Workflow recipes, mined from the corpus.
148 concrete multi-feature workflow hypotheses across 55 Claude Code versions. Each one names the primitives it combines and the thesis for why the combination unlocks something neither does alone. Changelog-derived and mostly untested, published as raw material for anyone building agent systems.
Hot-reload lets you iterate instantly. Fork isolates each test run so failed experiments don't pollute your session. Together = fearless rapid iteration.
Fork creates isolated execution. Agent field routes to different models via agent types. Together = spawn multiple cheap/fast researchers, synthesize in expensive/smart orchestrator.
Skills can edit files. Skills are files. Hot-reload picks up changes. A forked skill could analyze its own performance and modify itself.
Language setting changes Claude's response language. Fork isolates each language context. Together = parallel generation in multiple languages.
Skills can have hooks. Hooks can call other skills. Hot-reload means you can modify any stage of the pipeline live.
Hooks can log tool usage. Skill-scoped hooks = per-workflow audit without global noise.
Fork + allowed-tools creates a sandbox. Test untrusted skills safely.
Skills can read files on invocation. Skill can modify itself based on what it reads. Hot-reload picks up changes.
Each fork is stateless. But forks can read/write files. Use files as checkpoint mechanism.
Custom agents let you define model + tools. Skills can route to specific agents. Together = cost-optimized pipelines with capability matching.
Custom agents enforce tool access. Reference untrusted skill with restricted agent = sandboxed execution.
Multi-agent workflows now have state continuity. Agents can persist context across delegations, react to peer lifecycle changes, and enforce spawning policies. This unlocks checkpoint-resumable pipelines where teammates hand off work while preserving shared state without re-initializing each step.
Agents can now maintain state across separate Claude Code sessions (VSCode remote, tmux, CLI). Hook events enable clean state transitions. Project-scoped memory acts as a durable handoff surface between independently-spawned teammate instances.
The auth CLI subcommands enable agents to manage credential lifecycle without interactive prompts, unlocking automated credential rotation, multi-account cycling, and safe session cleanup in orchestrated pipelines.
The speed attribute exposes fast-mode execution in OTel spans, enabling agents to self-monitor performance and make runtime decisions about trading speed for quality (e.g., falling back to thorough mode if fast-mode latency regresses).
Agents consuming the SDK can now observe rate-limit utilization and reset times in real time, enabling intelligent work-deferral and priority-based queueing strategies. Sonnet 4.6 as the model tier increases throughput ceiling, making observability more actionable.
Agents can now bulk-load plugin catalogs and marketplace definitions from directories, enabling dynamic capability composition. spinnerTipsOverride makes long operations more agent-transparent (can be used to signal phase/status in feedback loops).
The decoupling of background agent termination (ctrl+f to kill all) from main-thread control (ESC still works), combined with direct access to final answers in hook payloads, enables a cleaner multi-agent orchestration pattern where external systems can collect agent results without parsing transcripts.
External orchestration scripts can now watch both the active workspace context (via added_dirs in statusline JSON) and the latest agent outcomes (via last_assistant_message), enabling a dashboard that surfaces project context alongside agent-derived insights in real time.
Worktree-backed subagents running as persistent background tasks can safely parallelize work across branches without merge conflicts or stale-state issues. The ConfigChange hook enables parent orchestrators to react to policy/constraint changes mid-task, allowing enterprise-grade enforcement and task abortion if…
Lightweight agents deployed in resource-constrained or embedded contexts (e.g., CI/CD pipelines, embedded CLI, SDK integrations) can now edit files directly without Bash, reducing tool surface and permission footprint. Plugins shipping settings.json allows distributing agents with sensible defaults, enabling…
External build systems (GitHub Actions, GitLab CI, Jenkins) can now spawn ephemeral Claude Code instances with full account context, enabling agents to reason over code generation tasks within CI/CD pipelines without manual API orchestration. The configurable git timeout and account UUID env-vars eliminate cold-start…
Organizations can now centrally manage Claude Code configuration (registry mirrors, timeout policies, workspace trust rules) via macOS plist or Windows Registry, reducing per-machine setup variance. BashTool's automatic login-shell skip further improves command execution performance in enterprise CI/CD contexts where…
Agents spawned in parallel or distributed environments (Kubernetes, serverless) can now tag telemetry with account metadata *before* the first API call, eliminating the race condition where early telemetry events lack account context. This unblocks coherent observability over agent cohorts and audit trails for…
Auto-memory captures intermediate learnings (schema, patterns, decision rules) from agents, while smarter permission handling reduces gate friction on compound bash pipelines. Together they enable multi-turn agent sequences to build context momentum without manual state resets or permission fatigue.
