contention
- Fixed macOS keychain race where a concurrent MCP token refresh could overwrite a freshly-refreshed OAuth token, causing unexpected "Please run /login" prompts
- Fixed OAuth token refresh failing when the server revokes a token before its local expiry time
- Fixed credential save crash on Linux/Windows corrupting `~/.claude/.credentials.json`
- Fixed `/login` having no effect in a session launched with `CLAUDE_CODE_OAUTH_TOKEN` — the env token is now cleared so disk credentials take effect
- Fixed unreadable text in the "new messages" scroll pill and `/plugin` badges
- Fixed plan acceptance dialog offering "auto mode" instead of "bypass permissions" when running with `--dangerously-skip-permissions`
- Fixed agent-type hooks failing with "Messages are required for agent hooks" when configured for events other than `Stop` or `SubagentStop`
- Fixed `prompt` hooks re-firing on tool calls made by an agent-hook verifier subagent
- Fixed `/fork` writing the full parent conversation to disk per fork — now writes a pointer and hydrates on read
- Fixed Alt+K / Alt+X / Alt+^ / Alt+_ freezing keyboard input
- Fixed connecting to a remote session overwriting your local `model` setting in `~/.claude/settings.json`
- Fixed typeahead showing "No commands match" error when pasting file paths that start with `/`
- Fixed `plugin install` on an already-installed plugin not re-resolving a dependency installed at the wrong version
- Fixed unhandled errors from file watcher on invalid paths or fd exhaustion
- Fixed Remote Control sessions getting archived on transient CCR initialization blips during JWT refresh
- Fixed subagents resumed via `SendMessage` not restoring the explicit `cwd` they were spawned with
Raw changelog
## 2.1.118 - Added vim visual mode (`v`) and visual-line mode (`V`) with selection, operators, and visual feedback - Merged `/cost` and `/stats` into `/usage` — both remain as typing shortcuts that open the relevant tab - Create and switch between named custom themes from `/theme`, or hand-edit JSON files in `~/.claude/themes/`; plugins can also ship themes via a `themes/` directory - Hooks can now invoke MCP tools directly via `type: "mcp_tool"` - Added `DISABLE_UPDATES` env var to completely block all update paths including manual `claude update` — stricter than `DISABLE_AUTOUPDATER` - WSL on Windows can now inherit Windows-side managed settings via the `wslInheritsWindowsSettings` policy key - Auto mode: include `"$defaults"` in `autoMode.allow`, `autoMode.soft_deny`, or `autoMode.environment` to add custom rules alongside the built-in list instead of replacing it - Added a "Don't ask again" option to the auto mode opt-in prompt - Added `claude plugin tag` to create release git tags for plugins with version validation - `--continue`/`--resume` now find sessions that added the current directory via `/add-dir` - `/color` now syncs the session accent color to claude.ai/code when Remote Control is connected - The `/model` picker now honors `ANTHROPIC_DEFAULT_*_MODEL_NAME`/`_DESCRIPTION` overrides when using a custom `ANTHROPIC_BASE_URL` gateway - When auto-update skips a plugin due to another plugin's version constraint, the skip now appears in `/doctor` and the `/plugin` Errors tab - Fixed `/mcp` menu hiding OAuth Authenticate/Re-authenticate actions for servers configured with `headersHelper`, and HTTP/SSE MCP servers with custom headers being stuck in "needs authentication" after a transient 401 - Fixed MCP servers whose OAuth token response omits `expires_in` requiring re-authentication every hour - Fixed MCP step-up authorization silently refreshing instead of prompting for re-consent when the server's `insufficient_scope` 403 names a scope the current token already has - Fixed an unhandled promise rejection when an MCP server's OAuth flow times out or is cancelled - Fixed MCP OAuth refresh proceeding without its cross-process lock under contention - Fixed macOS keychain race where a concurrent MCP token refresh could overwrite a freshly-refreshed OAuth token, causing unexpected "Please run /login" prompts - Fixed OAuth token refresh failing when the server revokes a token before its local expiry time - Fixed credential save crash on Linux/Windows corrupting `~/.claude/.credentials.json` - Fixed `/login` having no effect in a session launched with `CLAUDE_CODE_OAUTH_TOKEN` — the env token is now cleared so disk credentials take effect - Fixed unreadable text in the "new messages" scroll pill and `/plugin` badges - Fixed plan acceptance dialog offering "auto mode" instead of "bypass permissions" when running with `--dangerously-skip-permissions` - Fixed agent-type hooks failing with "Messages are required for agent hooks" when configured for events other than `Stop` or `SubagentStop` - Fixed `prompt` hooks re-firing on tool calls made by an agent-hook verifier subagent - Fixed `/fork` writing the full parent conversation to disk per fork — now writes a pointer and hydrates on read - Fixed Alt+K / Alt+X / Alt+^ / Alt+_ freezing keyboard input - Fixed connecting to a remote session overwriting your local `model` setting in `~/.claude/settings.json` - Fixed typeahead showing "No commands match" error when pasting file paths that start with `/` - Fixed `plugin install` on an already-installed plugin not re-resolving a dependency installed at the wrong version - Fixed unhandled errors from file watcher on invalid paths or fd exhaustion - Fixed Remote Control sessions getting archived on transient CCR initialization blips during JWT refresh - Fixed subagents resumed via `SendMessage` not restoring the explicit `cwd` they were spawned with