Matins
← All briefs
Matins
Friday 1 May — v2.1.126
32 changes / 5 actionable / 1 deep dive
Claude Code
  • --dangerously-skip-permissions now bypasses protected-path prompts. Writes to .claude/, .git/, .vscode/, and shell config files no longer trigger a prompt; only catastrophic removal commands still hit the safety net. (more below)
  • claude project purge deletes all Claude Code state for a project. Run with --dry-run first to preview what goes (transcripts, tasks, file history, config entry), then -y to confirm, or --all to purge every project at once.
  • Deferred tools now load for fork subagents on their first turn. If your skills with context: fork were silently missing WebSearch, WebFetch, and other deferred tools, that's fixed.
  • claude auth login accepts pasted OAuth codes in headless environments. WSL2, SSH, and container users who couldn't complete the browser callback can now paste the authorization code directly into the terminal.
  • Two "Stream idle timeout" false alarms squashed. Waking a Mac from sleep mid-request and long thinking pauses in background/remote sessions no longer abort the stream.

New in 2.1.126

2.1.126 (May 1, 2026)

  • The /model picker now lists models from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway
  • Added claude project purge [path] to delete all Claude Code state for a project (transcripts, tasks, file history, config entry), supports --dry-run, -y/--yes, -i/--interactive, and --all
  • --dangerously-skip-permissions now bypasses prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)
  • claude auth login now accepts the OAuth code pasted into the terminal when the browser callback can't reach localhost (WSL2, SSH, containers)
  • claude_code.skill_activated OpenTelemetry event now fires for user-typed slash commands and carries a new invocation_trigger attribute ("user-slash", "claude-proactive", or "nested-skill")
  • Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running
  • Host-managed deployments (CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST) no longer auto-disable analytics on Bedrock/Vertex/Foundry
  • Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or .NET global tool is now detected
  • Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash
  • Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and "this is not malware" commentary on legacy models
  • Security: Fixed allowManagedDomainsOnly / allowManagedReadPathsOnly being ignored when a higher-priority managed-settings source lacked a sandbox block
  • Fixed pasting an image larger than 2000px breaking the session, images are now downscaled on paste, and oversized images in history are automatically removed and the request retried
  • Fixed showing the login screen for "OAuth not allowed for organization" errors, now shows guidance to contact your admin
  • Fixed OAuth login failing with timeout on slow or proxied connections, in IPv6-only devcontainers, and when the browser callback can't reach localhost
  • Fixed a rare race where a concurrent credential write could clear a valid OAuth refresh token
  • Fixed API retry countdown sticking at "0s" instead of counting down between attempts
  • Fixed "Stream idle timeout" error after waking Mac from sleep mid-request
  • Fixed background and remote sessions falsely aborting with "Stream idle timeout" during long model thinking pauses
  • Fixed a hang where the assistant could finish thinking but show no output after a run of empty turns
  • Fixed overly fast trackpad scrolling in Cursor and VS Code 1.92-1.104 integrated terminals
  • Fixed claude.ai MCP connectors being suppressed by manual servers stuck in needs-auth state
  • Fixed Japanese/Korean/Chinese text rendering as garbled characters on Windows in no-flicker mode
  • Fixed Ctrl+L clearing the prompt input, it now only forces a screen redraw, matching readline behavior
  • Fixed deferred tools (WebSearch, WebFetch, etc.) not being available to skills with context: fork and other subagents on their first turn
  • Fixed plan-mode tools being unavailable in interactive sessions launched with --channels
  • Fixed /plugin Uninstall reporting "Enabled" instead of "Uninstalled"
  • Bounded total size of file-modified reminders when a linter touches many files at once
  • Fixed /remote-control retries appearing stuck on "connecting..." each retry now shows its result
  • Fixed Remote Control failure notification not showing the error reason for initial connection failures
  • Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes >22KB selections not reaching the clipboard
  • PowerShell tool: bare -- (e.g. git diff -- file) is no longer mis-flagged as the --% stop-parsing token
  • Fixed Agent SDK hang when the model emits a malformed tool name in a parallel tool call batch

Notes

--dangerously-skip-permissions is converging on "skip all permissions." In 2.1.121, Anthropic stopped prompting for writes to .claude/skills/, .claude/agents/, and .claude/commands/. 2.1.126 extends that to all of .claude/, .git/, .vscode/, and shell config files. The only remaining guardrail is a safety net for catastrophic removals (rm -rf /, deleting $HOME, etc.). If you use this flag in CI or automation, the practical effect is that your scripts can now modify project config, git hooks, and editor settings without stalling on a prompt. The tradeoff is explicit: you opted into the flag, and Anthropic is honoring that opt-in more completely.