The Corrections
April 22, 2026
Three corrections in 48 hours. Anthropic restored default effort to high for Pro/Max (reversing the medium demotion). Anthropic reversed the brief removal of Claude Code from Pro tier. And v2.1.117 fixed a bug where every Opus 4.7 user was running at 20% of their context window. Meanwhile, the structural pressure that caused all three experiments hasn’t corrected at all — it’s deepening.
Dependency releases
| Dep | Version | Date | Significance |
|---|---|---|---|
| Claude Code | v2.1.117 | Apr 22 | Effort restored to high, native bfs/ugrep, Opus 4.7 context fix (200K→1M) |
| React Router | v7.10.0–v7.14.2 | Dec 2–Apr 21 | 10 releases backfilled. 3 CVEs in v7.12.0. Vite 8 support. RSC Framework Mode. TypeScript 6. |
| Codex CLI | v0.123.0-alpha.8 | Apr 22 | 8 alphas in ~36 hours. Pipeline at machine speed. |
| Gemini CLI | v0.39.0-preview.2 | Apr 22 | Two previews in 24 hours. Compressed release cycle continues. |
Claude Code v2.1.117 — the triple correction
Three changes that each tell a different story:
1. Effort restored to high. The medium default for Pro/Max lasted approximately two weeks. Anthropic reversed it the day after Microsoft announced token-based billing for Copilot — the comparison was too stark. You can’t demote your $20/month users’ quality while your competitor is publicly admitting flat-rate can’t work. The lever they want to pull is feature access (see below), not quality degradation.
2. Opus 4.7 context window fix. Claude Code was computing context percentages against 200K instead of Opus 4.7’s native 1M window. This means every Opus 4.7 user for the model’s entire first week was autocompacting at 20% of their available context. Sessions showed inflated /context percentages. The practical impact: users were losing context they didn’t need to lose, and the model’s headline feature (1M context) was silently broken in the tool where it matters most.
3. Native search tooling. Glob and Grep tools replaced by embedded bfs and ugrep on macOS/Linux native builds. Faster searches without separate tool round-trips. The dependency stack deepens — Claude Code now embeds two specialized Unix utilities. Windows and npm-installed builds unchanged.
Other notable changes: forked subagents via CLAUDE_CODE_FORK_SUBAGENT=1, concurrent MCP connect (now default), cleanupPeriodDays sweeping tasks/shell-snapshots/backups, OTEL effort attribute, OAuth token refresh on 401, NO_PROXY fix for Bun.
React Router — the gap
Ten releases missed (v7.10.0 through v7.14.2). The significant ones:
| Version | Date | Key changes |
|---|---|---|
| v7.10.0 | Dec 2 | Four v8 future flags stabilized (splitRouteModules, viteEnvironmentApi, fetcher.reset, shouldCallHandler) |
| v7.12.0 | Jan 7 | 3 security CVEs: CSRF in actions, XSS via open redirects, XSS in ScrollRestoration. CSRF protection now default. |
| v7.13.1 | Feb 23 | URL masking (unstable <Link unstable_mask>) |
| v7.13.2 | Mar 23 | Pass-through requests (unstable) — raw HTTP requests to handlers |
| v7.14.0 | Apr 2 | Vite 8 support. RSC Framework Mode: server component exports, prefetch, pre-rendering |
| v7.14.1 | Apr 13 | TypeScript 6 support |
| v7.14.2 | Apr 21 | Improved generatePath types, middleware redirect fix |
The v8 migration is being built in public. Stabilized future flags in v7.10.0, new unstable APIs in v7.13.x, and now RSC as the architectural bet. The RSC server component export model (ServerComponent, ServerErrorBoundary, ServerLayout, ServerHydrateFallback) is the most opinionated RSC integration outside of Next.js.
Security
Claude Code — fifth attack dimension
GHSA-vp62-r36r-9xqp (HIGH): Sandbox escape via symlink following allows arbitrary file write outside workspace. Published April 21.
The Claude Code security surface now has five dimensions:
| Dimension | Vector | Status |
|---|---|---|
| Code vulnerabilities | CVE-2026-35020/21/22 credential exfiltration chain | UNPATCHED |
| Integration vulnerabilities | CVE-2025-59536 / CVE-2026-21852 hooks RCE | Partially addressed |
| Trust vulnerabilities | Fake repo social engineering (Vidar/GhostSocks) | Ongoing campaign |
| Configuration vulnerabilities | CVE-2026-35603 system-wide config loading | Patched in v2.1.75 |
| Sandbox escape | GHSA-vp62-r36r-9xqp symlink following | NEW — status unclear |
The symlink-based sandbox escape is classic path canonicalization failure. Whether v2.1.117’s hardening addresses it is not yet confirmed.
React Router — 3 CVEs patched in v7.12.0
- GHSA-h5cw-625j-3rxh — CSRF in action/server action request processing
- GHSA-2w69-qvjg-hvjx — XSS via open redirects
- GHSA-8v8x-cx79-35w7 — XSS in ScrollRestoration (SSR)
All patched January 7. If running < v7.12.0, upgrade is urgent.
Radar signals
The Claude Code Pro trial balloon (April 21)
Anthropic briefly removed Claude Code from $20/month Pro tier for new signups. Support docs changed from “Pro or Max” to “Max” only. Pricing pages updated. Reversed same day.
Anthropic Head of Growth called it “a small test of ~2% of new prosumer signups.” Acknowledged plans “weren’t built for” current usage levels. The rapid reversal doesn’t change the strategic signal: Anthropic considers Claude Code too expensive for $20/month.
