Claude Code 2.1.133

💡

A new `worktree.baseRef` setting (`fresh` | `head`) lets you choose whether worktrees branch from `origin/<default>` or local `HEAD`, and hooks and Bash commands can now read the active effort level via `$CLAUDE_EFFORT`. Plus fixes for a refresh-token race that dead-ended parallel sessions at 401, MCP OAuth ignoring `HTTP(S)_PROXY`/mTLS across discovery and token refresh, and subagents failing to discover project, user, or plugin skills.

#Claude Code#Update
🔗 Official announcement →

This article is a summary based on official documentation.

What changed

Claude Code 2.1.133 shipped on May 7, 2026. It adds an explicit worktree.baseRef setting and exposes the active effort level to hooks and Bash, alongside a round of operationally meaningful fixes — a refresh-token race that wiped shared credentials and dead-ended parallel sessions at 401, MCP OAuth not honoring HTTP(S)_PROXY/NO_PROXY/mTLS across the full flow, and subagents failing to discover project, user, or plugin skills via the Skill tool.

New features

  • worktree.baseRef — choose the worktree base (fresh | head)

    Since 2.1.128, --worktree, EnterWorktree, and agent-isolation worktrees branched from local HEAD, which carried unpushed commits into new worktrees but conflicted with workflows that expect a clean branch off origin/<default>. This release introduces worktree.baseRef and resets the default to fresh (= origin/<default>). Set worktree.baseRef: "head" to keep the previous behavior of carrying unpushed commits forward.

  • sandbox.bwrapPath / sandbox.socatPath — custom sandbox binary paths (Linux/WSL)

    Linux and WSL sandboxing relies on bubblewrap (bwrap) and socat. When those binaries lived outside the auto-discovery path, the sandbox failed to start. The two managed settings let admins point Claude Code at the right binaries.

  • parentSettingsBehavior — admin-tier policy merge opt-in ('first-wins' | 'merge')

    An admin-tier key that lets admins decide whether SDK managedSettings (the parent tier) joins the policy merge. Set it to merge to fold SDK-side settings into the merged policy.

  • Effort level exposed to hooks and Bash

    Hooks now receive the active effort via the effort.level JSON input field and the $CLAUDE_EFFORT environment variable, and Bash tool commands can read $CLAUDE_EFFORT. Useful when an automation script needs to branch on effort.

  • claude --help lists --remote-control

    --remote-control now appears in --help alongside --remote-control-session-name-prefix.

Improvements

  • Focus mode behavior

    Focus mode behavior has been improved.

  • Memory: warm-spare workers released under pressure

    Background warm-spare workers are now released when the process is under memory pressure, reducing memory usage in long-running sessions.

Bug fixes

Auth & sessions

  • Parallel sessions all dead-ending at 401 after a refresh-token race wiped shared credentials — fixed.
  • Remote Control stop/interrupt from claude.ai not fully canceling the CLI session the way local Esc does, leaving queued messages stalled after interrupting a stuck tool or prompt — fixed.

Permissions & file access

  • Edit/Write allow rules scoped to a drive root (C:\) or POSIX / matching incorrectly and always prompting — fixed.
  • Read/Write/Edit denied on mapped network drives passed via --add-dir / SDK additionalDirectories — fixed.

MCP & proxies

  • HTTP(S)_PROXY / NO_PROXY / mTLS not respected across the full MCP OAuth flow — discovery, dynamic client registration, token exchange, and token refresh — fixed.

Effort & skills

  • /effort in one session unexpectedly changing the effort level of other concurrent sessions, plus a related issue where an IDE effort change could be silently dropped — fixed.
  • Subagents not discovering project, user, or plugin skills via the Skill tool — fixed.

Stability

  • Unhandled rejection (ECOMPROMISED) when a history or session-log file lock is compromised by clock skew or slow disk — fixed.
  • Pressing Esc during conversation compaction showing a spurious “Error compacting conversation” notification — fixed.

IDE

  • [VSCode] claudeCode.claudeProcessWrapper failing with “Unsupported platform” when the extension build doesn’t bundle a Claude binary — fixed.

Notes

  • worktree.baseRef default reverts to fresh — the local HEAD base introduced in 2.1.128 is now opt-in. If you relied on unpushed commits being carried into new worktrees, set worktree.baseRef: "head" explicitly.
  • MCP OAuth honors proxy and mTLS settings — TLS proxies (Zscaler, Netskope, etc.) and corporate mTLS configurations are now respected through the entire MCP OAuth flow. No env var change needed.
  • /effort is now session-scoped/effort only affects the session that ran it. Setups that vary effort per session work as intended again.
  • Subagent skill discovery restored — if subagents had stopped finding project or plugin skills via the Skill tool, this release fixes it.
  • $CLAUDE_EFFORT — hooks and Bash commands can read the active effort level. Useful for automation scripts that branch on high/medium/low.
  • Sandbox binary paths — on Linux/WSL, point sandbox.bwrapPath and sandbox.socatPath at custom locations if bwrap or socat aren’t on the auto-discovery path.