2.1.72 untested · changelog-derived

Claude Code 2.1.72

`ExitWorktree` tool — completes the symmetric pair for worktree isolation. `EnterWorktree` already existed; without `ExitWorktree` agents had no clean path back to the parent tree. This closes the loop and makes programmatic worktree workflows (branch-per-task, parallel agents, sparse-checkout isolation) fully composable without leaking session state.

9 new primitives 3 workflow recipes 41 fixes

New primitives

ExitWorktreetool

Leave an `EnterWorktree` session and return to the parent worktree

Added `ExitWorktree` tool to leave an `EnterWorktree` session
CLAUDE_CODE_DISABLE_CRONenv-var

Immediately stop scheduled cron jobs mid-session

Added `CLAUDE_CODE_DISABLE_CRON` environment variable to immediately stop scheduled cron jobs mid-session
model parameter on Agent toolcapability

Per-invocation model override when spawning subagents

Restored the `model` parameter on the Agent tool for per-invocation model overrides
/plan <description> optional argcommand

Enter plan mode and immediately start with a pre-seeded description

Added optional description argument to `/plan` (e.g., `/plan fix the auth bug`) that enters plan mode and immediately starts
/copy → w keyflag/key

Write the focused selection directly to a file, bypassing clipboard (SSH-safe)

Added `w` key in `/copy` to write the focused selection directly to a file, bypassing the clipboard (useful over SSH)
lsof, pgrep, tput, ss, fd, fdfind auto-approvalcapability

Six read-only tools added to bash auto-approval allowlist — no permission prompt

Added `lsof`, `pgrep`, `tput`, `ss`, `fd`, and `fdfind` to the bash auto-approval allowlist, reducing permission prompts for common read-only operations
CLAUDE.md HTML comment hidingcapability

`<!-- ... -->` comments in CLAUDE.md are hidden from Claude on auto-inject; still visible via Read tool

Changed CLAUDE.md HTML comments (`<!-- ... -->`) to be hidden from Claude when auto-injected. Comments remain visible when read with the Read tool
vscode://anthropic.claude-code/open URI handlercapability

Open a new Claude Code VSCode tab programmatically with optional `prompt` and `session` query params

VSCode: Added `vscode://anthropic.claude-code/open` URI handler to open a new Claude Code tab programmatically, with optional `prompt` and `session` query parameters
Effort levels simplified to low/medium/high + /effort autocommand/setting

Removed `max` tier; new symbols ○ ◐ ●; `/effort auto` resets to default

Simplified effort levels to low/medium/high (removed max) with new symbols (○ ◐ ●) and a brief notification instead of a persistent icon. Use `/effort auto` to reset to default

Workflow recipes

Model-differentiated parallel worktree agents
ExitWorktree tool + model parameter on Agent tool

The two primitives together make branch-isolated, model-differentiated subagent graphs practical. Before 2.1.72 you could enter a worktree but not cleanly exit it programmatically, and the model param was missing so every subagent used the same model regardless of task weight. Now an orchestrator can spin up a cheap fast model for boilerplate branches and a stronger model for high-stakes branches, then collect results back in the parent tree — all without leaking worktree state between agents.

Orchestrator spawns N Agent tool calls, each with a different model (e.g., Haiku for lint/format passes, Sonnet for logic rewrites). Each subagent calls EnterWorktree at the start and ExitWorktree at the end. Orchestrator merges diffs back on the main branch after all agents complete. The CLAUDE_CODE_DISABLE_CRON env-var acts as a kill switch if any branch spins out of control mid-session.

SSH-safe artifact extraction pipeline
/copy → w key + CLAUDE.md HTML comment hiding

Over SSH, clipboard-dependent extraction is unreliable or unavailable. The w key in /copy writes selections directly to a file, making artifact extraction clipboard-independent. Pairing this with CLAUDE.md HTML comment hiding means operators can embed private routing notes, prompt suppressors, or environment hints directly in CLAUDE.md without those instructions leaking into the model's context on auto-inject — a clean separation between human-readable ops commentary and model-visible instructions.

A remote SSH-based CI agent runs Claude Code headlessly. After each run, a hook or operator uses /copy + w to write the model's selected output directly to a target artifact file — no clipboard, no copy-paste errors. Meanwhile, CLAUDE.md carries <!-- CI_ONLY: do not mention cost estimates to the user --> style directives that are invisible to the model during normal execution but readable by the operator via the Read tool for audit. This gives a clean two-layer annotation system inside a single file.

Inline-scoped plan-mode triage with auto-approval reads
/plan <description> optional arg + lsof/pgrep/fd/fdfind auto-approval allowlist additions

/plan <description> lets an orchestrating agent or human pre-seed a plan-mode session with a concrete problem statement and start immediately, skipping the blank-prompt orientation loop. Combined with the six newly auto-approved read-only tools (lsof, pgrep, fd, etc.), the plan-mode agent can do broad environment reads (open files, running processes, fd-based file discovery) during plan construction without surfacing a permission prompt per tool — making the orientation phase of plan mode nearly frictionless.

