Claude Code 2.1.89 is a massive release with dozens of new features, improvements, and bug fixes — highlights include a new PermissionDenied hook, "defer" decision for PreToolUse hooks, experimental agent teams tools (TeamCreate, TeamDelete, SendMessage), and the /buddy April Fools feature
The environment variables reference was massively expanded with 40+ new variables documented, covering OAuth tokens, OTEL fine-grained controls, Glob behavior, IDE connection overrides, and many more
Hooks documentation was updated with important new guidance: multiple hooks use the most restrictive result, and PreToolUse hooks can block tools even in bypassPermissions mode
Google Vertex AI environment variable names were updated to the new naming convention (e.g. VERTEX_REGION_CLAUDE_HAIKU_4_5 replacing VERTEX_REGION_CLAUDE_3_5_HAIKU)
New remote MCP servers added: Lorikeet, Natoma, Goodnotes, and Zocks
Added "defer" permission decision to PreToolUse hooks — headless sessions can pause at a tool call and resume with -p --resume to have the hook re-evaluate
Added CLAUDE_CODE_NO_FLICKER=1 environment variable to opt into flicker-free alt-screen rendering with virtualized scrollback
Added PermissionDenied hook that fires after auto mode classifier denials — return {retry: true} to tell the model it can retry
Added named subagents to @ mention typeahead suggestions
Added MCP_CONNECTION_NONBLOCKING=true for -p mode to skip the MCP connection wait entirely, and bounded --mcp-config server connections at 5s
Auto mode: denied commands now show a notification and appear in /permissions → Recent tab where you can retry with r
Existing feature improvements
Edit now works on files viewed via Bash with sed -n or cat, without requiring a separate Read call first
Hook output over 50K characters is now saved to disk with a file path + preview instead of being injected directly into context
cleanupPeriodDays: 0 in settings.json is now rejected with a validation error (previously silently disabled transcript persistence)
Thinking summaries are no longer generated by default in interactive sessions — set showThinkingSummaries: true in settings.json to restore
Collapsed tool summary now shows "Listed N directories" for ls/tree/du instead of "Read N files"
Bash tool now warns when a formatter/linter command modifies files you have previously read, preventing stale-edit errors
@-mention typeahead now ranks source files above MCP resources with similar names
TaskCreated hook event and its blocking behavior is now documented
Task notifications are preserved when backgrounding a running command with Ctrl+B
/env now applies to PowerShell tool commands
/usage now hides redundant "Current week (Sonnet only)" bar for Pro and Enterprise plans
Pasting !command into an empty prompt now enters bash mode, matching typed ! behavior
Major bug fixes
Fixed Edit(//path/**) and Read(//path/**) allow rules to check the resolved symlink target, not just the requested path
Fixed StructuredOutput schema cache bug causing ~50% failure rate when using multiple schemas
Fixed memory leak where large JSON inputs were retained as LRU cache keys in long-running sessions
Fixed a crash when removing a message from very large session files (over 50MB)
Fixed LSP server zombie state after crash — server now restarts on next request instead of failing until session restart
Fixed prompt history entries containing CJK or emoji being silently dropped on 4KB boundaries in ~/.claude/history.jsonl
Fixed /stats undercounting tokens by excluding subagent usage, and losing historical data beyond 30 days
Fixed -p --resume hangs when the deferred tool input exceeds 64KB or no deferred marker exists
Fixed claude-cli:// deep links not opening on macOS
Fixed PreToolUse/PostToolUse hooks to receive file_path as an absolute path for Write/Edit/Read tools, matching documented behavior
Fixed autocompact thrash loop — now detects when context refills to the limit immediately after compacting three times in a row
Fixed nested CLAUDE.md files being re-injected dozens of times in long sessions that read many files
Fixed misleading "Rate limit reached" message when the API returned an entitlement error
Fixed hooks if condition filtering not matching compound commands (ls && git push) or commands with env-var prefixes
Fixed PowerShell tool incorrectly reporting failures when commands wrote progress to stderr on Windows PowerShell 5.1
Fixed a potential out-of-memory crash when the Edit tool was used on very large files (>1 GiB)
Added ANTHROPIC_BEDROCK_BASE_URL env var for overriding the Bedrock endpoint URL for custom endpoints or gateways. [line 105] [Source]