Interactive code block selection (via /copy) paired with auto-memory creates a tighter loop for code review, refactoring, and artifact extraction. Instead of manual copy-paste friction or generic block exports, agents can select precise code regions and persist the selection context for replay or variation.
Agents can now chain code review and simplification into repeatable workflows. With /batch, an agent can apply /simplify to multiple files in a single pass and POST the results to an external system (CI/CD, Slack, code review queue) via HTTP hooks, enabling async code-quality gates without custom shell scripts.
Long-running agents in CI/CD or headless environments frequently hit MCP OAuth redirects that fail silently. The new manual URL paste fallback + HTTP hooks enable an agent to recover from failed MCP authentication by prompting a human (or external service) to paste the callback URL, while HTTP hooks let the agent…
Large batch jobs spawn multiple subagents, each accumulating context. The new subagent context-stripping optimization prevents unbounded memory growth. HTTP hooks enable status updates to external systems without polling. Together, agents can run large, long-lived batch pipelines (e.g., artifact migration, bulk…
These three hook additions together give an orchestrator a complete observability surface for the first time: you can confirm exactly when each agent loaded its instruction context, which agent ID is running in which worktree, and what branch/path that worktree maps to — all in the hook layer before any tool calls…
Suppressing Claude's built-in git instructions removes the default commit/PR prose from the system prompt, freeing budget for a compact, repo-specific git skill that references its own directory via ${CLAUDE_SKILL_DIR}. The combination lets an agent fleet enforce a single canonical git workflow (e.g., Conventional…
git-subdir lets you point a plugin at a subdirectory of a monorepo without extracting it to its own repo. Combined with /reload-plugins, you get an inner loop where plugin edits in the monorepo are immediately activatable in a running session — no restart, no separate repo management.
The two primitives together make branch-isolated, model-differentiated subagent graphs practical. Before 2.1.72 you could enter a worktree but not cleanly exit it programmatically, and the model param was missing so every subagent used the same model regardless of task weight. Now an orchestrator can spin up a cheap…
Over SSH, clipboard-dependent extraction is unreliable or unavailable. The w key in /copy writes selections directly to a file, making artifact extraction clipboard-independent. Pairing this with CLAUDE.md HTML comment hiding means operators can embed private routing notes, prompt suppressors, or environment hints…
/plan <description> lets an orchestrating agent or human pre-seed a plan-mode session with a concrete problem statement and start immediately, skipping the blank-prompt orientation loop. Combined with the six newly auto-approved read-only tools (lsof, pgrep, fd, etc.), the plan-mode agent can do broad environment…
Teams deploying agents across heterogeneous LLM providers (corporate Bedrock, Vertex, Foundry, public Claude API) can now pin model versions per provider without silent downgrades or connectivity pain. This enables mixed-provider agent fleets with deterministic behavior.
Monorepos with large .claude/skills/ directories and concurrent session execution (parallel agent batches, repeated CLI runs in CI) now have stable Bash I/O, skill reloads, and permission-prompt handling. This unblocks automation-heavy agent workflows.
Long-running agents can now be safely interrupted mid-turn (e.g., to fix a typo, reconsider a direction, or poll results) and resumed from the exact conversation state. This reduces the need to discard work or restart from scratch.
