Anthropic Claude Code: Live session scripting and security fixes in v2.1.145
Anthropic Claude Code v2.1.145 brings JSON output of live sessions for scripting, extended OTEL trace attributes for agent tracking, and fixes for a security vulnerability in bash command approval.
This article was generated using artificial intelligence from primary sources.
Anthropic has released Claude Code v2.1.145 with several practical improvements for development teams that use AI agents in their daily work. The release combines new scripting functionality, better agent tracking, and important security fixes.
What does claude agents --json do?
The new --json flag for the claude agents command outputs a list of all active Claude sessions in machine-readable JSON format. This means tools like tmux-resurrect, status bars, or any shell script can programmatically fetch which sessions are currently running, which agents they are assigned to, and how long they have been waiting for input — without parsing a user interface. For teams running multiple parallel agents, this significantly simplifies automation and monitoring.
OTEL trace attributes — why they matter for agent tracking
OTEL (OpenTelemetry) is an open standard for distributed tracing of applications and agents. Every operation generates a span — a record with timestamps and attributes describing what happened. In v2.1.145, spans of type claude_code.tool gain new agent_id and parent_agent_id fields, so background sub-agents correctly nest their traces under the parent Agent tool span. The result: in an OTEL backend like Jaeger or Honeycomb, you can see exactly which agent launched which subtask and how long it took — without losing the hierarchy.
Security and UX fixes
The most important security fix addresses a permission prompt bypass vulnerability: bash commands containing bare variable assignments (e.g. VAR=value) were passing automatic approval even when that variable was not on the allowed list. They are now correctly sent for approval.
MCP slash commands (Model Context Protocol) — the protocol for connecting AI models to external tools and data sources — no longer show raw server errors but instead indicate which arguments the command requires and how to use it correctly. Other fixes include frozen animation on terminal resize, fixed voice push-to-talk in agent view, and correct task list sorting.
The update is available via npm install -g @anthropic-ai/claude-code.
Frequently Asked Questions
- What does the new --json flag for claude agents do?
- The --json flag outputs a list of all active Claude sessions in machine-readable JSON format. This allows tools like tmux-resurrect, status bars, or shell scripts to programmatically fetch which sessions are currently running, which agents they are assigned to, and how long they have been waiting for input.
- What are OTEL trace attributes and why do they matter?
- OTEL (OpenTelemetry) is an open standard for distributed tracing of applications and agents. In v2.1.145, spans of type claude_code.tool gain new agent_id and parent_agent_id fields, so background sub-agents correctly nest their traces under the parent Agent tool span. This makes the full agent hierarchy visible in backends like Jaeger or Honeycomb.
- What security vulnerability was fixed in v2.1.145?
- Bash commands containing bare variable assignments (e.g. VAR=value) were passing automatic approval even when that variable was not on the allowed list. They are now correctly sent for manual approval.