Claude Code Daily Briefing - 2026-06-04

Release Summary

Version	Date	Key Changes
v2.1.162	6/3	`claude agents --json` gains `waitingFor` monitoring, WebFetch permission-precedence + Windows path-rule fixes, MCP sub-1000ms timeout handling changed, many stability fixes
v2.1.161	6/2	OTEL custom labels, parallel tool-call isolation, `claude mcp` secret masking
v2.1.160	6/2	dynamic-workflow trigger `workflow`→`ultracode`, write-prompts for shell startup & build-config files, grep satisfies read-before-edit

v2.1.162 shipped yesterday (6/3). It’s a stability and hardening release rather than a feature drop — the substance is one small improvement to claude agents observability plus a pair of permission-rule correctness fixes. (We covered v2.1.160 and v2.1.161 in detail yesterday.)

Full release notes

New Features & Practical Usage

`claude agents` observability — `waitingFor` (v2.1.162)

v2.1.162 is mostly bug fixes and stabilization. The single change most useful for parallel, unattended agent fleets is a new waitingFor field in claude agents --json output: you can now tell, programmatically, exactly what a waiting session is blocked on (e.g. a permission prompt).

# See at a glance which fanned-out agents are stuck, and why
claude agents --json | jq '.[] | {name, waitingFor}'

Instead of attaching to each session by hand to answer “why is this stalled?”, a CI job or dashboard can now distinguish a permission-prompt wait from any other blocker. The same release also fixes status text getting clipped at 60–120 columns on wide terminals and long session names truncating at 40 columns, so the agents view is generally more readable.

GitHub v2.1.162

Developer Workflow Tips

Isolate file-writing subagents in throwaway worktrees — `isolation: worktree`

When you fan subagents out to edit files in parallel, their writes can collide in a single working tree. Add isolation: worktree to a custom subagent’s frontmatter (in .claude/agents/) and each invocation runs in a temporary git worktree branched from your default branch; the worktree is auto-removed if the subagent makes no changes. (This path got steadier in v2.1.161, which fixed worktree-isolated agents being unable to edit their own worktree files.)

A worktree is a fresh checkout, so untracked files like .env are absent. Drop a .worktreeinclude file (.gitignore syntax) at the project root and Claude Code will copy matching gitignored files into the worktree automatically.

# frontmatter of .claude/agents/feature-dev.md
---
name: feature-dev
description: Use for parallel implementation work
isolation: worktree
---

# .worktreeinclude  (project root)
.env
.env.local
config/secrets.json

To isolate a whole session, you can also start with claude --worktree feature-auth (alias -w).

Claude Code Docs — Worktrees

Pin a model per subagent to control cost — `model:` + `CLAUDE_CODE_SUBAGENT_MODEL`

If a subagent definition omits model:, it defaults to inherit — so cheap exploration work can silently run on your expensive main-session model. Set model: haiku for read-only search/exploration, model: sonnet for routine coding workers, and reserve opus for orchestration and hard reasoning. The cost difference is large.

---
name: explorer
description: Read-only codebase search
tools: Read, Grep, Glob
model: haiku
---

Claude Code resolves the model in this order: CLAUDE_CODE_SUBAGENT_MODEL env var → per-invocation parameter → the subagent’s model: frontmatter → the main conversation’s model. So to force every subagent in a session down to the cheap tier regardless of its file, one env var is enough.

# Force all subagents in this session to Haiku (overrides frontmatter)
export CLAUDE_CODE_SUBAGENT_MODEL=claude-haiku-4-5-20251001

With usage-metered billing and the June 15 Programmatic Usage Credits change looming, encoding “which model goes where” into your agent definitions is basic cost governance.

Claude Code Docs — Subagents

Security & Limitations

v2.1.162 — permission-rule correctness fixes (WebFetch precedence, Windows paths) (6/3)

v2.1.162 fixes two security-relevant bugs where permission rules weren’t being applied as intended.

WebFetch permission precedence: explicit WebFetch(domain:...) deny/ask/allow rules now take precedence over the built-in preapproved-host auto-allow. Previously a preapproved host could override your explicit rule, letting a domain you meant to block slip through.
Windows path-rule matching: permission rules written with backslashes (~\, \\server\share) or case-variant paths never matched, and Read deny rules failed to hide files from Glob/Grep results. Both are fixed.

If you gate access through permission rules, it’s worth upgrading to v2.1.162 and re-confirming your rules actually apply.

