--- title: "Claude Code's Plugin System Grew Up: v2.1.152–158 Dissected" date: 2026-05-30 tags: ["claude-code","plugins","release","enterprise","mcp","developer-tools"] categories: ["AI Tools","Guides"] summary: "Five Claude Code releases in five days (v2.1.152–158, May 26–30) overhaul the plugin system end-to-end: enterprise-safe skill sandboxing via disallowed-tools, zero-friction local plugin development with .claude/skills autoloading, Dynamic Workflows + Opus 4.8 as the default model, and Auto mode expansion to Bedrock, Vertex, and Azure Foundry." --- Between May 26 and May 30, Anthropic shipped five Claude Code releases. Individually they read as incremental changelog entries. Together they tell a coherent story: the plugin system that started as a power-user feature in early 2026 is becoming production infrastructure. Here's what changed and why it matters. ## v2.1.152 (May 26): Enterprise sandboxing The headliner in this release is `disallowed-tools` — a new front-matter field for skill files that lets skill authors explicitly prohibit specific tools while a skill is active. ```yaml --- name: "Database Migration Runner" disallowed-tools: ["Bash", "Write"] --- ``` This sounds simple. The implications are not. Before this, a skill could call any tool Claude Code had access to. That made skills powerful but ungovernable — an ops team deploying a skill to a hundred developer machines couldn't guarantee the skill wouldn't reach outside its intended scope. `disallowed-tools` closes that gap. Skill authors declare intent; the runtime enforces it. Enterprise admins deploying through `pluginSuggestionMarketplaces` (also new in this release) can now pair each skill with an explicit capability boundary. **`MessageDisplay` hook** is the second notable addition. Hook scripts registered as `MessageDisplay` can transform or suppress displayed assistant text before it renders in the terminal. The immediate use cases: strip verbose model output for CI/CD pipelines where terminal noise matters, inject metadata into responses for logging, or enforce output format policies across a team deployment. This is the hook the enterprise log-ingestion crowd has been waiting for. **`/reload-skills`** rounds out the developer ergonomics: rescan the skills directory without restarting the session. For anyone iterating on a skill in a live session, this replaces the restart-loop that was the prior workaround. **Auto mode no longer requires prior opt-in consent** — the friction that was added when Auto mode launched in March (requiring an explicit confirmation prompt before enabling) is gone. The safety review landed; the friction didn't need to persist. ## v2.1.154 (May 28): Opus 4.8 becomes the default This is the release that ships alongside the Opus 4.8 model announcement. The key changes: - **Opus 4.8 is now the default model** in Claude Code, with **high-effort mode on by default** - **Lean system prompt** for Opus 4.8 — the full system prompt remains for Haiku, Sonnet, and legacy Opus. For 4.8, Anthropic ships a trimmed version that reduces overhead tokens. More of the context window goes to your actual code. - **Dynamic Workflows available from within sessions** — the multi-agent orchestration primitive that ships with Opus 4.8 is wired directly into the Claude Code session runtime - **Fast mode on Opus 4.8** at 2x the standard rate for 2.5x speed — opt into it for batch/CI workloads where latency dominates - **`/simplify` now runs cleanup-only review** (no bug hunting) — separating style/structure cleanup from correctness analysis. Use `/code-review` when you want both. - **Background sessions via `!` command prefix** — prepend `!` to any prompt to run it in a background session without blocking your active session The `!` command prefix deserves more attention than it typically gets in changelogs. It's a composability primitive. Long-running tasks — a full test suite, a codebase analysis, a documentation generation pass — can now run in the background while you continue working in the foreground. Combined with Agent View (shipped in v2.1.139), this makes it practical to run three or four parallel workstreams without tab-switching. ## v2.1.157 (May 29): Zero-friction local plugin development The structural change in this release is that plugins in `.claude/skills` directories now **autoload without requiring marketplace registration**. Previously, installing a local plugin meant either registering it in a marketplace endpoint or using a workaround. Now you drop a skill file in `.claude/skills/` and it's live on the next session start (or after `/reload-skills`). **`claude plugin init `** scaffolds a new plugin with correct front matter, a starter instruction block, and a test skeleton. The barrier to writing your first plugin just dropped to a single command. For teams maintaining shared workflow libraries — automated PR descriptions, deployment scripts, code review pipelines — this makes plugin authorship accessible to engineers who weren't already deep in the tooling. **Autocomplete for `/plugin` arguments** closes the discoverability loop. If you don't know a plugin's exact name, tab-complete now surfaces it. **`EnterWorktree` can now switch between Claude-managed worktrees mid-session** — relevant for teams using worktree isolation for parallel experiments. You can switch the active worktree context without starting a new session. ## v2.1.158 (May 30): Auto mode goes multi-cloud The final release in this five-day window is the most operationally significant for enterprise deployments: **Auto mode is now available on AWS Bedrock, Google Vertex, and Azure Foundry** for Opus 4.7 and Opus 4.8. Enable it via `CLAUDE_CODE_ENABLE_AUTO_MODE=1`. This matters because a substantial fraction of enterprise Claude Code deployments run on managed cloud infrastructure — regulated industries (financial services, healthcare, government) that can't send data through claude.ai but can route it through their existing cloud provider's compliance perimeter. Until today, those teams got Claude Code without Auto mode. The autonomy ceiling was lower for the teams with the strictest security requirements. That gap is now closed. ## The arc across five releases Read together, v2.1.152–158 advance Claude Code on three axes simultaneously: 1. **Enterprise governance**: `disallowed-tools`, `MessageDisplay` hooks, `pluginSuggestionMarketplaces`, and multi-cloud Auto mode give security-conscious orgs the controls they need to deploy skills at scale without open-ended tool access 2. **Developer ergonomics**: zero-friction `.claude/skills` autoload, `claude plugin init`, `/reload-skills`, and background `!` sessions compress the iteration loop for teams building on top of Claude Code 3. **Capability**: Opus 4.8 as default with Dynamic Workflows and lean context overhead means the model you're now running by default is both more capable and more efficient than what shipped two weeks ago The plugin system that looked like a power-user feature is becoming the extensibility layer for AI-powered developer tooling. The governance story (`disallowed-tools`, hooks, marketplaces) is the piece that lets CTOs say yes to organization-wide deployment. The ergonomics story (`plugin init`, autoload) is the piece that turns every engineer into a potential plugin author. Both had to be true before the ecosystem could compound. They're now both true. --- **Sources**: [Claude Code GitHub Releases](https://github.com/anthropics/claude-code/releases), [DevelopersIO v2.1.152 write-up](https://dev.classmethod.jp/en/articles/20260524-claude-code-updates-v2-1-152/), [Claude Code Changelog](https://code.claude.com/docs/en/changelog), [Anthropic newsroom — Opus 4.8](https://www.anthropic.com/news)