Claude Code 2.1.136 adds autoMode.hard_deny and fixes MCP OAuth refresh races

• Claude Code 2.1.136 adds settings.autoMode.hard_deny, which lets auto-mode classifier rules block actions unconditionally instead of letting user intent or allow exceptions punch through, according to ClaudeCodeLog's 2.1.136 changelog thread and the official changelog.
• The highest-value fixes are all around MCP state: ClaudeCodeLog's release summary says multi-server refreshes no longer drop OAuth refresh tokens, while the detailed changelog says MCP servers and connectors also stop disappearing after /clear in the VS Code extension, JetBrains plugin, and Agent SDK.
• ClaudeCodeLog's additional-updates post shows five new env vars, two model-surface additions, and a small metadata bump of +117.8 kB bundle size and +534 prompt tokens, with system prompts taking a larger share of the prompt mix.
• An early claim that 2.1.136 materially changed the system prompt did not hold up. ClaudeCodeLog's correction says the apparent Bun log changes were an extraction artifact and that the re-extracted native prompt showed no meaningful changes versus 2.1.133.
• Anthropic shipped another patch quickly after this one. LLMpsycho's 2.1.137 note says 2.1.137 followed with a Windows-specific VS Code extension activation fix.

You can read the official 2.1.136 changelog, browse the community-maintained diff and metadata tracker, and check a fresh Windows image-paste issue that lines up with the release's WSL2 clipboard work.

The headline feature is small but concrete: settings.autoMode.hard_deny gives Claude Code an unconditional deny path inside auto mode. The official changelog describes it as a classifier rule that blocks regardless of user intent or allow exceptions.

That is a real policy knob, not UI polish. ClaudeCodeLog's release summary framed it as the change that stops intent overrides, which is the part engineers running unattended or semi-attended flows will care about.

Most of 2.1.136 is reliability work around MCP-backed sessions and long-running state.

• MCP servers configured in .mcp.json, plugins, and claude.ai connectors no longer disappear after /clear in the VS Code extension, JetBrains plugin, and Agent SDK, per the detailed changelog and the GitHub releases feed.
• Concurrent credential writes no longer overwrite a freshly rotated OAuth token and force a login loop, according to ClaudeCodeLog's changelog thread.
• Concurrent MCP refreshes no longer lose refresh tokens, which ClaudeCodeLog's release summary says should cut down repeated reauthentication for users running several remote servers.
• --resume and --continue now work when a project path contains underscores, according to the same changelog thread.
• WSL2 image paste from the Windows clipboard now falls back to PowerShell when xclip or wl-paste cannot read image data, matching the failure mode described in the Windows image-paste issue.

The side-channel tracker run by marckrenn's release page surfaced the rest of the release shape:

• Added env vars: CLAUDE_CODE_BENCH_LIVE_COUNTS, CLAUDE_CODE_BYOC_ENABLE_DATADOG, CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL, CLAUDE_CODE_MID_CONVERSATION_SYSTEM, CLAUDE_CODE_NATIVE_CURSOR.
• Added model strings: claude-empty-, claude-mythos-preview.
• Removed model string: claude-empty-K.
• Metadata delta: +117.8 kB bundle size, +1 prompt file, +534 prompt tokens.
• Prompt mix shift: system prompts rose from 39.6% to 45.5%, while system-reminder prompts dropped from 16.4% to 9.6%, per ClaudeCodeLog's metadata summary.

The noisier story briefly looked like a system-prompt rewrite. ClaudeCodeLog's initial prompt-analysis post claimed the release had weakened security gating and replaced harness guidance with Bun hot-module-reload noise.

That claim was later corrected. ClaudeCodeLog's correction says the Bun lines came from an extraction artifact, and the fixed prompt extraction showed no meaningful system-prompt changes versus 2.1.133.

ClaudeCodeLog's metadata summary puts 2.1.136 just 13 hours, 22 minutes after 2.1.133. That matters because 2.1.133 had already spent much of its changelog on race conditions and session integrity, including a fix for parallel sessions dead-ending at 401 after a refresh-token race, according to ClaudeCodeLog's 2.1.133 release post.

The next patch landed just as quickly. LLMpsycho's 2.1.137 note says 2.1.137 shipped a Windows-specific VS Code extension activation fix, which makes 2.1.136 look like one stop in a very fast stabilization run rather than a stand-alone feature release.