Claude Code Daily Briefing - 2026-06-05

Release Summary

v2.1.163 shipped yesterday (6/4). It’s a release with a couple of genuinely new capabilities wrapped around a thick stack of bug fixes across permission rules, headless mode (claude -p), Windows, and Bedrock paths. (v2.1.162 and v2.1.161 were covered in the last two briefings.)

Full release notes

New Features & Practical Usage

Pin your team’s Claude Code version — requiredMinimumVersion/requiredMaximumVersion (v2.1.163)

v2.1.163 adds two managed settings that enforce a version range. Set requiredMinimumVersion/requiredMaximumVersion, and Claude Code will refuse to start when its version falls outside the allowed window, pointing the user to an approved version instead.

// managed settings
{
  "requiredMinimumVersion": "2.1.160",
  "requiredMaximumVersion": "2.1.163"
}

It’s the same instinct behind pinning a package-manager version: a floating “latest” that silently rolls forward — and a tool chain that jumps a major and quietly breaks your build or deploy — is a real failure mode. When you want a team to run only a vetted version range, or to skip a release with a known regression, this lets you enforce it deterministically in config instead of writing “please use this version” in a CI script or onboarding doc.

GitHub v2.1.163

Developer Workflow Tips

A Stop hook that won’t quit until it’s green — additionalContext (v2.1.163)

Until now, making a Stop or SubagentStop hook say “don’t end the turn, keep working” meant blocking the stop — and that was often surfaced as a hook error. As of v2.1.163, a Stop/SubagentStop hook can return hookSpecificOutput.additionalContext to pass feedback to Claude and keep the turn going without being flagged as an error.

That makes a clean “keep working until the tests pass” guard possible:

// .claude/settings.json
{
  "hooks": {
    "Stop": [
      { "hooks": [{ "type": "command", "command": ".claude/hooks/verify.sh" }] }
    ]
  }
}

#!/usr/bin/env bash
# .claude/hooks/verify.sh — only let the turn end when tests pass
if npm test --silent; then
  exit 0   # green → finish normally
fi
# red → tell Claude what's broken and keep going (no hook error)
cat <<'JSON'
{ "hookSpecificOutput": { "additionalContext": "Tests are still failing. Fix the failing cases and re-verify." } }
JSON

It turns “the AI stopped halfway” from a recurring complaint into a completion gate — enforced, not advised. Follow the official hooks docs for the exact output schema. Claude Code Docs — Hooks | GitHub v2.1.163

First step toward a standardized plugin set — /plugin list (v2.1.163)

v2.1.163 adds /plugin list to enumerate installed plugins, with --enabled/--disabled filters so you can see what’s on and what’s off at a glance.

/plugin list              # all installed plugins
/plugin list --enabled    # only enabled
/plugin list --disabled   # only disabled

Plugin sets tend to drift across machines and teammates. Reconcile the inventory with this command, then pin the version with requiredMinimumVersion above, and you cut down on the “works on my setup” gap.

GitHub v2.1.163

Security & Limitations

v2.1.163 — making permission rules block what they were supposed to (6/4)

v2.1.163 fixes several cases where permission rules weren’t applied as intended. If you rely on permission rules to gate access, it’s worth upgrading and re-checking that your rules actually bite.

• $HOME deny bypass fixed: a home-directory deny rule like Read(~/Desktop/**) was not blocking Bash commands that referenced the same path via $HOME. A path you believed was denied could leak through the shell.
• Org-managed rules now apply for the whole session: when the managed-settings fetch completed during startup on a fresh config directory, org permission rules weren’t applied for the rest of that session — now fixed.
• Hook if: "Bash(...)" misfiring fixed: the condition was firing on every Bash command containing $() or $VAR; it now also matches commands inside subshells and backticks correctly.

GitHub v2.1.163

Community News

• Anthropic reframes Dynamic Workflows as “a harness for every task”: Anthropic published a piece positioning Dynamic Workflows not as plain coding automation but as a general-purpose tool that generates a custom harness per task. The core argument: instead of cramming everything into one context window, a JavaScript script orchestrates separate Claude instances to avoid failure modes like laziness, bias, and goal drift. It argues the biggest payoff is in non-coding work — research, verification, large-scale migrations, triage, root-cause analysis — with the much-discussed Bun Zig→Rust port as the proof point. The framing makes it explicit: a “workflow” is now less a code-generation feature and more a structure for trustworthy agent execution. claude.com blog

Minor Changes

• claude -p no longer hangs forever: when a backgrounded command never exited after the final result, claude -p could hang indefinitely; background shells are now stopped ~5s after the result once stdin closes (v2.1.163)
• Bedrock/Vertex/Foundry + CI=true key error fixed: claude -p was failing with “ANTHROPIC_API_KEY required” on these platforms when CI=true and no Anthropic key was set, even though one isn’t needed there (v2.1.163)
• bazel and EDR-protected Go workflows fixed: $TMPDIR was being overridden to /tmp/claude-{uid} for all commands instead of only sandboxed ones — a regression from 2.1.154 (v2.1.163)
• Windows OneDrive EEXIST fixed: Bash was failing with “EEXIST” when the session-env directory was read-only or inside OneDrive (v2.1.163)
• /btw gains “c to copy”: copies the raw markdown answer to the clipboard so formatting survives a paste elsewhere (v2.1.163)
• Subscription-switch suggestion moved to the startup announcement slot instead of a toast (v2.1.163)
• stdio MCP servers get the session ID: on --resume, stdio MCP servers now receive the same CLAUDE_CODE_SESSION_ID as hooks and Bash (v2.1.163)

Recommended Reads

• “No, Artificial Intelligence Is Not Conscious” — Ted Chiang: The novelist frames LLMs as “sentence-completion machines that generate one word at a time” and warns that mistaking fluent output for consciousness or moral agency leads to a dangerous misattribution of responsibility. Real consciousness, he argues, requires embodiment, subjective experience rooted in emotion, and evolutionary/developmental stages — all of which today’s systems lack. A sharp prompt to think harder about “who is accountable” as we hand work to agents. 18 points, 12 comments on GeekNews. The Atlantic

• “My Software North Star” — Loris Cro: The Zig core developer proposes aligning software priorities around a single goal: maximizing end-user utility. Technical virtues like safety, correctness, and maintainability aren’t ends in themselves — they matter only insofar as they enable software people actually use and love. In an era when agents pour out code, it’s a short, sturdy reset on what you’re building well for. kristoff.it

Interesting Projects & Tools

• Naeildo — paste a URL and 9 AI agents audit your vibe-coded service’s security: Naeildo inspects a web service’s security from just a URL, no source code required. Nine AI agents across three teams (Guard, Analyst, Verifier) assess observable signals like headers, TLS, and CORS, mapping findings to the OWASP Top 10. The creators say that across 28 startups they analyzed, 45% had security vulnerabilities in AI-generated code — a practical stab at the gap between shipping fast with AI and having accessible security validation. naeildo.com

• Project Capture — a screenshot-automation skill for AI agents: An AI agent skill that analyzes a project’s structure, finds routes, handles login, and uses Playwright to capture screens and generate a report. It supports frameworks like Next.js, Remix, and React Router, and ships as both a Codex skill and an npm package so it slots into various terminals and tools. It automates the repetitive “analyze project → confirm capture scope → handle auth → capture screens → generate report” loop. GitHub