A triage agent receives a bug report. It calls /plan diagnose: process leaked file handles in the auth service to enter plan mode with context. During plan construction the agent freely calls lsof, pgrep, and fd to map open handles, running pids, and relevant file paths — all auto-approved. The resulting plan is grounded in live system state rather than inferred structure, and the whole orientation-to-plan cycle runs without any human permission clicks.

Agentic relevance

`ExitWorktree` + the restored `model` param on Agent complete two previously-broken primitives for multi-agent worktree workflows: agents can now enter a branch context, do work, and cleanly exit without leaking session state, and the orchestrator can specify a cheaper or stronger model per subagent invocation. The `CLAUDE_CODE_DISABLE_CRON` env-var adds runtime circuit-breaker control for scheduled agents. The prompt-cache fix (up to 12x token cost reduction in SDK `query()`) is the highest-leverage hardening item for production agentic pipelines.

Hardening & fixes (41)

  • Fixed tool search not activating when `ANTHROPIC_BASE_URL` is set (requires `ENABLE_TOOL_SEARCH`).
  • Improved `/config`: Escape cancels, Enter saves and closes, Space toggles.
  • Up-arrow history now shows current session messages first across concurrent sessions.
  • Improved voice input transcription accuracy for dev terms (regex, OAuth, JSON, repo names).
  • Improved bash command parsing via native module — faster init, no memory leak.
  • Reduced bundle size by ~510 KB.
  • Added support for marketplace git URLs without `.git` suffix (Azure DevOps, AWS CodeCommit).
  • Improved marketplace clone failure messages with diagnostic info even on silent git stderr.
  • Fixed slow exits when background tasks or hooks were slow to respond.
  • Fixed agent task progress stuck on "Initializing…".
  • Fixed skill hooks firing twice per event when a hooks-enabled skill is invoked by the model.
  • Fixed voice mode: input lag, false "No speech detected" after push-to-talk release, stale transcripts re-filling prompt.
  • Fixed `--continue` not resuming from most recent point after `--compact`.
  • Fixed bash security parsing edge cases.
  • Fixed several plugin issues: Windows `EEXIST` in OneDrive, project-scope blocking user-scope installs, `PLUGIN_CACHE_DIR` literal `~` dirs, `plugin.json` marketplace-only fields.
  • Fixed `--effort` CLI flag being reset by unrelated settings writes on startup.
  • Fixed backgrounded Ctrl+B queries losing transcript or corrupting new conversation after `/clear`.
  • Fixed `/clear` killing background agent/bash tasks (now only foreground tasks cleared).
  • Fixed worktree isolation: Task tool resume not restoring cwd; background notifications missing `worktreePath`/`worktreeBranch`.
  • Fixed `/model` not displaying results while Claude is working.
  • Fixed digit keys selecting menu options in plan mode permission prompt text input.
  • Fixed sandbox permission issues: file writes incorrectly allowed; output redirections to `/tmp/claude/` prompting unnecessarily.
  • Improved CPU utilization in long sessions.
  • Fixed prompt cache invalidation in SDK `query()` — reduces input token costs up to 12x.
  • Fixed Escape becoming unresponsive after cancelling a query.
  • Fixed double Ctrl+C not exiting when background agents/tasks are running.
  • Fixed team agents not inheriting leader's model.
  • Fixed "Always Allow" saving rules that never match again.
  • Fixed hooks: `transcript_path` wrong dir for resumed/forked sessions; agent `prompt` silently deleted from settings.json on write; PostToolUse block reason displaying twice; async hooks not receiving stdin; validation error example failing validation.
  • Fixed session crashes when Read returned U+2028/U+2029 characters.
  • Fixed terminal title cleared on exit despite `CLAUDE_CODE_DISABLE_TERMINAL_TITLE`.
  • Fixed permission rule matching: wildcards not matching heredocs/embedded newlines/no-arg commands; `sandbox.excludedCommands` with env var prefixes; overly broad "always allow" prefix suggestions; deny rules not applying to all command forms.
  • Fixed oversized/truncated images from Bash data-URL output.
  • Fixed crash resuming sessions with Bedrock API errors.
  • Fixed intermittent "expected boolean, received string" validation errors on Edit, Bash, Grep.
  • Fixed multi-line session titles from forked conversations with newlines in first message.
  • Fixed queued messages losing attached images; images lost on ↑ to edit queued message.
  • Fixed parallel tool calls: failed Read/WebFetch/Glob no longer cancels siblings — only Bash errors cascade.
  • VSCode: Fixed scroll speed in integrated terminals.
  • VSCode: Fixed Shift+Enter submitting instead of inserting newline (older keybindings).
  • VSCode: Added effort level indicator on input border.

