Skip to content
Back to AI Briefs
TLP:CLEARAI-2026-0705

Daily AI Builder Brief - July 5, 2026

Claude Code 2.1.200 renames the default permission mode to Manual and stops AskUserQuestion auto-continue; subagents now fail loud instead of faking success; Anthropic ships Fable 5's four-tier cyber classifier and a CJS-0 to CJS-4 jailbreak severity scale under Project Glasswing.

By The OperatorJuly 5, 20264 min read
aiclaude-codeanthropicmcpbuilder-intel

The Operator's Take

The real shift today isn't a new model, it's a trust-boundary tightening. Claude Code now makes the every-action review mode the named default ("Manual") and has stopped subagents from reporting fake success when a rate limit or server error cuts them off. If you run background agents or fan-out workflows, that changes your job: stop assuming a subagent that "returned" actually finished. Check for partial or failed returns explicitly, because the harness is now honest about failure instead of papering over it. Pair that with Fable 5's dual-use cyber classifier and the message is consistent: the platform is getting stricter about what an agent can silently do on your behalf.

Executive Summary

  • Claude Code 2.1.200 renamed the "default" permission mode to Manual across CLI, --help, VS Code, and JetBrains; manual is now an accepted alias.
  • 2.1.200 also stopped AskUserQuestion from auto-continuing by default; opt back into an idle timeout via /config.
  • Subagents killed by rate limits or server errors now fail cleanly or return partial work instead of reporting fake success (2.1.199 and 2.1.200).
  • Streaming responses now preserve partial output when the API emits a mid-stream error; transient 429s auto-retry with backoff for subscribers.
  • 2.1.201 stopped Sonnet 5 sessions using the mid-conversation system role for harness reminders.
  • Anthropic detailed Fable 5's cyber safeguards: a four-tier request classifier and a Cyber Jailbreak Severity scale (CJS-0 to CJS-4) built with Project Glasswing partners.
  • MCP: nothing new inside the 48-hour window; the 2026-07-28 spec release candidate and its beta SDKs remain the pending story.

Claude Code

2.1.200: Manual becomes the default, AskUserQuestion stops auto-continuing (July 3)

The review-every-action mode is now named Manual everywhere, and AskUserQuestion dialogs no longer advance on their own. If your scripts relied on auto-continue, add an idle timeout in /config. Same release fixed background-session stalling, cancelled turns re-running, and daemon lock corruption. Changelog

2.1.199 and 2.1.200: subagents fail loud, not fake-successful (July 2 to 3)

Subagents cut off by rate limits used to return empty results or, worse, report API errors as successful results. They now fail cleanly or hand partial work back to the parent. Streaming keeps partial output on mid-stream errors, and transient 429s retry automatically. Direct fix for the silent-completion trap in agent orchestration. Changelog

2.1.201: Sonnet 5 harness-reminder cleanup (July 3)

Sonnet 5 sessions no longer inject harness reminders through the mid-conversation system role, which reduces context contamination on long runs. Changelog

Anthropic

Fable 5 cyber safeguards and the CJS jailbreak severity scale (July 2)

With Fable 5 redeployed globally, Anthropic published how its safety classifiers sort cybersecurity requests into four tiers instead of blocking all security work: Prohibited (ransomware, wipers, C2, malware dev), a dual-use middle band, Low-Risk Dual Use (OSINT, public enumeration, known-vuln identification, monitored), and Benign (secure coding, SOC analysis, malware reverse engineering, incident response). It also drafted a Cyber Jailbreak Severity scale, CJS-0 to CJS-4, scored on discoverability and real damage, developed with Amazon, Microsoft, and Google under Project Glasswing. Read alongside agentic red teaming. Safeguards post, Redeploying Fable 5

MCP Ecosystem

Nothing new landed inside the 48-hour window. The beta SDKs (Python, TypeScript, Go, C#, published June 29) for the 2026-07-28 release candidate are still the active track: a stateless core, MCP Apps server-rendered UIs, and a Tasks extension for long-running work. The spec finalizes July 28. If you run a remote MCP server, start testing against the betas now, because the session-id removal changes your routing assumptions.

Broader AI

Nothing today.

What This Means For Builders

  • Audit any orchestration that treats a subagent's return as proof of completion. Post-2.1.200 you get honest failures and partial work, so branch on them rather than assuming done.
  • Expect more approval friction: Manual is now the named default. If you scripted around auto-continue, wire in an explicit idle timeout instead of relying on old behavior.
  • If your product touches offensive or dual-use security, map your flows against Fable 5's four-tier classifier before you ship, so benign defensive work isn't misrouted into a blocked tier.
  • Begin MCP RC migration testing this month. Stateless routing and session-id removal will break sticky-session designs before the July 28 finalization.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/news/fable-safeguards-jailbreak-framework
  3. https://www.anthropic.com/news/redeploying-fable-5
  4. https://blog.modelcontextprotocol.io/posts/sdk-betas-2026-07-28/
  5. https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
ΛKrypteia Sec ResearchJuly 5, 2026