Skip to main content
Springvanta
All posts
Dev Tool ChangelogMay 29, 2026 · 6 min read

Dev tool changelog: Claude Code's security fixes, Codex goals, Cursor canvases, and Antigravity's rough launch

Seven AI dev tools shipped updates this week. Claude Code patched PowerShell sandbox bugs, Codex turned on goals by default, Cursor added shared canvases and /loop, and Antigravity 2.0 launched with a rocky rollout.

By Springvanta

Claude Code (v2.1.147-2.1.153)

Anthropic shipped seven Claude Code releases in eight days. The pace is aggressive.

  • /code-review replaces /simplify. The old command is gone. /code-review --fix now applies findings to your working tree and can post inline GitHub PR comments. Effort levels are configurable (/code-review high).
  • Auto mode no longer requires opt-in. You just use it. The classifier that handles permission prompts is on by default now.
  • Skills can block tools. Frontmatter now supports disallowed-tools, so a skill can remove specific tools from the model while active. /reload-skills lets you re-scan without restarting.
  • PowerShell security fixes. Three separate fixes in v2.1.149 close a permission bypass where built-in cd shortcuts (cd.., cd\, cd~) changed the working directory undetected. The sandbox write allowlist in git worktrees was also too permissive. If you run Claude Code on Windows, update immediately.
  • /usage gets per-category breakdown. Shows costs by skill, subagent, plugin, and individual MCP server.
  • Model fallback. If your configured model isn't found, Claude Code switches to --fallback-model for the rest of the session instead of failing every request.
  • Vim mode / now does reverse history search. Matches bash/zsh vi-mode behavior.
  • /model saves as default. Press s in the picker to switch for the current session only.

Quick take: The /simplify to /code-review rename is a breaking change disguised as a rename. If you had /simplify in any scripts or hooks, they'll fail silently. The PowerShell security patches are the real headline here.

Sources: Claude Code Changelog, Claude Code What's New

OpenAI Codex (v0.131.0-0.135.0)

Codex shipped five releases in ten days, with the Python SDK getting the most attention.

  • Goals are now on by default. Backed by dedicated storage, they track progress across active turns. No configuration needed.
  • Conversation history search. v0.134.0 adds case-insensitive content search across local history with result previews.
  • --profile is the primary selector. Legacy profile configs are rejected with migration guidance. Permission profiles got list APIs, inheritance, and managed requirements.toml support.
  • Read-only MCP tools run concurrently. If a tool advertises readOnlyHint, Codex will run multiple in parallel. This is a meaningful speed improvement for MCP-heavy workflows.
  • Python SDK: first-class auth. API key login, ChatGPT browser and device-code flows, account inspection, and logout. The SDK also moved to openai-codex / openai_codex package names.
  • codex doctor added. Support-ready diagnostics across runtime, auth, terminal, network, config, and local state. Useful for filing bugs.
  • Vim mode improvements. Text-object editing, better word/line-end behavior, configurable interrupt-turn binding.

Quick take: The --profile migration is a breaking change if you had legacy profile configs. Check your setup before upgrading. The concurrent read-only MCP execution is worth the update alone if you use MCP tools.

Sources: Codex Changelog, Codex GitHub Releases

Cursor (v3.5)

Cursor had one release this week, but it was packed.

  • Shared canvases. Agents create interactive artifacts (reports, dashboards, custom interfaces). You can now share a live snapshot link with teammates, viewable in the browser. Available on Pro, Teams, and Enterprise.
  • /loop skill. Run a prompt repeatedly on a schedule, until an outcome is achieved, or until you stop it. Examples: "check deploy status every 5 minutes" or "work on this feature until tests pass." If you don't specify an interval, the agent decides when to wake.
  • Automations in the Agents Window. Previously only on cursor.com/automations. Now you can create and manage them in the IDE.
  • Multi-repo automations. Attach multiple repos to a single automation so the agent reasons across all of them.
  • No-repo automations. Automations that monitor tools and act on signals, no code required. Five templates shipped: Slack digest, product analytics, product FAQ, finance reports, customer health.
  • Jira integration. Mention @Cursor in a Jira comment to kick off a cloud agent. Requires Jira Commercial Cloud with Rovo enabled.

Quick take: Cursor is quietly building an automation platform inside the IDE. The no-repo templates are the most interesting part, since they target workflows that have nothing to do with writing code. The Jira integration is limited to Jira Cloud with Rovo, which excludes a lot of teams.

