Claude Code 2.1.126

What changed

Claude Code 2.1.126 (May 1, 2026) — /model reads from the gateway’s /v1/models endpoint, claude project purge deletes all per-project state, OAuth handles environments where the browser callback can’t reach localhost, and Windows gains better PowerShell 7 detection. A long list of OAuth, stream-timeout, and Remote Control regressions are also fixed.

New features

• /model reads from your gateway’s /v1/models

  Aimed at organizations running an internal or self-hosted LLM gateway. When ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway (LiteLLM Proxy, Portkey, in-house gateways), the /model picker now lists models returned by the gateway’s /v1/models endpoint. The picker shows only the models the gateway actually exposes, and any addition, removal, or internal alias (like corp-fast) takes effect without a Claude Code restart.

• claude project purge [path]

  Delete all Claude Code state for a project — transcripts, tasks, file history, and the config entry — in a single command. Supports --dry-run (preview), -i/--interactive (per-item confirm), -y/--yes (skip confirmation), and --all (purge every project).

• Broader --dangerously-skip-permissions scope

  Writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths no longer prompt in this mode. Catastrophic removal commands (rm -rf and similar) still prompt as a safety net.

• claude auth login accepts a pasted OAuth code

  When the browser callback can’t reach localhost (WSL2, SSH, containers), paste the OAuth code into the terminal to complete login.

• claude_code.skill_activated extended

  This OpenTelemetry event now fires for user-typed slash commands too, not just proactive activations. A new invocation_trigger attribute carries "user-slash", "claude-proactive", or "nested-skill".

• Auto mode: red spinner on stalled permission

  When a permission check stalls, the spinner used to look identical to a running tool. It now turns red so you know something is waiting on you.

• Host-managed deployments retain analytics

  CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST no longer auto-disables analytics on Bedrock/Vertex/Foundry deployments.

• Windows: PowerShell 7 detection improvements

  PowerShell 7 installed via the Microsoft Store, MSI without PATH, or as a .NET global tool is now detected. With the PowerShell tool enabled, Claude treats PowerShell as the primary shell instead of defaulting to Bash.

Improvements

• Read tool: removed per-file malware-assessment reminder — caused legacy models to spuriously refuse files or add “this is not malware” commentary.

Security

• allowManagedDomainsOnly / allowManagedReadPathsOnly — fixed being ignored when a higher-priority managed-settings source lacked a sandbox block.

Notable fixes

Images, OAuth, sessions

• Pasting an image larger than 2000px breaking the session — images are now downscaled on paste, and oversized images already in history are removed and the request retried.
• “OAuth not allowed for organization” — used to send users to the login screen; now shows a message to contact the admin.
• OAuth login timeouts — fixed on slow or proxied connections, IPv6-only devcontainers, and environments where the browser callback can’t reach localhost.
• Concurrent credential write clearing a valid OAuth refresh token — rare race fixed.
• API retry countdown stuck at “0s” — fixed.

Stream and session stability

• “Stream idle timeout” after waking Mac from sleep mid-request — fixed.
• Background and remote sessions falsely aborting during long thinking pauses — Stream idle timeout no longer fires.
• Hang where the assistant finishes thinking but shows no output after a run of empty turns — fixed.

Input and UI

• Overly fast trackpad scrolling in Cursor and VS Code 1.92–1.104 integrated terminals — fixed.
• Garbled Japanese / Korean / Chinese text on Windows in no-flicker mode — fixed.
• Ctrl+L clearing the prompt input — now only forces a screen redraw, matching readline behavior.

MCP, plugins, Remote Control

• claude.ai MCP connectors suppressed by manual servers stuck in needs-auth state — fixed.
• Deferred tools (WebSearch, WebFetch, etc.) unavailable to skills with context: fork and other subagents on their first turn — fixed.
• Plan-mode tools unavailable in interactive sessions launched with --channels — fixed.
• /plugin Uninstall reporting “Enabled” instead of “Uninstalled” — fixed.
• /remote-control retries appearing stuck on “connecting…” — each retry now shows its result.
• Remote Control failure notification missing the error reason on initial connection failures — fixed.

Windows and PowerShell

• Windows clipboard writes exposing copied content in process command-line arguments — was visible to EDR/SIEM telemetry. Also fixes selections >22KB not reaching the clipboard.
• PowerShell tool: bare -- (e.g. git diff -- file) is no longer mis-flagged as the --% stop-parsing token.

Misc

• File-modified reminders bounded when a linter touches many files at once.
• Agent SDK hang when the model emits a malformed tool name in a parallel tool-call batch — fixed.

Notes

• claude project purge is destructive — transcripts and file history are deleted. Run with --dry-run first, and prefer -i over -y in scripts to keep human confirmation.
• --dangerously-skip-permissions now writes through .git/, .claude/, and shell config files without prompting. Reserve this mode for trusted automation contexts.
• For Korean / Japanese / Chinese users on Windows: the no-flicker-mode rendering bug is fixed in this release. Upgrading delivers an immediate improvement if you’ve been seeing garbled text.
• For gateway operators: /model calls /v1/models when ANTHROPIC_BASE_URL is set. Verify your in-house gateway exposes that endpoint.