v2.1.153

Source: Anthropic Claude Code Date: 2026-05-28 URL: https://github.com/anthropics/claude-code/releases/tag/v2.1.153

Summary

A large patch release focused on background agent reliability and MCP policy correctness. The headline operational fixes: subagent MCP servers now respect --strict-mcp-config, --bare, remote mode, and managed-settings allow/deny policies (previously silently ignored); a regression where stateful MCP servers without an optional GET SSE stream were reconnect-looping is resolved; and a custom API gateway bug that could leak the user’s Anthropic OAuth credential to the gateway instead of the gateway’s own token is patched. Background session fixes dominate the tail — covering the /btw keyboard shortcut, temp file permission prompts, worktree directory deletion, attached-session repaint, and clipboard behavior in tmux. The /model picker now saves selection as the default for new sessions.

Implications

• ACP/host-slot thread. The subagent MCP policy enforcement fix is significant: prior to this release, subagents could silently bypass the enterprise-managed MCP server allow/deny policy, meaning fleet operators had no reliable way to constrain what MCP servers a spawned agent could reach. This is a correctness fix with direct fleet governance implications.
• Fleet-as-operations-surface thread. The volume of background session fixes (nine distinct issues) signals that background/persistent agent execution is now a load-bearing feature being hardened through use. The gap between “available” and “reliable” for background agents is closing.
• Agent observability/trust thread. The API gateway credential leak fix is a trust boundary issue at the infrastructure layer — the kind of subtle mis-routing that wouldn’t show up on a standard dashboard but could have significant security implications in enterprise deployments.