claudekit / updates / claude-code-2-1-143
[ PATCH · ]

Claude Code 2.1.143

Added plugin dependency enforcement (`claude plugin disable`/`enable` understand dependency chains), projected context cost in the `/plugin` marketplace browse pane, a `worktree.bgIsolation: "none"` setting for repos where worktrees are impractical, `-ExecutionPolicy Bypass` for the PowerShell tool, model and effort preservation across background-session wakeups, and auto mode in the Shift+Tab cycle. Bug fixes cover a corrupt `.credentials.json` hanging startup, stop hooks looping forever, macOS background sessions failing under Full Disk Access folders, and `git worktree remove` no longer falling back to `rm -rf`.

Claude Code
Official announcement →

This article is a summary based on official documentation.

What changed

Claude Code 2.1.143 shipped on May 15, 2026. On the plugin side, the dependency graph is enforced for the first time: claude plugin disable refuses when another enabled plugin depends on the target and prints a copy-pasteable disable-chain hint, and claude plugin enable force-enables transitive dependencies. The /plugin marketplace browse pane now shows projected context cost — per-turn and per-invocation token estimates — and a new worktree.bgIsolation: "none" setting lets background sessions edit the working copy directly without EnterWorktree, for repos where worktrees are impractical. The PowerShell tool now passes -ExecutionPolicy Bypass (opt out with CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1) and is enabled by default on Windows for Bedrock, Vertex, and Foundry users (opt out with CLAUDE_CODE_USE_POWERSHELL_TOOL=0). Background sessions now preserve the model and effort level you set after waking from idle, and Shift+Tab in attached agent sessions now includes auto mode in the cycle. The release also fixes a corrupt .credentials.json with a non-array scopes value hanging the CLI on startup or silently aborting OAuth token refresh, stop hooks that block repeatedly looping forever (the turn now ends with a warning after 8 consecutive blocks, overridable via CLAUDE_CODE_STOP_HOOK_BLOCK_CAP), background-job sessions on macOS getting “Operation not permitted” errors when reading files under ~/Documents, ~/Desktop, or ~/Downloads even with Full Disk Access granted, and worktree cleanup no longer falling back to rm -rf when git worktree remove fails — preventing loss of gitignored or in-progress files.

New features

  • Plugin dependency enforcement — claude plugin disable refuses when dependents are enabled, claude plugin enable force-enables transitive dependencies

    Plugin dependencies were not enforced, so disabling a plugin that another plugin depended on silently broke the dependent, and enabling a plugin still required the user to enable its dependencies by hand. claude plugin disable now refuses when another enabled plugin depends on the target and prints a copy-pasteable disable-chain hint, and claude plugin enable force-enables transitive dependencies.

  • /plugin marketplace browse pane — projected context cost (per-turn and per-invocation token estimates)

    It was hard to gauge how much context window a plugin would consume before installing it, so a heavy plugin would often only reveal its footprint after the context started shrinking quickly. The /plugin marketplace browse pane now shows projected context cost — per-turn and per-invocation token estimates — so the cost can be compared up front.

  • worktree.bgIsolation: "none" setting — background sessions edit the working copy directly without EnterWorktree

    Worktree isolation was forced for background sessions, which made background jobs awkward in repos where worktrees are impractical (monorepos and similar setups). The new worktree.bgIsolation: "none" setting lets background sessions edit the working copy directly without EnterWorktree, so background jobs work in repos where worktrees are impractical.

  • PowerShell tool — -ExecutionPolicy Bypass, enabled by default on Windows for Bedrock/Vertex/Foundry

    The PowerShell tool could be blocked by the host execution policy, so script execution would be refused unexpectedly. The PowerShell tool now passes -ExecutionPolicy Bypass; opt out with CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1 to respect the host policy. The PowerShell tool is also now enabled by default on Windows for Bedrock, Vertex, and Foundry users; opt out with CLAUDE_CODE_USE_POWERSHELL_TOOL=0.

  • Background sessions preserve the model and effort level you set after waking from idle

    When a background session woke from idle, the model and effort level the user had set would revert to defaults, so the next turn ran with a different configuration than intended. Background sessions now preserve the model and effort level you set after waking from idle.

  • Shift+Tab in attached agent sessions now includes auto mode in the cycle

    Shift+Tab in attached agent sessions cycled through permission modes without auto mode, so switching to auto mode required a separate step. Shift+Tab in attached agent sessions now includes auto mode in the cycle, so it can be reached with the same keystroke while attached.

  • claude agents dispatch flags applied to the dashboard and dispatched background sessions

    The claude agents dispatch flags introduced in v2.1.142 are now applied consistently to the dashboard and to background sessions dispatched from it: --add-dir, --settings, --mcp-config, and --plugin-dir. In the same scope, --permission-mode, --model, --effort, and --dangerously-skip-permissions set defaults for sessions dispatched from the view.

