CLAUDE CODE SHIFTS TO MANUAL PERMISSIONS AND DISABLES AUTO-CONTINUE BY DEFAULT
Claude Code changed its defaults to require manual approvals and stopped auto-continuing, pushing agent behavior toward safer operations. In v2.1.200, Claude C...
Claude Code changed its defaults to require manual approvals and stopped auto-continuing, pushing agent behavior toward safer operations.
In v2.1.200, Claude Code changed AskUserQuestion dialogs to not auto-continue and set the “default” permission mode to “Manual” across the CLI, VS Code, and JetBrains releases. A crash on invalid MCP server arrays in .claude.json was also fixed.
A follow-up v2.1.201 removed mid-conversation system-role harness reminders for Sonnet 5 sessions, reducing hidden control cues releases. This lands alongside security writeups showing agent tools can be steered into dangerous actions, including a clean repo masking a reverse shell TechRadar and a critique of broad, unaudited local MCP access DEV.
Safer defaults reduce the blast radius when agents interact with repos, shells, and MCP tools.
Teams relying on automation may see slower loops and need to re-tune approval flows.
-
terminal
In a sandbox, run an agent against a repo seeded with malicious instructions and compare behavior with Manual mode on vs off; tune MCP allowlists.
-
terminal
Validate .claude.json types for enabled/disabledMcpServers and confirm Sonnet 5 sessions behave as expected without mid-conversation system-role cues.
Legacy codebase integration strategies...
- 01.
Roll out defaultMode:"manual" across team dotfiles and CI runners; update docs and training to expect more approval prompts.
- 02.
Audit enabled MCP servers and narrow to a strict allowlist; add OS/container isolation for any shell or network tools.
Fresh architecture paradigms...
- 01.
Start with Manual permissions, no auto-continue, and minimal MCP surface; add tools only with explicit rationale.
- 02.
Design ephemeral, sandboxed agent runs and treat all repo content as untrusted input in your threat model.
Get daily CLAUDE-CODE + SDLC updates.
- Practical tactics you can ship tomorrow
- Tooling, workflows, and architecture notes
- One short email each weekday