2.1.85 untested · changelog-derived

Claude Code 2.1.85

**Headless hook integrations via PreToolUse `updatedInput`** — agents and headless systems can now satisfy user questions without interactive prompts, enabling self-contained tool-use flows with delegated permission handling.

6 new primitives 3 workflow recipes 23 fixes

New primitives

CLAUDE_CODE_MCP_SERVER_NAMEenv-var

Names the MCP server in headersHelper scripts, allowing one helper to serve multiple servers

Added `CLAUDE_CODE_MCP_SERVER_NAME` and `CLAUDE_CODE_MCP_SERVER_URL` environment variables to MCP `headersHelper` scripts, allowing one helper to serve multiple servers

CLAUDE_CODE_MCP_SERVER_URLenv-var

Routes the MCP server URL in headersHelper scripts, allowing one helper to serve multiple servers

Added `CLAUDE_CODE_MCP_SERVER_NAME` and `CLAUDE_CODE_MCP_SERVER_URL` environment variables to MCP `headersHelper` scripts, allowing one helper to serve multiple servers

Hook if fieldsetting

Conditionally filters when hooks run using permission rule syntax (e.g., `Bash(git *)`) to reduce process spawning

Added conditional `if` field for hooks using permission rule syntax (e.g., `Bash(git *)`) to filter when they run, reducing process spawning overhead

Transcript timestamp markerscapability

Scheduled tasks (`/loop`, `CronCreate`) now emit timestamp markers in transcripts to track execution

Added timestamp markers in transcripts when scheduled tasks (`/loop`, `CronCreate`) fire

Deep link query expansioncapability

`claude-cli://open?q=…` queries now support up to 5,000 characters with scroll-to-review warning for long pre-filled prompts

Deep link queries (`claude-cli://open?q=…`) now support up to 5,000 characters, with a "scroll to review" warning for long pre-filled prompts

PreToolUse updatedInputhook

PreToolUse hooks can return `updatedInput` alongside `permissionDecision: "allow"` to satisfy `AskUserQuestion` without interactive prompts, enabling headless integrations

PreToolUse hooks can now satisfy `AskUserQuestion` by returning `updatedInput` alongside `permissionDecision: "allow"`, enabling headless integrations that collect answers via their own UI

Workflow recipes

Autonomous Permission-Satisfied Tool Chains

PreToolUse updatedInput + Hook if field conditional filtering

Agents can now route tool execution through pre-answered questions without interactive prompts, and filter noisy permission checks via conditional hook rules—enabling fully autonomous multi-tool workflows in headless/scheduled contexts.

Build a cloud-scheduled agent (CronCreate + timestamp markers) that chains dangerous commands (Bash, git rewrites) by pre-answering confirmation questions via PreToolUse hooks, while using hook if: "Bash(git *)" to gate execution only for git operations. The transcript timestamp markers then create an audit log of when each chain step fired, which agents can query to detect failures and backfill work.

Deep-Link Prompt Expansion for Skill Context Injection

Deep link query expansion (5k chars) + Transcript timestamp markers + Hook if field

Agents can now embed up to 5,000 characters of skill context, directives, and prior work state into deep links, and scheduled routines will emit timestamps to anchor the injected context in transcript history.

Author a skill that generates deep-link URIs embedding prior run state (e.g., last N work-items, decision context, todo backlog) up to 5k chars, then schedule it via /loop or CronCreate for periodic re-injection. Hook if field can suppress permission prompts during replay. The transcript timestamps mark each re-injection, enabling agents to detect drift and reorient to the injected state.

Headless MCP Multi-Server Routing

CLAUDE_CODE_MCP_SERVER_NAME + CLAUDE_CODE_MCP_SERVER_URL env-vars + PreToolUse updatedInput

A single MCP headersHelper script can now route multiple servers by name/URL env-vars, and PreToolUse hooks can satisfy MCP auth questions programmatically—enabling zero-touch delegation to specialized servers in cloud/headless environments.

Deploy a headersHelper that checks CLAUDE_CODE_MCP_SERVER_NAME to route to Slack, GitHub, or Salesforce APIs dynamically. Layer a PreToolUse hook that detects server auth questions and injects credentials or refresh-token flows via updatedInput. Cloud agents spawning child agents can set env-vars to steer them to the right server without manual intervention.

Agentic relevance

The headline primitive (PreToolUse `updatedInput`) unlocks fully autonomous tool-use workflows where agents can answer user questions programmatically without blocking on interactive prompts—critical for headless orchestration, multi-turn skill chains, and cloud-scheduled routines. Combined with hook `if` field conditional filtering, agents can reduce permission-prompt spam and stale process lifecycle. Timestamp markers for scheduled tasks enable agents to audit execution history and detect missed cron fires in transcript logs.

