Skip to main content
Springvanta
All posts
Dev Tool ChangelogJun 5, 2026 · 6 min read

Dev tool changelog: Claude Code plugins, Cursor auto-review, Codex Sites, Zed agent skills

Claude Code shipped 7 releases with plugin auto-loading and security hardening. Cursor added auto-review mode. Codex launched hosted Sites. Zed got agent skills.

By SpringVanta

Claude Code shipped seven releases in six days. Cursor rolled out canvas design mode and a new safety tier. Codex added hosted Sites and enterprise plugins. Zed got agent skills and a Mermaid renderer. Here's what changed and what matters.

Claude Code

Seven releases this week (v2.1.156 through v2.1.162). The ones worth knowing about:

Plugin auto-loading (v2.1.157, May 29). Plugins now auto-load from .claude/skills directories in your project. No marketplace, no config editing. claude plugin init scaffolds a new plugin skeleton. Plugins loaded from local directories, no vendor-controlled store in the middle.

Auto mode on Bedrock, Vertex, and Foundry (v2.1.158, May 30). Enterprise users on cloud-hosted Opus 4.7 and Opus 4.8 can now run autonomous agent mode. Set CLAUDE_CODE_ENABLE_AUTO_MODE=1 to opt in. Previously Anthropic-direct only.

Background sessions keep their history (v2.1.160, June 2). Restored background sessions now retain chat context instead of re-running the original prompt from scratch. If you run long-lived background agents, this fixes the problem where restoring a session burned tokens redoing work already done.

Security prompts for dotfiles and build config (v2.1.160, June 2). Claude Code now asks before writing to .zshenv, .bash_login, .npmrc, .pre-commit-config.yaml, and similar files. acceptEdits mode also prompts on build-tool config files. An agent can no longer silently inject commands into your shell startup files.

MCP secrets redacted in terminal output (v2.1.161, June 2). claude mcp list/get/add now redacts API keys and doesn't expand ${VAR} references on screen. Screen-share or paste terminal output in a PR without leaking MCP server tokens.

Parallel tool calls no longer cascade failures (v2.1.161, June 2). A failed Bash command no longer cancels sibling tool calls in the same batch. Reliable fix for multi-step agent workflows.

Agent orchestration visibility (v2.1.161-162, June 2-3). claude agents rows now show done/total progress. The --json output includes a waitingFor field showing what a session is blocked on (permission prompt, for example).

Breaking changes

  • CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE is deprecated (removal was June 1). Use /model claude-opus-4-6[1m] then /fast on instead.
  • Lean system prompt is now the default for all models except Haiku, Sonnet, and Opus 4.7 and below. If you relied on the full system prompt for custom behavior, test your workflows.
  • modelPicker:setAsDefault keybinding renamed to modelPicker:thisSessionOnly in keybindings.json. Manual migration required.

Cursor

Three releases this week. Two are substantial.

Auto-review run mode (v3.6, May 29). Cursor added a middle ground between Default (approve everything) and YOLO (approve nothing). The new auto-review mode runs a three-tier check: allowlist first, then sandbox execution, then a small classifier agent that evaluates context and decides whether to allow, try a safer approach, or surface to the user. You can give the classifier custom instructions like "allow all git commands" or "ask before rm." Finally, a safety layer between constant approval prompts and YOLO mode.

Quick take: first coding editor to ship a built-in AI safety classifier for tool execution. Expect others to follow.

Enterprise Organizations GA (v3.6.1, June 3). Top-level org containers with teams and groups underneath. Each team gets independent security, spend, and governance settings. Multi-team membership with different roles per team. IDP integration at the org level. If you're evaluating Cursor for a company over 20 people, this is what you were waiting for.

Design Mode in canvases (v3.7, June 4). Select and annotate UI elements directly in a canvas to guide agent edits. Point at what you want changed instead of describing it in text. The same release adds a context usage report that breaks down your token spend across system prompt, tool definitions, rules, skills, and MCPs, with a "Debug with Agent" button to find optimization opportunities.

Quick take: the context usage report alone is worth the update. Most developers have no idea how many tokens their rules and MCP servers burn on every request.

OpenAI Codex

Codex is stretching beyond coding into general work tooling this week.

