Claude Code 2.1.136: Action Safety, Hard Deny Rules, and Security Monitor
Claude Code v2.1.136 brings significant changes to agent safety and rule enforcement across system prompt, agent prompt, and tool descriptions. Here's what's new and how it affects autonomous agent behavior.
System Prompt: Action Safety & Truthful Reporting
The updated system prompt now requires agents to seek confirmation before performing irreversible or outward-facing actions, unless those actions have been durably authorized. Agents must inspect targets before deleting or overwriting them. Reporting requirements emphasize faithful disclosure of skipped steps, failed tests, and verified outcomes—no glossing over failures.
Agent Prompt: Auto Mode Rule Reviewer
A new custom-rule category hard_deny is introduced as a fourth option alongside the existing allow, deny, and soft_deny. hard_deny unconditionally blocks actions at the security boundary—user intent cannot override it. The existing soft_deny category is narrowed to cover only destructive or irreversible actions that clear user intent can authorize.
Agent Prompt: Security Monitor for Autonomous Agent Actions
Security monitor logic is restructured into two parts. Part one splits blocking into unconditional hard blocks and user-authorizable soft blocks. The default rule is updated, and user intent can no longer clear hard-block security boundaries. Part two moves data exfiltration into the hard-block set, adds hard-block coverage for safety-check bypasses, and treats any external service or download source guessed by the agent as untrusted.
Tool Description: Edit
The Edit tool description now restores the line-number prefix format as a template variable, while preserving the guidance that line prefixes should be excluded from actual edit strings. This is a cleanup fix for consistency.
These changes tighten the safety envelope for autonomous Claude Code agents. Developers relying on custom rules should update their configurations to leverage hard_deny for security-critical blocks. Full prompt diffs are available in the release.
📖 Read the full source: r/ClaudeAI
👀 See Also
SWE-rebench Leaderboard Update: February 2026 Results Show Tight Competition
The SWE-rebench leaderboard has been updated with February 2026 results testing 57 fresh GitHub PR tasks. Claude Opus 4.6 leads with 65.3% resolved rate, but the top six models are within 5 percentage points.
ChatGPT Workspace Agents Free Preview Ends Today — How It Compares to OpenClaw and Hermes
OpenAI's ChatGPT Workspace Agents free preview ends May 6, switching to credit-based pricing. The Reddit post compares it to OpenClaw, Hermes, and managed platforms like BetterClaw for team vs. personal use.
Anthropic Doubles Claude Code Usage Limits, Signs SpaceX Compute Deal
Anthropic doubled five-hour usage windows for Claude Code Pro and Max subscribers, removed peak-hour reductions, and raised API limits for Opus, citing a new deal with SpaceX for 300+ MW of compute capacity from the Colossus 1 supercomputer (220,000+ NVIDIA GPUs).
Claude API experienced elevated error rates across multiple models on February 25, 2026
Claude's API at api.anthropic.com experienced elevated error rates across multiple models on February 25, 2026, with investigation starting at 17:15 UTC and resolution confirmed at 17:46 UTC.