Claude Code 2.1.133 removes per-action confirmations and adds worktree.baseRef

• ClaudeCodeLog's release summary says Claude Code 2.1.133 drops per-action confirmations for already approved risky actions, which changes the tool from repeated approval prompts to auto-running within an approved context.
• According to ClaudeCodeLog's changelog post, the new worktree.baseRef setting lets --worktree, EnterWorktree, and agent-isolation branch from either origin/<default> or local HEAD.
• The changelog thread also adds sandbox.bwrapPath and sandbox.socatPath for Linux and WSL, plus parentSettingsBehavior for admin-managed settings merges.
• As ClaudeCodeLog's summary and the full changelog both note, 2.1.133 fixes a refresh-token race that could strand parallel sessions in 401s, and it stops /effort changes from leaking across concurrent sessions.
• ClaudeCodeLog's additional-changes post reports a 35.9 percent bundle shrink and a 47.5 percent drop in prompt tokens, alongside prompt edits that ClaudeCodeLog's prompt-diff post says removed several confirmation and output-format rules.

The official 2.1.133 changelog is short, but the linked diffs are where the weird bits sit: the prompt-change rundown flags deleted confirmation language, the CLI surface diff shows new env vars and a model slug swap, and the prompt stats diff shows just how much prompt text disappeared in one day.

The headline change is not a new command. It is a policy change in the system prompt. According to ClaudeCodeLog's prompt-diff post, Claude no longer carries the built-in instruction to reconfirm destructive, irreversible, shared, or externally visible actions after an approval has already been granted.

That means approvals now behave more like a session-level green light. ClaudeCodeLog's release summary describes it as previously approved risky actions auto-running, which is great news for agent-loop speed and much less great news if you liked the old per-action brakes.

worktree.baseRef has two modes:

• fresh: branch new worktrees from origin/<default>
• head: branch from local HEAD

The important wrinkle is that fresh is now the default for EnterWorktree again. As the changelog post notes, EnterWorktree had been using local HEAD since 2.1.128, so 2.1.133 quietly resets that behavior unless users set worktree.baseRef: "head".

For teams with unpushed local commits, that is the whole story. The setting decides whether those commits follow you into new worktrees or get left behind.

Most of the rest of 2.1.133 is operational cleanup, and several fixes land in exactly the places that break agent workflows when they go wrong:

• Hooks now receive effort.level in JSON and the $CLAUDE_EFFORT environment variable, and Bash commands can read the same variable, per the changelog post.
• Parallel sessions no longer dead-end after a refresh-token race wipes shared credentials, according to the changelog post.
• /effort no longer changes the effort level of other concurrent sessions, which the changelog post says also fixes a related IDE sync issue.
• Subagents can discover project, user, and plugin skills again, per the changelog post.
• The MCP OAuth flow now respects HTTP(S)_PROXY, NO_PROXY, and mTLS throughout discovery, registration, exchange, and refresh, according to the changelog post.

The release also got materially smaller. ClaudeCodeLog's additional-changes post says the bundle dropped by 14,825.1 kB, or 35.9 percent, while prompt files fell by 22 and prompt tokens fell by 56,202, or 47.5 percent, in about a day since 2.1.132.

The token mix shifted with it:

• system: 25.9% to 47.1%
• tools: 25.1% to 28.2%
• system-reminder: 41.2% to 9.9%
• agent: 3.5% to 6.6%
• system-data: 2.2% to 4.1%
• skill: 2.1% to 4.1%

That shrink did not come from dead weight alone. ClaudeCodeLog's prompt-diff post says the prompt also dropped instructions to keep responses short, avoid emojis unless asked, cite code as file_path:line_number, and avoid a colon before tool calls. The same post claims Bun hot-module-reloading disconnect logs were injected into top-level prompt sections, which is a very strange way to spend newly freed prompt budget.