Sites preview (June 2). Create, deploy, and share interactive websites, dashboards, and web apps hosted directly by OpenAI. Share via workspace URLs. Manage environment variables and secrets in the hosted environment. Available on ChatGPT Business by default; Enterprise admins enable via RBAC.

Quick take: this turns Codex into a deployment target. Build in Codex, ship to an OpenAI-hosted URL, skip the CI pipeline entirely. For internal tools and prototypes, that removes a whole infrastructure layer.

Amazon Bedrock support (June 1). Codex can now use supported OpenAI models through Amazon Bedrock, with AWS-managed auth and billing. Relevant if your org requires all AI workloads to route through AWS.

Session archiving (Codex CLI v0.136.0, June 1). /archive in the TUI or codex archive in the CLI. Archived sessions are protected from resume and fork operations. Cleanup for anyone with dozens of stale sessions cluttering the list.

Six role-specific plugins (June 2). 62 business apps and 110 skills bundled into role presets: Data Analytics (Snowflake, Databricks, Hex, Tableau), Creative Production (Figma, Canva, Shutterstock), Sales (Salesforce, HubSpot, Outreach, Clay), Finance (S&P, PitchBook), Due Diligence, and Data Science. Codex is not just for developers anymore.

Security fixes (CLI v0.136.0, June 1). /diff no longer runs repo-provided git hooks. PowerShell parser blocked on non-Windows. Browser-origin websocket handshakes rejected. Token refresh now happens before the 5-minute expiry window.

Windows alpha sandbox. codex sandbox setup --elevated provisioning path for Windows. Still alpha, but progress.

Zed

Three releases. The standout: agent skills.

Agent Skills support (v1.4.2, May 27). Zed now supports agent skills, plus a global AGENTS.md file for user-wide instructions. Same pattern Claude Code uses. The AGENTS.md convention is spreading across editors.

Mermaid renderer (v1.5.3, June 3). New built-in Mermaid renderer for faster, more accurate diagrams. Also: import skills from GitHub Markdown URLs in the Skill Creator, rename agent threads in sidebar, and OpenAI Fast Mode for both ChatGPT subscription and API providers.

OpenCode model updates (v1.5.3, June 3). Added Gemini 3.5 Flash and Grok Build 0.1. Removed MiniMax M2.5 Free.

Copilot fixes (v1.4.3-1.4.4, May 28). Fixed invalid_request_body error with GPT models and empty model dropdown on newer Copilot SDK builds.

Windsurf (Devin Desktop)

Two releases this week.

Claude Opus 4.8 added (v3.0.12, May 28-29). Regular pricing at $5/$25 per million tokens. Fast Mode at $10/$50 per million tokens.

Devin Local agent updated. Editor-aware context (reads open files). MCP tool permissions now offer session-level or permanent approval. Plan mode improved for OS sandbox. "Always Allow" grants persist across sessions.

Quick take: MCP permission persistence matters daily. Re-approving the same MCP tool every session is a real friction point, and this fixes it.

Antigravity

Two releases, both bug fixes.

v2.0.10 (May 28). Fixed a Google One credit bug where credits weren't being applied correctly.

v2.0.11 (June 3). Fixed dark blank screen on startup when certain antivirus products are installed. Fixed "Open IDE" button bugs.

No new features this week.

OpenCode

No changes. The opencode-ai/opencode GitHub repository was archived on September 18, 2025. Last release was v0.0.55. Dropping it from future changelogs.

Claude Code shipped more security hardening and plugin infrastructure in seven releases than most tools manage in a month. Cursor's auto-review mode is the first graduated safety layer between "approve everything" and "let it rip." Codex is becoming a full work platform with hosted deployment and role-specific plugins. Zed shipped agent skills, joining the AGENTS.md standard. The pattern across tools: safety layers and expansion beyond coding into general work.

Sources: Claude Code changelog, Claude Code GitHub releases, Cursor changelog, OpenAI Codex, Zed releases, Windsurf changelog, Antigravity releases

Continue reading

← Previous

Microsoft Dropped Claude Code. The Reason Tells You Who Wins.

Next →

Google Reports AI Impressions Without Clicks. Microsoft Builds Search for Agents.

Read more

Like this kind of writing?

One email when something good ships — usually once or twice a month.

SubscribeAll posts