Claude Code 2.1.113: Native CLI, Security Hardening

TL;DR

• CLI now uses native binaries instead of bundled JavaScript for better performance
• Major security hardening: stricter bash rules, macOS path protections, exec wrapper detection
• Fullscreen scrolling, readline-style line editing, and Remote Control improvements
• 30+ bug fixes including MCP timeout handling, markdown tables, and subagent streaming

New

• Native CLI binary — spawns per-platform native binaries instead of bundled JavaScript for faster startup and execution
• Sandbox domain blocking — sandbox.network.deniedDomains setting lets you block specific domains even when allowedDomains wildcards would permit them
• Fullscreen selection scrolling — Shift+↑/↓ now scrolls the viewport when extending selections past visible edges
• Readline-style line editing — Ctrl+A/Ctrl+E move to start/end of logical lines in multiline input; Windows gets Ctrl+Backspace for word deletion
• Clickable wrapped URLs — long URLs in responses and bash output stay clickable when wrapping across lines (OSC 8 hyperlinks)
• /loop improvements — Esc cancels pending wakeups; wakeups now display as "Claude resuming /loop wakeup" for clarity
• /extra-usage on Remote Control — now works from mobile/web clients
• @-file autocomplete on Remote Control — clients can query file suggestions
• /ultrareview speed boost — parallelized checks, diffstat in launch dialog, animated launching state

Fixed

• Subagents stalling mid-stream now fail with a clear error after 10 minutes instead of hanging silently
• Bash multi-line commands with comment-only first lines now show full command in transcript (UI-spoofing fix)
• cd <current-directory> && git no longer triggers permission prompts for no-op directory changes
• MCP concurrent-call timeout handling — fixed message for one tool call silently disarming another's watchdog
• Cmd-backspace / Ctrl+U now correctly deletes from cursor to line start
• Markdown tables no longer break when cells contain inline code with pipe characters
• Session recap no longer auto-fires while composing unsent text
• /copy "Full response" now aligns markdown table columns for GitHub/Notion/Slack pasting
• Messages typed while viewing running subagents no longer hidden from transcript or misattributed
• dangerouslyDisableSandbox now requires permission prompt instead of running commands silently
• /effort auto confirmation now says "Effort level set to max" to match status bar
• "Copied N chars" toast no longer overcounts emoji and multi-code-unit characters
• /insights no longer crashes with EBUSY on Windows
• Exit confirmation dialog now correctly labels one-shot scheduled tasks with countdown instead of "recurring"
• Slash/@ completion menu now sits flush against prompt border in fullscreen mode
• CLAUDE_CODE_EXTRA_BODY output_config.effort no longer causes 400 errors on subagent calls or Vertex AI
• Prompt cursor no longer disappears when NO_COLOR is set
• ToolSearch ranking fixed — pasted MCP tool names now surface actual tools instead of description matches
• Compacting resumed long-context sessions no longer fails with "Extra usage is required" error
• plugin install now reports range-conflict when dependency versions conflict with installed plugins
• "Refine with Ultraplan" now shows remote session URL in transcript
• SDK image content blocks that fail to process now degrade to text placeholder instead of crashing
• Remote Control sessions now stream subagent transcripts
• Remote Control sessions now archive when Claude Code exits
• Opus 4.7 via Bedrock Application Inference Profile ARN no longer throws thinking.type.enabled is not supported 400 error

Security

• macOS path protections — /private/{etc,var,tmp,home} paths now treated as dangerous removal targets under Bash(rm:*) allow rules
• Exec wrapper detection — bash deny rules now match commands wrapped in env, sudo, watch, ionice, setsid, and similar wrappers
• Find command restrictions — Bash(find:*) allow rules no longer auto-approve find -exec or -delete

Update via: npm install -g @anthropic-ai/claude-code@latest

Source: Claude Code