chore(deps): update dependency aqua:anthropics/claude-code to v2.1.131

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
aqua:anthropics/claude-code	patch	2.1.119 → 2.1.131	2.1.140 (+6)

---

Release Notes

anthropics/claude-code (aqua:anthropics/claude-code)

v2.1.131

Compare Source

• Fixed VS Code extension failing to activate on Windows due to a hardcoded build path in the bundled SDK (createRequire polyfill bug)
• Fixed Mantle endpoint authentication failing with missing x-api-key header

v2.1.129

Compare Source

• Added --plugin-url <url> flag to fetch a plugin .zip archive from a URL for the current session
• Added CLAUDE_CODE_FORCE_SYNC_OUTPUT=1 env var to force-enable synchronized output on terminals that auto-detection misses (e.g. Emacs eat)
• Added CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE: when set on Homebrew or WinGet installations, Claude Code runs the upgrade command in the background and prompts to restart
• Plugin manifests: themes and monitors should now be declared under "experimental": { ... }. Top-level declarations still work but claude plugin validate will warn
• Gateway /v1/models discovery for the /model picker is now opt-in via CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY=1 (was automatic in 2.1.126–2.1.128)
• Ctrl+R history picker now defaults to searching all prompts across all projects, matching pre-2.1.124 behavior. Press Ctrl+S to narrow to the current project or session
• Third-party deployments (Bedrock, Vertex, Foundry, or ANTHROPIC_BASE_URL gateway) no longer see spinner tips pointing at first-party Anthropic surfaces
• skillOverrides setting now works: off hides from model and /, user-invocable-only hides from model only, name-only collapses description
• The claude_code.pull_request.count OTel metric now counts PRs/MRs created via MCP tools, not just shell commands
• Policy refusal error messages now include the API Request ID for easier support debugging
• Fixed API errors with unrecognized 400 status codes showing raw JSON instead of the underlying error message
• Fixed /clear not resetting the terminal tab title after a conversation
• Fixed session title chip from /rename disappearing while a permission or other dialog is active
• Fixed agent panel below the prompt being hidden when subagents are running (regression in 2.1.122)
• Fixed external-editor handoff (Ctrl+G) blanking the conversation history above the prompt
• Fixed /context dumping its rendered ASCII visualization grid into the conversation, wasting ~1.6k tokens per call
• Fixed /agents Library list arrow-key navigation: the highlighted agent now stays visible when the list exceeds the viewport
• Fixed /branch success message not including the new branch's session id for /resume
• Fixed bold headers with keycap/ZWJ/skin-tone emoji losing trailing characters in fullscreen mode
• Fixed server-managed settings policy not applying for enterprise/team users whose stored OAuth credentials lacked the user:inference scope
• Fixed OAuth refresh race after wake-from-sleep that could log out all running sessions
• Fixed 1-hour prompt cache TTL being silently downgraded to 5 minutes
• Fixed cache-miss warning appearing spuriously after /clear or compaction when changing /effort or /model
• Fixed Bash(mkdir *), Bash(touch *) and similar allow rules not being honored for in-project paths
• Fixed deniedMcpServers patterns with a *:// scheme wildcard not matching mixed-case hostnames
• Fixed harmless WebSocket warning being logged as an error in --debug during voice mode
• [VSCode] Fixed /clear not clearing the conversation context and displayed transcript

