v2.1.133

Source: Anthropic Claude Code Date: 2026-05-07 URL: https://github.com/anthropics/claude-code/releases/tag/v2.1.133

Summary

Claude Code v2.1.133 adds a worktree.baseRef setting (fresh | head) to control whether worktrees branch from origin/<default> or local HEAD — the new default fresh reverts a behavior change introduced in v2.1.128. Also adds sandbox.bwrapPath/socatPath managed settings for Linux/WSL, a parentSettingsBehavior admin key for SDK policy merge control, and effort-level exposure to hooks via effort.level JSON and $CLAUDE_EFFORT env var. Key fixes: parallel session 401 after token refresh race, proxy/mTLS not applied to full MCP OAuth flow, Remote Control stop not fully canceling CLI sessions, /effort changes bleeding across concurrent sessions, and subagents not discovering project/user/plugin skills.

Implications

• Agent orchestration: the subagent skill-discovery fix is load-bearing for multi-agent setups — skills were silently unavailable to spawned agents until this release.
• Enterprise deployment: parentSettingsBehavior and sandbox.* path settings continue the managed/admin settings expansion; admins gain finer control over SDK-tier policy merging.
• Effort-level hooks: exposing $CLAUDE_EFFORT to Bash tool commands enables effort-conditional automation at the hook level — a new integration surface for workflow tooling.
• The MCP OAuth proxy fix closes a gap where enterprise proxy configurations were bypassed during token exchange, a security-relevant correctness issue.