Jonathon's AI Wiki

Claude Code Week 25 Release Digest (June 6-9, 2026)

6 min read

Source: raw/anthropic-watch-claude-code-tag-v2-1-166.md through -v2-1-170.md (CC v2.1.166–v2.1.170, June 6–9 2026, anthropic-ecosystem-watch stubs); ai-research/claude-code-changelog-w25-2026-06-10.md (authoritative GitHub CHANGELOG, pulled to de-truncate the watcher stubs). SDK / cookbook / skills releases of the same week are folded into the SDK-releases article and Managed Agents.

Week 25 is a Managed-Agents-enablement and Fable-5-access week, wrapped around a batch of Claude Code developer-experience hardening. The throughline runs across all four Anthropic feeds at once: CC v2.1.170 ships Fable 5 access; the Python/TS SDKs (v0.109 / v0.104) add Managed Agents deployments + environment-variable credentials and a frontier_llm refusal category; the cookbook adds a scheduled Managed-Agent example; and the claude-api skill documents both. The CC releases themselves are a DX/safety batch — fallbackModel, --safe-mode, /cd, disableBundledSkills, a new post-session hook, and hardened cross-session messaging — with v2.1.167/168 bug-fix-only.

Headline changes (Claude Code)

v2.1.166 (June 6) — fallbackModel, glob deny rules, cross-session auth hardening

  • fallbackModel setting (+ --fallback-model for interactive sessions). Configure up to three fallback models tried in order when the primary is overloaded or unavailable. Claude Code also now retries a turn once on the fallback model when the API rejects an unexpected non-retryable error (auth / rate-limit / request-size / transport errors still surface immediately). Resilience for long unattended runs — see dynamic workflows.
  • Glob patterns in deny-rule tool-name position. "*" denies all tools; allow rules reject non-MCP globs; unknown tool names in deny rules warn at startup. A real tightening of the permission grammar — see CLI Reference.
  • Hardened cross-session messaging (security). Messages relayed via SendMessage from other Claude sessions no longer carry user authority — receivers refuse relayed permission requests, and auto mode blocks them. Closes a privilege-relay path in multi-agent fan-outs (subagents / agent teams).
  • Thinking-disable controls. MAX_THINKING_TOKENS=0, --thinking disabled, and the per-model toggle now actually disable thinking on models that think by default via the Claude API (3P providers unchanged). Note this does not apply to Fable 5, whose adaptive thinking is always on.
  • Plus: claude update announces the target version before downloading; claude agents URL-filter; fixes for unprocessable-image token waste, worker-registration stalls, JetBrains 2026.1+ terminal flicker, and ${VAR} MCP-policy predicates.

v2.1.167 (June 6) & v2.1.168 (June 6) — bug fixes only

Both releases are “bug fixes and reliability improvements” with no documented user-facing feature changes.

v2.1.169 (June 8) — the DX release: —safe-mode, /cd, disableBundledSkills, post-session hook

  • --safe-mode (+ CLAUDE_CODE_SAFE_MODE). Start Claude Code with all customizations disabled — CLAUDE.md, plugins, skills, hooks, MCP servers — for clean-room troubleshooting. The fastest way to answer “is it my config or Claude Code?”
  • /cd command. Move a session to a new working directory without breaking the prompt cache mid-session — previously a directory change meant a cache-cold restart.
  • disableBundledSkills setting (+ env var). Hide bundled skills, workflows, and built-in slash commands from the model — a leaner tool surface for users who want only their own.
  • New post-session lifecycle hook (self-hosted runner). Runs after the session ends and before the workspace is deleted, so you can snapshot uncommitted work or export logs; the child-process SIGTERM→SIGKILL window is now configurable (default 5s). A net-new hook event — see Hooks.
  • /workflows opens immediately even while a turn is in progress; TaskCreate auto-repairs malformed inputs and includes the schema in validation errors.
  • claude agents --json now includes blocked + just-dispatched sessions, adds --all (completed sessions) and new id / state fields — better scripted-dashboard surface.
  • Hardening: untrusted project settings can no longer set OTEL client-cert paths without trust confirmation; invalid managed-settings entries now apply remaining valid policies instead of silently dropping the payload; the “CLAUDE.md too long” threshold scales with the model’s context window. Plus a long list of Windows / remote / macOS fixes and the MCP-policy enforcement gaps (reconnect / IDE-typed / --mcp-config / cold-start).

