Claude Code Weekly Updates (2.1.120 - 2.1.126)
Here are the Claude Code changes from April 27 to May 3, 2026 that caught my attention.
Anthropic’s Claude Code change volume is somewhat reduced lately, making this a relatively calm week.
TL;DR
version: 2.1.120 -> 2.1.126 (Changes: 113) Important topics:
- Terminal completion notifications now reach you on the Claude Code mobile app (PushNotification)
- New
claude project purgesubcommand wipes all Claude Code state for a project --dangerously-skip-permissionsnow also allows writes to.claude/,.git/,.vscode/, and shell config files- The
/modelpicker reads models from your gateway’s/v1/modelsendpoint whenANTHROPIC_BASE_URLpoints at an Anthropic-compatible gateway - Plan mode can now run with auto mode active via the
useAutoModeDuringPlansetting - Pasting a PR URL into the
/resumesearch box jumps straight to the originating session - New
ANTHROPIC_BEDROCK_SERVICE_TIERenv var to select Bedrock service tiers (default/flex/priority)
Claude Code Topics
Terminal completions arrive on the Claude Code mobile app
Claude Code completion notifications running in your terminal can now be received on the mobile app (iOS / Android). The flow is three steps: pair your mobile app with /remote-control, then enable Push when Claude decides under /config.
Claude Code can now send push notifications to your phone when a long task finishes or Claude needs your input. Walk away from the terminal, we'll let you know when it's done.
There is a caveat though: notifications only fire for sessions where Remote Control is active. If you want to receive notifications from every local session, set Enable Remote Control for all sessions to true from /config so the behavior lines up.
claude project purge and a wider --dangerously-skip-permissions
v2.1.126 adds claude project purge [path], a subcommand that wipes Claude Code’s footprint for a single project. It deletes transcripts, tasks, file history, and the config entry, supports --dry-run, -y/--yes, -i/--interactive, and --all. Useful when you return a work laptop, or recycle a directory between unrelated projects.
The same release also widens --dangerously-skip-permissions. Paths that used to be guarded (.claude/, .git/, .vscode/, shell config files, and other previously-protected paths) now go through without a prompt. The safety net for catastrophic removal commands stays in place.
The practical reading is “if you keep slapping dangerously-skip-permissions everywhere, the agent now reaches into directories that used to be off-limits.” If you used to default to --dangerously-skip-permissions, switching to auto mode plus rule-based allow / deny is the safer modern option.
Code with Claude (developer conference) livestream signup
Anthropic’s developer conference Code with Claude is happening soon. The lineup is heavy on Claude Code developer sessions this year: Anthropic engineers will be talking directly about how to use Claude Code and the internals of the harness. The livestream signup is open, so registering for viewing is a safe move even if you cannot attend in person.
Code with Claude, our developer conference, returns next week. Whether you're just getting started with Claude Code or you've been building for a while, there's a session for you. Register for the livestream: claude.com/code-with-clau…
Aside #1: questions about Claude Code’s quality and a slower release pace
This week saw another dip in user satisfaction with Claude Code’s output quality, and “I’m using Codex more often” was a common refrain among my circle as well. Looking at the CHANGELOG itself, there were no big feature drops between v2.1.123 and v2.1.126, which is consistent with Anthropic spending cycles on quality tuning right now. Some adjustment beyond the factors flagged in the April 23 postmortem is plausible, and the small v2.1.122 / v2.1.123 releases this week line up with that interpretation.
For now, raising /effort explicitly and mixing in another agent like Codex for specific task types are the practical mitigations.
Aside #2: Claude Desktop adds creative-tool connectors for Blender, Ableton, Adobe, Autodesk Fusion, and more
A set of connectors has landed that let Claude Desktop drive creative-pro tools directly. The Blender connector lets Claude analyze and debug an entire 3D scene, or build custom scripts that batch-apply changes across multiple 3D objects.
Claude now connects to the tools creative professionals already use. With the new Blender connector, you can debug a scene, build new tools, or batch-apply changes across every object, directly from Claude.
The connectors added this round are Ableton, Adobe for creativity, Affinity by Canva, Autodesk Fusion, Blender, Resolume Arena and Resolume Wire, SketchUp, and Splice. You enable them by searching the tool’s name from Connectors in Claude Desktop. This is a different layer from Claude Code, but it’s worth tracking as a sign that Claude’s agentic capabilities are expanding into work outside of coding.
Claude Code Changelog
v2.1.120 (22 changes)
This is the official re-release of v2.1.120 after last week’s rollback. The headline items are dropping the Git for Windows (Git Bash) requirement on Windows, and the new claude ultrareview [target] subcommand for non-interactive use from CI / scripts.
