Claude Code v2.1.211: forwarded subagent text and hardened permission-preview rendering
Claude Code v2.1.211 adds a flag to forward subagent text and thinking into stream-json output and strips hidden characters attackers could use to spoof permission-approval prompts.
What it is
A patch release of Anthropic's Claude Code CLI, the terminal-based agentic coding tool.
What it does
Adds a `--forward-subagent-text` flag and matching env var so subagent text and thinking appear in stream-json output, neutralizes bidirectional-override, zero-width, and look-alike quote characters in permission previews relayed to chat channels, makes a hook's `ask` decision on unsandboxed Bash take priority over auto mode, and fixes parallel sessions logging out together after a wake-from-sleep.
Why it matters
The permission-preview fix closes a real spoofing vector where a tool input could visually alter what a reviewer sees in an approval message before granting access, and the hook priority fix keeps auto mode from silently bypassing a safety gate a team explicitly configured.
How to use it
Update Claude Code to v2.1.211 or later, then set `CLAUDE_CODE_FORWARD_SUBAGENT_TEXT=1` or pass `--forward-subagent-text` to surface subagent thinking in stream-json output.