Version 2.1.176

A new footerLinks setting lets you define regex patterns that are matched against each turn's output (tool results and assistant text). When a pattern matches, the REPL footer shows a clickable badge linking to a URL built from named capture groups in the match.

• Configured in user, flag, or managed settings only (not project .claude/settings.json)
• Entries use type: "regex" with pattern, url, and optional label fields
• The url field is a URL template; {name} placeholders are filled from named regex capture groups (values are URL-encoded)
• The URL origin must be a literal https:// or http:// scheme — dynamic origins are rejected
• {name} in the label field is also filled from capture groups; defaults to the full match text
• The PR link badge (detected from the current git repo) is rendered as the first footer badge
• A dedicated URL template setting for PR links accepts {host}, {owner}, {repo}, {number}, {url} placeholders

Footer link scanner (search for "[footerLinks] pattern" and "repl_footer_links")

The subagent_type: "fork" value is now a named, explicitly-selectable agent type rather than the implicit default when no subagent_type is provided. This makes multi-agent code clearer and avoids accidental forking.

• Omitting subagent_type (when the fork experiment is active) previously implicitly created a fork; now the behavior is documented as explicit opt-in via "fork"
• Remote sessions cannot use isolation: "remote" with fork — a clear error is returned
• Other named agent types still start with zero context
• The Agent tool description has been updated to reflect this

Updated Agent tool description (search for "(except subagent_type: \"fork\")" and "Fork cannot use isolation: \"remote\"")

The Project tool (project_info, project_read, project_delete) now surfaces file uploads (PDFs, images, and other binary files) alongside text docs.

• project_info output now includes a ## Project files (N) section listing file uploads and a ## Synced sources (N) section listing connector-synced content (Google Drive, GitHub, Outline, MCP resources)
• project_read on a file upload returns a file_kind field; for document-type uploads (PDF, docx) it returns extracted text; for other types it returns empty content with a notice explaining that no text extract is available
• project_delete on a file upload now returns a clear error explaining that file uploads can only be removed from claude.ai, not via the tool
• The error message when a path is not found now says "No doc or file at" instead of "No doc at" and lists both docs and files

Project tool description update (search for "is a file upload; project_delete only removes text docs" and "## Project files (")

The WebFetch tool description now explicitly documents that https://claude.ai/code/artifact/{uuid} URLs (including preview.claude.ai) are fetchable using your claude.ai login — you do not need curl or a headless browser for these. The Artifact tool description also now includes a note: "To read an existing artifact's content: call WebFetch with its URL."

WebFetch description update (search for "https://claude.ai/code/artifact/" and "Exception: claude.ai/code/artifact/{uuid} URLs ARE fetchable")

The Grep tool's rg allowlist now includes additional flags that were previously missing:

• --smart-case — case-insensitive if pattern is all-lowercase, case-sensitive otherwise
• --case-sensitive — always case-sensitive (overrides --ignore-case)
• --no-line-number — suppress line numbers
• --multiline — allow patterns to match across newlines
• --pcre2 — use PCRE2 regex engine

Grep allowlist expansion (search for "--smart-case" and "--no-line-number")

The dangerous-removal checker that guards rm and rmdir commands has been significantly reworked with several new detection patterns:

• Detects when a cd precedes a relative glob removal, making the target statically unresolvable
• Detects when the removal target (after glob expansion) cannot be resolved to a directory
• Detects when a glob pattern traverses multiple directories that cannot be statically enumerated (more than one wildcard level deep)
• Now checks against all configured working directories, not just the primary CWD — additional working directories and their parents are also protected
• The old check ("remove CWD or its parent") has been replaced by the more precise "workspace directory" check

Removal safety expansion (search for "This command changes directories before the removal" and "This command's glob pattern traverses directories")

A new static analyzer for sed commands has been added that validates redirect targets in sed pipelines. It checks for and flags:

• Commands that carry redirect-borne content that cannot be statically validated (swallowed arguments, unanalyzable heredocs, or expansion in a redirect target)
• Commands that are over-length or contain characters that bash and the analyzer tokenize differently

