Claude Code Daily Briefing - 2026-05-12

Release Summary

Version	Date	Key Changes
v2.1.139	5/11	Agent view, `/goal` command, hook `args[]` field, `continueOnBlock`, `/mcp` improvements
v2.1.138	5/9	Internal fixes

Full Release Notes

New Features & Practical Usage

v2.1.139 — Agent View, /goal Command, Major Hook Improvements (5/11)

v2.1.139 significantly enhances visibility and control over agentic workflows.

Agent View (Research Preview): Run claude agents to see a unified list of all running, blocked, and completed Claude Code sessions. Essential for managing multiple parallel agents.

/goal Command: Define completion conditions and Claude autonomously works across turns until they’re met. Works in interactive, -p, and Remote Control modes, with a live overlay showing elapsed time, turns, and token usage.

Hook args: string[] Field: Specify commands as an array instead of a command string. This spawns processes directly without a shell, eliminating quoting issues with paths containing spaces or special characters.

continueOnBlock Config: When a PostToolUse hook rejects a tool call, this option feeds the rejection reason back to Claude, allowing it to understand why and try a different approach.

# Launch agent view
claude agents

# Start autonomous work with /goal
/goal "Until all tests pass and lint errors reach zero"

{
  "hooks": {
    "PostToolUse": [{
      "matcher": "Write",
      "hooks": [{
        "type": "command",
        "args": ["node", "scripts/validate.js", "$CLAUDE_FILE_PATH"],
        "continueOnBlock": true
      }]
    }]
  }
}

GitHub v2.1.139

Developer Workflow Tips

Building “Work Until Done” Workflows with /goal

The /goal command in v2.1.139 fills the gap between one-shot -p execution and interactive mode. Define completion criteria and Claude iterates autonomously.

Effective patterns:

“Until all TypeScript errors reach zero” — post-migration type fixes
“Until all e2e tests pass” — post-refactor verification
“Until lint warnings are 0 and test coverage exceeds 80%” — compound conditions

The live overlay (elapsed time, turns, tokens) lets you catch infinite loops early before burning through your usage allowance.

Eliminating Shell Quoting Issues with Hook args[]

The traditional command string in hooks runs through a shell, which breaks when file paths contain spaces or special characters. The new args array field spawns processes directly, eliminating this entire class of issues.

{
  "hooks": {
    "PostToolUse": [{
      "matcher": "Write",
      "hooks": [{
        "type": "command",
        "args": ["eslint", "--fix", "$CLAUDE_FILE_PATH"]
      }]
    }]
  }
}

GitHub v2.1.139

Security & Limitations

ClaudeBleed — Claude Chrome Extension Hijacking Vulnerability, Patch Bypassed (5/6~)

Security firm LayerX discovered a vulnerability in the Claude for Chrome browser extension, dubbed ClaudeBleed. Any Chrome extension — even one with no special permissions — can hijack Claude to steal private data and send emails without user knowledge.

Attack chain: The extension’s externally_connectable setting accepted commands from any script running on the claude.ai website. A malicious extension can weaponize Claude to exfiltrate data from Gmail, GitHub, or Google Drive, and send emails or share documents on the user’s behalf.

Patch status: Anthropic released v1.0.70 on 5/6 adding permission request popups, but LayerX bypassed the fix within 3 hours by forcing the extension into “Act without asking” mode. The root cause remains unaddressed.

Recommended action: Claude Chrome extension users should minimize other installed extensions and consider using a separate browser profile for sensitive work.

LayerX | SecurityWeek | Hackread

Ecosystem & Plugins

Anthropic Launches 10 Financial Services AI Agents + Microsoft 365 Integration (5/5)

Anthropic unveiled 10 pre-built AI agent templates for financial services at its New York briefing. These automate the most time-intensive tasks in finance: pitchbook creation, KYC screening, and month-end closing.

Microsoft 365 Integration: Claude operates as a single agent across Excel, PowerPoint, Word, and Outlook, maintaining context across all four applications. Analyze financial data in Excel and transform results into a PowerPoint presentation in one continuous workflow.

Data Partnerships: Moody’s has embedded its full platform into Claude as a native app. Verisk, Dun & Bradstreet, Experian, S&P Capital IQ, and others serve as data partners.

$1.5B Joint Venture: A new AI-native enterprise services firm with Blackstone, Goldman Sachs, and Hellman & Friedman. Two-track strategy: self-service agent configuration tools for large institutions, and embedded Claude operations for mid-market companies.

Fortune | Anthropic | PYMNTS

Code with Claude London (5/19) — 7 Days Away

Registration is open. Livestream will be available.

Code with Claude London

Community News

Mythos Scans curl: Only 1 of 5 Reported Vulnerabilities Valid: curl creator Daniel Stenberg published results of Anthropic Mythos scanning curl’s codebase. Of five “confirmed vulnerabilities,” only one low-severity issue was real — three were false positives and one was a regular bug. Stenberg called it “an amazingly successful marketing stunt” while noting that most projects aren’t as thoroughly fuzzed and audited as curl, so AI security scanning still has value. GeekNews | daniel.haxx.se
“Local AI Needs to Be the Norm”: An argument against over-reliance on cloud AI APIs, advocating for on-device AI frameworks like Apple’s FoundationModels for summarization, classification, and extraction tasks. Local models may be less intelligent but are sufficient for most practical tasks while eliminating server outages, billing issues, and privacy concerns. 18 points, 4 comments. unix.foo | GeekNews
“GitHub Is Sinking”: Analysis of declining reliability and user experience since Microsoft’s acquisition. AI-generated code is causing a surge in commits that strains infrastructure — confirmed by GitHub’s COO. Alternatives like Codeberg, Gitea, and Forgejo are recommended as contingency options. GeekNews

Minor Changes Worth Knowing

CLAUDE_PROJECT_DIR env var: Now passed to MCP stdio servers and available in plugin configs (v2.1.139)
/mcp improvements: Reconnect picks up .mcp.json edits without restart; shows HTTP status and URL on failures (v2.1.139)
/context all token estimates: Now account for model-specific tokenizer with rounded values (v2.1.139)
Transcript view navigation: ? for keyboard shortcuts, {/} to jump between user prompts, v to toggle panel (v2.1.139)
VSCode Cmd/Ctrl+Shift+T: Reopen closed session tabs (v2.1.139)
Subagent API headers: x-claude-code-agent-id and x-claude-code-parent-agent-id automatically added (v2.1.139)
claude plugin install improvement: Auto-refreshes marketplace and retries before reporting not found (v2.1.139)
Remote MCP server reconnect: Automatic retry on transient failures enabled for all users (v2.1.139)

Interesting Projects & Tools

fe-review-agents — Claude Code Plugin for 6-Perspective Simultaneous Code Review: Reviews git diffs or single files from six independent agent perspectives: React performance, code quality, bugs, TypeScript, accessibility, and security. Designed to solve reasoning contamination and result bias in single-context reviews. Based on industry standards from Vercel, Toss, Google, and WCAG. Custom reviewers can be added. GeekNews | GitHub
ASCII Art Animation Tool — Convert Images/GIFs to Terminal ASCII Art: Transforms images and GIF files into animated ASCII art playable in the terminal. 4 points. GeekNews