  • /bg preserves --mcp-config, --settings, --add-dir, --plugin-dir, and --strict-mcp-config

    Backgrounding a session with /bg dropped a number of CLI flags on respawn, so the backgrounded session came back without its MCP servers or settings context. /bg now preserves --mcp-config, --settings, --add-dir, --plugin-dir, and --strict-mcp-config, so backgrounded sessions keep their MCP servers and settings across respawn.

  • /bg and -detach preserve --fallback-model and --allow-dangerously-skip-permissions

    Forking a worker with /bg or -detach lost the --fallback-model setting (so the worker hard-failed on overload instead of degrading), and --allow-dangerously-skip-permissions disappeared from the forked worker’s Shift+Tab cycle. Both options are now carried over to the forked worker.

  • claude --bg --dangerously-skip-permissions persists across retire→wake

    A regression that caused claude --bg --dangerously-skip-permissions to lose the flag across retire→wake is fixed.

Bug fixes

Auth & OAuth

  • Corrupt .credentials.json with a non-array scopes value hanging the CLI on startup or silently aborting OAuth token refresh — corrupt credentials are now handled robustly.

Permissions & hooks

  • Stop hooks that block repeatedly looping forever — the turn now ends with a warning after 8 consecutive blocks. Override the cap via CLAUDE_CODE_STOP_HOOK_BLOCK_CAP.
  • claude agents --allow-dangerously-skip-permissions defaulting dispatched sessions to bypass mode — bypass is now available in the permission cycle instead of being applied as the default mode.
  • Background sessions dispatched from claude agents ignoring permissions.defaultMode from settings.json and being forced to auto mode — they now honor the configured default mode.

/loop & /goal

  • Esc/Ctrl+C not cancelling a pending /loop wakeup while Claude is idle between iterations — fixed.
  • /goal evaluator firing while background shells or delegated subagents are still running — fixed.

Environment & UI colors

  • NO_COLOR / FORCE_COLOR in settings.json env stripping Claude Code’s own UI colors — both variables now apply to subprocesses only.

Background sessions & daemon

  • Agent view spawning repeated PowerShell processes on Windows when listing sessions — fixed.
  • /bg without a prompt sending “continue” to the forked session — the fork now waits for input.
  • Stale-fragment rendering when scrolling in attached background sessions on Windows Terminal — fixed.
  • Background agents false-positive worker-stall detection storm after host sleep or macOS App Nap — fixed.
  • Background sessions silently capturing IDE file references into the warm spare’s input, causing the reference to be prepended to the next prompt dispatched from claude agents — fixed.
  • Worktree cleanup no longer falls back to rm -rf when git worktree remove fails — preventing loss of gitignored or in-progress files.
  • Background-job sessions on macOS getting “Operation not permitted” errors when reading files under ~/Documents, ~/Desktop, or ~/Downloads, even with Full Disk Access granted — fixed.
  • Background daemon spawn now falls back to the running binary when the ~/.local/bin/claude launcher is missing or non-executable — fixed.

claude agents UI & Windows

  • Right-click paste in claude agents on Windows Terminal and WSL — fixed.
  • On Windows, pressing ← in claude agents while a response was streaming could leave the agents list unresponsive to all input — fixed.

Plugins

  • --agent <name> not finding plugin-contributed agents without the plugin: prefix — fixed.

Sessions, transcripts & errors

  • Deleting a session from agent view not removing its transcript file — fixed.
  • 5xx error messages pointing at status.claude.com instead of naming the configured gateway or cloud provider — fixed.

Notes

  • Plugin dependency enforcement — when disabling a plugin with active dependents, the refusal message includes a copy-pasteable disable-chain hint that disables the whole dependency graph safely in one go. On the enable side, transitive dependencies are now force-enabled, reducing silent breakage caused by missing dependencies.
  • PowerShell policy bypass default — CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY — in environments that must respect the host execution policy (where policy bypass is not allowed by security policy), set CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1 to opt out. To opt out of the Windows Bedrock/Vertex/Foundry default-enable, use CLAUDE_CODE_USE_POWERSHELL_TOOL=0.
  • worktree.bgIsolation: "none" caveat — background sessions edit the working copy directly, so simultaneous user edits to the same files can conflict. Keep the default (isolation) for repos where worktrees are not a problem.
  • Stop-hook loop guard cap — the default cap is 8 consecutive blocks; raise or lower it with CLAUDE_CODE_STOP_HOOK_BLOCK_CAP. Setting it to 0 to disable the guard is not recommended.
  • macOS ~/Documents, ~/Desktop, ~/Downloads access — the regression that refused background-job reads despite Full Disk Access is fixed. Workarounds that moved files to a different path can be reverted.
  • Worktree cleanup safetygit worktree remove failures no longer fall back to rm -rf, so cleanup can no longer lose gitignored or in-progress files. When cleanup fails, follow the message to clean up manually.
  • claude agents dispatch settling — the dispatch flags introduced in v2.1.142 are now applied consistently to the dashboard and to dispatched sessions, and the set of flags preserved across /bg and -detach is expanded. Pinning the configuration on a single command line keeps it intact across respawn and wake.