v2.1.128

Compare Source

• Bare /color (no args) now picks a random session color
• /mcp now shows the tool count for connected servers and flags servers that connected with 0 tools
• --plugin-dir now accepts .zip plugin archives in addition to directories
• --channels now works with console (API key) authentication — console orgs with managed settings must set channelsEnabled: true to enable
• Updated /model picker: collapsed duplicate Opus 4.7 entries, and current Opus now shows as "Opus" instead of "Opus 4.7"
• Subprocesses (Bash, hooks, MCP, LSP) no longer inherit OTEL_* environment variables, so OTEL-instrumented apps run via the Bash tool no longer pick up the CLI's own OTLP endpoint
• MCP: workspace is now a reserved server name — existing servers with that name will be skipped with a warning
• Reconnecting MCP servers no longer flood the conversation with full tool-name lists on every reconnect — re-announced tools are summarized by server prefix
• SDK hosts now receive a persistent localSettings suggestion for Bash permission prompts, so "Always allow" writes to .claude/settings.local.json
• EnterWorktree now creates the new branch from local HEAD as documented, instead of origin/<default-branch> — unpushed commits are no longer dropped
• Auto mode: when the classifier can't evaluate an action, the error now includes a hint (retry, /compact, or run with --debug)
• Fixed focus mode briefly dimming the previous response when submitting a new prompt
• Fixed stray "4;0;" desktop notification on every /exit in Kitty and other terminals that interpret OSC 9 as a notification
• Fixed Remote Control showing an empty "Opening your options…" message on rate limit instead of actionable upsell options
• Fixed drag-and-drop image upload hanging on "Pasting text…" when the image read fails
• Fixed crash loop when piping very large input (>10 MB) to claude -p via stdin
• Fixed long URLs not being individually clickable on every wrapped row in fullscreen mode
• Fixed /plugin Components panel showing "Marketplace 'inline' not found" for plugins loaded via --plugin-dir
• Fixed MCP tool results dropping images when the server returns both structured content and content blocks
• Fixed fenced code blocks inside list items carrying leading whitespace into the clipboard on copy-paste
• Fixed tab navigation in /config stranding focus — the tab header now stays focused so arrows and Esc keep working
• Fixed markdown link labels being lost on terminals without OSC 8 hyperlink support — links now render as label (url) instead of just the URL
• Fixed sessions on 1M-context models with a smaller autocompact window being falsely blocked with "Prompt is too long" before reaching the actual API limit
• Fixed parallel shell tool calls: a failing read-only command (grep, git diff, ls) no longer cancels sibling calls
• Fixed banner showing "with X effort" on models that don't support effort
• Fixed /fast on 3P providers fuzzy-matching to an unrelated skill instead of showing "not available"
• Fixed Bedrock default model resolving to global.* instead of the region-appropriate prefix
• Fixed vim mode: Space in NORMAL mode now moves the cursor right, matching standard vi/vim behavior
• Fixed terminal progress indicator (OSC 9;4) flickering off between tool calls — stays visible across the full turn
• Fixed /rename without args failing on resumed sessions whose last entry is a compact boundary
• Fixed stale "remote-control is active" status lines from prior sessions appearing after --resume/--continue
• Fixed stale installed_plugins.json entries pointing at deleted cache directories polluting PATH
• Fixed MCP stdio servers receiving corrupted arguments when CLAUDE_CODE_SHELL_PREFIX is set and an argument contains spaces or shell metacharacters
• Fixed sub-agent progress summaries missing the prompt cache (~3× cache_creation reduction)
• Fixed /plugin update never detecting new versions of npm-sourced plugins
• Fixed sub-agent summaries firing repeatedly while a sub-agent's transcript is static, capping worst-case token cost on idle sub-agents
• Headless --output-format stream-json: init.plugin_errors now includes --plugin-dir load failures in addition to dependency demotions

v2.1.126

Compare Source

• The /model picker now lists models from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway
• • Added claude project purge [path] to delete all Claude Code state for a project (transcripts, tasks, file history, config entry) — supports --dry-run, -y/--yes, -i/--interactive, and --all
• --dangerously-skip-permissions now bypasses prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)
• claude auth login now accepts the OAuth code pasted into the terminal when the browser callback can't reach localhost (WSL2, SSH, containers)
• claude_code.skill_activated OpenTelemetry event now fires for user-typed slash commands and carries a new invocation_trigger attribute ("user-slash", "claude-proactive", or "nested-skill")
• Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running
• Host-managed deployments (CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST) no longer auto-disable analytics on Bedrock/Vertex/Foundry
• Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or .NET global tool is now detected
• Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash
• Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and "this is not malware" commentary on legacy models
• Security: Fixed allowManagedDomainsOnly / allowManagedReadPathsOnly being ignored when a higher-priority managed-settings source lacked a sandbox block
• Fixed pasting an image larger than 2000px breaking the session — images are now downscaled on paste, and oversized images in history are automatically removed and the request retried
• Fixed showing the login screen for "OAuth not allowed for organization" errors — now shows guidance to contact your admin
• Fixed OAuth login failing with timeout on slow or proxied connections, in IPv6-only devcontainers, and when the browser callback can't reach localhost
• Fixed a rare race where a concurrent credential write could clear a valid OAuth refresh token
• Fixed API retry countdown sticking at "0s" instead of counting down between attempts
• Fixed "Stream idle timeout" error after waking Mac from sleep mid-request
• Fixed background and remote sessions falsely aborting with "Stream idle timeout" during long model thinking pauses
• Fixed a hang where the assistant could finish thinking but show no output after a run of empty turns
• Fixed overly fast trackpad scrolling in Cursor and VS Code 1.92–1.104 integrated terminals
• Fixed claude.ai MCP connectors being suppressed by manual servers stuck in needs-auth state
• Fixed Japanese/Korean/Chinese text rendering as garbled characters on Windows in no-flicker mode
• Fixed Ctrl+L clearing the prompt input — it now only forces a screen redraw, matching readline behavior
• Fixed deferred tools (WebSearch, WebFetch, etc.) not being available to skills with context: fork and other subagents on their first turn
• Fixed plan-mode tools being unavailable in interactive sessions launched with --channels
• Fixed /plugin Uninstall reporting "Enabled" instead of "Uninstalled"
• Bounded total size of file-modified reminders when a linter touches many files at once
• Fixed /remote-control retries appearing stuck on "connecting…" — each retry now shows its result
• Fixed Remote Control failure notification not showing the error reason for initial connection failures
• Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes >22KB selections not reaching the clipboard
• PowerShell tool: bare -- (e.g. git diff -- file) is no longer mis-flagged as the --% stop-parsing token
• Fixed Agent SDK hang when the model emits a malformed tool name in a parallel tool call batch