These now require explicit approval rather than being auto-allowed.

sed analyzer (search for "sed command carries redirect-borne content" and "sed command could not be statically validated")

A new Notifications settings panel has been added, accessible from the REPL. It lets you configure:

• Channel: cycles through available notification backends (auto, iterm2, terminal_bell, iterm2_with_bell, kitty, ghostty, notifications_disabled)
• "Notify when Claude needs you" — get a notification when a background session is blocked waiting for input
• "Notify when Claude is done" — get a notification when a session finishes

The iterm2+bell combined mode (iTerm2 notification + terminal bell) is also available as a new channel option.

Notifications UI (search for "Notify when Claude needs you" and "iterm2+bell")

The Claude-in-Chrome integration now has cleaner offer and rejection messaging:

• The startup offer now shows "Yes, use my browser" and "No, keep browser tools off" options explicitly
• "Turn browser tools off for future sessions" guidance added
• "This session is in Auto mode, so an AI classifier approves routine browser actions — you are only prompted when it is unsure" message
• "This session is in Don't Ask mode, so browser actions that need approval are skipped rather than prompted" message
• "Site-level permissions come from the Chrome extension" clarification
• The old hardcoded system-prompt paragraph about the claude-in-chrome skill has been removed; Chrome integration is now handled through the normal MCP machinery

Chrome flow updates (search for "Yes, use my browser" and "Turn browser tools off for future sessions")

When a first-party MCP server (one using your claude.ai login) rejects the connection, Claude now emits a structured error with code FIRST_PARTY_AUTH_REJECTED and a more actionable message:

• HTTP 403: explains the token may be missing a required scope, and suggests running /login
• HTTP 401: tells you the token may have expired, and suggests /login

The new code enables better diagnostics and retry logic — if a 401 occurs after sending an access token, Claude automatically refreshes the token and retries the request once.

First-party auth error (search for "FIRST_PARTY_AUTH_REJECTED" and "missing a scope this server needs")

The session title generation prompt now instructs the model to "Write the title in the language the user wrote in, regardless of the language of the examples above." Previously the title examples were all in English and the model would sometimes generate English titles for non-English sessions.

Title prompt update (search for "Write the title in the language the user wrote in")

Background sessions on Windows now detect UNC (network) paths in the working directory and emit a warning that such paths are not supported and will be neutralized. This prevents silent failures when background agents are spawned with a UNC-path CWD.

UNC path check (search for "warning: background sessions do not support Windows network (UNC) paths")

The claude-api skill's reference corpus now includes comprehensive documentation for:

• The official C# (Anthropic .NET) SDK — installation, basic messages, streaming, thinking/extended thinking, tool use, the BetaToolRunner, and Microsoft.Extensions.AI IChatClient integration
• Raw HTTP / cURL examples — setup, basic message request, streaming (SSE), thinking, tool-use loops, and response parsing with jq

C# and cURL API reference (search for "dotnet add package Anthropic" and "# Claude API — cURL / Raw HTTP")

• Fixed project_read not recognizing file uploads — it previously threw "No doc at" for any upload path; it now correctly dispatches to the /extracted endpoint for document-type uploads (PDF, docx) and returns a clear notice for non-document types (search for "/extracted")

• Fixed daemon roster cleanup incorrectly leaving .sock.err and .sock.late files behind when the corresponding socket no longer existed — now both .err and .late orphan files are removed during roster sweeps (search for "[bg-dispatch] removed non-regular")

• Improved project_delete error for file uploads — previously threw a generic "No doc at" error when trying to delete a file upload; now returns an actionable message explaining that file uploads must be removed from claude.ai (search for "is a file upload; project_delete only removes text docs")

• The safety classifier unavailability notice is now dynamic — it names the specific classifier that was unavailable rather than using a generic phrase (search for "(the safety classifier)")

• Remote Control session reconnection handling improved — login-triggered account changes now cleanly disconnect the Remote Control session with a clear log message (search for "Account changed via /login — disconnecting Remote Control session")