Claude Code 2.1.197: What the Biggest Update in Months Means for Non-Technical Users

Reading Time: 3 minutes

Claude Code version 2.1.197 makes Claude Sonnet 5 the new default model with a 1-million-token context window and promotional pricing through August 31. The release also brings organisation-level model controls, significant background-agent reliability improvements, a 37% streaming CPU reduction, and a critical MCP security fix that prevents untrusted repositories from self-approving their own tools.

Claude Code Just Shipped One of Its Largest Updates Yet

If you use Claude Code — Anthropic’s terminal-based AI coding and task-automation environment — the release labelled version 2.1.197 in the Claude Code changelog is worth pausing on. It is not a cosmetic refresh. The update ships a new default AI model, a dramatically expanded memory capacity, tighter security controls, sweeping background-agent reliability improvements, and a long list of bug fixes that address real-world frustrations. Below is a plain-language walkthrough of what actually changed.


The Headliner: Claude Sonnet 5 Is Now the Default Model

According to the Claude Code changelog, version 2.1.197 makes Claude Sonnet 5 the new default model inside Claude Code. Anthropic announced Claude Sonnet 5 separately, describing it as their latest and most capable model in the Sonnet line.

Two numbers attached to this change matter enormously for how useful Claude Code becomes in practice.


What Org Admins Get: Default Model Control

If your company deploys Claude Code across a team, version 2.1.197 adds a meaningful administrative feature. The changelog notes that admins can now set an organisation-wide default model from the org console. When no individual user has chosen a model themselves, the /model command inside Claude Code will show it labelled as “Org default” or “Role default.” Admins can also configure model restrictions, so the model picker, the --model flag, and the ANTHROPIC_MODEL environment variable all surface a “restricted by your organisation’s settings” message if a user tries to select a model outside approved options.

For Indian enterprises running Claude Code under a managed deployment — say, an IT team at a Bengaluru-based product company standardising on a specific model for cost control — this removes the previous workaround of writing policy documents asking engineers to set the right model manually.


A Scenario: A Legal-Tech Startup in Hyderabad

Imagine a 20-person legal-tech startup in Hyderabad using Claude Code to automate contract analysis. Their repository contains thousands of lines of contract-parsing code, and each analysis run also ingests a 300-page contract as context. Previously, Claude would hit its context limit mid-task and lose track of earlier clauses. With the 1-million-token window now default, a background agent can ingest the entire codebase and the full contract simultaneously, surface inconsistencies, and write a summary — all without the developer having to manually chunk and re-feed documents.

When the developer closes their laptop mid-run, the improved background session reliability in 2.1.197 means the agent does not die. The changelog states that long-running commands and workflows now survive the session’s process being stopped, restarted, or updated, including on Windows. Workers killed by a daemon restart are automatically resumed the next time the agents view opens. For a startup whose developers often switch between machines or deal with spotty power, this is a concrete reliability gain.


Security Tightening You Should Know About

The changelog records a notable security change around MCP (Model Context Protocol) servers. Previously, a repository could self-approve its own MCP servers by committing a .claude/settings.json file, meaning untrusted code you cloned could quietly add its own tools to Claude’s environment. Version 2.1.197 changes this: claude mcp list/get no longer spawns .mcp.json servers that a repo self-approved this way. Untrusted workspaces now show a ⏸ Pending approval indicator instead.

If you work with open-source repositories or accept code from external vendors — common in Indian IT services firms and product companies alike — this change reduces the risk of a cloned project quietly expanding Claude Code’s permissions without your explicit consent.

Additionally, hook matchers with hyphenated identifiers (such as mcp__brave-search) previously matched substrings accidentally, potentially triggering the wrong tools. They now require exact matches, with wildcard syntax available for intentional broad matching.


Usability Improvements Worth Noting


The `/code-review` Workflow Gets More Efficient

The changelog states that the /code-review workflow merged five cleanup finders into one, cutting token usage by roughly 25%. If your team runs frequent code reviews through Claude Code, this translates directly into lower API costs per review cycle — material for startups watching their monthly Anthropic bill.


Limitations and Honest Tradeoffs

A few caveats deserve attention before you upgrade or recommend this to your team.


What to Watch Next

The Claude Code changelog is updated incrementally, and this release’s density suggests the team is moving quickly. The areas to watch in subsequent releases are the stability of the 1M-token context window under real production loads, the post-August pricing structure for Claude Sonnet 5, and whether the MCP security model matures into a more formal permission framework. If your organisation is evaluating Claude Code for wider rollout, upgrading to 2.1.197 and running it through its paces before the promotional pricing window closes on August 31 is a reasonable starting point.

Related stories