Sources: Cursor Changelog, Cursor in Jira

Zed (v1.3.6-1.4.2)

Zed shipped three releases, with v1.4.2 being the biggest.

  • Agent skills. Zed's agent now supports skills, matching a pattern that Claude Code and Cursor established.
  • Global AGENTS.md. A user-wide instructions file alongside settings.json, included in every project's system prompt. Commands to open global and project-specific rules files.
  • MCP image output. The agent can now receive images from MCP tools.
  • OAuth pre-registration for MCP. The built-in MCP client supports registering with a client ID and client secret.
  • Gemini 3.5 Flash support. Added in v1.3.6, along with thinking levels for Google models.
  • Base branch in diff view. You can now choose which branch to diff against.
  • editor: toggle all diff hunks. Expand or collapse all hunks at once.

Quick take: Zed adding skills and AGENTS.md is them catching up to where Claude Code and Cursor already are. The MCP image output support is useful for tools that return screenshots or charts.

Sources: Zed v1.4.2, Zed v1.3.6

OpenCode (v1.15.7-1.15.10)

OpenCode shipped four releases this week, with the diff viewer redesign being the main event.

  • Diff viewer redesign. Now enabled by default with a file tree, refreshed layout, and proper keyboard shortcuts. Breaking change if you had it disabled in settings.
  • Grok OAuth sign-in. Added xAI Grok OAuth with device-code login, contributed by @Jaaneek.
  • New desktop UI. A redesigned home view, session entry flow, and titlebar.
  • Experimental background subagents. Tasks can keep running while you continue working.
  • HTTP API response compression. For large non-streaming responses.
  • Built-in customize-opencode skill. Makes config edits less likely to break startup.

Quick take: The diff viewer being enabled by default is a breaking change that's easy to miss. The Grok OAuth addition is community-contributed, which is interesting, as OpenCode is pulling in provider support from outside its core team.

Sources: OpenCode Changelog, OpenCode GitHub Releases

Antigravity 2.0 (v2.0.0-2.0.1)

Google shipped the biggest change of any tool this week, and it didn't go smoothly.

  • Complete rebuild as standalone agent platform. Antigravity 2.0 is no longer an AI code editor. It's an "agent control tower" for supervising multiple AI agents. The traditional IDE still exists but must be downloaded separately.
  • Five surfaces shipped at once: standalone desktop app, Antigravity CLI (replaces Gemini CLI, built in Go), Python/TS/Go SDK, Managed Agents API, and Gemini Enterprise Agent Platform.
  • Gemini 3.5 Flash is the default model. Google claims 4x faster output than other frontier models, with a temporary 12x speedup on Antigravity.
  • $100/month AI Ultra plan. Down from $250. Includes 5x Pro limits.
  • Gemini CLI sunsets June 18, 2026. Forced migration for Pro/Ultra users.

What broke

The rollout was rough enough to warrant its own section:

  • The new installer hijacked the IDE executable, making the IDE inaccessible for many users.
  • Old conversations and workspaces vanished because the new IDE uses a different storage path.
  • WSL and Remote SSH are non-functional in 2.0/2.0.1.
  • Users reported burning through daily tokens just trying to configure the environment.
  • v2.0.1 fixed CJK project migration, duplicate project creation, and Google One credit issues. A 2.0.2 patch is expected.

Quick take: Shipping a complete product rebuild as an automatic update with no opt-in was a bad call. The architecture is interesting, but the execution burned developer trust. If you're on Antigravity 1.x, wait for 2.0.2 before updating.

Sources: Google I/O 2026 Announcement, Gemini CLI Transition, Google AI Developers Forum

Windsurf (v2.3.9)

Windsurf had a quiet week.

  • Bug fixes. Fixed swe-check model availability for some users, improved terminal processing performance, restored conversation sharing, repaired Devin local agent path resolution on WSL.

Last week Windsurf added Claude Opus 4.7 fast mode (full intelligence, ~2.5x output speed) and Devin Review for all IDE users.

Sources: Windsurf Changelog

Continue reading

← Previous

MCP Goes Stateless as OpenAI Ships Enterprise Tunnels

Next →

Google Preferred Sources + AI Citations: What the May 27 Convergence Means for Your Pipeline

Read more

Like this kind of writing?

One email when something good ships — usually once or twice a month.

SubscribeAll posts