Skip to content
Back to AI Briefs
TLP:CLEARAI-2026-0710

Daily AI Builder Brief - July 10, 2026

MCP publishes the 2026-07-28 spec release candidate that removes protocol-level sessions; Claude Code 2.1.205 and 2.1.206 ship a CLAUDE.md-trimming /doctor check, MCP OAuth and timeout fixes, and auto-mode transcript-tamper blocks; Anthropic adds a usage-reflection feature.

By The OperatorJuly 10, 20263 min read
aiclaude-codeanthropicmcpbuilder-intel

The Operator's Take

The one thing that actually moves this week is the MCP 2026-07-28 release candidate, and it's a breaking one: the protocol-level session and the Mcp-Session-Id header are gone. If you operate a remote MCP server, that's a migration deadline, not a headline. Stop treating your MCP fleet as static plumbing. Audit every server you host or depend on this week, confirm it can go stateless behind a plain load balancer, and pin which of your SDKs need the beta before final ships. The builders who read the RC now ship through July 28; the ones who wait get a surprise outage.

Executive Summary

  • MCP 2026-07-28 spec RC is out: stateless core, protocol session removed, new Mcp-Method and Mcp-Name routing headers.
  • Beta SDKs for the RC are available; production servers need migration before the final spec lands July 28.
  • Claude Code 2.1.206 adds a /doctor check that proposes trimming checked-in CLAUDE.md down to what Claude can't derive from the codebase.
  • Claude Code fixed three MCP client bugs: honored per-server request_timeout_ms, OAuth re-auth loops, and --permission-prompt-tool cold-start crashes.
  • Claude Code 2.1.205 blocks auto mode from tampering with session transcript files and now asks before rm -rf on unresolved variables.
  • Anthropic reserved the "Claude Browser" MCP server name, signaling first-party browser tooling.
  • Anthropic shipped a feature to reflect on your own Claude usage, plus an "inviting hard questions" public program.

Claude Code

2.1.206: /doctor now trims your CLAUDE.md

The new /doctor check flags checked-in CLAUDE.md content Claude could infer from the code and proposes cutting it. Leaner context files, less token waste per session. Also fixed --mcp-config and .mcp.json ignoring per-server request_timeout_ms, and OAuth MCP servers demanding manual re-auth after one failed token refresh. Changelog

2.1.205: agentic guardrails tighten

Auto mode now blocks writes that tamper with session transcript files and asks before running rm -rf when a path variable won't resolve. It also reserved the "Claude Browser" MCP server name. Both are agentic-security relevant if you run unattended sessions. Changelog

Anthropic

Introducing a way to reflect on how you use Claude

A new feature lets users review their own usage patterns. Minor for a solo builder, useful signal if you manage a team's Claude spend. Anthropic news

MCP Ecosystem

The 2026-07-28 specification release candidate

The largest revision since launch. It removes the Mcp-Session-Id header so any request can hit any server instance, adds Mcp-Method and Mcp-Name headers so gateways route without reading the body, and introduces MCP Apps (server-rendered UIs) and a Tasks extension for long-running work. Auth aligns closer to OAuth and OpenID Connect. Every session-ID server in production needs migrating. This is also an MCP-security shift: stateless routing changes your trust boundaries at the gateway. Spec RC - Beta SDKs

Broader AI

Nothing today.

What This Means For Builders

  • Treat July 28 as a hard date. Inventory your MCP servers now, test the beta SDK against real traffic, and drop sticky-session assumptions from your gateway config.
  • Run /doctor on your repos after updating: a trimmed CLAUDE.md cuts per-session cost with zero behavior loss.
  • If you run Claude Code unattended, the new transcript-tamper and rm -rf guardrails are free defense. Update past 2.1.205.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
  3. https://blog.modelcontextprotocol.io/posts/sdk-betas-2026-07-28/
  4. https://www.anthropic.com/news
  5. https://venturebeat.com/technology/anthropic-brings-claude-cowork-to-mobile-and-web-as-usage-data-shows-most-users-arent-coding
ΛKrypteia Sec ResearchJuly 10, 2026