2.1.101 untested · changelog-derived

Claude Code 2.1.101

**`/team-onboarding` command** — generates a teammate ramp-up guide from your local Claude Code usage patterns. Enables knowledge transfer and onboarding automation without manual documentation.

6 new primitives 3 workflow recipes 42 fixes

New primitives

/team-onboardingcommand

Generate a teammate ramp-up guide from your local Claude Code usage

Added `/team-onboarding` command to generate a teammate ramp-up guide from your local Claude Code usage
CLAUDE_CODE_CERT_STORE=bundledenv-var

Override to use only bundled CAs instead of OS CA certificate store trust

Added OS CA certificate store trust by default, so enterprise TLS proxies work without extra setup (set `CLAUDE_CODE_CERT_STORE=bundled` to use only bundled CAs)
/ultraplan auto-environmentcapability

Remote-session features now auto-create a default cloud environment instead of requiring web setup first

`/ultraplan` and other remote-session features now auto-create a default cloud environment instead of requiring web setup first
OTEL_LOG_USER_PROMPTSenv-var

Beta tracing can now be configured to log user prompts

Improved beta tracing to honor `OTEL_LOG_USER_PROMPTS`, `OTEL_LOG_TOOL_DETAILS`, and `OTEL_LOG_TOOL_CONTENT`; sensitive span attributes are no longer emitted unless opted in
OTEL_LOG_TOOL_DETAILSenv-var

Beta tracing can now be configured to log tool details

Improved beta tracing to honor `OTEL_LOG_USER_PROMPTS`, `OTEL_LOG_TOOL_DETAILS`, and `OTEL_LOG_TOOL_CONTENT`; sensitive span attributes are no longer emitted unless opted in
OTEL_LOG_TOOL_CONTENTenv-var

Beta tracing can now be configured to log tool content

Improved beta tracing to honor `OTEL_LOG_USER_PROMPTS`, `OTEL_LOG_TOOL_DETAILS`, and `OTEL_LOG_TOOL_CONTENT`; sensitive span attributes are no longer emitted unless opted in

Workflow recipes

Automated Team Onboarding with Remote Agents
/team-onboarding command + /ultraplan auto-environment + OTEL tracing env-vars

Team ramp-up guides paired with auto-provisioned remote environments enable agents to train peers asynchronously without manual setup. Tracing visibility lets coordinators audit what knowledge was transferred and where agents struggled.

Agent A runs /team-onboarding to extract the team's accumulated Claude Code patterns and best practices from local session history. Agent B uses /ultraplan auto-environment to instantly spawn a cloud workspace for peer training. A configures OTEL_LOG_USER_PROMPTS=true to record the teaching loop, then synthesizes a report for future agents to learn from without repeating queries.

Enterprise Proxy with Traceable Cloud Orchestration
CLAUDE_CODE_CERT_STORE=bundled env-var + /ultraplan auto-environment + improved refusal/rate-limit error messages

Teams behind enterprise TLS proxies can now trust the OS CA store (or pin to bundled), auto-create remote sessions without web friction, and see transparent error messages when hitting rate limits or API refusals — enabling agents to retry or escalate intelligently.

Admin sets CLAUDE_CODE_CERT_STORE=bundled in managed settings; agents spawn /ultraplan cloud environments that inherit the config and immediately operate behind the corporate proxy. When rate-limited, agents read the reset timestamp from the improved error message and queue themselves for retry. Failed API calls now include the full refusal reason, letting coordination layers route work to fallback models.

Resilient Multi-Agent Session Recovery
Hardened --resume/--continue chain recovery + isolated worktree file access fixes + permissions.deny override fixes

Subagents can now safely resume interrupted sessions from deep isolation, read/write files in their own worktree without permission barriers, and have deny rules properly enforced. This unlocks durable conversation recovery across agent handoffs without loss or privilege escalation.

Agent A starts a large document analysis in parallel worktrees, hits an infrastructure failure mid-run, and resume picks up the live conversation from the branching point. Agent B inherits the resume and reads intermediate analysis files within the worktree without waiting for permission dialogs. Deny rules for sensitive paths are now enforced even when hooks attempt to override them, so agents can't accidentally escalate to files they shouldn't touch.

Agentic relevance

The `/team-onboarding` command and auto-environment creation for `/ultraplan` unlock better multi-agent orchestration by reducing setup friction and capturing institutional knowledge. The new tracing env-vars (`OTEL_LOG_*`) enable agents to debug and audit their own operations at scale. Together with 40+ hardening fixes targeting session recovery, permissions, and tool availability, this version stabilizes the foundation for reliable agent delegation and resume workflows.