v2.1.170 (June 9) — Claude Fable 5 access

  • Update to v2.1.170 for Claude Fable 5 — the Mythos-class model made safe for general use. This is the CC-side gate for the day’s model launch.
  • Fixed sessions not saving transcripts (and not appearing in --resume) when launched from the VS Code integrated terminal or any shell that inherited Claude Code environment variables.

Ecosystem — the Managed Agents deployments throughline

The same week’s SDK / cookbook / skills commits are the real story under the CC point-releases:

  • SDKs (Python v0.109.0 / TS v0.104.0): add support for Managed Agents deployments and environment-variable credentials. Point releases (v0.109.1 / v0.104.1) add a frontier_llm refusal category — the SDK-side hook for Fable 5’s topic-gated fallback. Folded into the SDK-releases article.
  • Cookbook: a Sentry-triage scheduled Managed Agent example (provisions an agent with a sentry-cli vault credential, schedules it via the deployments API, writes a triage report each run; requires anthropic>=0.109.0), plus an async multi-agent orchestration cookbook (a fixed N-agent team with peer messaging through a shared hub, and a lead agent that spawns/monitors/dismisses async subagents on the Messages API). See Managed Agents and Agent Teams.
  • claude-api skill: new Managed Agents scheduled-deployments docs (cron schedules, deployment runs, pause/auto-pause), vault env-var credentials (secrets substituted at egress with networking allowlists), a system.message event for mid-session system-prompt updates (Opus 4.8 only), and a full Fable 5 / Mythos 5 model-table + migration section.

Key Takeaways

  • Managed Agents got scheduled deployments + vault credentials this week across SDK, cookbook, and skill — the most consequential W25 change for anyone running unattended agents. See Managed Agents.
  • fallbackModel (up to 3 models) is the resilience primitive for long runs — pair it with auto mode and dynamic workflows.
  • --safe-mode is the new first move when debugging a misbehaving Claude Code: disable all customization, then bisect.
  • /cd preserves the prompt cache across a working-directory change — a quiet but real cost win on long sessions.
  • New post-session hook fires after the session ends and before workspace deletion — the place to snapshot uncommitted work on self-hosted runners. See Hooks.
  • Cross-session SendMessage no longer carries user authority (v2.1.166) — a multi-agent privilege-relay hardening; relayed permission requests are refused and auto mode blocks them.
  • CC v2.1.170 is the Fable 5 access gate; the SDK frontier_llm refusal category is its server-side fallback hook.
  • v2.1.167 / v2.1.168 are bug-fix-only; the substance is in v2.1.166, v2.1.169, and v2.1.170.
  • Week 24 Digest — the prior week’s security/observability hardening; W25 continues the DX-hardening cadence and adds the Managed Agents deployments layer.
  • Claude Managed Agents — scheduled deployments + vault env-var credentials, the week’s throughline.
  • Claude Fable 5 and Mythos 5 — the model CC v2.1.170 unlocks; the SDK frontier_llm refusal category is its fallback hook.
  • CLI ReferencefallbackModel / --fallback-model, --safe-mode, /cd, disableBundledSkills, glob deny rules.
  • Claude Code Hooks — the new post-session lifecycle hook (self-hosted runner).
  • Anthropic SDK Releases — Python v0.109 / TS v0.104 (deployments + env-var credentials + frontier_llm).
  • Dynamic WorkflowsfallbackModel + the turn-retry-on-fallback resilience apply to long parallel runs.

Graph View

Backlinks