Claude Code 2.1.136: Action Safety, Hard Deny Rules, and Security Monitor

Claude Code v2.1.136 brings significant changes to agent safety and rule enforcement across system prompt, agent prompt, and tool descriptions. Here's what's new and how it affects autonomous agent behavior.
System Prompt: Action Safety & Truthful Reporting
The updated system prompt now requires agents to seek confirmation before performing irreversible or outward-facing actions, unless those actions have been durably authorized. Agents must inspect targets before deleting or overwriting them. Reporting requirements emphasize faithful disclosure of skipped steps, failed tests, and verified outcomes—no glossing over failures.
Agent Prompt: Auto Mode Rule Reviewer
A new custom-rule category hard_deny is introduced as a fourth option alongside the existing allow, deny, and soft_deny. hard_deny unconditionally blocks actions at the security boundary—user intent cannot override it. The existing soft_deny category is narrowed to cover only destructive or irreversible actions that clear user intent can authorize.
Agent Prompt: Security Monitor for Autonomous Agent Actions
Security monitor logic is restructured into two parts. Part one splits blocking into unconditional hard blocks and user-authorizable soft blocks. The default rule is updated, and user intent can no longer clear hard-block security boundaries. Part two moves data exfiltration into the hard-block set, adds hard-block coverage for safety-check bypasses, and treats any external service or download source guessed by the agent as untrusted.
Tool Description: Edit
The Edit tool description now restores the line-number prefix format as a template variable, while preserving the guidance that line prefixes should be excluded from actual edit strings. This is a cleanup fix for consistency.
These changes tighten the safety envelope for autonomous Claude Code agents. Developers relying on custom rules should update their configurations to leverage hard_deny for security-critical blocks. Full prompt diffs are available in the release.
📖 Read the full source: r/ClaudeAI
👀 See Also

SPLICE Benchmark Reveals VLMs Struggle with Temporal Reasoning, Rely on Language Priors
Research presented at EMNLP 2025 shows vision-language models score poorly on a video sequencing task where humans excel, with models like Gemini 2.0 Flash reaching 51% accuracy versus human performance of 85%. Models frequently rely on visual shortcuts and language descriptions rather than true visual understanding.

DeepSeek V4 Flash Cost Breakdown: Cache Hit Rate and Price Ratio Explained
DeepSeek V4 Flash costs 0.0066x per agentic task compared to Opus 4.7, driven by 97% cache hit rate and 0.02 cache read-write price ratio.

Local LLM Struggles with Unreal Engine Solitaire: Qwen 3.6-27B Burns 687k Tokens on One Card
A developer's attempt to build a Solitaire game in Unreal Engine using Qwen 3.6-27B consumed 687k tokens for a single card, requiring manual intervention for PNG downloads, mesh creation, and heavy prompting.

Terry Tao on AI Proof Checkers: Lean, Collaboration, and Formal Maths
Terry Tao predicts mathematicians will collaborate in hundreds and have proofs checked by computers like Lean, not humans. A Quanta Magazine excerpt explores this vision.