Raw changelog

## 2.1.72

- Fixed tool search to activate even with `ANTHROPIC_BASE_URL` as long as `ENABLE_TOOL_SEARCH` is set.
- Added `w` key in `/copy` to write the focused selection directly to a file, bypassing the clipboard (useful over SSH)
- Added optional description argument to `/plan` (e.g., `/plan fix the auth bug`) that enters plan mode and immediately starts
- Added `ExitWorktree` tool to leave an `EnterWorktree` session
- Added `CLAUDE_CODE_DISABLE_CRON` environment variable to immediately stop scheduled cron jobs mid-session
- Added `lsof`, `pgrep`, `tput`, `ss`, `fd`, and `fdfind` to the bash auto-approval allowlist, reducing permission prompts for common read-only operations
- Restored the `model` parameter on the Agent tool for per-invocation model overrides
- Simplified effort levels to low/medium/high (removed max) with new symbols (○ ◐ ●) and a brief notification instead of a persistent icon. Use `/effort auto` to reset to default
- Improved `/config` — Escape now cancels changes, Enter saves and closes, Space toggles settings
- Improved up-arrow history to show current session's messages first when running multiple concurrent sessions
- Improved voice input transcription accuracy for repo names and common dev terms (regex, OAuth, JSON)
- Improved bash command parsing by switching to a native module — faster initialization and no memory leak
- Reduced bundle size by ~510 KB
- Changed CLAUDE.md HTML comments (`<!-- ... -->`) to be hidden from Claude when auto-injected. Comments remain visible when read with the Read tool
- Fixed slow exits when background tasks or hooks were slow to respond
- Fixed agent task progress stuck on "Initializing…"
- Fixed skill hooks firing twice per event when a hooks-enabled skill is invoked by the model
- Fixed several voice mode issues: occasional input lag, false "No speech detected" errors after releasing push-to-talk, and stale transcripts re-filling the prompt after submission
- Fixed `--continue` not resuming from the most recent point after `--compact`
- Fixed bash security parsing edge cases
- Added support for marketplace git URLs without `.git` suffix (Azure DevOps, AWS CodeCommit)
- Improved marketplace clone failure messages to show diagnostic info even when git produces no stderr
- Fixed several plugin issues: installation failing on Windows with `EEXIST` error in OneDrive folders, marketplace blocking user-scope installs when a project-scope install exists, `CLAUDE_CODE_PLUGIN_CACHE_DIR` creating literal `~` directories, and `plugin.json` with marketplace-only fields failing to load
- Fixed feedback survey appearing too frequently in long sessions
- Fixed `--effort` CLI flag being reset by unrelated settings writes on startup
- Fixed backgrounded Ctrl+B queries losing their transcript or corrupting the new conversation after `/clear`
- Fixed `/clear` killing background agent/bash tasks — only foreground tasks are now cleared
- Fixed worktree isolation issues: Task tool resume not restoring cwd, and background task notifications missing `worktreePath` and `worktreeBranch`
- Fixed `/model` not displaying results when run while Claude is working
- Fixed digit keys selecting menu options instead of typing in plan mode permission prompt's text input
- Fixed sandbox permission issues: certain file write operations incorrectly allowed without prompting, and output redirections to allowlisted directories (like `/tmp/claude/`) prompting unnecessarily
- Improved CPU utilization in long sessions
- Fixed prompt cache invalidation in SDK `query()` calls, reducing input token costs up to 12x
- Fixed Escape key becoming unresponsive after cancelling a query
- Fixed double Ctrl+C not exiting when background agents or tasks are running
- Fixed team agents to inherit the leader's model
- Fixed "Always Allow" saving permission rules that never match again
- Fixed several hooks issues: `transcript_path` pointing to the wrong directory for resumed/forked sessions, agent `prompt` being silently deleted from settings.json on every settings write, PostToolUse block reason displaying twice, async hooks not receiving stdin with bash `read -r`, and validation error message showing an example that fails validation
- Fixed session crashes in Desktop/SDK when Read returned files containing U+2028/U+2029 characters
- Fixed terminal title being cleared on exit even when `CLAUDE_CODE_DISABLE_TERMINAL_TITLE` was set
- Fixed several permission rule matching issues: wildcard rules not matching commands with heredocs, embedded newlines, or no arguments; `sandbox.excludedCommands` failing with env var prefixes; "always allow" suggesting overly broad prefixes for nested CLI tools; and deny rules not applying to all command forms
- Fixed oversized and truncated images from Bash data-URL output
- Fixed a crash when resuming sessions that contained Bedrock API errors
- Fixed intermittent "expected boolean, received string" validation errors on Edit, Bash, and Grep tool inputs
- Fixed multi-line session titles when forking from a conversation whose first message contained newlines
- Fixed queued messages not showing attached images, and images being lost when pressing ↑ to edit a queued message
- Fixed parallel tool calls where a failed Read/WebFetch/Glob would cancel its siblings — only Bash errors now cascade
- VSCode: Fixed scroll speed in integrated terminals not matching native terminals
- VSCode: Fixed Shift+Enter submitting input instead of inserting a newline for users with older keybindings
- VSCode: Added effort level indicator on the input border
- VSCode: Added `vscode://anthropic.claude-code/open` URI handler to open a new Claude Code tab programmatically, with optional `prompt` and `session` query parameters
All 395 primitives Book a call