Claude Code 2.1.126 shipped yesterday, May 1, 2026. Most of the changelog is the usual mix — bug fixes, OpenTelemetry tweaks, a Windows shell detection improvement. Three additions matter more than the release notes make obvious:
- A new
claude project purge [path]command that deletes every byte of Claude Code state for a project — transcripts, tasks, file history, config entry — in one shot. - PID-namespace subprocess sandboxing on Linux when you set
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB. - A new
Monitortool for streaming events from background scripts.
If you’ve been running Claude Code in production for six months or more, the purge command is the one to know about today. It’s the cleanup that nobody told you you needed, and the security implication that Anthropic’s release notes don’t quite spell out makes it more interesting than a routine housekeeping update. Three minutes, four flags, one piece of advice that isn’t in the docs.
What Project Purge Actually Does
claude project purge [path] (or claude project purge . for the current directory) deletes:
- Transcripts — every chat message you’ve sent and every response Claude Code has generated for that project.
- Tasks — the task history (TodoCreate / TodoUpdate state) Claude Code has tracked for that project.
- File history — Claude Code’s internal record of which files Claude has read, edited, or written.
- Config entry — the project’s entry in your
~/.claude/projects/<project-hash>/directory and any associated config that points to it.
It does not delete your code. It does not delete your project files. It deletes Claude Code’s memory of the project — the local-only artifacts that make Claude Code feel persistent across sessions.
Four flags (per the Anthropic Claude Code release notes):
| Flag | What it does |
|---|---|
--dry-run | Print what would be deleted, delete nothing. Always run this first. |
-y / --yes | Skip the confirmation prompt. Use in scripts. Don’t use interactively. |
-i / --interactive | Show each item before deleting. Best for reviewing 6+ months of history. |
--all | Purge all projects. The “I’m switching machines” command. |
When You Should Actually Run It
Five situations where purge is the right call. Most users have at least one of these on their machine right now.
1. The Project Got Archived
You finished the project six months ago, the repo went to read-only, you haven’t touched it. Claude Code is still holding ~30-200 MB of transcripts in ~/.claude/projects/<hash>/. Purge it. Drives no productivity, takes disk space, and the transcripts will mention API keys you’ve since rotated.
cd /path/to/archived-project
claude project purge --dry-run
# Confirm the file list looks right
claude project purge -i
# Step through interactively, hit y on each
2. You’re Switching Machines
You’re handing off a laptop, or you’ve bought a new one and you’re cloning over. The transcripts on the old machine aren’t sensitive in the abstract — but they include prompts you sent six months ago that mention internal services, API endpoints, and probably a couple credentials you forgot to rotate. Purge before handing the laptop to IT.
claude project purge --all --dry-run
# Confirm scope
claude project purge --all -i
3. The Repo Changed Owners
You moved a side project from your personal GitHub to a contractor or to your employer. The local Claude Code transcripts mention prompts that were context-appropriate when the project was yours and might not be context-appropriate now. Purge the project’s Claude Code state before you push the next commit under the new ownership.
4. Sensitive Transcripts Exist
This is the case Anthropic’s release notes politely don’t spell out: the transcripts contain prompt content. Every “here’s our database schema, suggest indexes” you’ve ever sent. Every “here’s our auth flow, find the bug.” Every accidental paste of a .env line. If your security team has any kind of incident review process, the transcripts in ~/.claude/projects/<hash>/ are a discovery surface. Purge after any incident touching the directories Claude Code has read.
5. You’re Onboarding the Project to a New Team
You’re transitioning ownership of a long-running project to another engineer. The fresh state lets them start without inheriting six months of your prompt patterns and Claude’s response patterns to those prompts. Purge it, hand it over clean.
The 3-Minute Walkthrough
Open the project. Three commands.
Step 1 — preview (--dry-run)
claude project purge --dry-run
You’ll see something like:
Project: my-saas-app (ID: a3f8b2c4...)
Would delete:
- 47 transcripts (~127 MB)
- 312 task entries
- 1,841 file-history records
- Config entry: ~/.claude/projects/a3f8b2c4...
Total: ~127 MB across 4 categories
[Dry run — nothing deleted]
Read that list. If anything looks unexpected (project ID doesn’t match, file-history count is shockingly high), stop and investigate.
Step 2 — interactive review (-i)
claude project purge -i
Walk through each category. Anthropic’s interactive mode shows the file path of representative transcripts and asks before deletion. For 6+ months of history, this is the path that catches “wait, I should keep that one.” Spend two minutes on it.
Step 3 — confirm
After -i mode completes, your project’s ~/.claude/projects/<hash>/ directory is empty. Verify:
ls -la ~/.claude/projects/ | grep <project-hash>
If you see no entry, the purge succeeded. The next time you run Claude Code in that project directory, it starts fresh.