Long-lived agents can now observe memory state, configure where it persists, and control cleanup timing—unlocking automated memory governance for sustained workflows.
Security policy enforcement and model specification are now consistent across agent frontmatter, JSON config, and CLI—enabling reliable multi-agent teams under managed settings.
The 1M context window removes the working-memory ceiling that previously forced agents to chunk specification ingestion across turns or delegate to sub-agents. Combined with memory freshness tracking, an agent can now load a full specification corpus (dependency graphs, API docs, schema definitions, request/response…
Operators running unattended agents now see exactly which system layer (settings/plugin/skill) is requesting resources. This transparency unlocks automated permission auditing: an agent can log permission patterns, detect unexpected hook sources, and flag configurations that need review without losing context about…
Long investigations (incident response, architecture review, competitor analysis) now have visual continuity. The prompt bar shows the session name, memory freshness is transparent, and /resume preserves session identity across forks. An agent can fork for a risky hypothesis, resume the parent if the fork fails, and…
MCP servers that need one-time secrets (API keys, OAuth tokens, approval codes) previously had to embed that collection in the tool description or rely on the agent to prompt the user. The elicitation capability lets the MCP server own that dialog, and ElicitationResult lets a hook layer validate or transform the…
Parallel monorepo agents running in sparse worktrees accumulate long contexts that eventually compact. Before 2.1.76, there was no reliable signal to trigger an external state refresh after compaction — summary files, vector stores, or cross-agent coordination objects could drift silently. PostCompact provides the…
When an orchestrator launches many parallel subagents, session names in logs and Remote Control dashboards default to opaque identifiers. The --name flag lets the orchestrator stamp each subagent with a semantic name (e.g., the task ID or target file path) at launch. When a subagent compacts, the PostCompact hook can…
The combination of renamed /branch command (semantic clarity), background auto-resume via SendMessage, and dramatically faster session recovery enables agents to fork into parallel analysis streams without losing context or waiting for expensive session reloads. Higher token ceilings mean forked agents can produce…
The new allowRead primitive unlocks selective permission recovery within broad filesystem denials, enabling agents to iteratively explore restricted regions without wholesale permission changes. This reduces security friction in exploration-heavy tasks while maintaining isolation bounds.
The new /copy N command enables agents and users to selectively recover earlier assistant responses without re-running turns or searching linearly. Combined with multi-turn memory, this supports workflows where an earlier response proved more useful than a recent refinement, or where parallel response branches need…
Rate limits and transient API failures currently kill entire workflows silently. By detecting failure via hook and streaming responses line-by-line, agents can offer partial results mid-task and queue retries instead of losing work.
Plugins can now ship agents that retain settings across updates and enforce execution constraints without global config pollution. This enables curated, reusable agent templates distributed via plugins.
Agents can stream output line-by-line while routing model selection via environment variable, enabling dynamic cost/quality trade-offs within a single session and real-time visibility into multi-step work.
Extended research tasks can now branch from terminal/VSCode to browser mid-stream, with auto-titled sessions enabling quick context recovery on phone or secondary device without losing chat history.
Multi-directory plugin seeds enable tiered plugin loading (org-wide, team, project, personal) while turn-duration telemetry reveals if plugin composition is slowing startup or turn latency.
MCP servers can now push events into the session, and skills can declare their computational intensity upfront. This unlocks a reactive agent pattern where external events trigger skills at the effort level that matches their resource budget.
Agents can now see Claude.ai rate limits (5-hour and 7-day windows) in real time. Skills can declare effort level upfront. Together, these enable a skill orchestrator that checks remaining budget before invoking expensive skills, degrading gracefully to lighter effort levels when nearing limits.
Plugins can now be declared inline in settings.json, removing the need for external marketplace registration. This enables version-controlled, self-hosted plugin catalogs that travel with the repo.
