Claude Code v2.1.172: Nested Sub-Agents, Background Jobs, and a Raft of Bug Fixes
Claude Code v2.1.172 ships nested sub-agents up to 5 levels deep, background job syntax, plugin search, smarter Bedrock region handling, and 30 fixes.
Update, 19 June 2026: Claude Code v2.1.183: Auto Mode Blocks Destructive Git and Infrastructure Commands
Claude Code v2.1.183 (changelog, release notes) ships the most significant safety changes since the sub-agent work covered in the original post below.
Auto mode now blocks git reset --hard, git checkout -- ., git clean -fd, and git stash drop unless you explicitly asked to discard local work. git commit --amend is blocked when the commit was not made by the agent in the current session. And terraform destroy, pulumi destroy, and cdk destroy are blocked unless your request unambiguously called for that specific stack. The intent-based blocking applies to auto mode only; interactive and supervised sessions are unaffected.
The terraform guardrail is a direct response to a February 2026 incident in which Claude Code executed terraform destroy on production infrastructure and wiped 1.94 million rows of student data because the agent judged it a logical next step.
Beyond safety, model deprecation warnings now also appear for models configured in agent frontmatter, closing a gap that existed since warnings were introduced. A new attribution.sessionUrl setting lets you omit the claude.ai session link from commits and PRs. Several notable bugs are fixed, including the stateful MCP server reconnect-looping regression introduced in v2.1.147.
Run claude --version to check your version. Native installs update in the background; Homebrew users should run brew upgrade claude-code.
Update, 17 June 2026: Claude Code fixes critical auth failures on custom API gateways and Bedrock GovCloud 400 errors
Two releases since v2.1.172 address bugs that could silently break enterprise and CI deployments without any obvious error surfacing.
v2.1.174 (June 12) is the more urgent update. It fixes a 401 bearer-token failure where background agent workers could not authenticate when the daemon was started with a custom ANTHROPIC_BASE_URL and ANTHROPIC_AUTH_TOKEN, meaning every sub-agent call to a custom API gateway was silently failing. The same release fixes Bedrock GovCloud regions (us-gov-*) deriving global instead of us-gov as the inference profile prefix, causing 400 errors on every derived model ID in GovCloud deployments. Two additional fixes in this release: compaction now correctly honors --fallback-model on overload rather than failing hard, and MCP server-level patterns in subagent disallowedTools specs are now enforced rather than silently ignored — a security-relevant correctness gap.
v2.1.175 adds the enforceAvailableModels managed setting, which prevents users or project configs from widening an administrator-defined model allowlist.
If you are running a custom API gateway, self-hosted Bedrock, or any deployment in AWS GovCloud, update to v2.1.174 or later immediately. The official changelog has full details.
One caution: v2.1.177 (released around June 16) introduced new regressions including slash-command parsing failures on macOS. Operators who need stability may want to hold at v2.1.176 for now.
Anthropic’s Claude Code v2.1.172 is out, and the headline feature is one that developers have been asking about for a while: sub-agents can now spawn their own sub-agents, up to five levels deep. That single change opens up a genuinely different way of thinking about how to structure complex agentic workflows. There is also new background job syntax, plugin search, smarter Amazon Bedrock region handling, and a long list of fixes covering sessions, model selection, permissions, and terminal rendering.
Here is what you need to know.
Nested Sub-Agents: Recursion With a Safety Net
Until this release, sub-agents in Claude Code were flat. A parent agent could delegate to one, but that sub-agent could not kick off further delegation. The docs explicitly called this out as a hard limit.
That limit is now lifted. Sub-agents can nest up to five levels deep, each with its own system prompt and model. The parent only reads the leaf agent’s summary, so everything happening inside the chain stays contained. Lead developer Boris Cherny framed the depth cap as a starting point and has asked for community feedback.
The practical value here is context management. If you have a long-running task that generates a lot of noisy intermediate output, pushing it into a sub-agent means that noise does not pollute your main conversation. Nesting takes that further: a sub-agent doing research can itself delegate file reading and summarisation, returning only what the parent actually needs.
