Daily AI Builder Brief - July 7, 2026
Claude Code 2.1.202 ships dynamic workflow sizing and reverts /review to single-pass; Manual becomes the default permission mode; the MCP 2026-07-28 spec release candidate goes stateless with beta SDKs (Python 2.0.0b1, TS v2, Go 1.7.0-pre.1, C# 2.0.0-preview.1).
The Operator's Take
The MCP stateless overhaul is the shift that matters this week, and it's an architecture decision, not a feature toggle. Once the Mcp-Session-Id header disappears on July 28, your remote MCP server stops needing sticky sessions and shared session stores, and any request can land on any instance behind a plain round-robin balancer. If you run a remote server, pin a beta SDK now and run real stateless traffic against it before the spec locks, because the routing model that made your gateway safe (deep packet inspection, session affinity) is exactly what's being removed. Pair that with Claude Code defaulting to Manual permission mode: the era of assuming an agent auto-approves its own actions is over, and your automation scripts should stop assuming it too.
Executive Summary
- Claude Code 2.1.202 (July 6) adds Dynamic workflow size control and
workflow.run_id/workflow.nameOpenTelemetry attributes. /review <pr>reverts to a fast single pass; multi-agent review now lives at/code-review <level> <pr#>.- Claude Code 2.1.200 (July 3) makes Manual the default permission mode across CLI, VS Code, and JetBrains.
AskUserQuestiondialogs no longer auto-continue; idle-timeout is now opt-in via/config.- The MCP 2026-07-28 release candidate drops the session header and goes stateless, adding MCP Apps (server-rendered UI) and a Tasks extension for long-running work.
- Beta SDKs shipped for Python, TypeScript, Go, and C#; existing servers keep working past July 28 with no required changes.
- Anthropic published "The Making of Claude Code" (July 6), an inside account of its path from internal CLI to shipped agent.
Claude Code
2.1.202: Dynamic workflow sizing and telemetry (July 6)
New /config setting gives advisory small/medium/large guidance for agent counts, and workflow runs now carry run_id and name OTel attributes so you can reconstruct activity. Also fixes rate-limited subagents that were returning empty results instead of failing cleanly. Changelog
/review split from /code-review (July 6)
/review <pr> is back to a fast single-pass check. Deep multi-agent review is now explicitly /code-review <level> <pr#>. Wire your CI aliases to the right one. Changelog
2.1.200: Manual permission mode by default (July 3)
The default flipped from "default" to Manual everywhere. Agents ask before acting unless you configure otherwise. Background sessions and daemon recovery also got stability fixes. Changelog
Anthropic
The Making of Claude Code (July 6)
A feature account from the researchers and engineers who built Claude Code, tracing it from internal tool to production coding agent. Context for builders studying agent-harness design. Anthropic News
MCP Ecosystem
2026-07-28 spec release candidate: stateless core
The largest revision since launch removes the session header and the protocol-level session, adds required Mcp-Method and Mcp-Name headers for body-free routing, and introduces MCP Apps plus a Tasks extension. It also tightens auth toward OAuth/OIDC. This is an MCP security inflection: statelessness changes your trust boundary and gateway assumptions. Release candidate
Beta SDKs live for four languages
Python 2.0.0b1, TypeScript v2 beta, Go 1.7.0-pre.1, and C# 2.0.0-preview.1 support the RC. Pin exact versions and test stateless HTTP deployments. Existing servers keep working after July 28. SDK betas
Broader AI
Nothing today.
What This Means For Builders
- If you host a remote MCP server, start stateless testing this week on a pinned beta SDK; don't wait for July 28 to discover your gateway assumed session affinity.
- Audit any automation that assumed Claude Code auto-approved actions. Manual is now the default, so unattended pipelines need explicit permission config.
- Treat the MCP auth and routing changes as a fresh prompt injection and access-control review, not a drop-in upgrade.
- Point CI at
/code-reviewfor deep review and keep/reviewfor fast per-PR checks.
Sources
- https://code.claude.com/docs/en/changelog
- https://www.anthropic.com/news
- https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
- https://blog.modelcontextprotocol.io/posts/sdk-betas-2026-07-28/
- https://www.scworld.com/brief/model-context-protocol-overhaul-introduces-new-security-challenges-for-developers