Claude Code 2.1.178 adds Tool(param:value) permission rules and auto-mode subagent checks

• Claude Code 2.1.178 shipped a new permission-rule syntax that lets teams block tool calls by parameter, so rules can target cases like Agent(model:opus) instead of only the tool name, according to ClaudeCodeLog's changelog post.
• Auto mode now runs classifier checks before it spawns subagents, and ClaudeCodeLog's release thread says that closes a gap where blocked actions could slip through subagent launches.
• The patch is also a reliability release: the full changelog lists fixes for stale OAuth file descriptors, Chrome login mismatches, auth caching, compaction fallback handling, and several background-subagent bugs.
• Nested .claude behavior changed in two places, with the changelog adding nested skill loading plus directory-qualified names, while the same update makes the closest agent, workflow, and output-style win on collisions.
• Release metadata from ClaudeCodeLog's follow-up shows a small binary bump, but prompt tokens grew 6.2 percent and tool-related prompts rose from 89.5 percent to 90.1 percent.

You can jump straight to the full changelog, inspect Anthropic's CHANGELOG.md, and compare the extra surface-level diff in the v2.1.178 release snapshot. One useful oddity in ClaudeCodeLog's metadata post is how much of the prompt mix now sits in tool descriptions, while aibuilderclub_'s subagent note gives some context for why the subagent guardrails matter more as Claude Code leans harder into agent trees.

The headline feature is parameter-aware permission matching. ClaudeCodeLog's changelog says rules now accept Tool(param:value) with * wildcards, so policy can distinguish between two calls to the same tool based on input.

That matters most for subagents, because the example in the changelog post is Agent(model:opus) to block Opus subagents specifically. Previous allow or deny rules were cruder.

Auto mode now runs its classifier before spawning subagents. ClaudeCodeLog's summary thread and the full changelog both describe this as closing a bypass where a subagent could request a blocked action without review.

That lines up with how Claude Code users are already treating subagents as trees rather than one-off helpers. aibuilderclub_ said recent builds allow subagents to spawn their own subagents up to five levels deep, which makes pre-spawn checks a more consequential guardrail.

Most of 2.1.178 is cleanup in flows that break badly when they break at all:

• stale websocket or OAuth file descriptors could trigger an out-of-memory crash
• Chrome sign-in could fail silently when the OAuth token belonged to a different account
• custom gateway sessions could hit 401 Invalid bearer token when the daemon inherited ANTHROPIC_BASE_URL and ANTHROPIC_AUTH_TOKEN
• refreshed credentials could still fail because the request config cache stayed stale
• compaction now respects --fallback-model on overload or model-availability errors

The subagent-specific fixes are similarly concrete in the changelog: transcript views now show tool results and live progress, messages sent while a subagent is finishing are no longer dropped, and ctrl+b backgrounding no longer restarts the subagent from scratch.

Nested project config got more predictable in this patch. Skills inside nested .claude/skills directories now load when you work on files there, and name collisions keep both entries available by renaming the nested one as <dir>:<name>, according to the changelog post.

The same rule now applies across agent, workflow, and output-style selection: the config closest to the working directory wins. Project-scope workflow saves also target the closest existing .claude/workflows/ directory.

The follow-up release diff adds a separate layer of signal beyond the user-facing changelog:

• new env vars include AWS_CONFIG_FILE, AWS_ROLE_ARN, AWS_SHARED_CREDENTIALS_FILE, AWS_WEB_IDENTITY_TOKEN_FILE, CLOUDSDK_AUTH_ACCESS_TOKEN, CLAUDE_CODE_COORDINATOR_EXTRA_TOOLS, and CLAUDE_INTERNAL_ASSISTANT_TEAM_NAME, per ClaudeCodeLog's metadata post
• removed env vars include CCR_EGRESS_GATEWAY_ENABLED, CCR_UPSTREAM_PROXY_ENABLED, CLAUDE_ASYNC_AGENT_STALL_TIMEOUT_MS, and CLAUDE_BG_STARTUP_WEDGE_MS, again per the same post
• the bundle grew by 103.0 kB, prompt files rose by 3, and prompt tokens rose by 6,705
• tool-prompt share increased from 89.5 percent to 90.1 percent

That last metric is the clearest hint about where the product is still expanding. Even in a patch release, more of the prompt budget moved into tool use.