Claude Code v2.1.183 adds safety blocks for destructive commands and model deprecation warnings

Anthropic released Claude Code v2.1.183, which introduces several safety-focused changes for agentic coding workflows. Destructive git commands—including git reset --hard, git checkout -- ., git clean -fd, and git stash drop—are now blocked unless the user explicitly requests to discard local work. Similarly, git commit --amend is blocked when the commit was not made by the agent in the current session. Infrastructure destruction commands such as terraform destroy, pulumi destroy, and cdk destroy are also blocked unless the user specifically requested destruction of the named stack.

The update adds a warning when a requested model is deprecated or automatically updated to a newer version. This warning is displayed on stderr in print mode (-p) and now also covers models set in agent frontmatter. The release also introduces a new configuration option, attribution.sessionUrl, which allows users to omit the claude.ai session link from commits and pull requests in web and Remote Control sessions.

Additional changes include expanded help for the /config command, revised behavior for /config toggle to use Enter/Space for selection and Esc to save and close, and fixes for several user-reported issues. These include preventing extra inputs in thinking.disabled.display configurations, resolving 400 errors during subagent spawns, correcting WebSearch returning empty results in subagents, and addressing terminal cursor and TUI rendering issues in Windows Terminal under heavy nested-subagent loads.

The update also fixes cases where turns would silently complete with no visible output when the model returned only a thinking block, now prompting the user to continue. Quality-of-life improvements include deduplicating user-level skills in slash-command autocomplete and preventing MCP servers with authentication from exposing stub tools to the model in headless or SDK mode.

Bug fixes address tmux teammate pane launch failures during slow shell initialization, keystrokes leaking into new tmux panes during agent spawn, background tasks being prematurely killed when a teammate finishes a turn, and scheduled task or webhook trigger deliveries being misclassified as keyboard input. These fixes prevent unintended approvals of pending actions or session title changes in auto mode.