What Anthropic’s Release Notes Don’t Spell Out
The official changelog mentions “delete all Claude Code state for a project.” That’s true, but it’s the technical description, not the security-relevant one.
What you should also know:
The transcripts contain everything you ever pasted. Every prompt, every response, every code-block paste, every accidental include of a .env value or an API key. If you’ve been using Claude Code for six months on a project, the transcripts are a comprehensive log of what you asked Claude to do with your data — searchable, plaintext, on disk. Purge isn’t just housekeeping; it’s data hygiene.
The transcripts persist after git clean and don’t move with the repo. They live in ~/.claude/projects/<hash>/, not in your project directory. A git clean -fdx won’t touch them. Cloning the repo to a new machine doesn’t bring them. The transcripts are local-machine-specific by design — which means they survive everything except an explicit purge.
The --all flag is the “I’m leaving” command. If you’re rotating laptops, leaving a job, or handing a machine to IT, claude project purge --all is the cleanup nobody will tell you to run. The transcripts contain enough context that a careful reader could reconstruct meaningful internal information from them. Treat them as you’d treat browser history before handing off a personal device.
Subprocess sandboxing is the related news. Setting CLAUDE_CODE_SUBPROCESS_ENV_SCRUB enables PID-namespace subprocess isolation on Linux and strips Anthropic and cloud-provider credentials from subprocess environments before Claude Code’s Bash tool spawns them. If you’re running Claude Code in any environment where the subprocess might leak env vars to logs, dependency hooks, or telemetry, set this env var. The purge command handles historical state; the env var prevents new leakage.
What This Means for You
If you’re a solo developer running Claude Code locally: run claude project purge --dry-run on your three oldest projects this weekend. Spend 10 minutes deciding what to keep. Whatever you don’t need, purge.
If you’re at a 5-50 person engineering team: add a security-policy line that says “purge Claude Code state before laptop handoff” to your offboarding checklist. Pair it with rotating any API keys that appeared in transcripts during the engineer’s tenure. Both take three minutes; both close real holes.
If you’re a CISO or AppSec lead: the transcripts in ~/.claude/projects/ are now a documented data-discovery surface. Treat them as you treat browser history or shell history. Add to your standard endpoint-management baseline: weekly purge of any project not touched in 90 days, automatic purge on offboarding.
If you run Claude Code in CI or automation: the new Monitor tool for streaming events from background scripts pairs naturally with the purge command. Build a small CI step that purges Claude Code state for ephemeral build environments after each job. Prevents the “we ran Claude Code in a long-lived runner and it accumulated state” problem.
If you’re on Linux production hosts: set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB in your service config today. It’s a one-line change with real security improvement.
What Project Purge Can’t Fix
Five honest limits:
- It doesn’t purge what’s been pushed to the cloud. Anthropic’s API logs your prompts on the server side per their privacy policy. Purge handles local artifacts only. If you sent something sensitive in a prompt and now want it gone, that’s a separate Anthropic data-deletion request.
- It doesn’t purge MCP server state. Custom MCP servers maintain their own state. If your local MCP server has cached project context, those caches survive
claude project purge. - It can’t tell you what was in the transcripts. No “summary of what was deleted” feature. You see file counts and sizes; you don’t see prompt content. If you want to know what prompts you sent six months ago, that’s a manual review before purge.
- It doesn’t apply retroactively to older Claude Code versions. Pre-2.1.126 installs may have left transcripts in slightly different paths. Purge cleans the standard
~/.claude/projects/path; older off-path artifacts may need manualfind+rm. - It’s not a substitute for offboarding. Purging Claude Code state on a departing engineer’s machine doesn’t replace key rotation, repo access removal, or credential audit. It’s one item on a longer checklist.
The Bottom Line
The 2.1.126 update is the kind of release that doesn’t get a launch post. It’s also the kind of update that quietly closes a class of problem most teams hadn’t priced into their security model. Three flags, three minutes, and your machine stops being a chronological log of every prompt you ever sent to Claude.
Run claude project purge --dry-run on your oldest project today. You’ll be surprised by the file-history count.
For team upskilling on Claude Code production patterns end-to-end, our Claude Code Mastery course covers the day-to-day workflow, our Claude Code Session Mastery course covers context-window and persistence patterns (and the new purge command in Module 5), and our AI Agent Security course covers the broader threat model that the Linux subprocess sandboxing addresses.
Cross-link: see our Mistral Vibe vs Claude Code vs Codex comparison for the broader agentic-coding-tool decision framework, and Microsoft Agent 365’s Shadow AI page for the IT-admin governance side of running Claude Code on managed Windows endpoints.
