Claude Code 2.1.118: Custom themes, vim modes, MCP fixes

TL;DR

• Added vim visual mode (v/V) with full selection and operator support
• Custom themes now creatable via /theme command or JSON editing
• Major MCP OAuth fixes: token expiry, scope handling, keychain race conditions
• Breaking: /cost and /stats merged into /usage (shortcuts still work)

New

• vim visual mode — v for character selection, V for line selection, with operators and visual feedback
• /theme command — create and switch named custom themes, or hand-edit JSON in ~/.claude/themes/; plugins can ship themes via themes/ directory
• MCP tool hooks — hooks can now invoke MCP tools directly with type: "mcp_tool"
• $defaults in auto mode rules — include "$defaults" in autoMode.allow, autoMode.soft_deny, or autoMode.environment to extend built-in rules instead of replacing them
• Don't ask again option — auto mode opt-in prompt now offers persistent dismissal
• claude plugin tag — create release git tags for plugins with version validation
• --continue/--resume improvements — now find sessions that added the current directory via /add-dir
• /color sync — session accent color now syncs to claude.ai/code when Remote Control is connected
• Model picker overrides — honors custom gateway settings via anthropic_default_*_model_name env vars
• Plugin skip visibility — auto-update skips due to version constraints now appear in /doctor and /plugin errors tab
• Update blocking — new disable_updates env var blocks all update paths including manual claude update
• WSL Windows settings inheritance — WSL can now inherit Windows-side managed settings via wslInheritsWindowsSettings policy

Fixed

• MCP OAuth servers with missing expires_in no longer require re-authentication every hour
• MCP step-up authorization now prompts for re-consent instead of silently refreshing when server names a scope the token already has
• MCP OAuth flow timeout/cancellation no longer causes unhandled promise rejection
• MCP OAuth refresh now uses proper cross-process locking under contention
• macOS keychain race where concurrent MCP token refresh could overwrite freshly-refreshed OAuth token, causing unexpected "Please run /login" prompts
• OAuth token refresh failing when server revokes token before local expiry
• MCP menu hiding OAuth actions for servers with headersHelper; HTTP/SSE MCP servers with custom headers stuck in "needs authentication" after transient 401
• Linux/Windows credential save crash corrupting ~/.claude/.credentials.json
• /login having no effect in sessions launched with claude_code_oauth_token env var — env token now cleared so disk credentials take effect
• Plan acceptance dialog offering "auto mode" instead of "bypass permissions" when running with --dangerously-skip-permissions
• Agent-type hooks failing with "Messages are required" when configured for events other than Stop or SubagentStop
• prompt hooks re-firing on tool calls made by agent-hook verifier subagent
• /fork writing full parent conversation to disk per fork — now writes pointer and hydrates on read
• Alt+K / Alt+X / Alt+^ / Alt+_ freezing keyboard input
• Remote session connection overwriting local model setting in ~/.claude/settings.json
• typeahead showing "No commands match" error when pasting file paths starting with /
• plugin install on already-installed plugin not re-resolving dependency at wrong version
• File watcher unhandled errors on invalid paths or fd exhaustion
• Remote Control sessions getting archived on transient CCR initialization blips during JWT refresh
• subagents resumed via SendMessage not restoring explicit cwd they were spawned with
• Text readability in "new messages" scroll pill and /plugin badges

Breaking Changes

• /cost and /stats merged into /usage — both remain as typing shortcuts that open the relevant tab

Update: claude update

Source: Claude Code