Jonathon's AI Wiki

Claude Code Week 19 Release Digest (May 1–9, 2026)

11 min read

Source: raw/anthropic-watch-claude-code-tag-v2-1-126.md through v2-1-133 (GitHub release notes, Anthropic ecosystem watch feed, 2026-05-01 → 2026-05-07)

Six Claude Code releases shipped between the start of week 19 and the May 7 Code with Claude conference, bracketing the SpaceX rate-limit increase. Headlines: gateway /v1/models discovery for the /model picker, a claude project purge command for full-state cleanup, plugin .zip archive support (local + URL), Channels on console (API-key) auth, hooks receiving the active effort level, parallel-session OAuth credential races fixed, and a worktree-baseRef setting toggle.

Headline changes

Gateway /v1/models discovery (v2.1.126, opt-in by v2.1.129)

The /model picker now lists models from a gateway’s /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway. v2.1.129 made this opt-in only via CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY=1 (was automatic in v2.1.126–128). Useful for self-hosted or proxy gateway deployments.

claude project purge (v2.1.126)

Deletes all Claude Code state for a project: transcripts, tasks, file history, config entry. Supports --dry-run, -y/--yes, -i/--interactive, and --all. Replaces the manual ~/.claude/projects/<slug>/ cleanup pattern.

Plugin .zip archives (v2.1.128 + v2.1.129)

--plugin-dir now accepts .zip archives in addition to directories (v2.1.128). v2.1.129 added --plugin-url <url> to fetch a .zip from a URL for the current session. Plugin distribution gets simpler — no clone-then-link required.

Channels on console (API-key) auth (v2.1.128)

--channels now works with console (API-key) authentication, not just Claude account auth. Console orgs with managed settings must set channelsEnabled: true to enable. See Channels.

claude auth login paste-code path (v2.1.126)

Now accepts the OAuth code pasted into the terminal when the browser callback can’t reach localhost (WSL2, SSH, containers). Significant UX win for remote-dev environments where browser-callback OAuth historically broke.

--dangerously-skip-permissions expanded (v2.1.126)

Now bypasses prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths. Catastrophic-removal commands still prompt as a safety net. Enabling power-user / autonomous workflows that previously required per-path consent.

Worktree base-ref toggle (v2.1.133)

Added worktree.baseRef setting (fresh | head). Default fresh reverts EnterWorktree’s base back to origin/<default> (it had been local HEAD since v2.1.128). Set worktree.baseRef: "head" to keep unpushed commits in new worktrees. Watch for this if your team relies on the local-HEAD behavior introduced in v2.1.128.

Hooks receive effort level (v2.1.133)

Hooks now receive the active effort level via the effort.level JSON input field and the $CLAUDE_EFFORT environment variable. Bash-tool commands can read $CLAUDE_EFFORT. Lets hooks adjust behavior based on whether the session is running low/medium/high/xhigh.

Sandbox path overrides (v2.1.133, Linux/WSL)

Added sandbox.bwrapPath and sandbox.socatPath managed settings to specify custom bubblewrap and socat binary locations. Removes a hard-coded path assumption that broke on non-standard installs.

parentSettingsBehavior admin key (v2.1.133)

New 'first-wins' | 'merge' admin-tier key to opt SDK managedSettings (parent tier) into the policy merge. Enterprise governance — admins can now control how SDK-host policies blend with Claude Code’s own.

Bug-fix highlights

  • Parallel-session OAuth credential races fixed (v2.1.133). Previously, parallel sessions could all dead-end at 401 after a refresh-token race wiped shared credentials. This was a known multi-agent-workflow blocker.
  • Native build SIGINT graceful shutdown (v2.1.132). External SIGINT (IDE stop button, kill -INT) now runs graceful shutdown — terminal modes restored, --resume hint printed.
  • --resume emoji-corruption handling (v2.1.132). Sessions that had a tool-error truncation split an emoji are sanitized on load instead of failing with “no low surrogate in string.”
  • Plan-mode preservation across --continue/--resume (v2.1.132). --permission-mode flag is no longer ignored when resuming a plan-mode session.
  • MCP tool-list re-announcement (v2.1.128). Reconnecting MCP servers no longer flood the conversation with full tool-name lists; re-announced tools are summarized by server prefix.
  • Subprocess OTEL inheritance fixed (v2.1.128). Subprocesses (Bash, hooks, MCP, LSP) no longer inherit OTEL_* environment variables, so OTEL-instrumented apps run via the Bash tool no longer pick up the CLI’s own OTLP endpoint.
  • VS Code extension Windows activation (v2.1.131). Fixed hardcoded build path in the bundled SDK (createRequire polyfill bug).
  • Edit/Write allow-rule scope fix (v2.1.133). Drive-root (C:\) and POSIX / allow rules no longer match incorrectly and always prompt.
  • Edit-tool malware-assessment reminder removed (v2.1.126). Removed per-file malware reminder that caused spurious refusals and “this is not malware” commentary on legacy code.

v2.1.136 (May 8, post-conference)

Shipped one day after the conference; fits the week-19 narrative even though calendar-formally it bleeds into week 20.

  • CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL — re-enables the session-quality survey for enterprises capturing responses through OpenTelemetry.
  • settings.autoMode.hard_deny — auto-mode classifier rules that block unconditionally regardless of user intent or allow exceptions.
  • MCP servers no longer silently disappear after /clear — fixed for VS Code extension, JetBrains plugin, and Agent SDK across .mcp.json, plugins, and claude.ai connectors.
  • Login-loop fix — concurrent credential write no longer overwrites a freshly-rotated OAuth token, preventing forced re-login.
  • MCP OAuth refresh-token preservation — multiple servers refreshing concurrently no longer drop refresh tokens. Users with several remote MCP servers should no longer need daily re-auth (was a known multi-MCP pain point).
  • Extended thinking + tool-call API 400 fix — redacted thinking blocks emitted after a tool call no longer trigger 400 errors.
  • --resume / --continue and underscored project paths — sessions are now found when the project path contains underscores.
  • Plan-mode + Edit(...) allow-rule fix — plan mode now blocks file writes even when a matching Edit(...) allow rule exists.
  • WSL2 image paste — Windows clipboard image paste now works via PowerShell fallback when xclip / wl-paste cannot read image data.
  • Plugin Stop/UserPromptSubmit hooks no longer fail when cache cleanup deletes a plugin version still in use by a running session.
  • Slash-command dialog visual polish — standardized footer hints, dialog spacing, arrow-key styling; dialog frame now appears immediately during loading.

v2.1.137 + v2.1.138 (May 9, post-conference cleanup)

Two same-day patch releases continuing the conference-week stabilisation arc.

  • v2.1.137 (May 9, 00:11 UTC) — VS Code extension Windows activation re-fix. A second pass on the v2.1.131 fix; some Windows installs were still failing to activate.
  • v2.1.138 (May 9, 06:33 UTC) — internal fixes (no public-surface change documented in the release notes; treat as a build-stability bump).

Retrospective: v2.1.117 Glob/Grep regression (late April, still unaddressed as of v2.1.138)

Permission-boundary regression

v2.1.117 (late April) silently changed how Glob and Grep are wired. They are no longer native tools — file traversal and search now route through Bash via bfs / ugrep. Consequence: the long-standing safe permission profile for unattended cloud-sandbox runs (allow Read, Glob, Grep, Edit, Write; deny Bash) no longer prevents shell execution, because Glob/Grep are shell commands now. There is no in-band setting to recover the old boundary. Workaround: pin to v2.1.116 if you depend on it. Surfaced via r/ClaudeCode 1t7v1p0 (May 9 2026, score 40, 21 comments). v2.1.137/v2.1.138 do not address this. Track for a future release that restores Glob/Grep as native tools or adds a granular Bash(bfs) / Bash(ugrep) allow-rule path.

Smaller wins

  • Random color from bare /color (v2.1.128).
  • /mcp shows tool count for connected servers, flags servers that connected with 0 tools (v2.1.128).
  • /model picker dedup — collapsed duplicate Opus 4.7 entries; current Opus shows as “Opus” instead of “Opus 4.7” (v2.1.128).
  • workspace reserved as MCP server name (v2.1.128).
  • SDK localSettings suggestion persistent for Bash permission prompts (v2.1.128) — “Always allow” writes to .claude/settings.local.json.
  • Ctrl+R history picker default scope — now searches all prompts across all projects (matching pre-2.1.124 behavior); Ctrl+S narrows to current project/session (v2.1.129).
  • CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE — Homebrew/WinGet installs run upgrade in the background and prompt to restart (v2.1.129).
  • Plugin manifests: themes/monitors should declare under experimental: — top-level still works but claude plugin validate warns (v2.1.129).
  • skillOverrides setting worksoff hides from model and /, user-invocable-only hides from model only, name-only collapses description (v2.1.129).
  • claude_code.pull_request.count OTel metric — now counts PRs/MRs created via MCP tools, not just shell (v2.1.129).
  • Policy refusal errors include API Request ID for support debugging (v2.1.129).
  • Mantle endpoint authentication fix — missing x-api-key header (v2.1.131).
  • Fullscreen alternate-screen opt-outCLAUDE_CODE_DISABLE_ALTERNATE_SCREEN=1 keeps conversation in terminal scrollback (v2.1.132).
  • CLAUDE_CODE_SESSION_ID env var in Bash subprocess — matches session_id passed to hooks (v2.1.132).
  • “Pasting…” footer hint during Ctrl+V image paste (v2.1.132).
  • Indic conjunct + ZWJ emoji wrapping fix — cursor no longer lands mid-grapheme on Ctrl+E/A/K/U/arrow keys (v2.1.132).
  • Vim NFD accent corruption fix (v2.1.132).
  • Esc during compaction no longer shows spurious “Error compacting conversation” (v2.1.133).
  • HTTP(S)_PROXY / NO_PROXY / mTLS respected for full MCP OAuth flow including discovery (v2.1.133).
  • Memory pressure: warm-spare background workers released under pressure (v2.1.133).