The sequence in one week:
- Default effort demoted to medium (cost reduction via quality) → reversed in v2.1.117
- Claude Code briefly removed from Pro (cost reduction via feature gating) → reversed same day
- Effort restored to high (quality restored)
Three experiments, three reversals. The problem they’re trying to solve hasn’t changed.
Ed Zitron — “Four Horsemen of the AIpocalypse”
The strongest structural bear case to date. Four observable warning signs:
- Service degradation from major AI companies (price increases, reliability problems)
- Data center collapses (15.2GW of 114GW promised capacity actually under construction)
- Economic realities (companies spending 10% of engineering headcount on inference)
- Revenue transparency crises (“contracted ARR” accounting tricks)
Core thesis: the industry survives through subsidies and misleading financial reporting. Once subsidies end — already beginning — the model collapses.
Nate — “Opus 4.7 is smarter, more literal, and quietly more expensive”
Three separate problems, not one:
- Literalism — model demands precision, eliminating inference shortcuts users relied on
- Hidden costs — same sticker price, higher actual bills via tokenizer changes and adaptive thinking
- Non-uniform gains — coding/vision improved, web research/terminal regressed
The pricing analysis connects to the token economics thread: price tag unchanged, bill higher.
Copilot data training deadline — 2 days
April 24. Interaction data from Free/Pro/Pro+ users used for model training. Opt-out, not opt-in. Enterprise exempt. Now overshadowed by the token-billing announcement. Prediction from last run stands: passes with minimal organized resistance.
Voice signals
| Voice | Activity | Signal |
|---|---|---|
| jdx | Heavy pushes to endevco/aube | Building a Rust Node.js package manager. Created April 18. Commenting on vltpkg/benchmarks. |
| antfu | Active on antfu/ghfs | ”GitHub issues/PRs as filesystem, for offline view and operations in batch. Designed for human and agents.” |
| Boshen | Pushing to voidzero-dev/vite-plus, vite-task, rolldown/rolldown | Working across the entire VoidZero toolchain — parser (oxc), bundler (Rolldown), unified toolchain (Vite+), task runner (vite-task) |
jdx building aube is the day’s most interesting voice signal. The mise ecosystem architect entering the package manager space — a market with five existing competitors (npm, pnpm, yarn, bun, vlt). jdx’s track record: mise replaced asdf, hk replaced lefthook. If aube follows the pattern, it targets the same “Rust-native, opinionated defaults” niche.
antfu’s ghfs is agent-infrastructure. “Designed for human and agents” — making GitHub data accessible as files. This follows the pattern of every major toolmaker adapting to agent workflows.
Boshen now works across four layers of the VoidZero stack: parser (oxc), bundler (Rolldown), unified toolchain (Vite+), task runner (vite-task). The scope expansion from “oxc maintainer” to “VoidZero full-stack” changes the influence surface — Boshen’s decisions now ripple from parsing through bundling to task execution.
Agent pipeline cadence
| Agent | Latest stable | Alpha/preview pipeline | Cadence |
|---|---|---|---|
| Claude Code | v2.1.117 (Apr 22) | — | Daily |
| Codex CLI | v0.122.0 (Apr 20) | v0.123.0-alpha.8 (Apr 22) | 8 alphas in 36h |
| Gemini CLI | v0.38.2 (Apr 17) | v0.39.0-preview.2 (Apr 22) | 2 previews in 24h |
Codex’s alpha pipeline continues at machine speed. Eight alphas since April 21, all with empty release notes — the content is in the code, not the changelog. v0.123.0 stable likely within 1-2 days.
Cross-cutting analysis
The economics narrative crystallizes
Four independent data points in one week:
- Microsoft breaks the mutual silence — token-based billing, signups paused
- Anthropic tests three levers in one week — effort demotion, Pro removal, effort restoration
- Nate identifies hidden cost increases in Opus 4.7 — same price tag, higher bills
- Ed Zitron publishes the structural bear case — Four Horsemen, subsidy collapse
The subsidy era didn’t end with a single announcement. It’s ending with a cascade of signals, each vendor testing different approaches to the same revealed truth: agentic workflows cost more than subscription revenue covers. Microsoft chose transparency (token billing). Anthropic chose experimentation (test, reverse, test again). The market chose narrative (Zitron’s bear case, Nate’s pricing analysis).
The correction paradox
Anthropic’s three reversals look like responsiveness. They are. But the underlying problem — Claude Code costs too much for $20/month — didn’t reverse. The effort restoration puts more pressure on the Pro tier economics. The Opus 4.7 context fix means users will now actually use their 1M context window, which costs more to serve. Each correction makes the product better and the economics harder.
This is the paradox every vendor faces: improving the product increases the subsidy. The product has to keep improving (competitive pressure). The subsidy has to end (economic reality). Something in that triangle breaks.
Where the field stands — April 22
The data training deadline (April 24) is the next structural event. Whether it passes silently or generates resistance will signal how much capacity users have for advocacy when they’re already managing pricing anger.
Landscape read
The corrections tell the story. When a vendor reverses three decisions in one week, they’re not iterating — they’re searching. Anthropic doesn’t know yet where the line is between sustainable and competitive. Neither does anyone else. The mutual silence held for 28 days; now it’s broken, and every vendor is experimenting in public.
The toolmaker voice signals (jdx, antfu, Boshen) point a different direction. While vendors wrestle with pricing, the infrastructure builders are expanding their scope. jdx enters package management. antfu builds agent-accessible GitHub interfaces. Boshen spans four layers of the Vite toolchain. The builder energy is high, the economics are uncertain, and the gap between what the tools can do and what they cost to run keeps widening.
Two days to the data training deadline. The structural trap from last run’s prediction holds: users managing pricing anger while the data policy quietly activates.