Hardening & fixes (42)

  • **Settings resilience**: unrecognized hook event names in `settings.json` no longer cause the entire file to be ignored
  • **Brief mode retry**: improved to retry once when Claude responds with plain text instead of a structured message
  • **Focus mode summaries**: Claude now writes more self-contained summaries since it knows you only see its final message
  • **Tool-not-available errors**: improved to explain why and how to proceed when the model calls a tool that exists but isn't available
  • **Rate-limit retry messages**: show which limit was hit and when it resets instead of an opaque seconds countdown
  • **Refusal error messages**: now include the API-provided explanation when available
  • **Session resume by name**: `claude -p --resume <name>` now accepts session titles set via `/rename` or `--name`
  • **Plugin hooks with managed settings**: force-enabled plugins now run hooks when `allowManagedHooksOnly` is set
  • **Plugin marketplace warnings**: `/plugin` and `claude plugin update` show a warning when marketplace refresh fails
  • **Plan mode Ultraplan option**: hidden when the user's org or auth setup can't reach Claude Code on the web
  • **SDK query cleanup**: improved to clean up subprocess and temp files when consumers `break` from `for await` or use `await using`
  • **Command injection vulnerability (LSP binary detection)**: fixed in the POSIX `which` fallback
  • **Memory leak in long sessions**: fixed where sessions retained dozens of historical copies of the message list
  • **Resume context loss**: fixed `--resume`/`--continue` losing conversation context on large sessions
  • **Resume chain recovery**: fixed bridging into unrelated subagent conversations
  • **Resume crash on missing file_path**: fixed crash when persisted Edit/Write tool result was missing its `file_path`
  • **Hardcoded timeout**: fixed 5-minute request timeout that aborted slow backends regardless of `API_TIMEOUT_MS`
  • **Permissions.deny override**: fixed rules not overriding a PreToolUse hook's `permissionDecision: "ask"`
  • **Cleanup history deletion**: fixed `--setting-sources` without `user` deleting history older than 30 days
  • **Bedrock SigV4 auth**: fixed 403 failures when `ANTHROPIC_AUTH_TOKEN`, `apiKeyHelper`, or `ANTHROPIC_CUSTOM_HEADERS` set an Authorization header
  • **Worktree cleanup stale directory**: fixed `claude -w <name>` failing with "already exists"
  • **Subagent MCP tools**: fixed subagents not inheriting MCP tools from dynamically-injected servers
  • **Isolated worktree file access**: fixed sub-agents being denied Read/Edit access to files inside their own worktree
  • **Sandboxed Bash mktemp**: fixed commands failing with `mktemp: No such file or directory` after fresh boot
  • **MCP serve tool calls**: fixed failing with "Tool execution failed" in MCP clients validating `outputSchema`
  • **RemoteTrigger run action**: fixed sending an empty body and being rejected by the server
  • **Resume picker issues**: fixed narrow default view hiding sessions, unreachable preview on Windows Terminal, incorrect cwd in worktrees, and other UX issues
  • **Grep tool ENOENT**: fixed when embedded ripgrep binary path becomes stale; now falls back to system `rg`
  • **BTW command disk write**: fixed writing a copy of entire conversation on every use
  • **Context breakdown**: fixed `/context` Free space and Messages breakdown disagreeing with header percentage
  • **Plugin issues**: fixed slash commands resolving to wrong plugin, `/plugin update` ENAMETOOLONG, stale version cache, and frontmatter field honor
  • **MCP menu OAuth actions**: fixed offering OAuth-specific actions for servers configured with `headersHelper`
  • **Control key keybindings**: fixed `ctrl+]`, `ctrl+\`, `ctrl+^` not firing in raw C0 control byte terminals
  • **OAuth URL rendering**: fixed `/login` URL rendering with padding preventing clean mouse selection
  • **Rendering issues**: fixed flicker in non-fullscreen mode, terminal scrollback wiping, and escape sequence leaks
  • **Settings env value type**: fixed crash when `settings.json` env values are numbers instead of strings
  • **In-app settings refresh**: fixed writes not refreshing in-memory snapshot
  • **Custom keybindings on third-party providers**: fixed not loading on Bedrock, Vertex, and other providers
  • **Continue with portable sessions**: fixed `claude --continue -p` not correctly continuing sessions
  • **Remote Control issues**: fixed worktree removal on crash, connection persistence, spurious "Disconnected" indicator, and SSH failures
  • **Insights report link**: fixed `/insights` sometimes omitting the report file link
  • **VSCode file attachment clearing**: fixed not clearing when last editor tab is closed

