Back to Blog
claude-code weekly-update v2.1.121 opus-4-7 mcp cache security ecosystem

What's Up Claude Code: Week of April 27th

Olivier Legris ·

TL;DR

This week was a mix of hard lessons and quiet maturation. v2.1.121 shipped a breaking change that caught many off guard: the Bash tool now drops shell state between calls, breaking any skills or prompts relying on env vars or cd persisting across tool invocations. The response was fast — v2.1.122 and v2.1.126 followed quickly. Meanwhile, the Tokenocalypse aftermath continued: real-world data confirmed that enabling prompt caching actually increased daily API calls from 39 to 199, because the 5-minute TTL (vs the documented 1 hour) made cache misses far more expensive than the cache hits. On the positive side, nine MCP connectors launched for Blender, Adobe CC, Autodesk Fusion, Ableton, and more — the largest first-party MCP drop ever. And a VILA-Lab analysis of Claude Code’s source found that 98.4% of the codebase is deterministic infrastructure; only 1.6% is actual AI decision logic.

1. v2.1.121 Breaks Shell State — Patch Fast

The week’s most impactful change was also the least announced: v2.1.121 resets shell state between Bash calls. Any skill or prompt relying on cd persisting, environment variables surviving tool boundaries, or shell aliases needs to be audited and updated.

The response was rapid. v2.1.122 landed within days with additional fixes including ANTHROPIC_BEDROCK_SERVICE_TIER, PR URL support for /resume on Bitbucket/GitLab Enterprise, improved deny rule enforcement, and malformed hook handling. v2.1.123 followed with an OAuth 401 fix (workaround: DISABLE_EXPERIMENTAL_BETAS=1).

The lesson: Claude Code is hardening its execution model. Stateful shell assumptions that worked in v2.1.x will increasingly break. If you have skills with cd commands or env-dependent logic, test them against the latest release now.

2. Tokenocalypse — Real-World Numbers Confirm the Damage

The cache TTL crisis from March continues to produce data. The headline finding this week: enabling prompt caching (which most users did after the Tokenocalypse guidance) actually doubled API call volume from 39 to 199 per day for some users. The reason: with a 5-minute TTL vs the documented 1-hour, cache hits were rare, but the overhead of cache negotiation and the behavioral change toward longer sessions created more misses than hits.

A distributed analysis found that enabling ENABLE_PROMPT_CACHING_1H=1 and CLAUDE_CODE_ATTRIBUTION_HEADER=0 recovers up to 90% of local LLM throughput. The CLAUDE_CODE_ATTRIBUTION_HEADER=0 fix in particular is critical — the header was silently destroying throughput for users routing through local models.

Daily cost jumped from ~$6 to ~$13 on average. Max plan quota that previously lasted 3-4 hours now exhausts in ~70 minutes. This is the new reality until Anthropic either extends the cache TTL or provides better local-model guidance.

3. Opus 4.7 Tokenizer — Empirical Data Surfaces

The “Gaslightus 4.7” controversy got its most detailed treatment yet. Empirical measurements by the community found that Opus 4.7 uses up to 1.47x the tokens Anthropic documents (official ratio: 1.35x). Images are running 3x costlier than text-only tasks. The context window bug that was inflating retrieval percentages (91.9% → 59.2%) was fixed in v2.1.117, but the token overhead remains a concern.

The community workaround for hallucination is explicit output templates: numbered lists, explicit “show your reasoning” requests, and spelling out review dimensions rather than relying on the model to infer what’s wanted. Two-model routing has also become a common pattern: Sonnet 4.6 for 80-90% of tasks, Opus 4.7 reserved for architecture, planning, and security work only.

4. Claude Code Security — Limited Research Preview

Anthropic launched Claude Code Security this week: a reasoning-based vulnerability scanner that runs inside Claude Code sessions using Opus 4.7. Unlike pattern-matching scanners, it finds what traditional tools miss — and it’s available now for Enterprise and Team plans.

The launch partners are CrowdStrike, Wiz, and Palo Alto Networks. This is Anthropic’s clearest signal yet that Claude Code is moving up the security-critical stack. If you’re running Claude Code in production or on sensitive infrastructure, this preview is worth evaluating seriously.

5. Nine MCP Connectors — Creative Tools Go First-Party

The largest first-party MCP drop ever: Anthropic’s new Claude for Creative Work connectors for Blender, Adobe Creative Cloud (50+ apps), Autodesk Fusion, and Ableton Live launched this week, alongside existing connectors for Excel, Notion, Slack, GitHub, and Postgres. Midjourney and Figma were already in the ecosystem; now the creative stack is complete.

