Version 2.0.77

Claude Code now gracefully handles broken pipe (EPIPE) errors when output is piped to another process that closes early.

claude -p "list files" | head -1  # No longer crashes if head closes early

• Prevents crashes when Claude Code's output is piped to a process that terminates before reading all output
• Automatically destroys stdout/stderr streams on EPIPE instead of throwing an uncaught error
• Improves CLI scripting reliability

HS0() at line 519 (EPIPE handler, contains "EPIPE")

Enterprises can now configure MCP servers in exclusive mode, preventing users from adding custom MCP servers.

Usage: Configured via enterprise policy. When active, users see:

Cannot add MCP server: enterprise MCP configuration is active and has exclusive control over MCP servers

• Allows enterprises to lock down MCP server configuration
• Users cannot add MCP servers via /mcp command or config files when active
• Provides clear error messaging about why server addition is blocked

jd() at line 398745 (MCP server add function, contains "enterprise MCP configuration is active and has exclusive control over MCP servers")

API key users can now specify custom beta headers, with validation against an allowlist.

• Only the context-1m-2025-08-07 beta is currently allowed
• Warnings are shown for disallowed beta headers
• OAuth users cannot use custom betas (server-controlled)

JrQ() at line 140738 (beta validation, contains "Custom betas are only available for API key users")

Performance monitoring has been added for operations that may cause UI lag or delays:

• JSON.stringify, JSON.parse, and structuredClone operations now log warnings when they take >200ms
• fs.writeFileSync operations include size information in slow operation warnings
• execSync shell commands are monitored for slow execution
• All slow operations are reported via telemetry for aggregate analysis

duA() at line 3224 (slow operation wrapper, contains "[SLOW OPERATION DETECTED]")

OAuth authentication now attempts to recover from 401 errors by re-reading credentials from the system keychain.

• When a 401 error occurs, Claude Code checks if the keychain has newer credentials
• If different credentials are found, they're used without requiring re-authentication
• Reduces unnecessary login prompts when tokens are refreshed externally
• Telemetry event: tengu_oauth_401_recovered_from_keychain

C1B() at line 146443 (OAuth recovery, contains "tengu_oauth_401_recovered_from_keychain")

The max tokens calculation now correctly handles Claude Sonnet 4 models using the 1M context beta.

• Previously only models with [1m] in the name got 1M max tokens
• Now also applies when context-1m-2025-08-07 beta header is used with claude-sonnet-4 models
• Enables proper token limits for Sonnet 4 + 1M context combinations

R$() at line 1818 (max tokens calculation, contains "claude-sonnet-4" and T8A)

All filesystem operations now include descriptive context in debug logs.

• Operations like readFileSync, writeFileSync, symlinkSync now log with path information
• Improved format: readFileSync(/path/to/file) instead of just readFileSync
• Helps diagnose file-related issues in debug mode

CQ variable at line 2388 (filesystem wrapper, contains descriptive operation strings)

Added function to cleanly remove plugin-sourced hooks while preserving non-plugin hooks.

• sy0() function filters out hooks that have a pluginRoot property
• Enables proper plugin unloading without affecting built-in hooks
• Improves plugin lifecycle management

sy0() at line 2270 (plugin hooks cleanup, filters by "pluginRoot")

New timeout configuration validator with sensible defaults and caps.

• Default: 30000ms (30 seconds)
• Maximum: 150000ms (2.5 minutes)
• Invalid values fall back to default with a warning
• Values exceeding maximum are capped with a notice

sx0() at line 1741 (timeout validator, contains "Invalid value", "Capped from")

• Fixed potential crash when OAuth tokens expire and keychain has updated credentials (C1B() at line 146443)
• Improved handling of model region prefixes (us, eu, apac, global) for Bedrock deployments (Ad1() at line 139167, MoQ() at line 139171)

The following changes are internal and don't affect user-facing functionality:

• AJV JSON Schema Validator: The large AJV library (~5000+ lines) has been removed. Schema validation now uses a different approach (likely Zod which was already present)
• Terminal Setup Helpers: Functions for configuring iTerm2, WezTerm, Ghostty, and Kitty Shift+Enter bindings have been removed from the diff (the /terminal-setup command still exists but implementation may have changed)
• Keychain Delete Sync: The synchronous UsQ() keychain delete function was replaced with an async version J1B()

• YAML Parser: A full YAML parsing library has been bundled (likely for reading .yml/.yaml config files)

• Zod schema validation error messages now use .issues instead of .errors property
• Cache invalidation function fl() added for OAuth credential cache
• Various dependency updates (google-auth-library version string changes)