Claude Code 2.1.141

What changed

Claude Code 2.1.141 shipped on May 13, 2026. The release adds a handful of new capabilities — a terminalSequence field on hook JSON output so hooks can drive desktop notifications, window titles, and bells without a controlling terminal; CLAUDE_CODE_PLUGIN_PREFER_HTTPS to clone GitHub plugin sources over HTTPS instead of SSH for environments without a GitHub SSH key; ANTHROPIC_WORKSPACE_ID to scope a workload identity federation token to a specific workspace when the federation rule covers more than one; claude agents --cwd <path> to scope the session list to a directory; an option in /feedback to include recent sessions from the last 24 hours or 7 days; and a “Summarize up to here” entry in the Rewind menu to compress earlier context while keeping recent turns intact. On top of that, the release fixes background side-queries sending an unavailable Haiku model ID on Bedrock/Vertex/Foundry/gateway, Remote Control MCP connectors all failing with 401 when the worker session token rotated mid-session, claude plugin install failing for plugins whose marketplace ref no longer exists upstream when a sha is also pinned, MCP HTTP/SSE servers returning 403 on connect being shown as “failed” instead of “needs auth”, and a long tail of auth, session, MCP, plugin, keybinding, and UI regressions.

New features

terminalSequence field on hook JSON output

Hooks that wanted to emit desktop notifications, window titles, or bells previously needed a controlling terminal, which made them unusable in background contexts. Hook JSON output now accepts a terminalSequence field so hooks can emit those sequences directly without a controlling terminal.
CLAUDE_CODE_PLUGIN_PREFER_HTTPS — clone GitHub plugin sources over HTTPS

GitHub plugin sources were cloned over SSH, which broke installs in environments without a GitHub SSH key (CI runners, keyless containers). Setting CLAUDE_CODE_PLUGIN_PREFER_HTTPS clones over HTTPS instead so plugin installs work without an SSH key.
ANTHROPIC_WORKSPACE_ID — scope federation tokens to a workspace

Workload identity federation rules can cover more than one workspace, in which case the minted token is broader than intended. Setting ANTHROPIC_WORKSPACE_ID scopes the minted token to a specific workspace.
claude agents --cwd <path> — scope sessions to a directory

claude agents listed sessions across projects, so pulling out only the sessions for the directory you were working in was awkward. The new --cwd <path> flag scopes the session list to a directory.
/feedback — include recent sessions (last 24 hours or 7 days)

Bugs that span more than the current session were hard to reproduce when /feedback only attached the current session. /feedback can now include recent sessions from the last 24 hours or 7 days.
Rewind menu — “Summarize up to here”

Trimming earlier context manually while keeping recent turns intact was tedious. The Rewind menu now has a “Summarize up to here” entry that compresses earlier context up to a chosen point while keeping recent turns intact.

Improvements

Auto mode permission dialog explains when a permissions.ask rule caused the prompt

In Auto mode, a permission prompt didn’t surface which rule caused it. The dialog now explains when a permissions.ask rule was the trigger.
“View diff in your IDE” restored on file-edit permission prompts when an IDE is connected

The “view diff in your IDE” option on file-edit permission prompts had disappeared when an IDE was connected, breaking the review flow. It’s back.
Background agents launched via /bg or ←← preserve the current permission mode

Background agents launched via /bg or ←← reverted to the default permission mode instead of inheriting the caller’s mode. They now preserve the current permission mode.
claude agents: agents leaving a background shell running move to Completed

Agents that finished work but left a background shell running stayed under Working, making the status distinction unhelpful. They now move to Completed.
Improved spinner feedback during long thinking periods

When Claude was thinking for a long time, the spinner gave no signal whether the run was still healthy. The spinner now warms to amber after 10 seconds to signal Claude is still working.
Plugin menu navigation improvements

Plugin menu navigation has been improved: →/Tab switch tabs, ↑ moves to the tab strip, and tab headers and the search box are clickable in fullscreen mode.

Bug fixes

Auth & gateways

Background side-queries sending an unavailable Haiku model ID on Bedrock/Vertex/Foundry/gateway when no ANTHROPIC_SMALL_FAST_MODEL override is set — now falls back to the main-loop model.
Background jobs on a custom ANTHROPIC_BASE_URL gateway not getting auto-named — the namer now uses the main model when no Haiku model is configured.
Desktop and third-party provider sessions incorrectly inheriting apiKeyHelper / ANTHROPIC_AUTH_TOKEN from host managed-settings — fixed.
Bedrock: awsCredentialExport skipped when ambient AWS credentials resolved, breaking cross-account auth — now always runs when configured.

Remote Control & sessions

Remote Control MCP connectors all failing with 401 when the worker session token rotated mid-session — fixed.
Remote Control automatically re-enrolling a trusted device when the server rejected a stale token — now routes through /login instead of silently re-enrolling.

Plugins & MCP

claude plugin install failing for plugins whose marketplace ref no longer exists upstream when a sha is also pinned — fixed.
Plugin details pane showing 0 MCP servers for plugins that declare them via .mcp.json — fixed.
Plugin MCP servers with unset config variables showing a generic connection failure — now shows a “config issue” message with a fix-it hint; malformed .mcp.json entries no longer drop other MCP servers.
MCP server configs using POSIX shell parameter expansions (e.g. ${var%pattern}) incorrectly flagged as missing environment variables — fixed.
MCP HTTP/SSE servers returning 403 on connect being shown as “failed” — now correctly shown as “needs auth”.
Remote MCP servers disconnecting unnecessarily when the optional server-events stream failed to reconnect — fixed; tool calls continue over POST.

