0832026-07-04

Claude Report — 2026-07-04


🚀 Anthropic Official

Claude Code v2.1.200 and v2.1.201 (Jul 3)

  • v2.1.200 changes the "default" permission mode to "Manual" across the CLI, --help, VS Code, and JetBrains, and stops AskUserQuestion dialogs from auto-continuing by default (opt into an idle timeout via /config).
  • Fixes a startup crash from malformed disabledMcpServers/enabledMcpServers values, background sessions silently stopping after sleep/wake, background agents failing to restart after a daemon crash left a stale daemon.lock, and subagents cut off by rate limits returning empty results instead of partial work.
  • v2.1.201 stops Claude Sonnet 5 sessions from using the mid-conversation system role for harness reminders.

Anthropic's China crackdown escalates: covert tracking code exposed, Alibaba bans Claude Code (Jul 1 & Jul 4)

  • Anthropic used steganographic techniques — invisible Unicode markers and XOR encryption — to hide detection code in Claude Code that flagged suspicious base URLs, timezones, and hostnames tied to Chinese AI labs and unauthorized resellers; it's now removing the covert mechanism now that stronger anti-distillation protections are in place.
  • Alibaba responds (Jul 4) with a company-wide ban on Claude Code effective July 10, citing security risks and a suspected backdoor, after Anthropic accused Alibaba of running 25,000 fake accounts for unauthorized model distillation between April and June.

🔌 Claude Code Plugins

Plugin tracking skipped — ranking cache unavailable this cycle.

🛠️ Skills

Piebald-AI/claude-code-system-prompts

Tracks Claude Code's internal system prompt for v2.1.200 (+6,194 tokens) and v2.1.201 (no changes) on Jul 3, continuing its release-by-release size log.

Unchanged in window: anthropics/skills, alirezarezvani/claude-skills, glebis/claude-skills, ComposioHQ/awesome-claude-skills

🤖 Agents & Subagents

anthropics/claude-agent-sdk-typescript

Ships v0.3.200 and v0.3.201 (Jul 3): adds 'manual' as an accepted alias for the 'default' permission mode in SDK inputs, fixes onSetPermissionMode not firing for SDK-hosted Remote Control sessions, rejects unrecognized model strings in set_model before they latch, and syncs to Claude Code v2.1.201 parity.

nicobailon/pi-subagents

Ships v0.32.0 through v0.33.1 (Jul 1–3): adds subagent tool budgets, a wait tool with dynamic key hints, enforces explicit clarify steps for chains, and fixes detached foreground run-status recovery and Windows atomic JSON rename locks.

affaan-m/everything-claude-code (ECC)

Adds Kimi Code CLI and Hermes/OpenClaw harness install targets (Jul 4), plus GATEGUARD_EXEMPT_GLOBS path exemptions for its guardrail system.

Unchanged in window: anthropics/claude-plugins-official (agents), Chachamaru127/claude-code-harness

🔗 MCPs & Integrations

portainer/portainer-mcp

Ships v2.43.1 (Jul 2): adds a new GITOPS profile bundling git source management tools, improves JMESPath error diagnostics for double-escaped quotes, and expands its hygiene guide with four field-tested additions.

Unchanged in window: modelcontextprotocol/typescript-sdk, awslabs/mcp, modelcontextprotocol/python-sdk, github-mcp-server

💡 Community — Workflows & Ideas

Pentera Labs turns Claude Desktop into a "double agent" (Jul 1)

Red teamers compromised a developer's email, injected malicious instructions into Claude's synced personalization settings, and used command-capable MCP tools like Desktop Commander to reach remote code execution — falling back to fake error dialogs with malware links when no command tool was available.

📰 Quick Mentions

No relevant news today.

← back to archiveend of edition № 083