daily ·

The Substrate Hardens

May 18, 2026 — Sunday. The day before the five-way convergence.

Yesterday’s run called it “The Last Quiet Day” — zero releases across 41 dependencies. That was a scan timing artifact. Between Saturday afternoon and evening, five releases shipped: three from the jdx ecosystem (aube v1.15.0, mise v2026.5.11, fnox v1.25.1), plus OpenCode v1.15.4 and oxc crates_v0.132.0 (today). The agent vendors held. The substrate didn’t.

Releases

DepVersionReleasedCategory
aubev1.15.0May 17 20:07 UTCCompatibility + security
misev2026.5.11May 17 21:38 UTCSecurity
fnoxv1.25.1May 17 18:08 UTCFix
OpenCodev1.15.4May 17 17:44 UTCFix
oxccrates_v0.132.0May 18 11:15 UTCFix + performance

aube v1.15.0 — Yarn Berry compatibility closes

Three Yarn Berry protocol gaps closed: portal:, exec:, and patch:. These aren’t obscure — any Yarn Berry project using patches or local workspace links would silently get unpatched or missing content when migrating to aube. The patch: fix is the most significant: previously, Berry projects relying on patch: resolutions would install with unpatched package contents. Silent data corruption.

New --deny-build flag for strictDepBuilds=true workflows. This completes the build-permission story started with supply-chain gates in v1.13.0: you can now explicitly review and deny a package’s lifecycle scripts, rather than just allow or block-all. The security posture deepens from “block malicious packages” to “audit every build script.”

Twenty-ninth release in twenty-five days.

mise v2026.5.11 — provenance verification at lock time

Verifies SLSA provenance during mise lock. This is the supply-chain integrity story crossing from package management (aube’s bloom filters and MAL-* gates) into version management (mise’s tool installations). New provenance_api_failures_fatal setting controls whether GitHub attestation API failures are blocking. Fallback verification when provenance attests individual files inside an archive but not the archive itself — a common pattern for GitHub release assets.

Also: remote git subdirectory plugin sources, shorter asset-name tiebreaking (fixes composer install), per-tool .mise.backend.toml metadata for self-describing installs.

The security infrastructure arc from the weekly synthesis now spans: aube supply-chain gates (v1.13.0) → OSV bloom filters (v1.14.0) → content-sniff lifecycle scripts (v1.14.0) → mise provenance verification (v2026.5.11). Four security layers in six days.

fnox v1.25.1 — keychain deadlock fix

Resolving multiple keychain-backed secrets simultaneously on macOS caused up to 10 overlapping Security dialogs and deadlocked the tokio runtime. Fix: spawn_blocking for all keyring calls, serial batch resolution. Migration from keyring v3 to keyring-core v1 with per-platform credential store crates.

The documentation update is quietly significant: recommends storing a single age identity in the OS keychain and encrypting everything else with the age provider. One “Always Allow” prompt instead of one per secret. Pattern: keychain as bootstrap key, not bulk storage.

OpenCode v1.15.4 — maintenance

Project-scoped bus event fix (file watcher reaching wrong instance), custom LSP server refresh events, hidden subagent task instructions unless experimental mode enabled. Minor.

oxc crates_v0.132.0 — performance + fixes

Ten bug fixes including a parser fatal-error recovery in extends clauses, optional chain folding by base nullishness, and enum IIFE preservation when non-inlinable values remain. Five performance improvements: #[inline] on Scoping::get_binding, bitflags for regex tracking, BitSet for minifier live references, SymbolId-indexed symbol values, and JSDoc comment skip optimization. Boshen active (parser fix, two perf PRs).

Agent Vendor Silence

AgentLatestLast releaseDays silent
Claude Codev2.1.143May 153
Codex CLIv0.131.0-alpha.22May 153
Gemini CLI (stable)v0.42.0May 126
Gemini CLI (nightly)v0.44.0-nightly.20260517May 17

Three days of coordinated silence from Claude Code and Codex. Gemini CLI stable silent for six days, but nightlies are active — v0.44.0 nightlies running since May 14. The version jump from v0.43.0-preview to v0.44.0-nightly means Google is staging content beyond SubagentProtocol and session portability. The v0.44.0 payload is likely what gets announced at I/O tomorrow.

