• Security: Bash(find:*) allow rules no longer auto-approve -exec or -delete. Expect new permission prompts if you have broad find allow rules that previously greenlit destructive flags.

• Bash deny rules now catch commands wrapped in env, sudo, watch, setsid, and similar exec wrappers. A command you previously denied can no longer be bypassed by prepending an exec wrapper. (more below)

• Agent frontmatter hooks: now fires when running as a main-thread agent via --agent. If you declared hooks in agent YAML for --agent invocations, they are now active where they were previously ignored. (more below)

• The CLI spawns a native platform binary instead of bundled JavaScript (2.1.113). No action needed, but cold-start time and memory profile will differ from the Node.js bundle.

New in 2.1.116, 2.1.114, 2.1.113

2.1.116 (April 21, 2026)

• /resume on large sessions is significantly faster (up to 67% on 40MB+ sessions) and handles sessions with many dead-fork entries more efficiently
• Faster MCP startup when multiple stdio servers are configured; resources/templates/list is now deferred to first @-mention
• Smoother fullscreen scrolling in VS Code, Cursor, and Windsurf terminals; /terminal-setup now configures the editor's scroll sensitivity
• Thinking spinner now shows progress inline ("still thinking", "thinking more", "almost done thinking"), replacing the separate hint row
• /config search now matches option values (e.g. searching "vim" finds the Editor mode setting)
• /doctor can now be opened while Claude is responding, without waiting for the current turn to finish
• /reload-plugins and background plugin auto-update now auto-install missing plugin dependencies from marketplaces you've already added
• Bash tool now surfaces a hint when gh commands hit GitHub's API rate limit, so agents can back off instead of retrying
• The Usage tab in Settings now shows your 5-hour and weekly usage immediately and no longer fails when the usage endpoint is rate-limited
• Agent frontmatter hooks: now fire when running as a main-thread agent via --agent
• Slash command menu now shows "No commands match" when your filter has zero results, instead of disappearing
• Security: sandbox auto-allow no longer bypasses the dangerous-path safety check for rm/rmdir targeting /, $HOME, or other critical system directories
• Fixed Devanagari and other Indic scripts rendering with broken column alignment in the terminal UI
• Fixed Ctrl+- not triggering undo in terminals using the Kitty keyboard protocol (iTerm2, Ghostty, kitty, WezTerm, Windows Terminal)
• Fixed Cmd+Left/Right not jumping to line start/end in terminals that use the Kitty keyboard protocol (Warp fullscreen, kitty, Ghostty, WezTerm)
• Fixed Ctrl+Z hanging the terminal when Claude Code is launched via a wrapper process (e.g. npx, bun run)
• Fixed scrollback duplication in inline mode where resizing the terminal or large output bursts would repeat earlier conversation history
• Fixed modal search dialogs overflowing the screen at short terminal heights, hiding the search box and keyboard hints
• Fixed scattered blank cells and disappearing composer chrome in the VS Code integrated terminal during scrolling
• Fixed an intermittent API 400 error related to cache control TTL ordering that could occur when a parallel request completed during request setup
• Fixed /branch rejecting conversations with transcripts larger than 50MB
• Fixed /resume silently showing an empty conversation on large session files instead of reporting the load error
• Fixed /plugin Installed tab showing the same item twice when it appears under Needs attention or Favorites
• Fixed /update and /tui not working after entering a worktree mid-session

2.1.114 (April 21, 2026)

• Fixed a crash in the permission dialog when an agent teams teammate requested tool permission

2.1.113 (April 21, 2026)

• Changed the CLI to spawn a native Claude Code binary (via a per-platform optional dependency) instead of bundled JavaScript
• Added sandbox.network.deniedDomains setting to block specific domains even when a broader allowedDomains wildcard would otherwise permit them
• Fullscreen mode: Shift+Up/Down now scrolls the viewport when extending a selection past the visible edge
• Ctrl+A and Ctrl+E now move to the start/end of the current logical line in multiline input, matching readline behavior
• Windows: Ctrl+Backspace now deletes the previous word
• Long URLs in responses and bash output stay clickable when they wrap across lines (in terminals with OSC 8 hyperlinks)
• Improved /loop: pressing Esc now cancels pending wakeups, and wakeups display as "Claude resuming /loop wakeup" for clarity
• /extra-usage now works from Remote Control (mobile/web) clients
• Remote Control clients can now query @-file autocomplete suggestions
• Improved /ultrareview: faster launch with parallelized checks, diffstat in the launch dialog, and animated launching state
• Subagents that stall mid-stream now fail with a clear error after 10 minutes instead of hanging silently
• Bash tool: multi-line commands whose first line is a comment now show the full command in the transcript, closing a UI-spoofing vector
• Running cd <current-directory> && git ... no longer triggers a permission prompt when the cd is a no-op
• Security: on macOS, /private/{etc,var,tmp,home} paths are now treated as dangerous removal targets under Bash(rm:*) allow rules
• Security: Bash deny rules now match commands wrapped in env/sudo/watch/ionice/setsid and similar exec wrappers
• Security: Bash(find:*) allow rules no longer auto-approve find -exec/-delete
• Fixed MCP concurrent-call timeout handling where a message for one tool call could silently disarm another call's watchdog
• Fixed Cmd-backspace / Ctrl+U to once again delete from the cursor to the start of the line
• Fixed markdown tables breaking when a cell contains an inline code span with a pipe character
• Fixed session recap auto-firing while composing unsent text in the prompt
• Fixed /copy "Full response" not aligning markdown table columns for pasting into GitHub, Notion, or Slack
• Fixed messages typed while viewing a running subagent being hidden from its transcript and misattributed to the parent AI
• Fixed Bash dangerouslyDisableSandbox running commands outside the sandbox without a permission prompt
• Fixed /effort auto confirmation now says "Effort level set to max" to match the status bar label
• Fixed the "copied N chars" toast overcounting emoji and other multi-code-unit characters
• Fixed /insights crashing with EBUSY on Windows
• Fixed exit confirmation dialog mislabeling one-shot scheduled tasks as recurring, now shows a countdown
• Fixed slash/@ completion menu not sitting flush against the prompt border in fullscreen mode
• Fixed CLAUDE_CODE_EXTRA_BODY output_config.effort causing 400 errors on subagent calls to models that don't support effort and on Vertex AI
• Fixed prompt cursor disappearing when NO_COLOR is set
• Fixed ToolSearch ranking so pasted MCP tool names surface the actual tool instead of description-matching siblings
• Fixed compacting a resumed long-context session failing with "Extra usage is required for long context requests"
• Fixed plugin install succeeding when a dependency version conflicts with an already-installed plugin, now reports range-conflict
• Fixed "Refine with Ultraplan" not showing the remote session URL in the transcript
• Fixed SDK image content blocks that fail to process crashing the session, now degrade to a text placeholder
• Fixed Remote Control sessions not streaming subagent transcripts
• Fixed Remote Control sessions not being archived when Claude Code exits
• Fixed thinking.type.enabled is not supported 400 error when using Opus 4.7 via a Bedrock Application Inference Profile ARN

Notes