Git for Windows (Git Bash) no longer required on Windows
Windows: Git for Windows (Git Bash) is no longer required, when absent, Claude Code uses PowerShell as the shell tool
When Git for Windows is not installed, Claude Code now uses PowerShell as the shell tool on Windows. The onboarding hurdle on Windows drops a notch, and v2.1.121 follows up by detecting PowerShell 7 installed via Microsoft Store, MSI, and .NET global tool paths.
claude ultrareview [target] runs reviews from CI
Added
claude ultrareview [target]subcommand to run/ultrareviewnon-interactively from CI or scripts, prints findings to stdout (--jsonfor raw output) and exits 0 on completion or 1 on failure
The new claude ultrareview [target] subcommand runs /ultrareview non-interactively from CI or any script. The contract is straightforward: findings go to stdout (--json for raw output), exit 0 on completion, exit 1 on failure. Easy to wire into PR checks or nightly batches.
Skills can read ${CLAUDE_EFFORT}
Skills can now reference the current effort level with
${CLAUDE_EFFORT}in their content
Skills can now reference the current effort level via ${CLAUDE_EFFORT} in their content. Branching on high / medium / low becomes simple to write.
AI_AGENT env var so gh can attribute traffic
Set
AI_AGENTenvironment variable for subprocesses soghcan attribute traffic to Claude Code
Subprocesses now get an AI_AGENT environment variable, so gh can attribute its GitHub API traffic back to Claude Code. Helpful when you want to reconcile rate limits or split agent-driven traffic in audit logs.
Esc no longer kills stdio MCP server connections (regression fix)
Fixed pressing Esc during a stdio MCP tool call closing the entire server connection (regression in 2.1.105)
The v2.1.105 regression where pressing Esc during a stdio MCP tool call closed the whole server connection is fixed. Quietly important for anyone running long-lived MCP servers.
v2.1.121 (39 changes)
alwaysLoad to skip tool-search deferral, claude plugin prune to clean up orphaned auto-installed dependencies, and a PostToolUse extension that lets you replace tool output for any tool: this version is heavy on operational quality-of-life.
alwaysLoad option in MCP server config
Added
alwaysLoadoption to MCP server config, whentrue, all tools from that server skip tool-search deferral and are always available
Setting alwaysLoad: true on an MCP server makes every tool from that server skip ToolSearch deferral and stay always-available. For MCP tools that you always reach for at the start of a task, this avoids the ToolSearch round-trip and saves the tokens / turns that go with tool selection.
claude plugin prune removes orphaned auto-installed dependencies
Added
claude plugin pruneto remove orphaned auto-installed plugin dependencies;plugin uninstall --prunecascades
claude plugin prune removes auto-installed dependency plugins that nothing depends on anymore. plugin uninstall --prune makes uninstall cascade through orphaned dependencies.
PostToolUse hook can replace output for every tool
PostToolUse hooks can now replace tool output for all tools via
hookSpecificOutput.updatedToolOutput(previously MCP-only)
hookSpecificOutput.updatedToolOutput on PostToolUse is no longer MCP-only. Built-in tools like Bash, Read, and Edit can now have their output rewritten by the hook (redacting secrets, reshaping results, etc.) before it reaches the model.
--dangerously-skip-permissions allows writes to Skills / Agents / Commands
--dangerously-skip-permissionsno longer prompts for writes to.claude/skills/,.claude/agents/, and.claude/commands/
--dangerously-skip-permissions no longer prompts for writes to .claude/skills/, .claude/agents/, or .claude/commands/. (v2.1.126 widens this further to all of .claude/ and .git/.)
Type-to-filter search box in /skills
Added a type-to-filter search box to
/skillsso you can find a skill in long lists without scrolling
/skills now has a type-to-filter search box, useful when your skill list has grown long.
Vertex AI: X.509 mTLS Workload Identity Federation
Vertex AI: support X.509 certificate-based Workload Identity Federation (mTLS ADC)
Vertex AI now supports X.509 certificate-based Workload Identity Federation (mTLS ADC), making it easier to run in enterprise environments where Workload Identity is mandatory on the GCP side.
Memory leak fix for image-heavy sessions
Fixed unbounded memory growth (multi-GB RSS) when processing many images in a session
Sessions that process many images no longer leak memory unboundedly (previously seeing multi-GB RSS growth). /usage had a similar issue (up to ~2GB) that is also fixed.
v2.1.122 & v2.1.123 (19 changes)
The center of mass is /resume finding sessions from PR URLs, env-var selection of Bedrock service tiers, and small Vertex AI / Bedrock bug fixes. v2.1.123 contained only the OAuth 401 retry-loop fix, so the two are merged here.