Known caveats (community-reported)

[Reddit signal — r/ClaudeAI 2026-05-10] Opus 4.7 burns the multilingual-token tax harder than 4.6. A r/ClaudeAI reproduction (1t8xtcf, 116 score / 52 comments) ran the same German-language equity-research prompt across Sonnet / Opus 4.6 / Opus 4.7 and watched the entire session quota vanish in seconds on 4.7 only. The user’s in-thread Claude reply documents the underlying tokenizer math: English averages ~1 token / 0.75 words, German averages ~1 token / 0.5 words (compound nouns, umlauts, less training-data coverage), so the same semantic content costs 1.5×–2× more tokens in German than English; combined with tool calls + web search + Excel-building output, Opus 4.7 hit 100% session burn while Opus 4.6 took 33% and Sonnet took 28% on the same prompt. Workaround: prompt in German but ask for the response/output in English. Structural property of the tokenizer, not an Opus-4.7-specific bug — but 4.7’s longer extended thinking amplifies the tax beyond what 4.6 spent. Worth flagging for any non-English Pro users.

Key Takeaways

  • Sequence: v2.1.126 (May 1) → v2.1.128 (May 4) → v2.1.129 (May 6) → v2.1.131 (May 6, hotfix) → v2.1.132 (May 6) → v2.1.133 (May 7) → v2.1.136 (May 8) → v2.1.137 (May 9) → v2.1.138 (May 9). Nine releases, nine days — three of them are post-conference stabilisation (136 / 137 / 138).
  • Theme of the week: enterprise + governance. Gateway-/v1/models discovery, Channels on console auth, parentSettingsBehavior for SDK policy merge, sandbox path overrides — all aimed at admins running Claude Code inside larger orgs.
  • Plugin distribution finally clean. Local .zip (128) + remote .zip URL (129) means plugin authors can ship a single archive instead of demanding a clone.
  • Worktree-baseRef whiplash. v2.1.128 changed EnterWorktree’s base from origin/<default> to local HEAD; v2.1.133 added a setting and reverted the default. If your team adopted v2.1.128’s behavior, set worktree.baseRef: "head" explicitly before upgrading.
  • Hooks gain effort awareness. Hooks adjusting behavior by effort level (xhigh = expensive, low = cheap) is a practical observability + cost-control hook.
  • Parallel-session OAuth race fix unblocks multi-agent workflows. This was a known dead-end at 401 for users running parallel CC sessions on the same account.
  • Compute capacity context. Releases shipped during the conference week that announced the SpaceX compute partnership doubling Claude Code 5-hour rate limits — capacity changes are user-facing, these CLI changes are infrastructure-facing.

Try It

  1. Upgrade to v2.1.133. claude upgrade (or your package manager). Confirm claude --version reports 2.1.133. If you set up a worktree.baseRef, lock in "head" if you want the v2.1.128 behavior.
  2. Test claude project purge --dry-run on a stale project. Confirm the dry-run output before running for real.
  3. Try --plugin-url on a plugin that ships a release zip. Compared with the previous clone-and-link pattern, you should be able to get a plugin loaded in seconds.
  4. Add $CLAUDE_EFFORT awareness to a hook. A PreToolUse hook that skips an expensive validation step on low effort, or a PostToolUse that records effort level in a usage log.
  5. For Linux/WSL with non-standard sandbox installs: set sandbox.bwrapPath / sandbox.socatPath in managed settings if Claude Code was failing to find the binaries.
  6. Run a parallel-session OAuth test. If your team had been hitting 401 dead-ends in concurrent sessions, run two sessions side-by-side and confirm the credential race is gone.

Open Questions

  • Skipped versions. No release notes for v2.1.127, v2.1.130, v2.1.134, v2.1.135. These appear to have been internal builds or were rolled back; not on the public release page.
  • parentSettingsBehavior default. Source doesn’t specify whether 'first-wins' or 'merge' is the default; admins should set explicitly.
  • Auto-update prompts. With CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE enabled on Homebrew/WinGet, behavior on locked/managed installs (e.g., enterprise WinGet repos) not specified.
  • v2.1.117 Glob/Grep regression remediation timeline. No upstream signal yet on whether the fix is “restore native Glob/Grep” or “ship Bash sub-tool allow-rules” (Bash(bfs) / Bash(ugrep)). The latter would generalise to other Bash-routed search tools but requires permissions-system work.

Graph View

Backlinks