v2.1.123

Compare Source

• Fixed OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set

v2.1.122

Compare Source

• Added ANTHROPIC_BEDROCK_SERVICE_TIER environment variable to select a Bedrock service tier (default, flex, or priority), sent as the X-Amzn-Bedrock-Service-Tier header
• Pasting a PR URL into the /resume search box now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, and Bitbucket)
• /mcp now shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate
• Clarified the /mcp message shown when an MCP server is still unauthorized after the browser sign-in flow
• OpenTelemetry: numeric attributes on api_request/api_error log events are now emitted as numbers, not strings
• OpenTelemetry: added claude_code.at_mention log event for @-mention resolution
• Fixed /branch producing forks that fail with "tool_use ids were found without tool_result blocks" when the source session contained entries from rewound timelines
• Fixed /model not showing the Effort option for Bedrock application inference profile ARNs, and those ARNs not receiving output_config.effort
• Fixed Vertex AI / Bedrock returning invalid_request_error: output_config: Extra inputs are not permitted on session-title generation and other structured-output queries
• Fixed Vertex AI count_tokens endpoint returning 400 errors for users behind proxy gateways
• Fixed spinnerTipsOverride.excludeDefault not suppressing the time-based spinner tips
• Fixed ToolSearch missing MCP tools that connected after session start in nonblocking mode
• Fixed !exit / !quit in bash mode terminating the CLI instead of running as a shell command
• Fixed images sent to newer models being resized to 2576px per side instead of the correct 2000px maximum
• Fixed remote control session idle status redrawing twice per second, which could flood tmux -CC control pipes and pause the terminal
• Fixed assistant messages appearing blank in some sessions due to a stale view preference
• Fixed a malformed hooks entry in settings.json no longer invalidating the entire file
• Voice mode: keybindings bound to Caps Lock now show an error since terminals don't deliver Caps Lock as a key event

