Claude Code v2.1.126 — project purge, Gateway Model Picker, and What's Actually New#

Published on May 1, 2026

Part of the Claude Code Version Tracker series. | Official Env Vars | Official Changelog

Versions 2.1.124 and 2.1.125 were internal builds — no public changelog entries, consistent with the recurring skipped-version pattern. v2.1.126 is where the work lands: a new claude project purge command that finally lets you start clean, a gateway-aware model picker, --dangerously-skip-permissions covering the last holdout paths for CI, OAuth codes you can paste in directly from constrained environments, and a meaningful cluster of bug fixes including stream timeouts after sleep, broken CJK text on Windows, and a security regression in managed sandbox enforcement.^[1]

claude project purge — start completely clean#

claude project purge [path] deletes everything Claude Code has accumulated for a project: transcripts, tasks, file history, and the project's config entry. Flags give you surgical control — --dry-run to preview what would go, -y/--yes to skip the confirmation prompt, -i/--interactive for per-item selection, --all to wipe every project at once.

This fills the one real gap in Claude Code's project lifecycle. Previously there was no supported path to a clean slate — you had to manually hunt down and delete ~/.claude/ entries, which wasn't documented and easy to get wrong. Now it's one command. Useful for sensitive projects where transcript cleanup is a compliance requirement, for resetting CI/test environments, or for the routine hygiene of removing state from repos you've moved on from.

Gateway model picker: it now shows what your gateway actually has#

When ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway, the /model picker now queries that gateway's /v1/models endpoint and lists what it actually serves — instead of showing Anthropic's public default catalog.

Previously, if you ran Claude Code through an enterprise gateway or a self-hosted proxy, you had to know your gateway's exact model identifiers and type them manually. The picker showed you models you couldn't use and hid models you could. Now it reflects your actual environment. This is a small change with a large quality-of-life impact for anyone working behind a gateway.

--dangerously-skip-permissions reaches the last holdouts#

This flag has been progressively expanded across recent releases. v2.1.126 extends it to writes targeting .claude/, .git/, .vscode/, and shell config files — paths that continued prompting even with the flag set. Catastrophic removal commands still produce a safety-net prompt regardless.

The practical payoff: fully non-interactive CI pipelines that initialize Claude Code, commit generated configs, and set up editor integration no longer stall. Previously, any pipeline step that touched these paths would halt and wait for a human to approve — defeating the point of automation. Now it goes through.

OAuth paste-in for WSL2, SSH, and containers#

claude auth login now accepts the OAuth authorization code pasted directly into the terminal when the browser can't redirect back to localhost. This covers the three most common cases where that redirect fails: WSL2 (where the Windows browser and the Linux runtime don't share a localhost), SSH sessions, and containers.

Before this, these environments often required awkward workarounds — port forwarding, manual token extraction, or living with certificate errors. Now the flow is: copy the code from the browser, paste it into the terminal, done. The code is validated against the in-flight OAuth state, so it's cryptographically equivalent to a browser callback.

Security fix: managed sandbox restrictions were silently dropping#

When a higher-priority managed-settings source (typically an org-level policy file) lacked a sandbox block entirely, the allowManagedDomainsOnly and allowManagedReadPathsOnly restrictions from lower-priority sources were being silently ignored.

In practice: if your org policy file had no sandbox key, the domain and path allow-lists you'd set at the user level stopped enforcing — with no error, no warning, and no indication anything had changed. If your deployment uses managed sandbox settings, confirm your org-level policy file includes an explicit sandbox block.

Other fixes worth knowing#

• Stream idle timeout after sleep — mid-flight requests when a Mac woke from sleep, and background or Remote Control sessions during long model thinking pauses, were incorrectly timing out and aborting. Fixed.
• Image paste breaking sessions — pasting an image larger than 2000px would break the session entirely. Images are now downscaled on paste; oversized images already in conversation history are automatically removed and the request retried.
• Windows clipboard exposure — clipboard writes were leaking copied content into process command-line arguments visible to EDR/SIEM tooling. Also fixes selections over 22KB failing to reach the clipboard. Fixed.
• CJK text on Windows — Japanese, Korean, and Chinese characters were rendering as garbled output in no-flicker mode. Fixed.
• Ctrl+L clearing the prompt — was erasing your input instead of forcing a screen redraw. Now matches readline convention.
• Deferred tools unavailable in fork subagents — WebSearch, WebFetch, and other deferred tools weren't available to skills running with context: fork on their first turn. Fixed.
• Agent SDK hang on malformed tool names — the SDK would silently hang when the model emitted a malformed tool name in a parallel tool call batch. Fixed.

Under the hood: cold compaction and why it's been a long time coming#

One new internal variable appeared in this release: CLAUDE_CODE_COLD_COMPACT. It's not a setting you configure directly, but the problem it solves has a long history worth understanding.

What compaction actually does#

Compaction replaces the conversation history with a summary — a hard semantic break. The official docs describe what survives: project-root CLAUDE.md is re-read from disk and re-injected; path-scoped rules reload the next time Claude opens a matching file; skill descriptions are not re-injected (only skills you actually invoked during the session are preserved). Everything else — file reads, tool outputs, intermediate reasoning — becomes the compacted summary.^[2]

Standard auto-compaction triggers when the context window approaches a threshold (CLAUDE_AUTOCOMPACT_PCT_OVERRIDE configures where that fires). The system monitors window usage during an active session and compacts when there's still enough headroom to run the compaction call itself.