Agents can now route work deterministically: fast, stateless sub-steps run headless (--bare without approval prompts), while sensitive operations requiring human oversight can enable --channels to surface approvals on mobile in real time. This decouples the approval path from the execution path — approval latency no…
Backend workflows and CI agents have struggled to run Claude Code without OAuth setup, credential rotation, or interactive auth. --bare removes all auth machinery (oauth, keychain, interactive key input) and requires only ANTHROPIC_API_KEY in the environment — the minimal subset for stateless, deterministic automation.
CwdChanged fires when the agent navigates between packages in a monorepo; combined with FileChanged watching .envrc or package.json, a hook can automatically run direnv, reload tool configs, and scrub stale credentials from subprocess envs — making multi-package agentic sessions self-configuring rather than requiring…
An agent that declares its own initialPrompt is fully self-contained — no wrapper script needed to seed it. Pairing that with CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 ensures the agent's Bash tool and MCP stdio servers never inherit ambient credentials from the launch shell. Adding sandbox.failIfUnavailable: true prevents…
managed-settings.d/ lets a platform team ship a baseline policy fragment while individual product teams overlay their own fragments without editing shared files. Plugin manifest.userConfig with sensitive: true lets each team's plugins prompt for their own secrets at enable time and store them in the OS keychain — so…
TaskCreated fires at task creation and WorktreeCreate HTTP now returns the worktree path to the hook server — together they let a remote hook server intercept both ends of an agentic sub-session: the task that owns the work, and the worktree it runs in. This closes the loop on remote orchestration: you can correlate…
When running Claude Code against Bedrock or Vertex with pinned model ARNs, capability detection and streaming reliability are the two most common breakage points in automated pipelines. These two env-vars address both simultaneously without code changes: MODEL_SUPPORTS tells the harness which effort/thinking…
Agents can now route tool execution through pre-answered questions without interactive prompts, and filter noisy permission checks via conditional hook rules—enabling fully autonomous multi-tool workflows in headless/scheduled contexts.
Agents can now embed up to 5,000 characters of skill context, directives, and prior work state into deep links, and scheduled routines will emit timestamps to anchor the injected context in transcript history.
A single MCP headersHelper script can now route multiple servers by name/URL env-vars, and PreToolUse hooks can satisfy MCP auth questions programmatically—enabling zero-touch delegation to specialized servers in cloud/headless environments.
The session-ID header + reduced token overhead on file mentions enable smarter proxy-layer session tracking without body parsing, allowing orchestration systems to correlate work across multiple Claude Code instances while staying within token budgets.
2.1.86 hardens the session resume and feedback mechanisms, allowing agents to safely capture, persist, and replay multi-hour runs with /feedback without crashing or losing state on recovery.
Long-running orchestration workflows can now pause at permission boundaries, notify human operators, and resume with fresh evaluation — without blocking or losing session state. Named subagents in mention discovery let agents route permission decisions to specialized auditors.
Scheduled cloud agents and persistent orchestration loops can now render cleanly without terminal flicker and skip MCP connection blocking, reducing visual noise and latency in observability dashboards and long-running monitor loops.
Remote teams and air-gapped environments can now learn Claude Code interactively without disrupting marketplace availability when network fails. Combines survivable offline caching with discoverable feature training.
Agent-driven database or API schema ingestion typically fails on truncated output. By persisting full schemas (up to 500K) alongside lightweight custom tools (plugin executables), agents can now perform lossless schema import, cross-database comparison, and generation of integration glue code without round-tripping to…
CRC v3 adjudication workflows often call out to skills to fetch or verify facts. The ability to disable inline shell execution in skills (security boundary) + multi-line deep links (structured prompts to agents) enables safer, richer agent choreography where untrusted or third-party skills can be executed under…
Remote managed settings enforce policy compliance on startup; Bedrock wizard enables seamless 3rd-party model onboarding; enhanced /cost visibility allows agents to route workloads by model economics and compliance posture in real time.
The "Could not determine pane count" failure was blocking multi-hour batch jobs when tmux windows died; the fix restores spawn reliability. Cache expiry hint helps agents estimate token cost before next turn, enabling graceful degradation.
