Daily AI Builder Brief - July 10, 2026
MCP publishes the 2026-07-28 spec release candidate that removes protocol-level sessions; Claude Code 2.1.205 and 2.1.206 ship a CLAUDE.md-trimming /doctor check, MCP OAuth and timeout fixes, and auto-mode transcript-tamper blocks; Anthropic adds a usage-reflection feature.
The Operator's Take
The one thing that actually moves this week is the MCP 2026-07-28 release candidate, and it's a breaking one: the protocol-level session and the Mcp-Session-Id header are gone. If you operate a remote MCP server, that's a migration deadline, not a headline. Stop treating your MCP fleet as static plumbing. Audit every server you host or depend on this week, confirm it can go stateless behind a plain load balancer, and pin which of your SDKs need the beta before final ships. The builders who read the RC now ship through July 28; the ones who wait get a surprise outage.
Executive Summary
- MCP
2026-07-28spec RC is out: stateless core, protocol session removed, newMcp-MethodandMcp-Namerouting headers. - Beta SDKs for the RC are available; production servers need migration before the final spec lands July 28.
- Claude Code
2.1.206adds a/doctorcheck that proposes trimming checked-inCLAUDE.mddown to what Claude can't derive from the codebase. - Claude Code fixed three MCP client bugs: honored per-server
request_timeout_ms, OAuth re-auth loops, and--permission-prompt-toolcold-start crashes. - Claude Code
2.1.205blocks auto mode from tampering with session transcript files and now asks beforerm -rfon unresolved variables. - Anthropic reserved the "Claude Browser" MCP server name, signaling first-party browser tooling.
- Anthropic shipped a feature to reflect on your own Claude usage, plus an "inviting hard questions" public program.
Claude Code
2.1.206: /doctor now trims your CLAUDE.md
The new /doctor check flags checked-in CLAUDE.md content Claude could infer from the code and proposes cutting it. Leaner context files, less token waste per session. Also fixed --mcp-config and .mcp.json ignoring per-server request_timeout_ms, and OAuth MCP servers demanding manual re-auth after one failed token refresh. Changelog
2.1.205: agentic guardrails tighten
Auto mode now blocks writes that tamper with session transcript files and asks before running rm -rf when a path variable won't resolve. It also reserved the "Claude Browser" MCP server name. Both are agentic-security relevant if you run unattended sessions. Changelog
Anthropic
Introducing a way to reflect on how you use Claude
A new feature lets users review their own usage patterns. Minor for a solo builder, useful signal if you manage a team's Claude spend. Anthropic news
MCP Ecosystem
The 2026-07-28 specification release candidate
The largest revision since launch. It removes the Mcp-Session-Id header so any request can hit any server instance, adds Mcp-Method and Mcp-Name headers so gateways route without reading the body, and introduces MCP Apps (server-rendered UIs) and a Tasks extension for long-running work. Auth aligns closer to OAuth and OpenID Connect. Every session-ID server in production needs migrating. This is also an MCP-security shift: stateless routing changes your trust boundaries at the gateway. Spec RC - Beta SDKs
Broader AI
Nothing today.
What This Means For Builders
- Treat July 28 as a hard date. Inventory your MCP servers now, test the beta SDK against real traffic, and drop sticky-session assumptions from your gateway config.
- Run
/doctoron your repos after updating: a trimmedCLAUDE.mdcuts per-session cost with zero behavior loss. - If you run Claude Code unattended, the new transcript-tamper and
rm -rfguardrails are free defense. Update past2.1.205.
Sources
- https://code.claude.com/docs/en/changelog
- https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
- https://blog.modelcontextprotocol.io/posts/sdk-betas-2026-07-28/
- https://www.anthropic.com/news
- https://venturebeat.com/technology/anthropic-brings-claude-cowork-to-mobile-and-web-as-usage-data-shows-most-users-arent-coding