Raw changelog

## 2.1.101

- Added `/team-onboarding` command to generate a teammate ramp-up guide from your local Claude Code usage
- Added OS CA certificate store trust by default, so enterprise TLS proxies work without extra setup (set `CLAUDE_CODE_CERT_STORE=bundled` to use only bundled CAs)
- `/ultraplan` and other remote-session features now auto-create a default cloud environment instead of requiring web setup first
- Improved brief mode to retry once when Claude responds with plain text instead of a structured message
- Improved focus mode: Claude now writes more self-contained summaries since it knows you only see its final message
- Improved tool-not-available errors to explain why and how to proceed when the model calls a tool that exists but isn't available in the current context
- Improved rate-limit retry messages to show which limit was hit and when it resets instead of an opaque seconds countdown
- Improved refusal error messages to include the API-provided explanation when available
- Improved `claude -p --resume <name>` to accept session titles set via `/rename` or `--name`
- Improved settings resilience: an unrecognized hook event name in `settings.json` no longer causes the entire file to be ignored
- Improved plugin hooks from plugins force-enabled by managed settings to run when `allowManagedHooksOnly` is set
- Improved `/plugin` and `claude plugin update` to show a warning when the marketplace could not be refreshed, instead of silently reporting a stale version
- Improved plan mode to hide the "Refine with Ultraplan" option when the user's org or auth setup can't reach Claude Code on the web
- Improved beta tracing to honor `OTEL_LOG_USER_PROMPTS`, `OTEL_LOG_TOOL_DETAILS`, and `OTEL_LOG_TOOL_CONTENT`; sensitive span attributes are no longer emitted unless opted in
- Improved SDK `query()` to clean up subprocess and temp files when consumers `break` from `for await` or use `await using`
- Fixed a command injection vulnerability in the POSIX `which` fallback used by LSP binary detection
- Fixed a memory leak where long sessions retained dozens of historical copies of the message list in the virtual scroller
- Fixed `--resume`/`--continue` losing conversation context on large sessions when the loader anchored on a dead-end branch instead of the live conversation
- Fixed `--resume` chain recovery bridging into an unrelated subagent conversation when a subagent message landed near a main-chain write gap
- Fixed a crash on `--resume` when a persisted Edit/Write tool result was missing its `file_path`
- Fixed a hardcoded 5-minute request timeout that aborted slow backends (local LLMs, extended thinking, slow gateways) regardless of `API_TIMEOUT_MS`
- Fixed `permissions.deny` rules not overriding a PreToolUse hook's `permissionDecision: "ask"` — previously the hook could downgrade a deny into a prompt
- Fixed `--setting-sources` without `user` causing background cleanup to ignore `cleanupPeriodDays` and delete conversation history older than 30 days
- Fixed Bedrock SigV4 authentication failing with 403 when `ANTHROPIC_AUTH_TOKEN`, `apiKeyHelper`, or `ANTHROPIC_CUSTOM_HEADERS` set an Authorization header
- Fixed `claude -w <name>` failing with "already exists" after a previous session's worktree cleanup left a stale directory
- Fixed subagents not inheriting MCP tools from dynamically-injected servers
- Fixed sub-agents running in isolated worktrees being denied Read/Edit access to files inside their own worktree
- Fixed sandboxed Bash commands failing with `mktemp: No such file or directory` after a fresh boot
- Fixed `claude mcp serve` tool calls failing with "Tool execution failed" in MCP clients that validate `outputSchema`
- Fixed `RemoteTrigger` tool's `run` action sending an empty body and being rejected by the server
- Fixed several `/resume` picker issues: narrow default view hiding sessions from other projects, unreachable preview on Windows Terminal, incorrect cwd in worktrees, session-not-found errors not surfacing in stderr, terminal title not being set, and resume hint overlapping the prompt input
- Fixed Grep tool ENOENT when the embedded ripgrep binary path becomes stale (VS Code extension auto-update, macOS App Translocation); now falls back to system `rg` and self-heals mid-session
- Fixed `/btw` writing a copy of the entire conversation to disk on every use
- Fixed `/context` Free space and Messages breakdown disagreeing with the header percentage
- Fixed several plugin issues: slash commands resolving to the wrong plugin with duplicate `name:` frontmatter, `/plugin update` failing with `ENAMETOOLONG`, Discover showing already-installed plugins, directory-source plugins loading from a stale version cache, and skills not honoring `context: fork` and `agent` frontmatter fields
- Fixed the `/mcp` menu offering OAuth-specific actions for MCP servers configured with `headersHelper`; Reconnect is now offered instead to re-invoke the helper script
- Fixed `ctrl+]`, `ctrl+\`, and `ctrl+^` keybindings not firing in terminals that send raw C0 control bytes (Terminal.app, default iTerm2, xterm)
- Fixed `/login` OAuth URL rendering with padding that prevented clean mouse selection
- Fixed rendering issues: flicker in non-fullscreen mode when content above the visible area changed, terminal scrollback being wiped during long sessions in non-fullscreen mode, and mouse-scroll escape sequences occasionally leaking into the prompt as text
- Fixed crash when `settings.json` env values are numbers instead of strings
- Fixed in-app settings writes (e.g. `/add-dir --remember`, `/config`) not refreshing the in-memory snapshot, preventing removed directories from being revoked mid-session
- Fixed custom keybindings (`~/.claude/keybindings.json`) not loading on Bedrock, Vertex, and other third-party providers
- Fixed `claude --continue -p` not correctly continuing sessions created by `-p` or the SDK
- Fixed several Remote Control issues: worktrees removed on session crash, connection failures not persisting in the transcript, spurious "Disconnected" indicator in brief mode for local sessions, and `/remote-control` failing over SSH when only `CLAUDE_CODE_ORGANIZATION_UUID` is set
- Fixed `/insights` sometimes omitting the report file link from its response
- [VSCode] Fixed the file attachment below the chat input not clearing when the last editor tab is closed
All 395 primitives Book a call