`/model`, permissions & hooks

/model in one session silently changing the autocompact threshold in other concurrent sessions — fixed.
Switching permission mode while a tool-permission prompt was open not auto-dismissing the prompt when the new setting permitted the tool — fixed.
Pressing Enter while a permission/dialog prompt was open also submitting text in the input box — fixed.
Hooks receiving a non-existent transcript_path after EnterWorktree switches the working directory — fixed.
“Allowed by PermissionRequest hook” repeating once per tool call under a collapsed read/search group — fixed.

Input, keybindings & history

Cancelled prompts being removed from Up-arrow history when auto-restored into the input box — fixed, avoiding duplicate entries.
Prompts cancelled with Ctrl+C / Esc before any response being dropped from Up-arrow history — fixed.
Ctrl+C not interrupting a running turn while in vim INSERT/VISUAL mode — fixed.
Alternative chat:submit keybindings (e.g. meta+enter, ctrl+enter) not working when enter is rebound to chat:newline — fixed.
Prompt suggestions silently disabled when an output style was configured — fixed.
spinnerVerbs setting not honored in turn-completion messages — fixed.
Custom voice:pushToTalk keybindings and "space": null unbinds being silently ignored — fixed.

UI & rendering

Markdown tables with cell wrapping falling back to the vertical key-value layout instead of rendering as a bordered grid — fixed (regression in 2.1.136).
AskUserQuestion popup hiding the last line of preceding chat content — fixed.
Web Search status showing “Did 0 searches” when searches returned errors — fixed.
Multi-line statusline output dropping or corrupting rows when any line exceeds terminal width — fixed.
Light-ansi theme using invisible white for diff context lines on light backgrounds — now uses black.
Error overlay dumping minified bundle source that hid the original error message — fixed.
Pressing Enter after typing a feedback survey rating digit submitting it as a chat message instead of the rating — fixed.
Pressing x on a selected subagent in the agent panel typing into the prompt instead of stopping the agent — fixed.
Session title being derived from plugin monitor notifications before the user’s first prompt — fixed.
/mcp server list not keeping the focused server visible in short terminals in fullscreen mode — fixed.
/tui silently dropping running background shells and subagents — now refuses and asks to wait for them to finish.
Welcome banner showing “API Usage Billing” on Bedrock, Vertex, Foundry, and other third-party providers — now shows the provider name.

Windows, platform & SDK

claude daemon status and /doctor on Windows throwing when the daemon pipe key file was locked or unreadable — now shows the underlying error instead of an opaque failure.
claude agents showing the agent-type list instead of the dashboard when launched through a wrapper that adds flags — fixed.
claude agents opening a crashed session firing redundant dispatches when the working directory was deleted — fixed.
Windows Alt+V image paste reporting “no image found” when the clipboard contains a screenshot — fixed.
SDK “Claude Code native binary not found” on Linux when both glibc and musl platform packages are installed — fixed.
Race where early OTel spans could be silently dropped in SDK/headless mode with beta tracing enabled — fixed.
Early analytics events being silently dropped when fired before logger initialization — fixed.
Redaction in /feedback bundles producing invalid JSON for quoted values like session IDs — fixed.
[VSCode] In-chat mic showing no feedback when the microphone produced only silence — now shows “No audio detected”.
[VSCode] Voice mode: WSL error now suggests installing sox libsox-fmt-pulse for WSLg users.

`claude agents` dispatch

Launching a session no longer fails when the pre-warmed background worker is unhealthy — now falls back to a fresh launch.
claude agents no longer shows empty placeholder sessions left over from backgrounding a fresh REPL — shows onboarding text when entered via ← with no other agents.
Empty idle background sessions left over from ← are now automatically retired by the daemon after 5 minutes.

Notes

Using terminalSequence from hooks — hooks can now emit desktop notifications, window titles, and bells without depending on a controlling terminal, which makes them usable from background automation.
Keyless plugin installs — if GitHub plugin installs fail because the environment has no SSH key, set CLAUDE_CODE_PLUGIN_PREFER_HTTPS to clone over HTTPS. Useful for CI runners and keyless container environments.
Workspace-scoped federation tokens — when a federation rule covers more than one workspace, the minted token is broader than you might intend. Use ANTHROPIC_WORKSPACE_ID to scope it to a specific workspace.
Concurrent /model use — /model in one session no longer silently changes the autocompact threshold in other concurrent sessions. If you had a workaround in place for this, you can drop it.
Table rendering regression fixed (2.1.136) — markdown tables with cell wrapping render as a bordered grid again instead of falling back to a vertical key-value layout, so terminal-based review of tool output that produces tables works as expected.
Remote Control 401 retries — connectors no longer fall over with 401 during worker session token rotation, but environments with chronically expiring credentials still need /login eventually. Don’t ignore repeated 401s.
MCP “needs auth” vs “failed” — HTTP/SSE servers returning 403 on connect are now distinguished as “needs auth” instead of a generic “failed”, so OAuth/token-refresh cases are easier to spot.