2.1.133 untested · changelog-derived

Claude Code 2.1.133

**`worktree.baseRef` setting** — agents can now choose whether new worktrees branch from origin (fresh isolation) or local HEAD (preserving unpushed work). This is critical for multi-agent workflows where one agent's uncommitted code should flow to isolation worktrees, and for developer flows that rely on local draft branches.

6 new primitives 3 workflow recipes 13 fixes

New primitives

worktree.baseRefsetting

Choose whether `--worktree`, `EnterWorktree`, and agent-isolation worktrees branch from `origin/<default>` or local `HEAD`

Added `worktree.baseRef` setting (`fresh` \
sandbox.bwrapPathsetting

Specify custom bubblewrap binary location (Linux/WSL)

Added `sandbox.bwrapPath` and `sandbox.socatPath` managed settings (Linux/WSL) to specify custom bubblewrap and socat binary locations
sandbox.socatPathsetting

Specify custom socat binary location (Linux/WSL)

Added `sandbox.bwrapPath` and `sandbox.socatPath` managed settings (Linux/WSL) to specify custom bubblewrap and socat binary locations
parentSettingsBehaviorsetting

Admin-tier key to opt SDK `managedSettings` (parent tier) into policy merge (`'first-wins'` or `'merge'`)

Added `parentSettingsBehavior` admin-tier key (`'first-wins'` \
effort.level (hooks)capability

Hooks now receive active effort level via JSON input field

Hooks now receive the active effort level via the `effort.level` JSON input field and the `$CLAUDE_EFFORT` environment variable
$CLAUDE_EFFORTenv-var

Bash tool commands can read the active effort level

Hooks now receive the active effort level via the `effort.level` JSON input field and the `$CLAUDE_EFFORT` environment variable, and Bash tool commands can read `$CLAUDE_EFFORT`

Workflow recipes

Draft-Preserving Agent Isolation
worktree.baseRef + effort.level (JSON/env)

Multi-agent workflows often need a parent agent to hand off draft code (uncommitted local changes) to a child agent in an isolated worktree. Previously, isolation always branched from remote origin, forcing commits or loss of work. Now agents can set worktree.baseRef: "head" to preserve local HEAD, and child agents can read $CLAUDE_EFFORT to determine retry/validation depth without explicit parameter passing.

A code-generation parent spawns a child agent in a worktree with baseRef: "head", preserving draft schemas or generated scaffolding. The child reads its isolation depth from $CLAUDE_EFFORT to auto-scale test coverage (low effort → smoke tests only; high effort → full suite). When complete, the parent can merge the worktree back and decide whether to commit. This unblocks iterative workflows where generations are not final until review.

Effort-Aware Hook Automation
$CLAUDE_EFFORT environment variable + Hooks receiving effort.level JSON input

Hooks are the primary escape hatch for build systems, formatters, and pre-commit checks. Previously, hooks had no way to know the user's intent (quick smoke test vs. deep audit). Now hooks can branch on $CLAUDE_EFFORT or parse the JSON input to scale validation: skip expensive checks on low effort, run all checks on high/ultra.

A pre-commit hook script reads $CLAUDE_EFFORT and adjusts behavior: low effort runs linter and unit tests only; high effort adds integration tests and type coverage; ultra effort runs fuzzing and adversarial checks. Agents tuning /effort low for speed get fast feedback; /effort high for rigor gets comprehensive validation without manual configuration. The hook stays one-size-fits-all and scales automatically.

Enterprise Admin Settings Bridge (SDK + CLI)
parentSettingsBehavior admin-tier setting + sandbox.bwrapPath / sandbox.socatPath

Organizations running Claude via SDK (managed parent tier) and CLI (user tier) have conflicting sandbox and security policies. Previously, admin-managed settings always won-only (first-wins), forcing CLI users to match parent sandbox paths. Now admins can opt into merge behavior to let CLI users override sandbox locations (e.g., company-provided socat) while parent tier still controls sensitive policies (token handling, proxy rules).

An enterprise deploys Claude SDK with parent-managed sandbox.socatPath pointing to their secure binary. Developers running claude CLI can now override this with a project .claude/settings.json if their environment requires a different path, and both policies merge safely. parentSettingsBehavior: 'merge' unblocks this without requiring every developer to accept the parent path verbatim.