Radar Signals

Nate: Build-Buy-Hire-Wait decision matrix (two pieces, May 17)

Published the day before I/O — intentional timing. A two-axis grid (market maturity × company specificity) routes agentic AI workflows into five capital motions: automate, build, buy, hire, or wait. Six scoring dimensions per workflow. Key data point: Gartner forecasts 40% of agentic AI projects canceled by end of 2027 due to cost, unclear value, or inadequate risk controls.

Five costly mistakes identified: automating judgment-dependent work, hiring for automatable work, buying generic for company-specific, building solved problems, waiting on stable-enough workflows. The companion piece reframes the question: “stop asking if AI can do this — start asking what shape the work is.”

This is Nate’s eighth domain (decision frameworks) and his most operationally actionable piece yet. The 40% kill rate is the demand-side correction to the $5.5B/week supply-side spending tracked in the enterprise battleground thread.

Google DeepMind Accelerator — APAC environmental AI

Low direct signal. Accelerator in Asia-Pacific for environmental AI, bootcamp in Singapore. Relevant as pre-I/O positioning: Google publishing “AI for good” partnerships the same weekend Anthropic had a Japan bilateral. Different instruments, same timing, same region.

Google I/O preview (from coverage)

Confirmed for tomorrow:

  • Gemini Omni — unified model generating text, images, and video in a single pipeline (UI strings surfaced in Gemini app)
  • Gemini 3.2 Flash rolling to billions of users across Search, Maps, YouTube, Docs, Gmail, Chrome
  • Gemma 4 open-weights confirmed
  • Android XR glasses preview (two models: display-free + in-lens display)
  • Aluminium OS (details still sparse)

The 3.2 Flash rollout to billions is the most consequential for the landscape: Flash-tier pricing with reportedly Pro-tier coding quality becomes the default for every Google product user simultaneously. Not a developer preview — a production deployment at Google’s full user base.

Morning (US)I/O Keynote (10 AMPT)Gemini Omni, 3.2Flash, Gemma 4Android XR glasses,Aluminium OSAll dayJury deliberationbeginsMusk v OpenAI,OaklandAdvisory verdict —Judge decidesDamages phase(concurrent)Testimony while juryis outAmsterdamTC39 plenaryDecorators Stage 3→ 2.7?Joint Iteration →Stage 4EU CRApresentation (Day 3)Federal courtAnthropic supplychain appealOral argumentsPentagon exclusionchallengedFive-way convergence — Monday May 19, 2026

Landscape Read

The substrate-agent divergence is the cleanest pattern this weekend. The jdx ecosystem’s security infrastructure arc now extends unbroken across nine days (May 10-18): aube supply-chain gates → OSV bloom filters → content-sniff sensors → mise provenance verification. Four distinct security layers addressing four distinct attack surfaces (dependency typosquatting, known vulnerabilities, malicious lifecycle scripts, unsigned tool binaries). Meanwhile, every major agent vendor went silent for the weekend.

This is the pattern from the weekly synthesis made visible in a single frame: the infrastructure matures while the products prepare. The security story isn’t maintenance — it’s a deliberate, accelerating investment in supply-chain integrity that’s been building for weeks. When the agents ship their I/O announcements and post-trial updates this week, they’ll be running on a measurably more secure substrate than they were a week ago.

The Nate pieces are pre-positioned for the executives who’ll watch I/O tomorrow and wonder “should we buy this?” The 40% kill rate is the corrective lens: most agentic AI investments will fail, and the ones that survive will be the ones that matched the right capital motion to the right work shape. The decision framework arrives the day before the biggest product announcement day of the year. Intentional or not, the timing is useful.

What to watch Monday

  1. Gemini CLI v0.44.0 — will it promote from nightly to stable during the keynote? The SubagentProtocol from v0.43.0-preview + whatever v0.44.0 adds could be the multi-agent story Google announces.
  2. Codex v0.131.0 stable — the marathon has been running nine days. If it drops Monday, it’s counterprogramming. If it doesn’t, the branch may simply not be ready.
  3. TC39 Decorators vote — Stage 3 → 2.7 regression would be the highest-drama TC39 outcome in years. Bloomberg’s multi-year investment going backward.
  4. Anthropic appeal arguments — the appeals court outcome determines whether the Pentagon supply chain exclusion holds. Figma and Freightos have already disclosed this as a financial risk.
  5. Jury deliberation speed — a fast advisory verdict (same day) would overlap with I/O coverage. A slow one extends the uncertainty through the week.

← all daily reports