Claude Code Daily Briefing - 2026-05-02

Release Summary

Version	Date	Key Changes
v2.1.126	5/1	Custom gateway model picker, `project purge`, WSL2/SSH OAuth login, CJK rendering fix

Full Release Notes

New Features & Practical Usage

v2.1.126 — Custom Gateway Model Picker, `project purge`, WSL2 OAuth (5/1)

Released 3 days after v2.1.123, v2.1.126 is a major update with new features and 30+ bug fixes.

Custom Gateway Model Picker: When ANTHROPIC_BASE_URL points to an Anthropic-compatible gateway, the /model picker now auto-lists available models from the gateway’s /v1/models endpoint. This makes model selection much easier in proxy or self-hosted environments.

claude project purge: Deletes all Claude Code state for a project — transcripts, tasks, file history, and config entries. Use --dry-run to preview, or --all to clean up every project at once.

WSL2/SSH/Container OAuth Login: claude auth login now accepts OAuth codes pasted directly into the terminal when the browser callback can’t reach localhost (WSL2, SSH, containers).

# Clean up project state
claude project purge --dry-run    # Preview what will be deleted
claude project purge -y           # Delete immediately without confirmation
claude project purge --all        # Clean all project states

# Login from WSL2/SSH
claude auth login
# → Open the displayed URL manually, then paste the auth code into the terminal

Other notable changes:

Auto mode permission spinner turns red when stalled (instead of appearing to run normally)
claude_code.skill_activated OpenTelemetry event now includes invocation_trigger attribute (user-slash, claude-proactive, nested-skill)
Improved Windows PowerShell 7 detection; PowerShell now set as primary shell when enabled

GitHub v2.1.126

Developer Workflow Tips

”Dive into Claude Code” Paper — 98.4% Infrastructure, Only 1.6% Decision Logic

Researchers at VILA-Lab reverse-engineered Claude Code v2.1.88’s source — roughly 500K lines across 1,800 TypeScript files — and published their findings (arXiv:2604.14228). The key insight: Claude Code’s core is a simple iterative loop (model proposes actions, harness executes them), with 98.4% of the codebase dedicated to operational infrastructure (safety, context, memory management) and only 1.6% to decision logic.

The practical takeaway: your “infrastructure” settings — CLAUDE.md, hooks, MCP servers — have a disproportionate impact on AI decision quality. Designing the work environment matters more than crafting the perfect prompt.

arXiv | GitHub

Code with Claude SF Conference — May 6, Livestream Available

Anthropic’s developer conference Code with Claude takes place May 6 in San Francisco, with an Extended session for indie devs and early-stage founders on May 7. The focus is hands-on agentic AI implementation with live demos and deep-dives with the Applied AI team.

In-person spots were selected by lottery, but livestream and recordings are available to everyone. The series expands to London (5/19) and Tokyo (6/10).

Code with Claude SF | Claude Blog

Security & Limitations

Pentagon Signs AI Deals with 7 Companies, Excludes Anthropic (5/1)

The Department of Defense signed classified network AI deployment contracts with SpaceX, OpenAI, Google, NVIDIA, Reflection, Microsoft, and AWS — explicitly excluding Anthropic, which was designated a supply-chain risk to U.S. national security.

The dispute centers on Anthropic’s refusal to grant the Pentagon unrestricted access to Claude models for fully autonomous weapons and mass domestic surveillance. Anthropic has filed two separate lawsuits in San Francisco and Washington D.C. seeking to overturn the order.

Signs of reconciliation exist: CEO Dario Amodei met with senior White House officials on April 17 in what both sides called a “productive” discussion. President Trump stated a deal was “possible.”

Defense News | CNN | CNBC

Shai-Hulud Supply Chain Attack — PyTorch Lightning Malware Targets .claude/ (4/20)

PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised with supply chain malware. Running pip install lightning auto-executed obfuscated JavaScript payloads that scanned 80+ local paths to steal GitHub tokens, npm credentials, and AWS/Azure/GCP secrets.

Critically, the malware planted hooks in Claude Code’s .claude/settings.json and VS Code’s .vscode/tasks.json to ensure reinfection on session restart or folder open.

Immediate actions needed:

Downgrade or update if running PyTorch Lightning 2.6.2/2.6.3
Audit .claude/ and .vscode/ directories for unexpected files or config changes
Rotate GitHub tokens, cloud credentials, and API keys

GeekNews

v2.1.126 Security Fix — Managed Settings Sandbox Bypass

Fixed allowManagedDomainsOnly / allowManagedReadPathsOnly being ignored when a higher-priority managed-settings source lacked a sandbox block. Enterprise managed deployments should update to v2.1.126 immediately.

GitHub v2.1.126

Ecosystem & Plugins

Code with Claude — Global Developer Conference Series (SF, London, Tokyo)

Anthropic launches its first global developer conference. San Francisco (5/6-7), London (5/19), and Tokyo (6/10) host hands-on sessions focused on agentic AI implementation, with deep-dives from the Applied AI team. Livestream available worldwide.

Code with Claude | SF | London | Tokyo

Spotify Introduces “Verified” Badge to Distinguish Human Artists from AI

Spotify launched a green checkmark “Verified by Spotify” badge to differentiate human artists from AI-generated personas. Verification criteria include connected social media, consistent listener activity, and real-world presence (merchandise, concerts). An estimated 99%+ of actively searched artists qualify.

Critics note the badge only confirms the artist is human — not that their music wasn’t created using AI tools. Emerging independent artists without touring history may be disadvantaged.