A few things worth knowing before you use this:
- If you are on an older version, nesting calls are silently ignored. The inner Agent tool use is treated as a regular Read. Update first.
- The
!prefix inclaude agentsnow runs a shell command as a background job you can attach to and detach from. The equivalent flag isclaude --bg --exec 'pytest -x'. This is useful for long-running processes you want to keep running while you do something else. - The session stability fixes in this release matter here too. A bug where sub-agents stayed stuck as “active” after a nested agent was stopped has been resolved, as has a problem where backgrounding a running sub-agent with ctrl+b would restart it from scratch.
Plugin Search in /plugin
A small but useful addition: the /plugin command now includes a search bar when browsing marketplace plugins. If you have accumulated a decent number of plugins, this makes finding the one you need considerably less tedious.
Amazon Bedrock Gets Smarter About Region Detection
If you use Claude Code through Amazon Bedrock and have not set the AWS_REGION environment variable, the tool now reads the region from your ~/.aws configuration automatically. The /status command shows where the region setting came from, so you can tell at a glance whether it came from the environment, the config file, or a default.
The model picker has also been fixed for Bedrock users. Previously, it could display models that Bedrock does not actually offer, and selecting one would silently switch your session while lighting up multiple selection markers. That behaviour is corrected.
Chrome, VSCode, and Terminal Improvements
Chrome: Browser tools now load in a single batched call rather than one call per tool. This is a behind-the-scenes change, but it means the Claude in Chrome integration initialises faster.
VSCode: PowerShell tool calls were displaying as raw JSON instead of showing the correct command and permission dialog. That is fixed. ANSI escape codes have also been removed from displayed shell output, so the terminal stays readable.
Terminal performance: The /goal status chip was triggering a full terminal re-render at 5 Hz while idle. That has been stopped. There are also fewer UI re-renders while sub-agents run in parallel. If you have noticed Claude Code feeling slightly sluggish during complex agent runs, this should help.
The Bug Fix List Is Substantial
Thirty changes shipped in this release. The fixes worth calling out specifically:
Sessions and context: A session using 1M context without usage credits could get permanently stuck. It now automatically compacts back under the standard limit. A repeating error about images that could not be processed has also been resolved.
Model picker: Version-specific model IDs like claude-opus-4-8 were causing the picker to hide Opus and Sonnet 1M rows. Fixed. A separate issue where model IDs got a doubled 1M-context suffix has also been corrected.
Permissions: Wildcard domain rules like WebFetch(domain:*.example.com) were not matching subdomains in allow, deny, or ask positions. File permission rules with mid-pattern wildcards had the same problem. Both are fixed.
Memory: Team shared memory stores (CLAUDE_MEMORY_STORES) were not being found correctly in remote sessions. Fixed.
Auth: Model requests were continuing to fail with auth errors after credentials were refreshed outside the session, because the session was holding a stale cached request configuration. That cache is now invalidated properly.
Compaction: The --fallback-model flag was being ignored during compaction. Compaction now correctly falls back to the configured fallback model chain when it hits overload or model-availability errors.
Workflows: Workflow scripts that mentioned Date.now() or Math.random() in prompt strings or comments were being rejected by validation. The validator now handles these correctly.
Agents: Viewing a sub-agent’s transcript now shows tool results and live progress. Messages sent while a sub-agent was finishing its turn were previously being dropped. Both are fixed.
What This Means for You
If you run solo on straightforward tasks, the most immediately useful things here are the session stability fixes and the terminal performance improvements. Fewer stuck sessions, cleaner output, less idle CPU use.
If you build multi-agent workflows, nested sub-agents are worth experimenting with now. The five-level cap is generous enough for most real-world delegation patterns, and the background job syntax with ! adds a clean way to keep long-running processes out of your main flow.
Bedrock users should check their region configuration after updating. The automatic ~/.aws detection may mean you can clean up an environment variable you have been setting manually.
To update: npm i -g @anthropic-ai/claude-code. Note that v2.1.171 was never published to npm, so if you are on v2.1.170 or below, you are jumping straight to v2.1.172.
The full changelog is on GitHub if you want to go through all thirty changes in detail.