v2.1.121

Compare Source

• Added alwaysLoad option to MCP server config — when true, all tools from that server skip tool-search deferral and are always available
• Added claude plugin prune to remove orphaned auto-installed plugin dependencies; plugin uninstall --prune cascades
• Added a type-to-filter search box to /skills so you can find a skill in long lists without scrolling
• PostToolUse hooks can now replace tool output for all tools via hookSpecificOutput.updatedToolOutput (previously MCP-only)
• Fullscreen mode: typing into the prompt no longer jumps scroll back to the bottom after you've scrolled up to read earlier output
• Dialogs that overflow the terminal are now scrollable with arrow keys, PgUp/PgDn, home/end, and mouse wheel in both fullscreen and non-fullscreen modes
• Clicking any line of a long URL that wraps across rows in fullscreen mode now opens the full URL
• SDK and claude -p: CLAUDE_CODE_FORK_SUBAGENT=1 now works in non-interactive sessions
• --dangerously-skip-permissions no longer prompts for writes to .claude/skills/, .claude/agents/, and .claude/commands/
• /terminal-setup now enables iTerm2's "Applications in terminal may access clipboard" setting so /copy works, including from tmux
• MCP servers that hit a transient error during startup now auto-retry up to 3 times instead of staying disconnected
• The terminal tab session title is now generated in your configured language setting
• Claude.ai connectors with the same upstream URL are now deduplicated instead of appearing as duplicates
• Vertex AI: support X.509 certificate-based Workload Identity Federation (mTLS ADC)
• Faster startup after upgrading: removed the Recent Activity panel from the release-notes splash
• LSP diagnostic summaries now expand on click/ctrl+o and show the expand hint
• SDK: mcp_authenticate now supports redirectUri for custom scheme completion and claude.ai connectors
• OpenTelemetry: added stop_reason, gen_ai.response.finish_reasons, and user_system_prompt (gated behind OTEL_LOG_USER_PROMPTS) to LLM request spans
• [VSCode] Voice dictation now respects the accessibility.voice.speechLanguage setting when no Claude Code language is configured
• [VSCode] /context now opens a native token usage dialog
• Fixed unbounded memory growth (multi-GB RSS) when processing many images in a session
• Fixed /usage leaking up to ~2GB of memory on machines with large transcript histories
• Fixed memory leak when long-running tools fail to emit a clear progress event
• Fixed Bash tool becoming permanently unusable when the directory Claude was started in is deleted or moved mid-session
• Fixed --resume crashing on startup in external builds
• Fixed --resume failing on large sessions when a transcript line was corrupted by an unclean shutdown — the corrupt line is now skipped
• Fixed thinking.type.enabled is not supported error when using Bedrock application inference profile ARNs
• Fixed Microsoft 365 MCP OAuth failing with duplicate or unsupported prompt parameter
• Fixed scrollback duplication when pressing Ctrl+L or triggering a redraw in non-fullscreen mode on tmux, GNOME Terminal, Windows Terminal, and Konsole
• Fixed claude.ai MCP connectors silently disappearing when the connector-list fetch hits a transient auth error at startup
• Fixed "Always allow" rules for built-in tools in remote sessions not surviving worker restarts
• Fixed NO_PROXY not being respected for all HTTP clients when set via managed-settings.json under the native build
• Fixed managed settings approval prompt exiting the session even when accepted — now applies settings and continues
• Fixed /usage returning "rate limited" after a stale OAuth token — now refreshes automatically
• Fixed invalid legacy enum values in settings.json invalidating the entire settings file
• Fixed /usage dialog content being clipped when no-flicker mode is off
• Fixed /focus showing "Unknown command" when the fullscreen renderer is off — now explains how to enable it
• Fixed embedded grep/find/rg shell wrappers failing when the running binary is deleted mid-session — now falls back to installed tools
• Reduced peak file descriptor usage during find in the Bash tool on large directory trees

v2.1.120

Compare Source

• Windows: Git for Windows (Git Bash) is no longer required — when absent, Claude Code uses PowerShell as the shell tool
• Added claude ultrareview [target] subcommand to run /ultrareview non-interactively from CI or scripts — prints findings to stdout (--json for raw output) and exits 0 on completion or 1 on failure
• Skills can now reference the current effort level with ${CLAUDE_EFFORT} in their content
• Set AI_AGENT environment variable for subprocesses so gh can attribute traffic to Claude Code
• Spinner tips that recommend installing the desktop app or creating skills/agents are now hidden when you already have them
• Show a "use PgUp/PgDn to scroll" hint when the terminal sends arrow keys instead of scroll events
• Faster session start when you have many claude.ai connectors configured but not authorized
• The auto mode denial message now links to the configuration docs
• claude plugin validate now accepts $schema, version, and description at the top level of marketplace.json and $schema in plugin.json
• Auto-compact in auto mode now displays auto (lowercase, no token count) instead of a misleading token value
• Fixed pressing Esc during a stdio MCP tool call closing the entire server connection (regression in 2.1.105)
• Fixed /rewind and other interactive overlays not responding to keyboard input after launching with claude --resume
• Fixed terminal scrollback duplication in non-fullscreen mode (resize, dialog dismiss, long sessions)
• Fixed DISABLE_TELEMETRY / CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC not suppressing usage metrics telemetry for API and enterprise users
• Fixed false-positive "Dangerous rm operation" permission prompts in auto mode for multi-line bash commands containing both a pipe and a redirect
• Fixed long selection menus clipping below the terminal in fullscreen mode — the focused option now stays on screen as you scroll
• Fixed Write tool output collapsing instead of expanding when clicking "+N lines" in fullscreen
• Fixed slash command picker jumping while typing, and improved highlight to only match contiguous substrings in blue
• Fixed /plugin marketplace failing to load when one entry uses an unrecognized source format — that entry is shown but installing it prompts you to update
• [VSCode] /usage now opens the native Account & Usage dialog instead of returning plain-text session cost
• [VSCode] Voice dictation now respects the language setting in ~/.claude/settings.json
• Fixed find in the Bash tool exhausting open file descriptors on large directory trees, causing host-wide crashes (macOS/Linux native builds)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

This PR updates Claude Code from v2.1.119 to v2.1.131, spanning 12 patch releases (v2.1.120 through v2.1.131). Key changes include:

New Features:

