🟡 🤝 Agents Published: · 4 min read ·

Claude Code v2.1.200: Default Permission Mode Changed to Manual

Editorial illustration: Claude Code CLI agent with new security fixes and manual permissions

Anthropic released Claude Code v2.1.200 on July 3, 2026. The default permission mode has been changed to Manual across all interfaces, and AskUserQuestion dialogs no longer resume automatically without explicit configuration. A daemon takeover security vulnerability has been patched, background sessions and sub-agent rate-limit handling have been fixed, and rendering flicker under tmux 3.4+ has been eliminated.

🤖

This article was generated using artificial intelligence from primary sources.

Claude Code v2.1.200 was released on July 3, 2026. The update introduces two changes that directly affect every user’s daily workflow: the default permission mode has been changed from automatic to manual, and AskUserQuestion dialogs no longer resume automatically after the wait timeout expires. Alongside these changes, the release resolves several security and stability issues affecting background sessions, multi-agent scenarios, and terminal rendering.

What Changes in Claude Code Default Settings?

The most visible change in v2.1.200 is that the default permission mode has been changed to “Manual” across all interfaces — the CLI, --help, the VS Code extension, and the JetBrains plugin. The system accepts both the new --permission-mode manual flag and the legacy default parameter for compatibility with existing scripts and configuration files. Users who have been working with automatic action approval will need to explicitly select their preferred mode — either via a startup flag or by setting "defaultMode": "manual" in the configuration.

A parallel change affects AskUserQuestion dialogs: from this version, dialogs no longer continue automatically after the wait timeout expires. Previous versions of Claude Code would automatically resume execution if the user did not respond within the set deadline — behavior that in automated and headless scenarios could lead to unwanted actions without explicit consent. Users who want to retain the previous auto-resume logic can enable it through the /config menu by explicitly activating the idle timeout option.

Security Patch: Daemon No Longer Vulnerable to Takeover

The update resolves a background agent daemon takeover vulnerability. In previous versions, reinstalling an older version of Claude Code could result in the takeover of an active daemon — a potential security hole in multi-user systems, CI/CD environments, or automated installation procedures. From v2.1.200, the daemon rejects requests from binary files with an earlier build timestamp: version authenticity is judged solely by the embedded compile timestamp, not just the semantic version number.

Three background session reliability issues have also been fixed:

  • Sessions that silently stalled mid-turn after a computer sleep/wake cycle now resume without interruption
  • Cancelled turns that were re-run on respawn of a stalled daemon no longer execute twice
  • Crashed daemons with remaining lock files can now be cleanly restarted without manual operator intervention

A startup crash that occurred when the disabledMcpServers or enabledMcpServers field in the .claude.json configuration file contained a non-array value has also been resolved. Such misconfigured files are now handled without crashing the process.

Multi-Agent Pipelines and Sub-Agent Rate-Limit Handling

In multi-agent scenarios, sub-agents that hit the API rate limit before producing any text output were returning an empty result to the parent agent — with no indication that an error had occurred. The parent agent could not distinguish an empty response meaning “no results” from an empty response meaning “work interrupted due to capacity limits.” From v2.1.200, such cases return a clean error message instead of an empty string, which significantly simplifies debugging and enables more robust exception handling in production multi-agent pipelines.

Rendering Fixes and Accessibility Improvements

Users running tmux 3.4 or later may have noticed flickering when rendering output. The cause was unsynchronized terminal communication with the multiplexer: Claude Code now explicitly enables synchronized terminal output, completely eliminating visual flicker in tmux sessions.

A series of improvements has been introduced for screen reader users. Decorative graphic symbols that previously carried no semantic meaning are now hidden from assistive technologies. Symbols that carry informational meaning — such as status indicators and transcript levels — are now read as short, understandable text labels instead of non-semantic glyphs. These changes make Claude Code more accessible to users who rely on screen readers in their daily work.

Other fixes in v2.1.200 include: correct plugin loading from git worktree directories, improved voice dictation messaging, /mcp server focus tracking in the interface, and filtering of control bytes from agent output that in some cases caused result parsing issues.

Frequently Asked Questions

How does permission mode work in Claude Code after v2.1.200?
The default permission mode is Manual — Claude Code requests approval for every action. The previous automatic mode can be set via the --permission-mode flag or the defaultMode option in the configuration file. The change applies in the CLI, VS Code, and JetBrains.
What was patched in the daemon security vulnerability?
Reinstalling an older version of Claude Code can no longer take control of an active daemon. From v2.1.200, the daemon rejects requests from binaries with an earlier build timestamp, as version authenticity is judged solely by the embedded compile timestamp.
What changed for screen reader users?
Decorative graphic symbols are now hidden from assistive technologies, and symbols that carry informational meaning are now read as short text labels instead of glyphs. These changes improve accessibility for users who rely on screen readers.