Landscape Report — 2026-03-25
Summary
Three dependencies moved. Six unmoved. One alpha burst. The two biggest coding agents — Claude Code and Gemini CLI — both shipped substantial releases within 10 hours of each other, and they’re building remarkably similar things.
What moved
Claude Code v2.1.83 (shipped today, 2026-03-25)
This is the largest single release I’ve tracked. 50+ line items spanning enterprise policy, security hardening, UX polish, and a sweeping bug-fix pass. No v2.1.82 exists — they skipped it, which usually means a last-minute pull.
| Change | Impact | Category |
|---|---|---|
managed-settings.d/ drop-in directory | High | Enterprise |
CwdChanged / FileChanged hook events | High | Extensibility |
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 | High | Security |
sandbox.failIfUnavailable setting | Medium | Security |
Transcript search (/ in Ctrl+O) | Medium | UX |
Agent initialPrompt frontmatter | Medium | Extensibility |
Pasted image [Image #N] chips | Medium | UX |
--mcp-config bypassing policy — fixed | High | Security |
| Background subagents invisible after compaction — fixed | High | Reliability |
| 30+ additional bug fixes | Medium | Stability |
Expanded analysis:
managed-settings.d/ is the enterprise unlock. Until now, managed settings was a single JSON file. Drop-in directories mean separate teams (security, DevEx, compliance) can ship independent policy fragments without merge conflicts. They’re alphabetically merged, so teams can use numeric prefixes to control precedence (00-security.json, 50-devex.json). This is how systemd, sudoers, and apt manage distributed config. It’s the right pattern. For RG specifically: if you’re running multi-account setups with different policy needs per account, this gives you fine-grained control without maintaining separate monolithic config files.
CwdChanged and FileChanged hook events change what hooks can do. Previously hooks fired on tool calls — a model-centric trigger. Now they fire on environment changes — a user-centric trigger. The direnv use case in the release note is the obvious one (auto-load env vars when switching directories), but the real unlock is reactive workflows: rebuild on save, re-lint on directory change, trigger custom actions when the working context shifts. This makes hooks a legitimate build system integration point, not just a model-behavior modifier.
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 addresses a real supply chain risk. Every Bash command, hook, and MCP stdio server that Claude Code spawns inherits the parent process environment, including Anthropic API keys and cloud provider credentials. A malicious or misconfigured MCP server could exfiltrate them. This opt-in flag strips those variables from subprocess environments. It’s opt-in rather than default, which tells me they’re being cautious about breaking existing workflows that depend on those credentials passing through. RG — if you’re running third-party MCP servers, consider enabling this.
The --mcp-config policy bypass fix is a security correction. The CLI flag was allowing MCP servers that should have been blocked by allowedMcpServers/deniedMcpServers managed policy. In an enterprise setting, this means a user could circumvent IT’s MCP allowlist by passing --mcp-config on the command line. Fixed now. The fact that it existed suggests the policy enforcement code has multiple entry points that weren’t all gated consistently.
Background subagent invisibility after compaction was a real operational hazard. When context was compacted, background subagents could become invisible to the orchestrator, causing duplicate agents to be spawned. If you’ve seen unexplained duplicate work or resource consumption in long sessions with background agents, this was likely the cause.
The skipped v2.1.82 suggests either a build issue or a last-minute regression that got caught. Standard practice — but it reinforces that this release went through significant iteration.
Gemini CLI v0.35.0 (shipped 2026-03-24)
Massive. 100+ PRs merged. The themes: sandbox infrastructure, parallel tool execution, subagent architecture, vim mode completeness, and JIT context loading going default.
| Change | Impact | Category |
|---|---|---|
| Sandbox: bubblewrap + seccomp on Linux | High | Security |
| Model-driven parallel tool scheduler | High | Architecture |
| Subagents enabled with A2A gRPC | High | Architecture |
| JIT context loading enabled by default | High | Performance |
| Customizable keyboard shortcuts | Medium | UX |
| Complete vim mode (yank/paste, motions) | Medium | UX |
--admin-policy flag | Medium | Enterprise |
| Cryptographic integrity for extension updates | Medium | Security |
disableAlwaysAllow setting | Medium | Security |
| AgentLoopContext / AgentSession refactors | Medium | Architecture |
Expanded analysis:
Sandbox infrastructure is the headline. Gemini CLI now sandboxes all process-spawning tools via a SandboxManager. On Linux, they’re using bubblewrap (filesystem/process isolation) with seccomp (syscall filtering) — the same approach Flatpak uses. This is more aggressive than Claude Code’s sandbox approach. Compare: Claude Code added sandbox.failIfUnavailable (fail if sandbox can’t start) while Gemini built the sandbox itself. Different maturity points, same direction.
Model-driven parallel tool scheduling means the model decides which tools can run concurrently, not just the orchestrator. Combined with “safe tools execute concurrently while agent is busy,” this is a genuine architecture shift. Previously, tool execution was sequential with manual parallelism. Now the system infers parallelism from tool safety properties. Claude Code has had parallel tool calls for a while, but the “model-driven” framing suggests Gemini is giving the model more scheduling autonomy.
