2026-05-28 💡 Tips 'n' Tricks

Claude Code v2.1.153: Git LFS, Agent Autocomplete & MCP Server Reliability

💡 Claude Code v2.1.153: Git LFS, Agent Autocomplete, macOS Permissions & Security Fix

Claude Code v2.1.153 landed early this morning (00:52 UTC). The release is narrower in scope than yesterday's v2.1.152, but carries one security fix and several quality-of-life improvements that developer automation workflows will notice immediately.

Git LFS support in plugin marketplace sources

Plugin marketplace sources using the github or git provider can now set skipLfs: true to bypass Git LFS downloads entirely during clone and update. This matters for any plugin whose repository tracks large binary assets — documentation images, pre-built binaries, test fixtures — that your runtime environment doesn't need. Skipping LFS makes installs faster and avoids needing LFS credentials in environments that don't have them.

# In your plugin marketplace source entry:
{
  "type": "github",
  "repo": "acme/my-plugin",
  "skipLfs": true
}

Agent autocomplete now includes native commands and bundled skills

When you type claude agents or trigger autocomplete in the agent configuration interface, the suggestion list now surfaces native slash commands and bundled skills alongside custom agents. Before this change, discovering which built-in commands were available required consulting the docs. Now the shell autocomplete itself is the documentation — especially useful when writing SessionStart hooks that chain agent calls together.

Security fix: custom API gateway credential isolation

A regression since v2.1.129 meant that when Claude Code was configured to route API calls through a custom gateway, the user's Anthropic OAuth token was sometimes forwarded to the gateway instead of the gateway's own credential. This release fixes the isolation so that your Anthropic OAuth token stays local and the gateway receives only the token configured for it. If you operate a shared gateway (for cost tracking, rate limiting, or compliance routing), upgrading to v2.1.153 is security-relevant.

Other changes

/doctor improvement — now shows the outcome of your last update attempt alongside the current environment check. Useful for diagnosing "it said it updated but nothing changed" situations.
Status-line commands get COLUMNS and LINES — scripts running as status-line providers now receive terminal dimension environment variables, enabling responsive output that doesn't wrap or truncate at arbitrary widths.
macOS background agents listed as "Claude Code" — Background agent processes now appear under the "Claude Code" entry in System Settings → Privacy & Security, and their permission grants persist across Claude Code upgrades. Previously, each upgrade could reset macOS permissions for background agents.
MCP auth notifications consolidated — Multiple connector and MCP authentication startup messages are now batched into a single notification instead of flooding the output at session start.

Bug fixes

Paginated MCP tools/list responses now return all pages (previous builds silently dropped tools beyond the first page)
SVG images and other unsupported MIME types returned by MCP image tools no longer break conversations
Stateful MCP servers without GET SSE no longer enter a reconnect loop on startup
Bedrock and Vertex users can now select "Opus (1M context)" from /model (regression since v2.1.129)
Skill tool no longer throws a permission error when running in headless mode
Subagent (Agent tool) frontmatter MCP servers now correctly respect --strict-mcp-config, --bare, and managed MCP policies
Windows PowerShell installer no longer falsely reports "Installation complete!" on failure

Should you upgrade now?

Yes, if any of these apply: you use a custom API gateway (security fix), you have macOS background agents that lose permissions after upgrades (permissions fix), or you run MCP servers with pagination (silent data-loss fix). The credential leak fix alone makes this worth applying immediately in shared or enterprise environments. Run claude update or reinstall via npm.

⭐⭐⭐ github.com/anthropics/claude-code

💡 Five Patterns for Writing Reliable MCP Servers — Lessons from v2.1.153's Bug Fixes

Every Claude Code release that fixes MCP-related bugs is also a specification of what the host client actually expects. The v2.1.153 changelog documents several edge cases that MCP server authors frequently get wrong. Here are the five patterns those fixes reveal — things you can audit in your own server today.

1. Paginate tools/list completely

Claude Code previously returned only the first page of a paginated tools/list response and silently dropped the rest. That bug is fixed — but it masked a deeper problem: your server should be returning all tools on the first response, or paginating in a way the client explicitly requests. Check your implementation: if you return a nextCursor in a tools/list response, Claude Code will now follow it. If you weren't accounting for multi-page tool lists in your server, now is the time to test against a client that actually pages.

2. Return only supported MIME types from image tools

Returning image/svg+xml or other unsupported MIME types from an MCP image-tool response would silently break the conversation in earlier builds. v2.1.153 makes this graceful — but your server should still avoid the problem entirely. Supported types are image/png, image/jpeg, image/gif, and image/webp. If your tool might return SVGs (e.g., from a diagramming service), convert them to PNG before including them in the response, or omit the image and return a text description instead.

# In your MCP image tool response, always specify:
{
  "type": "image",
  "data": "<base64-encoded-png>",
  "mimeType": "image/png"   # not image/svg+xml
}

3. Design stateful servers to reconnect cleanly

Stateful MCP servers — those that maintain session state between calls — were triggering a reconnect loop if they didn't implement GET SSE. The fix is in the client, but the underlying advice remains: if your server is stateful, make sure your startup handshake is idempotent. Claude Code may disconnect and reconnect at any point (session resume, auto-update, background wake). Your server should return the same initialised state on each new connection rather than assuming continuity.

4. Don't rely on credential passthrough from the host

The OAuth credential regression (your Anthropic token leaking to a custom gateway) is a client-side fix, but it highlights a broader design principle: MCP servers and gateways should authenticate independently — never rely on receiving a credential that belongs to a different layer of the stack. Your gateway should validate its own API key; your MCP server should validate its own auth headers. Treat any credential you receive as intended only for you, and reject requests that don't carry your specific credential.

5. Test your server in headless mode

The Skill tool permission error in headless mode caught servers that assume interactive input is always available. If you ship MCP servers for use in CI pipelines, cron jobs, or Claude Code headless mode (--print / non-interactive), test them in exactly that context. Specifically: ensure your server doesn't block waiting for stdin, doesn't pop auth prompts, and has a defined behaviour when no TTY is attached.

How to audit your server against these five patterns

Run Claude Code against your MCP server with --verbose and trigger a tools/list call — check that all your tools appear. Add an SVG-returning test tool and verify it degrades gracefully. Stop and restart the Claude Code session mid-conversation to test reconnection behaviour. Run in headless mode (claude --print "list available tools") to catch any interactive assumptions. These tests take under ten minutes and will surface the most common integration failures before your users do.

⭐⭐⭐ github.com/anthropics/claude-code

Source trust ratings ⭐⭐⭐ Official Anthropic · ⭐⭐ Established press · ⭐ Community / research