v2.1.162 Tightens WebFetch Security and Slash Command UX
This episode covers the latest v2.1.162 update, where WebFetch now honors explicit allowlists and blocklists over built-in domain rules for stronger control. It also highlights safer slash command autocomplete, read-only config fallbacks for containers, and the new waitingFor JSON key for better agent automation.
Is this your podcast and want to remove this banner? Click here.
Chapter 1
WebFetch Precedence and Safe Autocomplete in v2.1.162
Lachlan Reed
G'day everyone! [excited] Lachlan Reed here, and a massive thanks to Jellypod for helping make this daily show a reality. Let's skip the fluff and jump straight into the v2.1.162 update because we've got some massive security and workflow overrides to talk about. James, starting with WebFetch -- they've completely flipped the hierarchy on how permission rules are evaluated.
James Turner
Yeah, and this is a major security fix. Historically, WebFetch had a built-in list of preapproved domains to keep things smooth, but in v2.1.162, explicit user blocklists and allowlists now take absolute precedence. If you block a domain, it is blocked, period -- even if the system previously marked it as safe. [deliberate]
Lachlan Reed
Which is a massive relief for anyone worried about data-leak vectors [chuckles]. I mean, if I explicitly write a rule to keep my local development environment or sensitive API endpoints off the grid, I don't want some hardcoded "preapproved" list bypassing my config. It's all about deterministic control.
James Turner
Exactly. Speaking of control, have you seen the UX overhaul for slash commands? [curious] They finally fixed the autocomplete behavior.
Lachlan Reed
Oh, the autocomplete change is brilliant! [laughs] Before this, if you hit tab or clicked on a slash command autocomplete suggestion, it would run the bloody thing immediately. I can't tell you how many times I accidentally triggered a dry-run error or fired off an incomplete command because my finger slipped. Now, selecting a suggestion just populates the input box.
James Turner
It's a huge quality-of-life win. You get to actually review the populated command, edit the arguments, and hit Enter only when you're ready. No more accidental executions. And speaking of QOL, they also tackled a major headache for containerized environments: read-only config directories. [sighs]
Lachlan Reed
Yeah, this is a lifesaver for anyone running locked-down Docker containers or restricted environments. If the CLI detects that your configuration folder is read-only, instead of just crashing out with an ugly permission error, it automatically provisions an in-memory fallback. It keeps things running smoothly in a temporary space without throwing a tantrum.
James Turner
Which is perfect for stateless deployments. Along with that, they added a new JSON key to the `claude agents --json` output. It's called `waitingFor`.
Lachlan Reed
Ah, the `waitingFor` key! [excited] That's a game-changer for background agent scripting. It explicitly outputs exactly what state or resource the background agent is blocked on. So, instead of your orchestrator script guessing why an agent is hanging, you can parse that key directly and handle the bottleneck programmatically.
James Turner
It makes automated pipelines so much more robust. That's a wrap on the key highlights for v2.1.162 -- grab the update and secure those WebFetch paths.
Lachlan Reed
Spot on, James. Catch you all in the next one!