Agents can now see granular cost-per-model and cache-hit rates, and the version picker lets them inspect how changes in Claude Code releases affected their performance. Faster Write diff computation reduces per-artifact overhead.
Agents running in regulated or cost-sensitive environments (healthcare, finance, on-premise) need to route inference to customer-owned Bedrock endpoints while maintaining audit trails. Dynamic session titling from hooks unlocks traced, multi-tenant reasoning pipelines where each invocation is named after its…
Plugin skills installed via "skills": ["./"] now have stable invocation names across package managers, and can opt into preserving coding context (instructions) in rendered output. Combined with dynamic session titling, agents can compose reusable skill stacks with deterministic names, audit-friendly output, and…
Long-running agent workflows (multi-day data pipelines, batch processing) previously silenced rate-limit errors, corrupted multibyte streams, and lost scroll context. 2.1.94 surfaces these issues immediately and makes session resumption from sibling worktrees seamless, eliminating invisible failure modes that trap…
Multi-stage orchestrations (parent spawning subagents, chained delegations) need lightweight session inspection without burning context. The focus view collapses prompt/tool/response into one viewport; refreshable status line enables polling without re-reading; live agent count indicator surfaces orchestration depth…
Sparse worktrees isolate subagent filesystem mutations but previously leaked working directory back to parent, risking silent contamination. The 2.1.97 fix + workspace.git_worktree JSON field enable parent to verify isolation state in real time and route work accordingly.
Cedar (AWS IAM policy language) is domain-specific; full highlighting is new in 2.1.97. CJK punctuation support removes friction for multi-language policy teams. Together, they enable fluent authoring without space-padding syntax completion.
Monitor gives agents a native event stream from background processes; workspace.git_worktree lets a hook or status-line integration know which worktree the agent is operating in. Together, a multi-worktree agent setup can launch a background build/test process in each worktree and route Monitor events back to the…
Subprocess sandboxing with PID namespace isolation prevents runaway child processes from escaping their session boundary; CLAUDE_CODE_SCRIPT_CAPS provides a hard cap on total script invocations so a misbehaving agent loop cannot exhaust the environment. Pairing both with Monitor lets an operator-controlled harness…
Team ramp-up guides paired with auto-provisioned remote environments enable agents to train peers asynchronously without manual setup. Tracing visibility lets coordinators audit what knowledge was transferred and where agents struggled.
Teams behind enterprise TLS proxies can now trust the OS CA store (or pin to bundled), auto-create remote sessions without web friction, and see transparent error messages when hitting rate limits or API refusals — enabling agents to retry or escalate intelligently.
Subagents can now safely resume interrupted sessions from deep isolation, read/write files in their own worktree without permission barriers, and have deny rules properly enforced. This unlocks durable conversation recovery across agent handoffs without loss or privilege escalation.
Agents managing multiple concurrent PR branches can now navigate existing worktrees by path (not re-entry) and guard compaction when critical session state spans branches, enabling continuous session semantics across branch switches without state loss.
Plugins can now auto-arm background monitors at skill invocation, paired with format-aware truncation prompts (jq, chunk-size recipes), enabling plugins to maintain live observability without manual hook plumbing or UI state loss.
Agents can now trade cache freshness for latency by selecting cache TTL per task phase. 5-minute TTL suits rapid-feedback loops (deployment polls, test retries); 1-hour TTL suits stable-state tasks (report generation, batch processing).
Agents spawn with built-in slash commands automatically available for discovery (no teach-in required), and session recovery is seamless by default (local-project focus, recap context). This reduces setup friction when agents fork, resume, or run across repo boundaries.
Agents can now distinguish transient limits (rate limiting, recoverable with backoff and tighter cache) from terminal limits (plan exhaustion). Startup warnings surface cache misconfiguration early, preventing silent cache bypass.