This is a meaningful expansion of Claude Code’s reach. Designers, motion graphics artists, and audio engineers now have first-party tool access inside Claude Code. The pattern mirrors how GitHub MCP made CI/CD native to the agent — but for creative and production pipelines instead.

6. Source Leak Analysis — 98.4% Deterministic

VILA-Lab published a deep analysis of Claude Code’s source (arXiv 2604.14228 — “Dive into Claude Code”). The key finding: only 1.6% of the codebase is AI decision logic. 98.4% is deterministic infrastructure — hooks, compaction, isolation, tool dispatch.

Four CVEs share one root cause: extensions running before the trust dialog. The agent loop itself is a simple while-loop. Hooks — the most powerful feature in Claude Code — carry zero context cost when they run.

The practical implication: if you’re spending time optimizing the AI layer, you’re likely working on the wrong 1.6%. The infrastructure layer (hooks, skills, MCP, compaction settings) is where most of the leverage lives.

7. New Commands: /btw, /passes, /model opusplan, /recap

Several new commands landed this week that deserve attention:

  • /btw — Ask a side question mid-task without interrupting the agent’s flow. Zero context cost. Useful for quick lookups, clarifications, or tangents without losing your place.
  • /passes — Run parallel review passes on code. Spawn multiple reviewer agents simultaneously and aggregate results.
  • /model opusplan — Delegate planning to Opus, then switch to Sonnet for execution. A lightweight version of /ultraplan for teams without cloud access.
  • /recap — Session summary when resuming. Handles sessions up to 1M tokens and was made 67% faster in recent releases.

The pattern: Claude Code is building escape hatches for context management. As sessions grow longer and more complex, these micro-commands give you navigation tools without the overhead of full session management.

8. Context-Mode MCP: 50-90% Token Reduction

A new MCP plugin, context-mode, is showing 50-90% MCP token reduction by optimizing how context is fed to tool calls. For teams running multiple MCP servers simultaneously, this is a meaningful win — MCP servers can consume 67K+ tokens before the first user prompt lands.

The broader context: MCP is staging a comeback. After the “MCP is dead” narrative from earlier in the year, the combination of first-party connectors (now 9+), context-mode optimization, and the mcp_tool hook type from v2.1.118 has MCP back on a growth trajectory.

9. Ecosystem Highlights

Tools:

  • CodeBurnnpm i -g codeburn — token spend analytics TUI, reads local JSONL with no API key required. 13 categories of waste identified.
  • RTK CLIbrew install rtk && rtk init -g — reduces command output in context by 59-99%, reported 44% total token overhead reduction.
  • EvanFlow — TDD skill pack (16 skills, 5-iteration hard cap, coder/overseer orchestration). Trigger phrase: “let’s evanflow this.”
  • claw-code — 100K stars, Rust rewrite, fastest repo to that milestone. Open-source Claude Code alternative.
  • cctapeuvx cctape — local proxy that archives ALL sessions to SQLite with search and MCP integration.

Skills & repos:

Security:

  • CVE-2025-59536 patched in v2.1.116+ (RCE via project config hooks). Update immediately.
  • permissions.deny bypass after 50th pipeline subcommand — unpatched. Use .claudeignore as the mitigation.
  • Windows gitignore bug in v2.1.126 uses backslash, excluding settings.local.json from gitignore. Manual fix: echo '**/.claude/settings.local.json' >> ~/.config/git/ignore

10. Billing and Policy Updates

Subscriptions and third-party harnesses: Since April 4, OpenClaw and similar third-party harnesses no longer draw from Anthropic Claude Code subscription quotas. If you’re running Claude Code through a wrapper or orchestration layer, budget for direct API billing or a dedicated plan.

Pro plan pricing test: The silent A/B test that removed Claude Code from the $20/month Pro plan for 2% of new signups was reverted after backlash. However, there’s no long-term commitment that it won’t return. Budget for Max tier if Claude Code is production-critical for your team.

/ultrareview free trials: 3 free runs per Pro/Max account expire May 5. If you haven’t used them yet, do it now — they’re the highest-value free thing Anthropic has shipped in months.

Community Events

30+ events upcoming across 5 continents. Key dates:

Week of May 4-10:

Coming:

Host your own on Luma →