Claude Code 2.1.101: Team Onboarding, TLS Fixes

TL;DR

• New `/team-onboarding` command generates ramp-up guides from your Claude Code usage
• OS CA certificate store now trusted by default — enterprise TLS proxies work without extra config
• Remote sessions auto-create cloud environments instead of requiring web setup
• Dozens of fixes: session resume context loss, subagent tool inheritance, plugin issues, keybinding crashes

New

• /team-onboarding command — generates a teammate ramp-up guide from your local Claude Code usage patterns.
• OS CA certificate store trust — enterprise TLS proxies now work by default without extra setup (set `CLAUDE_CODE_CERT_STORE=bundled` to revert to bundled CAs only).
• Auto-create cloud environments — `/ultraplan` and other remote-session features now auto-create a default cloud environment instead of requiring web setup first.

Improved

• Brief mode retry logic — now retries once when Claude responds with plain text instead of a structured message.
• Focus mode summaries — Claude writes more self-contained summaries since it knows you only see its final message.
• Tool-not-available errors — now explain why a tool isn't available and how to proceed.
• Rate-limit messages — show which limit was hit and when it resets instead of an opaque countdown.
• Refusal error messages — now include the API-provided explanation when available.
• Session resume with `/rename` — `claude -p --resume` now accepts session titles set via `/rename` or `--name`.
• Settings resilience — unrecognized hook event names in `settings.json` no longer cause the entire file to be ignored.
• Managed plugin hooks — hooks from force-enabled plugins now run when `allowManagedHooksOnly` is set.
• Plugin marketplace warnings — `/plugin` and `claude plugin update` now show a warning when the marketplace can't be refreshed instead of silently reporting a stale version.
• Plan mode UX — hides "Refine with Ultraplan" option when your org or auth setup can't reach Claude Code on the web.
• Beta tracing controls — now honors `OTEL_LOG_USER_PROMPTS`, `OTEL_LOG_TOOL_DETAILS`, and `OTEL_LOG_TOOL_CONTENT`; sensitive span attributes no longer emitted unless opted in.
• SDK query() cleanup — now cleans up subprocess and temp files when consumers `break` from `for await` or use `await using`.

Fixed

• Command injection vulnerability in the POSIX `which` fallback used by LSP binary detection.
• Memory leak where long sessions retained dozens of historical copies of the message list in the virtual scroller.
• `--resume`/`--continue` losing conversation context on large sessions when the loader anchored on a dead-end branch instead of the live conversation.
• `--resume` chain recovery bridging into an unrelated subagent conversation when a subagent message landed near a main-chain write gap.
• Crash on `--resume` when a persisted Edit/Write tool result was missing its `file_path`.
• Hardcoded 5-minute request timeout that aborted slow backends (local LLMs, extended thinking, slow gateways) regardless of `API_TIMEOUT_MS`.
• `permissions.deny` rules not overriding a PreToolUse hook's `permissionDecision: "ask"` — the hook could downgrade a deny into a prompt.
• `--setting-sources` without `user` causing background cleanup to ignore `cleanupPeriodDays` and delete conversation history older than 30 days.
• Bedrock SigV4 authentication failing with 403 when `ANTHROPIC_AUTH_TOKEN`, `apiKeyHelper`, or `ANTHROPIC_CUSTOM_HEADERS` set an Authorization header.
• `claude -w` failing with "already exists" after a previous session's worktree cleanup left a stale directory.
• Subagents not inheriting MCP tools from dynamically-injected servers.
• Sub-agents running in isolated worktrees being denied Read/Edit access to files inside their own worktree.
• Sandboxed Bash commands failing with `mktemp: No such file or directory` after a fresh boot.
• `claude mcp serve` tool calls failing with "Tool execution failed" in MCP clients that validate `outputSchema`.
• `RemoteTrigger` tool's `run` action sending an empty body and being rejected by the server.
• Multiple `/resume` picker issues: narrow default view hiding sessions from other projects, unreachable preview on Windows Terminal, incorrect cwd in worktrees, session-not-found errors not surfacing in stderr, terminal title not being set, and resume hint overlapping the prompt input.
• Grep tool ENOENT when the embedded ripgrep binary path becomes stale (VS Code extension auto-update, macOS App Translocation); now falls back to system `rg` and self-heals mid-session.
• `/btw` writing a copy of the entire conversation to disk on every use.
• `/context` Free space and Messages breakdown disagreeing with the header percentage.
• Multiple plugin issues: slash commands resolving to the wrong plugin with duplicate `name:` frontmatter, `/plugin update` failing with `ENAMETOOLONG`, Discover showing already-installed plugins, directory-source plugins loading from a stale version cache, and skills not honoring `context: fork` and `agent` frontmatter fields.
• `/mcp` menu offering OAuth-specific actions for MCP servers configured with `headersHelper`; Reconnect is now offered instead to re-invoke the helper script.
• `ctrl+]`, `ctrl+\`, and `ctrl+^` keybindings not firing in terminals that send raw C0 control bytes (Terminal.app, default iTerm2, xterm).
• `/login` OAuth URL rendering with padding that prevented clean mouse selection.
• Rendering issues: flicker in non-fullscreen mode when content above the visible area changed, terminal scrollback being wiped during long sessions in non-fullscreen mode, and mouse-scroll escape sequences occasionally leaking into the prompt as text.
• Crash when `settings.json` env values are numbers instead of strings.
• In-app settings writes (e.g. `/add-dir --remember`, `/config`) not refreshing the in-memory snapshot, preventing removed directories from being revoked mid-session.
• Custom keybindings (`~/.claude/keybindings.json`) not loading on Bedrock, Vertex, and other third-party providers.
• `claude --continue -p` not correctly continuing sessions created by `-p` or the SDK.
• Multiple Remote Control issues: worktrees removed on session crash, connection failures not persisting in the transcript, spurious "Disconnected" indicator in brief mode for local sessions, and `/remote-control` failing over SSH when only `CLAUDE_CODE_ORGANIZATION_UUID` is set.
• `/insights` sometimes omitting the report file link from its response.
• \[VSCode\] File attachment below the chat input not clearing when the last editor tab is closed.

Update via: claude upgrade or download from code.claude.com

Source: Claude Code