Added new troubleshooting section for authentication loop with SSO and corporate proxies, explaining the awsAuthRefresh loop issue and how to resolve it. [line 229] [Source]
Added ANTHROPIC_VERTEX_BASE_URL env var for overriding the Vertex endpoint URL. [line 23] [Source]
Updated VERTEX_REGION_* variable examples to use new naming convention (VERTEX_REGION_CLAUDE_HAIKU_4_5 and VERTEX_REGION_CLAUDE_4_6_SONNET replacing old model-specific names). [line 38] [Source]
Added note that each model version has its own VERTEX_REGION_CLAUDE_* variable and to check the Environment variables reference for the full list. [line 42] [Source]
Added clarification that when multiple hooks match, Claude Code picks the most restrictive result — a deny overrides all, an ask forces a prompt, and additionalContext from all hooks is combined. [line 54] [Source]
Updated limitations to note that additionalContext is injected as plain text, and that when multiple PreToolUse hooks return updatedInput, the last one wins (non-deterministic with parallel execution). [line 63] [Source]
Added new "Hooks and permission modes" section: PreToolUse hooks fire before any permission-mode check, so a deny blocks the tool even in bypassPermissions mode. A hook returning "allow" cannot loosen restrictions beyond what permission rules allow. [line 70] [Source]
Added new section clarifying that --add-dir grants file access only, not full configuration discovery, with a table showing which config types are loaded from additional directories (skills yes, CLAUDE.md only with env var, most other config no). [line 157] [Source]
Updated managed-only settings table with new entries: channelsEnabled, pluginTrustMessage, and sandbox.filesystem.allowManagedReadPathsOnly (with corrected description), and removed allowManagedPermissionRulesOnly from the table (moved to regular settings). [line 182] [Source]
Added note that disableBypassPermissionsMode works from any scope, not just managed settings. [line 199] [Source]
Added installation UI tabs showing install options for different platforms (Terminal, Desktop, VS Code, JetBrains; macOS/Linux/Windows/Homebrew/WinGet) with the install script command. [line 4] [Source]
Updated managed settings example to include allowManagedPermissionRulesOnly: true. [line 261] [Source]
Added managed-only settings section clarifying which keys are only effective in managed settings. [line 269] [Source]
Clarified precedence between server-managed and endpoint-managed settings: first non-empty config wins, sources don't merge. Also noted that cached settings persist until next fetch when clearing server-managed config. [line 280] [Source]
Clarified that --add-dir grants file access rather than configuration discovery, but skills in .claude/skills/ are an explicit exception and are loaded with live change detection. Other config like subagents, commands, and output styles is not loaded from additional directories. [line 427] [Source]
Added note that project subagents are discovered by walking up from the working directory; --add-dir directories are not scanned for subagents. [line 440] [Source]
Clarified that the SendMessage tool for resuming subagents is only available when agent teams are enabled via CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 or --agent-teams. [line 449] [Source]
Added SendMessage, TeamCreate, and TeamDelete tools to the tools table, all requiring the --agent-teams flag or CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1. [line 489] [Source]
Added expanded LSP tool behavior section with full list of navigation capabilities and setup requirements. [line 507] [Source]
Added "Check which tools are available" section showing how to ask Claude directly or use /mcp for MCP tool names. [line 527] [Source]
Updated introduction to clarify tools can be disabled via the deny array, and that MCP servers add custom tools while skills use the existing Skill tool. [line 474] [Source]
Clarified context-1m-2025-08-07 beta retirement: the header now has no effect (rather than returning a 400 error), and requests exceeding 200k tokens return an error. [line 1167] [Source]
Added four new remote MCP servers: Lorikeet (universal concierge for complex businesses), Natoma (internal tools and enterprise apps), Goodnotes (AI insights into documents), and Zocks (client conversation analysis).
Updated context-1m-2025-08-07 beta retirement description to clarify the header will have no effect (not return a 400 error), and requests exceeding the standard 200k-token limit will return an error.