The compaction bug history#

Compaction has been Claude Code's most persistently broken subsystem. A partial audit from the changelog:

• v2.1.89 / v2.1.98: Two separate fixes for the "autocompact thrash loop" — the session compacts, the rebuilt context immediately fills the window again, which triggers another compact, which refills, which triggers another compact. An infinite loop that drains quota and makes the session unusable.
• v2.1.101: Compaction was writing duplicate multi-MB subagent transcript files on prompt-too-long retries — a compaction pass on a large agentic session could multiply the disk footprint.
• v2.1.105: PreCompact hooks added — the first way to block compaction programmatically, by exiting with code 2.
• v2.1.107: "Fixed compacting a resumed long-context session failing with 'Extra usage required'" — resuming a session and then compacting it triggered a separate error about token budget.
• v2.1.111: "Fixed /compact failing with 'context exceeded' when the conversation has grown too large" — attempting to compact an oversized session would itself fail because the compaction prompt exceeded the context window.

GitHub issue #6004 documents the worst-case outcome: an infinite compaction loop where task state is lost on every pass. Claude restarts the workflow by re-reading files to recover context, which fills the window again, which triggers another compact. The fix in v2.1.98 was detecting when context refills to the limit immediately after compaction.

The cache-after-compaction problem#

Issue #29230 (filed as P1 against v2.1.62) identified a separate class of compaction failure: stale KV cache served into post-compaction turns. The key quote:

"Context compaction replaces conversation history with a summary — a hard semantic break. Any prefix cached before compaction is guaranteed stale after it. The v2.1.62 cache fix increased KV hit rates without adding a compaction-event invalidation trigger, so stale pre-compaction prefixes are now served into post-compaction turns."

The model has no mechanism to detect staleness — cached context is indistinguishable from current context — so it continues executing cached task plans with high confidence even after the user explicitly says to stop. The fix requires that any cached prefix assembled before a compaction event be dropped; the compacted summary is a new context root.

Why "cold" is a distinct and harder case#

All the bugs above happen during hot compaction: an active session with a live context window, a warm prompt cache, and a running process. The system has full context about where it is when compaction fires.

Cold compaction is different. It runs when a session is being initialized or resumed with no warm context. This happens in three concrete scenarios:

1. Daemon resumption: the background daemon (confirmed in v2.1.118–v2.1.123 via CLAUDE_BG_RENDEZVOUS_SOCK and CLAUDE_CODE_DAEMON_COLD_START) picks up a session that another process previously held. It inherits raw transcript but has no live context window.

2. Bridge reattachment: a client reconnects via CLAUDE_BRIDGE_REATTACH_SESSION after a long disconnect where the prompt cache expired. The cache TTL is 1 hour; any session idle longer than that is already cold.

3. After sleep: the same scenario that caused the "stream idle timeout after sleep" bug fixed in this very release. The Mac woke from sleep; the in-flight stream was gone; the context window is cold.

Without CLAUDE_CODE_COLD_COMPACT, a process resuming one of these cold sessions faces a dilemma: load the full raw transcript (potentially hundreds of MB for a long agentic session) before it can compact, which defeats the efficiency purpose of resumption; or skip compaction and hand the client an uncompacted window that will hit the thrash loop immediately. With the flag, the daemon can run compaction atomically from a standing start — no warm prefix to invalidate, no live session state to corrupt.

There's a secondary benefit: cold compaction sidesteps the cache-invalidation race described in issue #29230. Hot compaction has to atomically invalidate a warm cache prefix at the moment compaction fires; miss that window and stale context gets served. Cold compaction has no live cache to invalidate — the cache is already cold — making it structurally safer than compacting a warm session.

The "stream idle timeout after sleep" fix and CLAUDE_CODE_COLD_COMPACT landing in the same release isn't a coincidence. Both address the same underlying condition: a session that was alive, went cold, and needs to be usable again. The timeout fix handles the network layer; cold compact handles the context layer.

What this means for you in plain English#

You open your laptop after lunch. Claude Code was mid-session when you closed the lid. Before this release, one of two things happened: the session resumed but started behaving oddly because it was working from stale context (the issue #29230 scenario — it confidently told you things that were no longer true), or it timed out entirely and you lost your place.

After this release, the daemon can wake up, look at the cold transcript, summarize it cleanly into a compact from scratch, and hand you a fresh context that accurately reflects where things stood — without any of the corruption risks that affect compaction mid-session. You resume, Claude is oriented, and the session is usable.

The same applies to longer gaps: leave a background agent task running overnight, come back in the morning, reconnect via Remote Control on your phone. The session was cold long before you reconnected. Previously that meant a risky resumption or a dead session. With cold compaction in place, the daemon handles the context hygiene before you arrive. You pick up where you left off.

The tldr: sessions that go cold — after sleep, after a long break, after a network drop — should resume cleanly and stay oriented instead of going stale or dying.

Sources#

1. Claude Code Official Changelog — v2.1.126 release notes
2. What survives compaction — Claude Code docs — official context window documentation
3. MAJOR BUG: Claude Code Stuck in Infinite Compaction Loop — GitHub Issue #6004
4. Server-Side KV Cache Stale Context Regression (P1) — GitHub Issue #29230

This analysis is conducted for independent security research and interoperability purposes under fair use principles. All trademarks belong to their respective owners. The information presented here documents publicly observable behavior of installed software and is not intended to circumvent any technological protection measures, infringe on intellectual property rights, or encourage unauthorized use. Use these findings at your own discretion.

Related Versions#

• Claude Code v2.1.114 — Native binary launcher, /fewer-permission-prompts, Agent Teams
• Claude Code v2.1.108 — REPL variants, skill discovery, limits reckoning
• Claude Code v2.1.107 — Worktrees, away mode, stream resilience
• Claude Code v2.1.104 — Enterprise TLS and SDK OAuth
• Claude Code v2.1.100 — Context token limits, Perforce VCS, script caps

Related: Context Window Management Guide | Claude Code Productivity Tips | The Agentic Engineering Playbook