Harness instructions - what's new in CC 2.1.120 (+783 tokens)

Detailed Analysis

Version 2.1.120 of Claude Code, Anthropic's agentic terminal-based coding assistant, introduces a set of structured internal system prompt and tooling changes tracked publicly by the Piebald-AI reverse-engineering repository on GitHub. The release adds 783 tokens of new instructional content spread across new system prompts, updated agent prompts, revised tool descriptions, and endpoint data changes. Most notably, two entirely new system-prompt sections appear: "Harness instructions," which governs core interactive-agent behavior including terminal markdown rendering, permission handling, tool use, and the processing of `<system-reminder>` context blocks; and "Memory instructions," which formalizes a file-based persistent memory system using frontmatter-structured Markdown files, with explicit rules for handling duplicate or stale memories and verifying recalled references to files, functions, and flags.

The agent prompt layer—which shapes Claude Code's autonomous reasoning behaviors—also received meaningful updates. The "Dream memory consolidation" prompt, which governs how the agent processes and organizes session logs during idle or compaction cycles, was updated to reflect a more granular log directory structure: rather than a single daily log file, sessions are now stored recursively under `logs/YYYY/MM/DD/<id>-<title>.md`, with recursive `ls -R` scanning and session titles used to triage relevance. The security monitor prompt for autonomous agent actions gained a new injection point (`settings_deny_rules`) that allows platform-level deny rules to be inserted alongside user-defined ones, strengthening the layered permission model. The `/security-review` slash command was refactored to replace a hardcoded list of allowed Git tools with a dynamic `${ALLOWED_TOOLS}` template variable, making the command more flexible across deployment configurations.

On the tooling side, two tool descriptions were added or clarified. The `BrowserBatch` tool description formalizes a batched browser action mechanism that executes multiple actions sequentially in a single round trip, halting on the first error and returning interleaved outputs and screenshots—an efficiency-oriented pattern for web-browsing agents that reduces latency in multi-step page interactions. The `Write` tool description now explicitly requires the agent to read an existing file before overwriting it, with a recommendation to use `Edit` for modifications rather than full rewrites, a guardrail designed to reduce accidental data loss in agentic coding workflows. The `WebSearch` tool description received a smaller but operationally significant change: the current-month template variable was renamed from a function-call syntax (`${GET_CURRENT_MONTH_YEAR()}`) to a static-variable syntax (`${CURRENT_MONTH_YEAR}`), reflecting a normalization of the variable interpolation pattern used across prompts.

The most consequential infrastructure change in this release is the fivefold increase in documented rate limits for the Managed Agents API endpoint: the organization-level create-operation limit for Agents, Sessions, and Vaults rose from 60 requests per minute to 300 RPM. This adjustment signals that Anthropic is scaling its multi-agent orchestration infrastructure to support higher-throughput enterprise deployments, where parallel agent instantiation and session management at scale are operational requirements rather than edge cases. Taken together, the changes in 2.1.120 reflect a consistent engineering trajectory: Claude Code is being hardened as a production-grade autonomous agent platform, with tighter memory semantics, more composable security controls, and infrastructure capacity aligned to enterprise-scale agentic workloads.