Hardening & fixes (23)

Fixed `/compact` context-exceeded failure when conversation is too large
Fixed `/plugin enable` and `/plugin disable` failing when install location differs from declaration
Fixed `--worktree` exiting with error in non-git repositories before WorktreeCreate hook could run
Fixed `deniedMcpServers` setting not blocking claude.ai MCP servers
Fixed `switch_display` in computer-use tool on multi-monitor setups
Fixed crash when OTEL exporters set to `none`
Fixed diff syntax highlighting in non-native builds
Fixed MCP step-up authorization with refresh token; now correctly triggers re-authorization on `403 insufficient_scope`
Fixed memory leak in remote sessions during interrupted streaming
Fixed persistent ECONNRESET errors during edge connection churn
Fixed prompts stuck in queue after slash commands; up-arrow retrieval now works
Fixed Python Agent SDK: `type:'sdk'` MCP servers no longer dropped during startup
Fixed raw key sequences appearing in prompt over SSH or VS Code integrated terminal
Fixed Remote Control session status stuck on "Requires Action" after permission resolution
Fixed shift+enter and meta+enter intercepted by typeahead instead of inserting newlines
Fixed stale content bleeding through during scroll-up streaming
Fixed terminal left in enhanced keyboard mode after exit (Ghostty, Kitty, WezTerm, Kitty keyboard protocol)
Improved @-mention file autocomplete performance on large repositories
Improved PowerShell dangerous command detection
Improved scroll performance by replacing WASM yoga-layout with pure TypeScript implementation
Reduced UI stutter during compaction on large sessions
Added trailing space after `[Image #N]` placeholder when pasting images
MCP OAuth now follows RFC 9728 Protected Resource Metadata discovery

Raw changelog

## 2.1.85

- Added `CLAUDE_CODE_MCP_SERVER_NAME` and `CLAUDE_CODE_MCP_SERVER_URL` environment variables to MCP `headersHelper` scripts, allowing one helper to serve multiple servers
- Added conditional `if` field for hooks using permission rule syntax (e.g., `Bash(git *)`) to filter when they run, reducing process spawning overhead
- Added timestamp markers in transcripts when scheduled tasks (`/loop`, `CronCreate`) fire
- Added trailing space after `[Image #N]` placeholder when pasting images
- Deep link queries (`claude-cli://open?q=…`) now support up to 5,000 characters, with a "scroll to review" warning for long pre-filled prompts
- MCP OAuth now follows RFC 9728 Protected Resource Metadata discovery to find the authorization server
- Plugins blocked by organization policy (`managed-settings.json`) can no longer be installed or enabled, and are hidden from marketplace views
- PreToolUse hooks can now satisfy `AskUserQuestion` by returning `updatedInput` alongside `permissionDecision: "allow"`, enabling headless integrations that collect answers via their own UI
- `tool_parameters` in OpenTelemetry tool_result events are now gated behind `OTEL_LOG_TOOL_DETAILS=1`
- Fixed `/compact` failing with "context exceeded" when the conversation has grown too large for the compact request itself to fit
- Fixed `/plugin enable` and `/plugin disable` failing when a plugin's install location differs from where it's declared in settings
- Fixed `--worktree` exiting with an error in non-git repositories before the `WorktreeCreate` hook could run
- Fixed `deniedMcpServers` setting not blocking claude.ai MCP servers
- Fixed `switch_display` in the computer-use tool returning "not available in this session" on multi-monitor setups
- Fixed crash when `OTEL_LOGS_EXPORTER`, `OTEL_METRICS_EXPORTER`, or `OTEL_TRACES_EXPORTER` is set to `none`
- Fixed diff syntax highlighting not working in non-native builds
- Fixed MCP step-up authorization failing when a refresh token exists — servers requesting elevated scopes via `403 insufficient_scope` now correctly trigger the re-authorization flow
- Fixed memory leak in remote sessions when a streaming response is interrupted
- Fixed persistent ECONNRESET errors during edge connection churn by using a fresh TCP connection on retry
- Fixed prompts getting stuck in the queue after running certain slash commands, with up-arrow unable to retrieve them
- Fixed Python Agent SDK: `type:'sdk'` MCP servers passed via `--mcp-config` are no longer dropped during startup
- Fixed raw key sequences appearing in the prompt when running over SSH or in the VS Code integrated terminal
- Fixed Remote Control session status staying stuck on "Requires Action" after a permission is resolved
- Fixed shift+enter and meta+enter being intercepted by typeahead suggestions instead of inserting newlines
- Fixed stale content bleeding through when scrolling up during streaming
- Fixed terminal left in enhanced keyboard mode after exit in Ghostty, Kitty, WezTerm, and other terminals supporting the Kitty keyboard protocol — Ctrl+C and Ctrl+D now work correctly after quitting
- Improved @-mention file autocomplete performance on large repositories
- Improved PowerShell dangerous command detection
- Improved scroll performance with large transcripts by replacing WASM yoga-layout with a pure TypeScript implementation
- Reduced UI stutter when compaction triggers on large sessions

All 395 primitives Book a call