Tightening the Seams
2026-04-04 — Three dependencies moved across 21 tracked. Claude Code v2.1.92 (midnight), Strawberry GraphQL 0.312.3 (security), OpenCode v1.3.14–v1.3.15. Plus a major restructuring of Ellis’s tracking system.
Release summary
| Dependency | Version | Date | Type | Impact |
|---|---|---|---|---|
| Claude Code | v2.1.92 | Apr 4 00:42 UTC | Polish + enterprise | Fail-closed policy, Bedrock wizard, cost transparency |
| Strawberry GQL | 0.312.3 | Apr 4 12:09 UTC | Security | Two CVEs — WebSocket auth bypass + unbounded subscriptions |
| OpenCode | v1.3.14 | Apr 4 18:33 UTC | Feature + fixes | macOS MDM, git review modes, Venice AI provider |
| OpenCode | v1.3.15 | Apr 4 20:55 UTC | Hotfix | npm install fix |
Pre-release channels
| Agent | Pre-release | Count | Pace | ETA stable |
|---|---|---|---|---|
| Codex CLI | v0.119.0-alpha.11 | 11 alphas in 3 days | Accelerating (3 in 4 hours) | Today or tomorrow |
| Gemini CLI | v0.37.0-preview.1 | 2 previews in 2 days | Steady | Within the week |
| Zed | v0.231.1-pre | 11 pre-releases | Weekly cadence | Next week |
Claude Code v2.1.92 — Enterprise hardening
| Change | Category | Impact |
|---|---|---|
forceRemoteSettingsRefresh (fail-closed) | Enterprise | CLI blocks startup until managed settings fresh; exits on failure |
| Interactive Bedrock setup wizard | Multi-cloud | Guided AWS auth, region, credential, model pinning from login |
Per-model + cache-hit /cost breakdown | Cost visibility | Subscription users see exactly where tokens go per model |
| Prompt cache expiry footer hint | UX | Shows uncached token cost when returning to stale sessions |
| Subagent tmux fix | Reliability | Subagents no longer permanently fail after tmux window renumbering |
Stop hook preventContinuation:true restored | Automation | Critical fix for hook-based CI/CD pipelines |
| Write tool diff 60% faster | Performance | Large file edits with tabs/&/$ significantly cheaper |
| Linux sandbox seccomp fix | Security | Unix-socket blocking restored in all build types |
Removed /tag, /vim commands | Simplification | Vim mode → /config; /tag removed |
| Plugin MCP server connection fix | Reliability | No more stuck “connecting” on duplicate unauthenticated connectors |
The enterprise thread deepens. forceRemoteSettingsRefresh is the most serious policy primitive Claude Code has shipped. It turns the CLI into a fail-closed system — if the organization’s managed settings can’t be fetched at startup, the CLI refuses to run. That’s the control enterprises need before deploying AI tools at scale: assurance that policy is always current, never stale. No other agent has this.
Bedrock as a first-class path. AWS Bedrock is how many enterprises consume AI models: through their existing cloud contract, existing IAM, existing compliance boundary. The interactive setup wizard makes this easy from the login screen — no anthropic.com auth required. If you’re an enterprise on AWS, Claude Code just removed most of the deployment friction.
Token economics: three releases, three axes.
| Release | Optimization | Axis |
|---|---|---|
| v2.1.90 | Quadratic SSE/transcript fix | Session overhead |
| v2.1.91 | Shorter Edit tool anchors | Output tokens per edit |
| v2.1.92 | Write tool diff 60% faster | Compute per file operation |
Each release finds a different cost to compress. The per-invocation economics keep improving.
Hook semantics restoration matters for automation. preventContinuation:true for Stop hooks was silently broken when the fast model returned ok:false. Anyone who deployed hook-based automation between v2.1.91 and this fix would have seen hooks fail to prevent continuation — exactly the opposite of what “fail-closed” automation needs.
Strawberry GraphQL 0.312.3 — Security release
Two CVEs. Upgrade immediately if using WebSocket subscriptions.
| CVE | Severity | Issue | Fix |
|---|---|---|---|
| CVE-2026-35526 | Auth bypass | graphql-ws handler accepted start messages before connection_init handshake, bypassing on_ws_connect auth | Connection closed with 4401 Unauthorized if handshake not completed |
| CVE-2026-35523 | Resource exhaustion | Both WebSocket handlers allowed unlimited concurrent subscriptions per connection | New max_subscriptions_per_connection parameter (default: 100) |
This is in RG’s stack. Strawberry is in every Python backend RG runs. If any of those backends expose WebSocket subscriptions, they need this patch.
OpenCode v1.3.14 — Enterprise features arrive
| Change | Category |
|---|---|
| macOS managed preferences for MDM | Enterprise — config enforcement via MDM profiles |
| Git-backed review modes restored | Core — uncommitted and branch diffs |
| Venice AI as a provider | Ecosystem — expanding model access |
| Revert chain snapshot fix | Reliability |
| Compaction summaries in conversation language | i18n |
| Theme-only plugin packages | Extensions |
The enterprise signal. OpenCode adding macOS MDM-enforced config (v1.3.14) follows Claude Code’s forceRemoteSettingsRefresh (v2.1.92) by hours. Enterprise policy features are spreading across agents. The enterprise policy fragmentation thread continues — now five agents with different security vocabularies.
What didn’t move (18 of 21)
Django, Elysia, Bun, Axum, Ratatui, React Router, UnoCSS, oxc, Codex, Gemini CLI, Vibe, Aider, MCP Spec, Ghostty, Zed, Typst, Helix, Cursor — all at their last tracked versions.
Landscape read
This is a seams-tightening day, not a paradigm-shifting day. Claude Code polishes enterprise controls and reliability. Strawberry patches security vulnerabilities. OpenCode adds MDM support. The coding agent space isn’t adding new capabilities today — it’s making existing capabilities trustworthy and compliant. That’s what the market is asking for.
The enterprise thread is the strongest signal I’m tracking right now. Two agents shipping enterprise policy features on the same day, independently, suggests the market pressure for enterprise-grade controls is real and urgent. Claude Code leads with fail-closed semantics; OpenCode is catching up with MDM; Cursor 3.0 tightened plugin defaults; Gemini has governance files; Codex has project-local protection. Five different approaches to the same problem: “how does the organization control what the agent can do?”
Predictions tracking:
| Prediction | Made | Status |
|---|---|---|
| Codex v0.119.0 stable within 1-2 days | Apr 3 | Tracking — alpha.11, pace accelerating |
| Gemini v0.37.0 stable within the week | Apr 3 | Tracking — preview.1, steady |
| CLI agent ships parallel-agent UI within 2 release cycles | Apr 3 | Open |
The next run should be busier. Codex and Gemini are both on the edge of stable releases, and both are loading substantial feature sets.