Skip to main content
Springvanta
All posts
Dev Tool ChangelogJun 26, 2026 · 6 min read

Dev Tool Changelog: Codex Remote GA, Claude Code OTEL Shift, Zed Sandbox

Six AI coding tools shipped updates this week. Claude Code's OTEL default change, Codex Remote reaching GA, and Zed's agent sandbox controls headline the roundup.

By SpringVanta

Six AI coding tools shipped updates this week. Three of them touched agent governance, security, or observability in ways that matter if you're running these tools in production. Here's what changed.

Dev tool releases timeline June 19-26, 2026

Claude Code v2.1.193 (June 25)

One release this week, but it includes a behavior change worth flagging before you upgrade.

The OTEL shift. A new claude_code.assistant_response OpenTelemetry log event now captures the model's response text. It defaults to following the existing OTEL_LOG_USER_PROMPTS setting. Translation: if your deployment already logs prompt content (a common setup for audit trails), upgrading to 2.1.193 will start logging model responses too — without any config change on your end. If that's not what you want, set OTEL_LOG_ASSISTANT_RESPONSES=0 explicitly.

This is the kind of silent default change that catches security teams off guard. The data is useful for debugging and audit, but "we started collecting response text automatically" is a sentence nobody wants to deliver to their DPO after the fact.

Other changes:

  • autoMode.classifyAllShell routes all shell commands through the auto-mode classifier, not just arbitrary code execution patterns
  • Auto-mode denial reasons now surface in the transcript and /permissions
  • Live file path autocomplete in bash mode (!)
  • MCP server auth startup notice when servers need authentication
  • Idle background shells auto-reaped under memory pressure
  • Background agents no longer told to "end your response" on launch — they keep working
  • MCP headersHelper auto-reconnects on 401/403
  • Plugin marketplace renames maps followed automatically
  • Fixed pinned agents getting re-prompted after every auto-update
  • Fixed phantom "general-purpose (resumed)" subagent spawning during backgrounding

Quick take: The OTEL change is the headline. Everything else is incremental polish on the background agent experience, which has been rough around the edges for a few releases. The denial-reason surfacing is useful for teams reviewing agent behavior post-hoc.

OpenAI Codex — Remote GA + three CLI releases

Codex had the biggest week by volume. Three CLI versions shipped (v0.142.0, v0.142.1, v0.142.2) plus the general availability of Codex Remote.

Codex Remote reaches GA (June 25). You can now use Codex from the ChatGPT mobile app to start, monitor, and approve work on a connected Mac or Windows host. Pairing is QR-based (one-to-one between device and host). A new DigitalOcean plugin lets Codex provision a Droplet, configure SSH, and connect it as a remote workspace. Connections from before June 8 stay paired; older ones need re-pairing.

CLI v0.142.0 (June 22) — the heavy release:

  • Configurable rollout token budgets that track usage across agent threads, remind you of remaining budget, and abort turns when exhausted
  • Multi-agent delegation configurable as disabled, explicit-request-only, or proactive
  • MCP tools now use tool search by default when supported
  • Indexed web-search mode that allows live searches but restricts direct page access to server-approved URLs
  • /usage can show and redeem earned usage-limit reset credits
  • /plugins organizes remote plugins into OpenAI Curated, Workspace, and Shared sections
  • Scheduled UTC time reminders and direct time queries
  • Parent agents now receive terminal subagent errors instead of seeing failures as empty successes

CLI v0.142.2 (June 25):

  • macOS auth clients can honor system proxy, PAC, and WPAD settings
  • Plugins can provide dark-mode logos
  • Richer safety-buffering UI using server-provided visibility and faster-model metadata
  • Expired Bedrock credentials now produce actionable recovery guidance
  • PowerShell commands with uninspectable AST regions require approval

ChatGPT iOS 1.2026.167 (June 22): Per-host personality settings (Friendly/Pragmatic), goal editing in composer, link from forked conversations back to original thread.

Quick take: Token budgets and multi-agent delegation configuration are the standouts. Both address real operational pain — teams running Codex at scale have been burning through tokens with no guardrails, and the delegation controls let you decide whether agents spawn sub-agents on their own. The indexed web-search mode is clever: live results but sandboxed page access.

