Claude Code v2.1.195: Exact-Match Hooks and Mouse Click Fixes
This episode breaks down Claude Code v2.1.195, including the shift from loose substring matching to exact-match security hooks for hyphenated MCP tools and the new wildcard syntax needed for multi-tool servers. It also covers the CLAUDE_CODE_DISABLE_MOUSE_CLICKS setting, plus smaller fixes for voice dictation and remote connections.
Is this your podcast and want to remove this banner? Click here.
Chapter 1
Exact-Match Hooks and Terminal Tweaks in v2.1.195
Lachlan Reed
So I was- I was tweaking my local developer environment yesterday, right, and suddenly my build scripts for Claude Code start throwing these weird, unexpected permission prompts. Turns out Anthropic quietly dropped version 2.1.195, and it radically changes how security hooks evaluate tool names under the hood. It is brought to you by Jellypod AI, by the way. But, mate, they completely changed the regex pattern matching for hyphenated MCP servers.
James Turner
Wait, hyphenated MCP servers? So you mean like when you have a tool named, say, mcp__brave-search? That was causing collision issues because of substring matching, right?
Lachlan Reed
Exactly! Spot on. See, before v2.1.195, if you had a permission hook configured for mcp__brave-search, the engine used a loose substring regex. So if you ran a tool called mcp__brave-search-premium or some other variation, it would- it would just blindly match it. It was a massive security blind spot because a malicious or poorly written tool could easily hijack the permissions of a more trusted, similarly named tool. Now, they've shifted to an exact-match regime.
James Turner
Ah, that makes sense. But wait, if they're doing strict exact-matching now, does that mean if I have an MCP server with ten different sub-tools, I have to write ten separate permission rules in my config? That sounds like a total nightmare to manage manually.
Lachlan Reed
Nah, luckily they didn't leave us entirely out in the- out on the curb. To handle those multi-tool MCP servers, you now have to use explicit wildcard matching. So instead of just relying on the old substring fallback, you've got to define it like mcp__brave-search__.* in your configuration file. It forces you to be deliberate about using wildcards, which honestly, is how it should have been from day one. If you don't update your config to use that explicit __.* suffix, your automated workflows are going to grind to a halt on the next update because Claude's going to block the execution and wait for manual approval.
James Turner
Right, because it won't match the bare string anymore. That is a crucial fix. Speaking of terminal pain points, did you see the new environment variable they added for terminal UX? The CLAUDE_CODE_DISABLE_MOUSE_CLICKS one?
Lachlan Reed
Oh, mate, don't get me started. If you're like me and you use a terminal emulator that supports mouse reporting, clicking inside the terminal to focus the window or copy some text often ends up sending random ANSI escape sequences straight into Claude's interactive prompt. It completely messes up your cursor position or, worse, triggers random actions. Now you just export CLAUDE_CODE_DISABLE_MOUSE_CLICKS=1 in your shell profile, and it completely ignores those stray mouse clicks. It's an absolute lifesaver for my sanity.
James Turner
Oh, I am definitely adding that to my .zshrc tonight. No more accidental executions because I wanted to highlight a line of log output. They also quietly rolled out a couple of quality-of-life fixes for non-English devs, didn't they? Something about voice dictation?
Lachlan Reed
Yeah, they did. They fixed the voice dictation formatting for space-less languages, like Japanese and Chinese. Previously, the transcription engine was trying to force Western-style spacing rules onto those inputs, which completely broke the syntax and semantics when feeding it to the LLM. Now it correctly respects the script rules. Plus, they polished up some of the remote connection checklist items, making the connection handshakes a lot more resilient when you're working over spotty SSH tunnels.
James Turner
Simple but essential. So, the big takeaway here is: update to v2.1.195, explicitly add __.* wildcards to your hyphenated MCP security configs, and export that mouse click disable flag immediately.
