Anthropic published Claude Code v2.1.149 on May 22, a maintenance release that is more interesting than its version number suggests.
The headline additions are practical. The `/usage` command now shows a per-category breakdown of what is driving limits usage, including skills, subagents, plugins and per-MCP-server cost. The `/diff` detail view can now be scrolled with the keyboard. Markdown output now renders GitHub-flavoured task-list checkboxes.
For teams using Claude Code seriously, the usage breakdown is the notable change. Agentic coding costs are not always obvious. A single session may involve the base model, tools, subagents, plugins and MCP servers. If teams cannot see what is driving consumption, they cannot decide whether an expensive workflow is worth keeping.
The release also fixes security-relevant edge cases. Anthropic says it fixed a PowerShell permission bypass where built-in `cd` functions could change the working directory undetected, allowing a later command to read outside the workspace. It also says it fixed a sandbox write allowlist issue in git worktrees where the allowlist covered the whole main repository root rather than only the shared `.git` directory, with hooks and config denied.
Those are exactly the kinds of details that matter as coding agents move from experiments to daily tools. The risk is rarely that an agent becomes magical. The risk is that a normal shell, a normal repository layout or a normal permission rule has an edge case the agent can stumble through at machine speed.
For agencies, the lesson is to keep agent tooling updated and to treat release notes as operational reading. If an agent can run commands, edit files and inspect a repository, then permission fixes are not cosmetic. They are part of the trust model.
A sensible rollout pattern is still conservative: isolate workspaces, avoid production secrets, keep human review on every change, and watch for tool-specific fixes around shells, worktrees, MCP connectors and sandboxing.