Claude Code 2.1.136: Action Safety, Hard Deny Rules, and Security Monitor

Claude Code v2.1.136 brings significant changes to agent safety and rule enforcement across system prompt, agent prompt, and tool descriptions. Here's what's new and how it affects autonomous agent behavior.
System Prompt: Action Safety & Truthful Reporting
The updated system prompt now requires agents to seek confirmation before performing irreversible or outward-facing actions, unless those actions have been durably authorized. Agents must inspect targets before deleting or overwriting them. Reporting requirements emphasize faithful disclosure of skipped steps, failed tests, and verified outcomes—no glossing over failures.
Agent Prompt: Auto Mode Rule Reviewer
A new custom-rule category hard_deny is introduced as a fourth option alongside the existing allow, deny, and soft_deny. hard_deny unconditionally blocks actions at the security boundary—user intent cannot override it. The existing soft_deny category is narrowed to cover only destructive or irreversible actions that clear user intent can authorize.
Agent Prompt: Security Monitor for Autonomous Agent Actions
Security monitor logic is restructured into two parts. Part one splits blocking into unconditional hard blocks and user-authorizable soft blocks. The default rule is updated, and user intent can no longer clear hard-block security boundaries. Part two moves data exfiltration into the hard-block set, adds hard-block coverage for safety-check bypasses, and treats any external service or download source guessed by the agent as untrusted.
Tool Description: Edit
The Edit tool description now restores the line-number prefix format as a template variable, while preserving the guidance that line prefixes should be excluded from actual edit strings. This is a cleanup fix for consistency.
These changes tighten the safety envelope for autonomous Claude Code agents. Developers relying on custom rules should update their configurations to leverage hard_deny for security-critical blocks. Full prompt diffs are available in the release.
📖 Read the full source: r/ClaudeAI
👀 See Also

Anthropic Deprecates Fixed Extended Thinking, Forces Adaptive Thinking on Claude Models
Anthropic is deprecating manual extended thinking (fixed budget) on Opus 4.6 and Sonnet 4.6, and removing it entirely on Opus 4.7 (returns 400 error). Adaptive thinking will be enforced by default, sparked community backlash over perceived cost-cutting.

Mark Zuckerberg Developing AI Agent for CEO Assistance
Mark Zuckerberg is building an AI agent to assist with CEO responsibilities, according to a Wall Street Journal report discussed on Hacker News with 37 points and 30 comments.

Current LLM Cost Comparison: Deepseek, Qwen, MiniMax vs OpenAI
A Reddit analysis shows Deepseek-V3.2 at $0.26/$0.38 per million tokens is approximately 10x cheaper than GPT-4 while delivering GPT-5 class benchmark performance, with Qwen3.5 and MiniMax-M2.5 offering competitive alternatives to Claude and OpenAI.

Anthropic Raises Claude Limits and Adds SpaceX Compute Capacity
Anthropic has increased Claude usage limits and secured a compute deal with SpaceX. The Reddit discussion weighs whether this is just infra scaling or a strategic move toward making Claude a better platform for agentic work.