Scheduled agents (via --resume) can now resurrect unexpired tasks, send mobile push notifications when decisions require user input, and execute remote commands from mobile/web clients. This unlocks fully async agent delegation where the agent runs on a schedule, makes progress, and notifies the user to review/approve…
Agents can now work in a flicker-free TUI mode (/tui fullscreen), toggle focus to hide distracting elements (/focus), and persist checkpoints by exiting and resuming via --resume. This unlocks long-running interactive refactoring sessions where the agent can take clean breakpoints without losing context.
Cloud-orchestrated agents can now link their execution traces to parent traces via environment variables, enabling end-to-end observability when agents are spawned by a parent service or orchestrator (e.g., a Temporal workflow, a Dagster job, or a cloud function).
Multi-tier agent sandboxing now possible on remote (mobile/web) clients — a desktop session can spawn subagents running against filtered network surfaces, with explicit /extra-usage provisioning visible to remote operators, and deny rules that catch sophistication attempts (wrapped sudo/env escapes).
Multiline prompt composition in fullscreen mode now responds to readline keybindings and viewport-aware selection, matching muscle memory from terminal shells and closing the UX gap for agents drafting complex prompts without intermediate escapes to the terminal.
Hooks invoking MCP tools directly, combined with the ability to layer custom auto-allow rules alongside built-ins, unlock verifier hooks that can consult external services (MCP-backed databases, APIs, permission servers) before accepting or auto-allowing a user's command.
Plugins can now ship custom themes, and developers have a version-validated release mechanism (claude plugin tag) to ensure theme definitions are stable across plugin versions. This enables agent scaffolding tools to brand their plugin environments (color palette, UI theme) and release them alongside code updates.
Hook-level latency telemetry enables agents to profile and optimize tool chains in secure multi-tenant or branded environments without exposing working directories.
Multi-SCM PR ingestion combined with persistent agent configuration enables repeatable, org-standardized code review and CI workflows across diverse git platforms without manual CLI flag management.
PowerShell auto-approval removes manual permission gates in Windows-native environments; hook observability and parallel MCP startup accelerate complex multi-tool automation pipelines.
Agents can now run structured code review as a pipeline gate, scaling review effort with the task's urgency level and attributing all review traffic to the agent for audit/cost tracking.
Skills can now adapt their behavior to the parent agent's effort level, enabling same-skill deployment across quick-turnaround and deep-analysis use cases. The PowerShell fallback removes platform-specific skill branching logic.
Together these enable fully automated subagent spawning in CI/CD pipelines without blocking on permission prompts or deferred tool resolution, allowing agents to coordinate across build steps with eager tool availability.
Agent developers can now discover and configure skills interactively in the terminal, then fork subagents to execute them while post-processing tool results through hooks—collapsing the edit-test-deploy cycle.
Agents can now authenticate to MCP services (e.g., GitHub, Slack) via custom redirect schemes and emit full audit traces (system prompt, token counts, finish reasons) to observability backends—essential for multi-tenant agent platforms with compliance audit requirements.
Multi-PR review sessions waste time rediscovering which Claude Code session created which artifact. Combined with Bedrock tier selection, agents and users can now (1) jump to a PR's originating session to inspect build logs/reasoning without re-reading chat, and (2) downgrade to flex tier mid-review to reduce cost on…
Agents that use @-mentions to invoke tools now have structured, observable mention resolution logged. The /branch fix (fork corruption from rewound timelines) ensures that audit trails from complex branching workflows no longer corrupt the tool-use chain. Together, they enable tracing which tool was invoked, when, and…
Agents running inside constrained CI/automation environments (Emacs eat, Docker, GitHub Actions on ARM) often fail silently due to terminal output buffering and unintended skill inference. Combining forced synchronous output with skill availability gates enables reliable, auditable automation.
Third-party deployments (Vertex, Bedrock, Foundry, custom gateways) now explicitly control whether the model picker discovers models via gateway /v1/models. The fix to deniedMcpServers wildcard matching (case-insensitive hostnames) enables precise network boundary enforcement.
