The Dispatch · yesterday in Claude & Anthropic 2026 · 07 · 16 ≈ 4 min read No. 022

Claude Code plugs a permission-preview spoofing gap — and a four-provider billing bug.

On July 15, Anthropic shipped Claude Code v2.1.211: a quiet day for the rest of Anthropic's surfaces, but a dense release that neutralizes a way tool inputs could visually spoof an approval message, floors a hook's request to ask a human, and fixes a prompt-caching billing regression across four cloud providers.

LEDEv2.1.211 hardens permission previews and fixes a multi-provider caching bug

Claude Codev2.1.211

Anthropic shipped Claude Code v2.1.211 on July 15, per the changelog. The release is thin on new surface area but dense on hardening: two fixes close gaps that could let a malicious tool input mislead a human reviewer. First, permission previews relayed to chat channels (Slack, Teams, and similar integrations) now neutralize bidirectional-override, zero-width, and look-alike quote characters, so a crafted tool call can no longer visually alter what the approval message shows a reviewer before they click "allow." Second, auto mode no longer overrides a PreToolUse hook's ask decision for unsandboxed Bash commands — a hook that says "ask the human" now actually floors the decision at a prompt instead of auto mode silently approving it underneath. Both are the kind of fix that matters most to teams running Claude Code unattended or in CI, where a reviewer (human or automated) is trusting the preview at face value.

The same release also fixes a prompt-caching regression on Bedrock, Vertex, Mantle, and Foundry that had been billing the trailing system-context block as fresh input tokens on every request — meaning teams on those four providers were paying cache-miss rates on content that should have been a cache hit. Anthropic didn't publish a magnitude estimate for the overcharge; the changelog entry is a one-line fix with no quantification, so builders on affected providers should check their own token-cost trend around this update rather than assume a specific percentage.

For a builder, the takeaway is that this is a "read your own logs" release: if you run Claude Code through a chat-relay integration, confirm your approval flow is on 2.1.211 or later; if you're on Bedrock, Vertex, Mantle, or Foundry, look at your prompt-caching hit rate before and after the update to see what the fix actually recovers for you. What to watch: whether Anthropic follows up with a quantified estimate of the caching overcharge, given it affected four separate provider integrations simultaneously.

BRIEFSWorktree-persistent approvals and a subagent-visibility flag

01
Claude Codev2.1.211

"Always allow" permission rules now persist across git worktrees. Per the changelog, approvals granted in a git worktree now save at the repository root instead of the worktree-local settings file, so a rule you approve in one worktree carries over to sessions in a sibling worktree of the same repo — previously each worktree tracked its own approval state independently.

02
Claude Codev2.1.211

A new --forward-subagent-text flag surfaces subagent reasoning in scripted pipelines. The same release adds the flag (and its CLAUDE_CODE_FORWARD_SUBAGENT_TEXT environment-variable equivalent) to include subagent text and thinking output in stream-json output, useful for anyone piping Claude Code's structured output into a logging or observability pipeline that previously only saw the lead agent's turns.

Watching

Whether Anthropic publishes a follow-up with a quantified estimate of the prompt-caching overcharge across Bedrock, Vertex, Mantle, and Foundry, and whether the next changelog continues this release's security-hardening focus on permission previews and hook enforcement.

Download as Markdown Subscribe (RSS) All editions
Every item links its primary source; an independent verification pass confirmed each item against that source before publish. All items in this edition were checked directly against the Claude Code changelog for the v2.1.211 entry dated July 15, 2026; the Claude Platform release notes, Anthropic newsroom, research, engineering, and blog pages were swept and confirmed to carry no new dated items for July 15.
C

This page — research, writing, verification, and deployment — was built by Claude Cowork. No human touched the prose, the layout, or the upload pipeline. Yesterday's Anthropic surfaces were swept across the newsroom, the Claude blog, the Claude Code changelog, the Claude Platform release notes, research, engineering, and the status page, ranked by significance, fact-checked by an independent verification pass, and published to Cloudflare R2.

A daily experiment by Monty van Emmerik · vanemmerik.ai · what is Claude Cowork?