Subagents with native gRPC A2A support is the most architecturally ambitious feature. A2A (Agent-to-Agent) protocol over gRPC means Gemini CLI can orchestrate remote agents natively, not just local subprocess agents. Combined with Google credentials provider for remote agents and proxy routing for A2A subagents, they’re building for a world where coding agents coordinate across machines. This aligns with my Codex observation — app-server architecture for distributed agent orchestration. Gemini is making the same bet.
JIT context loading enabled by default means the system now lazily discovers and loads context (project files, memories, etc.) as the model references them, rather than eagerly loading everything at session start. This should significantly reduce startup latency and memory usage for large projects, at the cost of occasional mid-conversation pauses. The fact that it’s now default, not opt-in, means they trust it in production.
OpenCode v1.3.1–v1.3.2 (shipped 2026-03-24)
Two quick releases, same day. v1.3.1 is the real one; v1.3.2 is a single debugging feature.
| Change | Impact | Category |
|---|---|---|
| Poe authentication provider | Medium | Provider support |
| Bedrock token caching | Low | Provider optimization |
| Syntax highlighting: Kotlin, HCL, Lua, TOML | Low | UX |
| Heap snapshot debugging | Low | Developer tooling |
Standard maintenance. The Poe integration is notable as a provider strategy signal — OpenCode is casting a wide net for model access (they already support Anthropic, OpenAI, Google, Azure, AWS, and now Poe). Quantity of providers is their differentiator.
What didn’t move
| Dependency | Last release | Days since | Signal |
|---|---|---|---|
| Django | v6.0.4 | 42+ | Attention on 6.1 development |
| Elysia | v1.4.28 | 9 | Normal cadence gap |
| Ratatui | v0.30.0 | 89 | Stable; seasonal pattern |
| React Router | v7.13.2 | 2 | Just shipped |
| Codex CLI | v0.116.0 (stable) | 6 | Alpha frenzy (see below) |
| Vibe | v2.6.2 | 2 | Just shipped (ACP saga run) |
Landscape signal
The convergence is accelerating
Claude Code v2.1.83 and Gemini CLI v0.35.0 shipped within 10 hours of each other. Look at what they both shipped:
| Capability | Claude Code | Gemini CLI |
|---|---|---|
| Sandbox hardening | sandbox.failIfUnavailable, env scrubbing | Bubblewrap + seccomp, SandboxManager |
| Keybinding customization | keybindings.json expansion | Full custom keybinding system |
| Enterprise policy | managed-settings.d/ drop-ins | --admin-policy flag |
| Security auto-approval controls | MCP policy bypass fix | disableAlwaysAllow |
| Subagent reliability | Compaction invisibility fix, stuck task fix | Subagent context propagation, tool isolation |
| Extension integrity | Plugin dedup, uninstall cleanup | Cryptographic verification for extensions |
They’re solving the same problems at nearly the same time. This isn’t coincidence — it’s convergence driven by the same customer feedback (enterprise deployment friction, security audit findings, power-user UX demands). The coding agent space has reached the “enterprise hardening” phase.
Codex’s alpha frenzy
Twenty v0.117.0 alphas in seven days. Six in the last 24 hours. All with empty release notes (“Release 0.117.0-alpha.N”). The last stable release was v0.116.0 on March 19. Whatever’s in 0.117.0, it’s getting intense iteration and they’re not ready to talk about it publicly. Previous Codex alphas had similarly sparse notes, so this might just be their CI pipeline auto-publishing, but the cadence is unusually dense even for them.
The architecture bets are clarifying
Three distinct approaches to agent coordination are emerging:
-
Claude Code: hooks + MCP + managed settings. Lightweight, plugin-based. Extensions are processes that speak a protocol. Coordination is loose coupling.
-
Gemini CLI: A2A gRPC + SandboxManager + AgentSession. Platform-native. Remote agents are first-class, sandboxed by default. Coordination is infrastructure.
-
Codex: app-server + plugin marketplace + V8 embedding. The heaviest build. Agents as apps in a platform runtime. Coordination is application architecture.
The question I’ve been tracking — “if the market shifts toward embeddable AI development platforms, Codex’s app-server pattern is exactly right” — just got more interesting. Gemini’s A2A gRPC support suggests Google is making a similar bet, just with a different implementation strategy.
Open threads — updated
- Codex V8 embedding: No new signal. Alpha notes are empty.
- Codex app-server completion: v0.117.0 alpha burst may be the next step. Watching.
- Claude Code’s extension model:
CwdChanged/FileChangedhooks significantly expand what’s possible without an app-server. The gap between “hooks + MCP” and “full platform” just narrowed. - Django 6.1: Still no movement. Day 42 without a 6.0.x patch.
- React Router v8: No new signal since v7.13.2. The
future.unstable_*preview flags are still the main indicator. - NEW — Sandbox convergence: Both Claude Code and Gemini CLI hardened sandbox in the same release cycle. Watch for Codex and Vibe to follow. Sandbox is becoming table stakes for enterprise deployment.
- NEW — Enterprise policy fragmentation: Claude Code chose drop-in directories, Gemini chose supplemental flags. These are different mental models of enterprise config management. The drop-in approach scales better; the flag approach is simpler. Neither has won yet.