Agentic relevance

2.1.133 strengthens multi-agent isolation and configuration control. The `worktree.baseRef` setting fixes a critical gap for agent-delegation workflows by letting admins preserve unpushed local commits in isolation worktrees — previously agents spawned in fresh worktrees would lose draft work. The `effort.level` JSON/env exposure lets hooks and Bash commands introspect the active effort tier, enabling conditional behavior (retry logic, verbosity, scope). The `parentSettingsBehavior` admin setting unblocks enterprise SDK integration patterns. The hardening suite (session token race, network-drive access, skill discovery, Remote Control interrupts) improves reliability for long-running agent chains and enterprise deployments.

Hardening & fixes (13)

  • Fixed parallel sessions all dead-ending at 401 after a refresh-token race wiped shared credentials
  • Fixed `Edit`/`Write` allow rules scoped to a drive root (`C:\`) or POSIX `/` matching incorrectly and always prompting
  • Fixed an unhandled rejection (`ECOMPROMISED`) when a history or session-log file lock is compromised by clock skew or slow disk
  • Fixed pressing Esc during conversation compaction showing a spurious "Error compacting conversation" notification
  • Fixed `HTTP(S)_PROXY` / `NO_PROXY` / mTLS not being respected for the full MCP OAuth flow including discovery, dynamic client registration, token exchange, and token refresh
  • Fixed Read/Write/Edit being denied on mapped network drives passed via `--add-dir` / SDK `additionalDirectories`
  • Fixed Remote Control stop/interrupt from claude.ai not fully canceling the CLI session the same way local Esc does, causing queued messages to never advance after interrupting a stuck tool or prompt
  • Fixed `/effort` in one session unexpectedly changing the effort level of other concurrent sessions, and a related issue where an IDE effort change could be silently dropped
  • Fixed subagents not discovering project, user, or plugin skills via the Skill tool
  • Improved focus mode behavior
  • Improved memory usage by releasing warm-spare background workers under memory pressure
  • `claude --help` now lists `--remote-control` alongside `--remote-control-session-name-prefix`
  • [VSCode] Fixed `claudeCode.claudeProcessWrapper` failing with "Unsupported platform" when the extension build doesn't bundle a Claude binary

Raw changelog

## 2.1.133

- Added `worktree.baseRef` setting (`fresh` | `head`) to choose whether `--worktree`, `EnterWorktree`, and agent-isolation worktrees branch from `origin/<default>` or local `HEAD`. **Note:** the default `fresh` changes `EnterWorktree`'s base back to `origin/<default>` (it has been local `HEAD` since 2.1.128) — set `worktree.baseRef: "head"` to keep unpushed commits in new worktrees
- Added `sandbox.bwrapPath` and `sandbox.socatPath` managed settings (Linux/WSL) to specify custom bubblewrap and socat binary locations
- Added `parentSettingsBehavior` admin-tier key (`'first-wins' | 'merge'`) to let admins opt SDK `managedSettings` (parent tier) into the policy merge
- Hooks now receive the active effort level via the `effort.level` JSON input field and the `$CLAUDE_EFFORT` environment variable, and Bash tool commands can read `$CLAUDE_EFFORT`
- Improved focus mode behavior
- Improved memory usage by releasing warm-spare background workers under memory pressure
- Fixed parallel sessions all dead-ending at 401 after a refresh-token race wiped shared credentials
- Fixed `Edit`/`Write` allow rules scoped to a drive root (`C:\`) or POSIX `/` matching incorrectly and always prompting
- Fixed an unhandled rejection (`ECOMPROMISED`) when a history or session-log file lock is compromised by clock skew or slow disk
- Fixed pressing Esc during conversation compaction showing a spurious "Error compacting conversation" notification
- Fixed `HTTP(S)_PROXY` / `NO_PROXY` / mTLS not being respected for the full MCP OAuth flow including discovery, dynamic client registration, token exchange, and token refresh
- Fixed Read/Write/Edit being denied on mapped network drives passed via `--add-dir` / SDK `additionalDirectories`
- Fixed Remote Control stop/interrupt from claude.ai not fully canceling the CLI session the same way local Esc does, causing queued messages to never advance after interrupting a stuck tool or prompt
- Fixed `/effort` in one session unexpectedly changing the effort level of other concurrent sessions, and a related issue where an IDE effort change could be silently dropped
- Fixed subagents not discovering project, user, or plugin skills via the Skill tool
- `claude --help` now lists `--remote-control` alongside `--remote-control-session-name-prefix`
- [VSCode] Fixed `claudeCode.claudeProcessWrapper` failing with "Unsupported platform" when the extension build doesn't bundle a Claude binary
All 395 primitives Book a call