Zed — Agent sandbox controls and new models

Two releases this week: v1.8.2 stable and v1.9.0-pre.

v1.9.0-pre (June 24):

  • New agent.sandbox_permissions.enabled setting and a Sandbox settings page for managing persistent grants: allowed domains, writable paths, unrestricted FS writes, unsandboxed command execution
  • Windows terminal sandboxing for agent commands
  • Git metadata, worktrees, and SSH commit signing now handled in the agent sandbox
  • Added GLM 5.2 and Kimi K2.7 Code to OpenCode Go
  • DeepSeek V4 Pro available for OpenCode Zen
  • In-thread search in the Agent Panel (Ctrl/Cmd+F)
  • Quick-add remote MCP server from Agent Panel options menu
  • Agent Panel file search results now clickable to open files at matched line
  • ACP support for embedded resources in tool calls

v1.8.2 (June 24):

  • Create worktrees from sidebar's "new thread" button
  • agent.terminal_init_command to auto-run a command when opening a terminal thread
  • Anthropic-compatible provider support in settings
  • Network access allowlisting for specific hosts via proxy
  • Sandbox permission prompts now show the requested command
  • Edit tool performance improvements
  • Fixed agent threads failing to restore after quit/update during a response

Quick take: Zed is building the most granular agent sandbox UI of any editor. The settings page with allowed domains and writable paths goes beyond what Claude Code or Cursor offer. If you're evaluating editors for agent safety, Zed's approach is worth a look. The model additions (GLM 5.2, Kimi K2.7, DeepSeek V4 Pro) give users more BYOK options without vendor lock-in.

Cursor CLI — Auto-review mode

No new Cursor IDE version this week (3.9 remains current), but the Cursor CLI got a notable update on June 22.

Auto-review run mode sits between Allowlist (manual approval for everything) and Run Everything (no approval). Shell, MCP, and Fetch calls are checked in order: allowlisted calls run immediately, sandboxable calls run in the sandbox, and the rest go through a classifier that decides whether to allow, retry, or ask for approval. Toggle with --auto-review, /config, or /auto-review.

Other CLI changes:

  • Named multi-directory workspaces (/add-dir, /save-workspace, /load-workspace)
  • /rewind on by default (turn-by-turn undo timeline)
  • Per-conversation prompt history
  • MCP tools survive plugin reload
  • Lower memory usage in long sessions (fixed leak from per-turn abort signals)

Quick take: Auto-review is the right abstraction. Allowlist is too slow for real work; Run Everything is too dangerous. A classifier that triages based on the actual command is what most teams want. The multi-directory workspace support is overdue — agent projects that span multiple repos have been a pain point.

Also shipped

Windsurf / Devin Desktop v3.3.18 (June 23): Devin ACU usage now visible in the client. Subagents can be configured with a default model. MCP registry cache warmed during startup. Git Bash resolves correctly on Windows instead of hitting the WSL launcher. New attribution option to suppress Devin mentions in commit messages.

Antigravity 2.0 v2.2.1 (June 25): 19 improvements and 17 fixes. Notable items: built-in Antigravity Guide skill, audio file rendering in sidebar, syntax highlighting for C++/Python/Protobuf in code blocks, substring file search (not just prefix), OAuth token auto-save to OS keyring. Antigravity IDE v2.1.1 (June 22) added a model quota screen and agent security fixes.

What to do this week

If you're running Claude Code with OTEL logging, check your OTEL_LOG_USER_PROMPTS setting before upgrading to 2.1.193. If it's on and you don't want response content logged, set OTEL_LOG_ASSISTANT_RESPONSES=0 first.

If you're evaluating Codex for team use, the token budget controls in v0.142.0 are worth setting up on day one. The default is no budget — agents will spend until you configure limits.

Zed's new sandbox settings page is accessible in v1.9.0-pre. If you're on stable, it'll land in v1.9.0 proper. Worth planning your agent permission policies before then.

Continue reading

← Previous

JetBrains Benchmarked Its Own Agent and Picked Codex Instead

Next →

Healthcare Bet on Data. Legal Bet on Orchestration. Both Went Platform in 72 Hours.

Read more

Like this kind of writing?

One email when something good ships — usually once or twice a month.

SubscribeAll posts