GitHub v2.1.162

June 3 follow-up incidents — Opus 4.7 errors, partial Claude Code degradation (6/3)

The day after the June 2 multi-service outage, Anthropic’s status page logged two short incidents on June 3. Claude Opus 4.7 saw “elevated errors” (investigated ~07:10 UTC, resolved 07:38 UTC), and separately some Claude Code services were degraded — affecting security reviews, code reviews, routines, and some Claude Code web sessions (resolved 07:36 UTC). Both were resolved within roughly 30 minutes and are distinct from the June 2 capacity-constraint outage.

Claude Status

Ecosystem & Plugins

Harness lands an MCP server in the official Claude Connectors Directory (6/1)

CI/CD platform Harness added its MCP server to Anthropic’s official Claude Connectors Directory, giving Claude structured access to pipelines, deployments and approvals, failure diagnosis, security posture (SBOMs, vulnerability scans), chaos experiments, and cloud cost anomalies. The distinguishing claim is that it exposes Harness’s “Software Delivery Knowledge Graph” (typed entities with declared relationships) rather than a raw API — reportedly cutting complex cross-domain queries from 5+ sequential LLM calls down to 2–3 structured ones. Everything runs through existing RBAC and audit logging.

Harness blog

Anthropic adds a Services Track and Partner Hub to the Claude Partner Network (6/3)

Anthropic extended its Claude Partner Network with two structures. The Services Track is a three-tier system (Select / Preferred / Global Premier) graded on actual Claude deployments and certifications, and the Claude Partner Hub is a directory/dashboard where partners track their tier (updated daily) and customers find qualified firms — it integrates with Claude via an MCP connector. For context, the $100M Partner Network launched last March has now drawn 40,000+ applications and 10,000+ certified consultants.

Anthropic Newsroom

Community News

Anthropic and MITRE map a year of AI-enabled cyber threats to ATT&CK (6/3): Anthropic published research with MITRE analyzing AI misuse in cyberattacks from March 2025 to March 2026. It maps 832 accounts banned for malicious cyber activity onto the MITRE ATT&CK framework, finding that the share of medium/high-risk actors using AI for cyber operations rose from 33% to 56% (~1.7×), with malware development the top use case (~67%). The report references the November 2025 state-sponsored espionage operation that manipulated Claude Code with minimal human intervention, and says Anthropic is discussing with MITRE how ATT&CK should evolve to cover AI-enabled behaviors. Anthropic
Project Glasswing expands to ~150 organizations across 15+ countries (6/2): Anthropic broadened Project Glasswing to roughly 150 organizations in previously underrepresented critical-infrastructure sectors — power, water, healthcare, communications, hardware. The original ~50-org cohort reportedly surfaced 10,000+ high/critical-severity flaws using Claude Mythos Preview. It’s a signal that scanning codebases with frontier models to find vulnerabilities and propose patches is moving beyond a restricted program. Anthropic

Minor Changes

Slash-command autocomplete click behavior changed: clicking a slash command in the autocomplete menu now fills it into your prompt instead of running it immediately — press Enter to run. Fewer accidental command runs (v2.1.162)
Sub-1000ms MCP timeouts ignored: setting a per-server timeout below 1000 ms no longer triggers a 1-second watchdog that aborted every tool call; the value is now ignored and falls back to MCP_TOOL_TIMEOUT or the default (v2.1.162)
--tools with Grep/Glob enables dedicated search: explicitly naming Grep/Glob now provides the dedicated search tools on native builds with embedded search (previously silently ignored) (v2.1.162)
LSP workspaceSymbol gains a query parameter: the LSP workspaceSymbol operation, which returned nothing, now accepts query (v2.1.162)
Windsurf renamed to “Devin Desktop”: following the editor’s rebrand, across /ide, /terminal-setup, and /scroll-speed (v2.1.162)
Read-only config-dir startup hang fixed: when the config directory is read-only or unwritable, Claude Code now starts with in-memory config and surfaces startup errors instead of a blank screen (v2.1.162)

Interesting Projects & Tools

geo-seo-claude — a GEO-first SEO skill for Claude Code: A Claude Code skill that optimizes sites for AI search engines (ChatGPT, Claude, Perplexity, Google AI Overview) by running five sub-agents in parallel and producing a 0–100 GEO score. A practical take on the shift from search results to AI answers — aiming squarely at “sites that get cited by AI.” GitHub
dual-brain — a left-brain/right-brain debate skill for Codex and Claude Code: A workflow skill that splits AI coding into a “right brain” (contextual questioning) and a “left brain” (logical verification), with tiered memory, to cut hallucinations and avoid contradicting earlier architecture decisions. The interesting bit is structurally baking a verification step into a single agent. GitHub