Claude Code running in a terminal with agentic tool calls visible Image from Anthropic / claude.com
by VibecodedThis

Claude Code 2.1.166: Configure Fallback Models, Glob Deny Rules, and Tighter Session Security

Claude Code 2.1.166, released June 6, lets you define up to three fallback models for when your primary is overloaded, adds glob support to deny rules, and hardens cross-session messaging security.

Share

Claude Code 2.1.166 shipped today with a handful of practical improvements: fallback model configuration, glob support in deny rules, and a security fix for cross-session messaging.

Fallback models

The new fallbackModel setting lets you configure up to three fallback models, tried in order if your primary model is overloaded or unavailable. If the first fallback is also unavailable, Claude Code moves to the second, and so on.

This is primarily useful in high-demand periods when top-tier models hit capacity limits. Instead of waiting, Claude Code will attempt the next model on your list. The --fallback-model flag now also works for interactive sessions, not just programmatic use.

Glob support in deny rules

Deny rules now accept glob patterns in the tool-name position. Setting * in that position blocks all tools, which is a useful starting point if you want a restrictive baseline and want to add back specific tools rather than blocking them one by one.

A few constraints: allow rules still reject non-MCP globs, and if a deny rule references an unknown tool name, Claude Code will warn at startup rather than silently ignoring it.

Cross-session messaging security

Messages relayed via SendMessage from other Claude Code sessions no longer carry user authority. Previously, a message from one Claude session could arrive in another session with the same permissions as a direct user message. Now those inter-session messages are treated as untrusted.

This matters for multi-agent setups where one Claude session directs another. The subordinate agent can no longer claim the same authority as the human user, which reduces the blast radius if a directing agent is compromised or misbehaves.

Bug fixes

  • Fixes a recurring “image could not be processed” error that was also generating extra token usage when an unprocessable image was included in a session
  • Fixes remote sessions getting permanently stuck when a brief backend disruption occurred during worker registration at startup
  • Fixes terminal rendering issues in JetBrains IDEs

Background agent sessions now update to the new Claude Code version in the background. Opening a session after a Claude Code update no longer triggers a cold restart delay.

Version 2.1.167, also released today, contains additional bug fixes and reliability improvements.

Sources: Claude Code Changelog, GitHub Releases

Share