ANTHROPIC_BEDROCK_SERVICE_TIER environment variable
Added
ANTHROPIC_BEDROCK_SERVICE_TIERenvironment variable to select a Bedrock service tier (default,flex, orpriority), sent as theX-Amzn-Bedrock-Service-Tierheader
You can now choose a Bedrock service tier (default / flex / priority) via env var, sent through the X-Amzn-Bedrock-Service-Tier header. Bedrock-side capacity management is now controllable at the CLI level.
Paste a PR URL into /resume to find the session
Pasting a PR URL into the
/resumesearch box now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, and Bitbucket)
Pasting a PR / merge-request URL into the /resume search box jumps directly to the session that created that PR. Works for GitHub, GitHub Enterprise, GitLab, and Bitbucket. The review-feedback to fix loop gets a step shorter when you can step back into the originating session in one move.
/mcp cleans up duplicate claude.ai connectors
/mcpnow shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate
When a claude.ai connector and a manually-added MCP server share a URL, /mcp now surfaces the duplicate and hints to remove it. The previously-confusing duplicate-config behavior is now explicit.
Vertex AI / Bedrock output_config fixes
Fixed Vertex AI / Bedrock returning
invalid_request_error: output_config: Extra inputs are not permittedon session-title generation and other structured-output queries
Structured-output requests like session-title generation no longer return output_config: Extra inputs are not permitted (HTTP 400) on Vertex AI and Bedrock.
v2.1.123: OAuth 401 retry-loop fix
Fixed OAuth authentication failing with a 401 retry loop when
CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1is set
Pinpoint fix for an OAuth 401 retry loop that triggered when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 was set. v2.1.123 contains this single change.
v2.1.126 (33 changes)
claude project purge, the wider --dangerously-skip-permissions, and /v1/models lookup from the ANTHROPIC_BASE_URL gateway, several operationally meaningful additions land in the same release. Plus the removal of the per-file malware-assessment reminder on the Read tool for legacy models.
claude project purge [path]
Added
claude project purge [path]to delete all Claude Code state for a project (transcripts, tasks, file history, config entry), supports--dry-run,-y/--yes,-i/--interactive, and--all
claude project purge [path] deletes all Claude Code state for a project (transcripts, tasks, file history, config entry). Combine --dry-run (preview), -y / --yes (skip confirmations), -i / --interactive (interactive deletion), and --all (all projects at once).
--dangerously-skip-permissions widens its scope
--dangerously-skip-permissionsnow bypasses prompts for writes to.claude/,.git/,.vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)
Previously protected paths (.claude/, .git/, .vscode/, shell config files) now go through --dangerously-skip-permissions without a prompt. Catastrophic removal commands like rm -rf / still hit the safety prompt.
This is welcome if you want to automate updates to CLAUDE.md and other project config, but the ability to touch .git/ is a fairly strong permission. Switching to auto mode with rule-based fine-grained control is the safer way to opt in.
ANTHROPIC_BASE_URL gateway: read models from /v1/models
The
/modelpicker now lists models from your gateway’s/v1/modelsendpoint whenANTHROPIC_BASE_URLpoints at an Anthropic-compatible gateway
When ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway, the /model picker now lists models pulled from that gateway’s /v1/models endpoint. Setups that go through LiteLLM, Helicone, or an internal gateway will see “what’s actually available” reflected directly in the CLI.
claude_code.skill_activated telemetry gains invocation_trigger
claude_code.skill_activatedOpenTelemetry event now fires for user-typed slash commands and carries a newinvocation_triggerattribute ("user-slash","claude-proactive", or"nested-skill")
The claude_code.skill_activated telemetry event now fires for user-typed slash commands, and a new invocation_trigger attribute distinguishes the trigger source (user-slash / claude-proactive / nested-skill). Organizations measuring how Skills are used now have one more level of granularity.
Auto mode spinner turns red on stalled permissions
Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running
In auto mode, the spinner now turns red when a permission check stalls. The previous behavior, where it looked like the tool was still running, has been a frequent point of confusion.
Read tool drops the malware-assessment reminder
Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and “this is not malware” commentary on legacy models
The per-file malware-assessment reminder, which occasionally caused legacy models to add “this is not malware” commentary or to refuse benign files, has been removed from the Read tool. Quietly helpful in Read-heavy sessions.
Pasting an oversized image no longer breaks the session
Fixed pasting an image larger than 2000px breaking the session, images are now downscaled on paste, and oversized images in history are automatically removed and the request retried
Pasting an image larger than 2000px no longer breaks the session. Images are downscaled on paste, and any oversized images already in history are automatically removed and the request retried.
Windows improvements
Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or
.NET global toolis now detected Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes >22KB selections not reaching the clipboard
A round of Windows fundamentals: PowerShell detection covers more install paths (Microsoft Store, MSI, .NET global tool), PowerShell becomes the primary shell when the PowerShell tool is enabled, and clipboard writes no longer expose copied content via process command-line arguments visible to EDR / SIEM telemetry.
Closing
Thank you for reading!