Not a multi-primitive workflow, but a single newly-working primitive that enables collaborative and educational agents to enforce skill governance. The skillOverrides modes allow fine-grained control: off hides skills completely, user-invocable-only prevents model inference but allows human / calls, and name-only…
Agents running in headless, containerized, or remote environments need durable output trails that survive terminal reconnects and can be audited post-session. Disabling alternate-screen keeps all output in native scrollback; stamping each bash subprocess's output with CLAUDE_CODE_SESSION_ID enables post-hoc log…
Multi-agent workflows often need a parent agent to hand off draft code (uncommitted local changes) to a child agent in an isolated worktree. Previously, isolation always branched from remote origin, forcing commits or loss of work. Now agents can set worktree.baseRef: "head" to preserve local HEAD, and child agents…
Hooks are the primary escape hatch for build systems, formatters, and pre-commit checks. Previously, hooks had no way to know the user's intent (quick smoke test vs. deep audit). Now hooks can branch on $CLAUDE_EFFORT or parse the JSON input to scale validation: skip expensive checks on low effort, run all checks on…
Organizations running Claude via SDK (managed parent tier) and CLI (user tier) have conflicting sandbox and security policies. Previously, admin-managed settings always won-only (first-wins), forcing CLI users to match parent sandbox paths. Now admins can opt into merge behavior to let CLI users override sandbox…
Sensitive deployments (government, regulated industries) can now wire session quality feedback directly into compliance telemetry pipelines while enforcing immutable permission boundaries that satisfy air-gapped security reviews.
Multi-server remote MCP fleets previously required daily re-auth and lost server configurations on session clear. These fixes unlock sustained unattended agent operation without stale-credential loops or silent server dropout.
Backgrounded agents can now emit desktop notifications independently of terminal attachment, preserve their permission context across sessions, and be scoped to a directory. This unlocks orchestration of parallel agent swarms that coordinate via notifications, maintain isolated permission domains, and organize work by…
Workload identity federation now allows token scoping to a specific workspace, plugin bootstrap works in restricted networks (no SSH), and spawned agents inherit the parent's permission policy. Together these enable multi-tenant agent deployments where each tenant's agents are token-scoped, can bootstrap in zero-trust…
Feedback can now include recent sessions from across multiple agent runs, rewind can compress early context while preserving recent turns, and session scoping by directory lets agents focus on task-relevant sessions. Together these enable efficient issue diagnosis across distributed agent work without context…
Agents can now spawn isolated background workers pinned to specific models and reasoning effort levels, enabling parallel hypothesis testing (e.g., Haiku fast-explore vs. Opus deep-think) without blocking the main session or requiring user permission re-prompting.
Agents can dispatch workers with exact directory scope, pre-loaded settings, and permission lockdown, enabling reliable graph-synced agent swarms where each worker has a bounded execution context and repeatable configuration state.
Agents can now provision background workers with explicit MCP server configuration and rely on stable daemon behavior across system sleep/wake cycles, enabling 24-hour agent farms with long-running tool integrations (e.g., database pollers, API monitors) that previously crashed on macOS.
Agents dispatched from the dashboard can now carry uniform MCP server, permissions, and directory context without manual setup, plus plugin dependency enforcement prevents silent breakage when multiple agents share plugin dependencies. This unlocks safe, scalable multi-agent setups in large codebases.
Repos with complex layouts or shared filesystem constraints (monoliths, git-filter-branch artifacts, NFS mounts) can now run background agents directly on the working copy without the overhead of git worktrees, while still preserving full transitive configuration across sleep/wake cycles.
Before assembling a fleet of agents, browse the plugin marketplace with cost projections to estimate context footprint, then dispatch workers with matching model/effort tiers. Prevents context bloat and mismatches in heterogeneous agent roles.
Long-running research tasks (deep searches, data synthesis, report generation) can now be spawned in background sessions with explicit model choice, detached, and resumed later with full context—returning agents see both the result and the wall-clock time spent, enabling resource-aware orchestration.
