Claude Code Digest โ 2026-04-18 00:13:43
Version updates
2.1.113 (April 17, 2026) fundamentally changes how the CLI runs. The package now spawns a native Claude Code binary downloaded via platform-specific optional dependencies, replacing the bundled JavaScript execution model. The release also ships updates to fullscreen mode and introduces network sandbox denylists.
What the docs reveal
The native execution pivot
Anthropic moved the Claude Code execution model from a Node.js runtime script to a compiled native binary. The npm package now acts entirely as a delivery mechanism. The installer uses optional dependencies to pull the correct executable for macOS, Linux, or Windows. While Node.js 18+ drives the installation, the JavaScript engine stays out of the critical path at runtime.
This architectural shift solves the startup latency problem. Developers executing rapid, automated CLI commands previously suffered cumulative boot delays as the system initialized the V8 engine for each step. Native binaries boot instantly. The TypeScript SDK now bundles this executable as well, allowing agents to spawn local subagents without relying on a globally installed CLI tool.
Enterprise developers face an immediate implementation hurdle here. Corporate environments often enforce the --ignore-scripts flag or strip optional dependencies during npm installation to prevent supply-chain attacks. If this happens, the installation silently degrades. The system will force the SDK to hunt for an executable on every run, crippling startup performance, or it will fail entirely with a "binary not found" error. Developers working behind strict proxy configurations must either whitelist these binaries or explicitly map the pathToClaudeCodeExecutable variable in their environments.
Cost controls cap the planning context
Anthropic excluded the opusplan model from the standard opus 1 million token context upgrade. The specialized planning variant currently locks to a hard 200K token limit.
Routing models require speed; they do not read entire codebases at once. When Claude plans a multi-step architecture, it digests high-level summaries and structured abstractions. Allowing the planning layer to ingest a 1 million token context window would burn massive amounts of compute on tangential details, driving up both API costs and latency. This hard boundary forces developers to keep their planning prompts focused before delegating the heavy parsing load to standard reasoning models.
State initialization gets a native hook
Skills now support a once property in their frontmatter. Setting this parameter to true guarantees the hook executes exactly one time per agent session.
This addition eliminates a common source of boilerplate code: session bootstrapping. Previously, developers compiling dependencies, starting local servers, or seeding test databases had to write complex logic into their skills to track whether initialization had already occurred. Now, the SDK handles idempotency natively. The engine triggers the hook, completes the local setup, and actively removes the hook from the session. The system ignores this property in agent configurations; it functions exclusively at the skill level.
Sandboxing supports explicit denylists
The addition of the sandbox.network.deniedDomains setting patches a structural gap in the agent security model. Previously, authorizing access through a domain wildcard permitted the agent to reach every single endpoint on that tier.
The denylist overrides the wildcard permit. Developers can now grant a primary agent broad network access while surgically blocking administrative interfaces or internal credential stores. This precision matters for complex workflows where autonomous subagents require internet access but must never contact sensitive internal infrastructure. You can restrict the attack surface directly at the sandbox boundary.