Claude Code v2.1.126 (May 1, 2026): claude project purge, gateway-aware /model, OAuth paste login, managed-sandbox security fix
Claude Code v2.1.126 adds claude project purge to delete local state, lists gateway /v1/models in /model when using ANTHROPIC_BASE_URL, lets claude auth login accept pasted OAuth codes for SSH/WSL/containers, expands dangerously-skip-permissions for protected paths, and ships a managed-sandbox security fix.
Editorial Team
The AI Coding Tools Directory editorial team researches and reviews AI-powered development tools to help developers find the best solutions for their workflows.
Claude shipped Claude Code v2.1.126 on May 1, 2026. It’s a wide "hardening" release, but a few changes are especially relevant if you run Claude Code inside enterprise environments, remote dev setups, or AI gateways.
Anthropic's terminal-based AI coding agent with Claude Opus 4.7, /ultrareview, Routines, /ultraplan, and 80.9% SWE-bench
TL;DR
claude project purge [path]: delete all local Claude Code state for a project (transcripts, tasks, file history, config entry).- Gateway-aware
/model: whenANTHROPIC_BASE_URLpoints at an Anthropic-compatible gateway,/modellists models from that gateway’s/v1/models.- OAuth paste login:
claude auth loginnow accepts the OAuth code pasted into the terminal when the browser callback can’t reach localhost (SSH, WSL2, containers).- Permissions bypass expansion:
--dangerously-skip-permissionsnow bypasses prompts for writes to.claude/,.git/,.vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt).- Security fix: fixed
allowManagedDomainsOnly/allowManagedReadPathsOnlypotentially being ignored in a managed-settings precedence edge case.
Quick Answer
If you only read one line: v2.1.126 makes Claude Code login and recovery more reliable in real-world dev environments (SSH/WSL/containers, laptops that sleep mid-request), and adds a first-class “reset this project” command via claude project purge.
To update, run claude update.
What Shipped in v2.1.126 (high-signal items)
| Change | Why it matters |
|---|---|
claude project purge [path] |
Reset a project cleanly by deleting transcripts, tasks, file history, and config entry — useful when you want a fresh start or need to remove local state. |
/model reads gateway /v1/models |
If you route Claude Code through an Anthropic-compatible gateway via ANTHROPIC_BASE_URL, you can now discover the gateway’s model list directly in the picker. |
| OAuth code paste support | Fixes a common failure mode when localhost callbacks don’t work (SSH, WSL2, containers). |
Expanded --dangerously-skip-permissions |
Removes more “are you sure?” prompts for writes to protected paths; useful for automation, but increases blast radius if misused. |
| Managed-sandbox policy enforcement fix | Important for enterprise policy controls that restrict where the tool can read and what domains it can contact. |
claude project purge: delete project state
claude project purge [path] is the new "reset" command. It deletes all Claude Code state for a given project — including transcripts, tasks, file history, and the related config entry — and supports --dry-run, -y/--yes, -i/--interactive, and --all.
This is helpful if:
- you want to restart work without carrying over prior transcripts,
- you have a project whose state has become confusing,
- you’re cleaning up local traces on shared machines.
Gateway-aware /model (via ANTHROPIC_BASE_URL)
Many teams run Claude Code through a gateway for logging, routing, or unified credentials. In v2.1.126, the /model picker can now list models from your gateway’s /v1/models endpoint when ANTHROPIC_BASE_URL is set to an Anthropic-compatible gateway.
OAuth login works in SSH/WSL/containers
OAuth login issues are a frequent onboarding blocker in remote environments. v2.1.126 adds a practical fallback: claude auth login can accept the OAuth code pasted into the terminal when the browser callback can’t reach localhost (explicitly called out for WSL2, SSH, and containers).
Permissions bypass got broader
This version expands what --dangerously-skip-permissions bypasses: prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths are now skipped.
That can reduce friction for power users, but it’s also a reminder to treat this flag as “automation-grade” and keep it out of untrusted sessions.
Security fix: managed sandbox enforcement edge case
Anthropic notes a security fix: allowManagedDomainsOnly / allowManagedReadPathsOnly could be ignored if a higher-priority managed-settings source lacked a sandbox block. v2.1.126 fixes that precedence edge case.
Sources
- Claude Code changelog (official): https://code.claude.com/docs/en/changelog
- Claude Code CLI reference (official): https://code.claude.com/docs/en/cli-reference
Tools Mentioned in This Article
Free Resource
2026 AI Coding Tools Comparison Chart
Side-by-side comparison of features, pricing, and capabilities for every major AI coding tool.
No spam, unsubscribe anytime.
Workflow Resources
Cookbook
AI-Powered Code Review & Quality
Automate code review and enforce quality standards using AI-powered tools and agentic workflows.
Cookbook
Building AI-Powered Applications
Build applications powered by LLMs, RAG, and AI agents using Claude Code, Cursor, and modern AI frameworks.
Cookbook
Building APIs & Backends with AI Agents
Design and build robust APIs and backend services with AI coding agents, from REST to GraphQL.
Cookbook
Debugging with AI Agents
Systematically debug complex issues using AI coding agents with structured workflows and MCP integrations.
MCP Server
AWS MCP Server
Interact with AWS services including S3, Lambda, CloudWatch, and ECS from your AI coding assistant.
MCP Server
Context7 MCP Server
Fetch up-to-date library documentation and code examples directly into your AI coding assistant.
MCP Server
Docker MCP Server
Manage Docker containers, images, and builds directly from your AI coding assistant.
MCP Server
Figma MCP Server
Access Figma designs, extract design tokens, and generate code from your design files.
Frequently Asked Questions
What is the biggest new command in Claude Code 2.1.126?
What changed about OAuth login?
Is there a security fix in this release?
Related Articles
Gemini API April 2026 Update: Flex/Priority Tiers, Deep Research with MCP, embedding-2 GA, gemini-3.1-flash-tts-preview
April 2026 in the Gemini API: new Flex and Priority inference tiers (Apr 1), gemini-3.1-flash-tts-preview (Apr 15), Deep Research updates with MCP server integration and File Search (Apr 21), gemini-embedding-2 GA (Apr 22), and the gemini-robotics-er-1.5-preview shutdown (Apr 30).
Read more →NewsCursor SDK (April 29, 2026): Build Programmatic Agents with the Same Runtime That Powers Cursor
Cursor launched a TypeScript SDK on April 29, 2026 that exposes the same agent runtime, harness, and models that power the Cursor IDE. Run agents locally or on Cursor's cloud, integrate them into your own apps, and reach for any frontier model behind a single interface.
Read more →NewsClaude Code v2.1.120 → v2.1.123 (April 28–29, 2026): claude ultrareview in CI, Windows Without Git Bash, MCP alwaysLoad, plugin prune
Claude Code's late-April 2026 point releases (v2.1.120–v2.1.123) make /ultrareview runnable from CI as a non-interactive subcommand, drop the Git Bash requirement on Windows in favor of PowerShell, add an alwaysLoad option for MCP servers, and ship claude plugin prune for orphaned plugin dependencies.
Read more →