• Added --plugin-url flag for fetching plugin archives from URLs (v2.1.129)
• Added claude ultrareview subcommand for non-interactive PR reviews (v2.1.120)
• Added claude project purge command for cleaning project state (v2.1.126)
• Added PowerShell tool support on Windows (v2.1.120, v2.1.126)
• Gateway model discovery support via /v1/models endpoint (v2.1.126)
• Plugin management enhancements: alwaysLoad option for MCP servers (v2.1.121)
• Bedrock service tier selection via ANTHROPIC_BEDROCK_SERVICE_TIER (v2.1.122)

Bug Fixes:

• Critical: Fixed VS Code extension activation failure on Windows due to hardcoded build paths (v2.1.131)
• Critical: Fixed Mantle endpoint authentication with missing x-api-key header (v2.1.131)
• Security: Fixed allowManagedDomainsOnly/allowManagedReadPathsOnly being ignored (v2.1.120)
• Fixed OAuth authentication failures in multiple scenarios (v2.1.120, v2.1.123)
• Fixed memory leaks in image processing and large transcript sessions (v2.1.121, v2.1.120)
• Fixed numerous tool-specific issues (WebFetch, WebSearch, Agent tool, Bash tool)
• Fixed file descriptor exhaustion on large directory trees (v2.1.120)
• Fixed auto mode permission handling (v2.1.120)

Enhancements:

• Improved error messages and user feedback
• Better OpenTelemetry instrumentation
• Performance optimizations for session startup and file operations
• Enhanced MCP server handling and reconnection logic

No Breaking Changes: All changes maintain backward compatibility. No API changes, command-line flag removals, or configuration format changes.

🎯 Impact Scope Investigation

Direct Usage Analysis:

The project uses Claude Code in two primary contexts:

1. CI/CD Pipeline (.github/workflows/posts.yml):

   • Uses claude --print with skills: /collect-news, /summarize-news, /review-post
   • Command-line flags used: --model, --settings, --allowed-tools, --permission-mode, --output-format, --verbose
   • All flags remain stable across versions (confirmed by release notes)
   • Skills defined in .claude/skills/ directory are invoked, not affected by version changes

2. Renovate Review Workflow (.github/workflows/claude-renovate-review.yml):

   • Uses koki-develop/claude-renovate-review@e7cbeb9 action
   • Provides claude-code-oauth-token and allowed-tools configuration
   • No direct CLI invocation, action handles version management

Tool and Flag Stability:

• All CLI flags used in workflows (--model, --settings, --allowed-tools, --permission-mode, --output-format, --verbose) are unchanged
• Agent tool (used extensively in skills) received bug fixes but no breaking changes
• WebFetch and WebSearch tools (used in all three skills) received fixes and improvements without API changes
• Read, Glob, Write, Edit, Bash tools remain stable

Dependency Impact:

• Managed via mise/aqua in mise.toml - version bump is isolated
• No transitive dependency changes
• No configuration file format changes required

OAuth Authentication:

• Workflow uses CLAUDE_CODE_OAUTH_TOKEN secret
• Multiple OAuth fixes in this release improve authentication reliability (v2.1.120, v2.1.123)
• No changes required to token format or usage

Skill Compatibility:

• All three custom skills (collect-news, summarize-news, review-post) use standard tool APIs
• Skills use allowed-tools declarations that map to stable tool names
• No tool API changes that would affect skill execution

💡 Recommended Actions

Immediate Actions:

1. ✅ Merge without modifications - This is a safe patch update with no breaking changes
2. ✅ No code changes required - All existing CLI invocations, flags, and skills remain compatible
3. ✅ No configuration updates needed - The mise.toml change is the only required modification (already in PR)

Post-Merge Validation:

• Monitor the next scheduled run of .github/workflows/posts.yml (runs at 02:00, 10:00, 18:00 JST daily)
• Verify that all three skills execute successfully: /collect-news, /summarize-news, /review-post
• Check workflow logs for any authentication issues (OAuth improvements should enhance stability)

Benefits of This Update:

• Improved reliability: OAuth authentication fixes reduce potential authentication failures in CI
• Better error handling: Enhanced error messages will make debugging easier if issues occur
• Memory leak fixes: Prevents unbounded memory growth during long-running operations
• Security improvements: Fixes to sandbox permission enforcement
• Performance gains: Faster session startup and reduced file descriptor usage

No Migration Steps Required: This is a drop-in replacement with backward compatibility maintained across all 12 patch versions.

🔗 Reference Links

• Claude Code v2.1.131 Release Notes
• Claude Code v2.1.120 Release Notes
• Full Changelog v2.1.119...v2.1.131
• Project CI Workflow
• Claude Skills Directory

Generated by koki-develop/claude-renovate-review