Claude Code v2.1.113 adds security restrictions and improves agent stability

Anthropic released version 2.1.113 of Claude Code, its AI-integrated code editor, with a focus on security, reliability, and performance improvements. The update transitions the CLI from JavaScript execution to native platform-specific binaries deployed as optional per-platform dependencies, a structural change intended to improve runtime efficiency.

Security enhancements include a new sandbox.network.deniedDomains configuration option that allows blocking specific domains even when a broader wildcard rule (allowedDomains) would normally grant access. On macOS, bash operations targeting sensitive system paths under /private/ (including /etc, /var, /tmp, and /home) are now treated as dangerous removal targets under restrictive allow rules. The tool also improved detection of bash deny rule violations by matching commands wrapped in privilege escalation or execution utilities like env, sudo, watch, and ionice.

Reliability improvements address agent execution failures. Subagents that stall during streaming now terminate with a clear error message after 10 minutes rather than hanging silently, reducing user confusion. The update fixes concurrent MCP (Model Context Protocol) tool call timeout handling where a timeout for one tool could incorrectly disable the watchdog for another call. Additional fixes prevent bash operations flagged with dangerouslyDisableSandbox from executing outside the sandbox without permission prompts.

The update includes numerous UI refinements and bug fixes addressing markdown table rendering with inline code containing pipe characters, fullscreen mode scrolling behavior, readline-compatible cursor movement (Ctrl+A/E), and improved URL clickability in wrapped command output. Remote Control sessions—mobile and web clients—now support streaming subagent transcripts and proper session archival, and can query file autocomplete suggestions.