Route tasks to model-specific sessions without global state pollution. Haiku sessions handle intake/routing, Opus sessions handle deep reasoning, and Claude 3.5 Sonnet sessions handle code generation—all coexist, all resumable, all keeping their own model choice locked.
Agent orchestrators can now inspect wall-clock time alongside outputs, enabling cost-to-outcome and resource-allocation reasoning. Background completion notifications (e.g., "Agent completed · 3h 2m 5s") become telemetry signals for routing decisions.
A subagent orchestrator can now introspect all live Claude sessions, disambiguate parent-child agent relationships through trace attributes, and monitor which agents are waiting for input—enabling tmux-resurrect-style session persistence, automated session pruning, and responsive multi-agent coordination without…
Stop/SubagentStop hooks can now inspect what background tasks and crons a session owns before teardown, enabling hooks to implement graceful cleanup patterns (drain task queues, migrate crons to persistent storage, or abort stale work). The fixed context: fork loop prevents unintended skill re-invocations that would…
A user or automation can now inspect what capabilities a plugin exports (commands, agents, skills, hooks, MCP/LSP servers) before committing to installation, and use fullscreen suggestion navigation to browse plugin catalogs interactively—reducing discovery friction and installation regret.
Code review suggestions are often ignored or require manual application. By combining automatic fix application, tool-suppression during review-heavy phases, and hook-driven output transformation, agents can run self-contained hardening cycles that review their own work, apply fixes, suppress noise, and surface only…
Most skills are static; they can't adapt to the session's purpose or load new capabilities on demand. By having hooks inject skills mid-session and set the session title to reflect the active skill set, agents can dynamically reconfigure their tooling and make their mode transparent to the user.
Audit and diagnostic agents often produce verbose intermediate logs and intermediate findings that obscure the final result. A MessageDisplay hook can filter or hide diagnostic output while preserving the final report. Combined with scoped marketplace policies and transparent session usage tracking, this enables…
Agents running status-line dashboards can now adapt layout and content density to terminal dimensions, and model selection stays stable across agent respawns, enabling rich but responsive CLI monitoring.
New agents onboarding large LFS-heavy projects can now skip expensive LFS pulls, receive better skill/command hints, and report PR status more clearly in the dispatch UI.
Decoupling skill distribution from the marketplace and binding agent identity to the repo allows polyrepo monoliths and multi-team foundations to inject role-specific toolchains at checkout time, then pivot between specialized agents mid-session without losing conversation state or requiring CLI reauthorization.
Agents orchestrating other agents can disable accidental workflow prompts (removing the "workflow" keyword auto-trigger) while logging deterministic tool invocations, enabling parent orchestrators to reason about and replay agent work without interference from user-typed keywords.
Claude now leaves worktrees in a cleanable state and correctly reports which background agents were running before a crash or reconnect, enabling cleanup scripts and session recovery flows to operate deterministically without stale locks.
Managed version constraints prevent agent fleet incompatibility while session-ID propagation ensures coordinated MCP state across delegated agents, enabling safe version-locked orchestration in production.
Stop hooks can now return feedback to Claude without aborting the turn, enabling graceful downstream coordination when a delegated subagent or background task finishes—turn keeps going, hook provides context, no false errors.
Agents can now invoke /btw to cite sources and annotations, then copy them verbatim to clipboard for manual review or downstream tool integration, reducing friction in human-in-the-loop and hybrid-annotation workflows.
Agent orchestrators can now seamlessly shift work to secondary models when the primary saturates. Combined with automatic retry-on-fallback, this means background agents no longer block or fail on load; instead they downgrade gracefully and complete reliably.
Agents can now trade thinking cost for speed by explicitly disabling thinking on default-thinking models (e.g., 3.7+), reclaiming tokens for actual tool invocation. Per-model toggles let agents mix thinkers (reasoning-heavy tasks) with non-thinkers (fast execution tasks) in the same session.
Multi-agent systems that relay requests across sessions can now safely separate trust boundaries. A coordinator session cannot accidentally grant a worker session its permissions; each session retains isolated authority.