releases.shpreview
Home/Collections/Coding Agents/Week of May 25, 2026

Run mode security and agent orchestration shape the week

May 25–31, 2026

Codex CLI hardened command safety against repository-supplied Git hooks and browser-based websocket exploits, while Cursor introduced an Auto-review run mode and Claude Code debuted dynamic workflows for orchestrating tens to hundreds of background agents.

Hardening agent execution across the tools

Three separate releases this week tightened the boundaries around what an agent can do without explicit approval, signaling a maturing focus on safe autonomous operation. Codex CLI's command-safety hardening in 0.136.0 prevents /diff from executing repository-provided Git helpers and hooks, blocks PowerShell parser execution on non-Windows hosts, and rejects browser-origin websocket handshakes to the exec server — addressing attack vectors that could escape the TUI sandbox. Cursor introduced Auto-review, a new run mode that classifies Shell, MCP, and Fetch tool calls: allowlisted calls run immediately, sandboxed ones execute in isolation, and everything else goes to a classifier subagent that decides whether to allow, retry, or ask for approval. Grok Build shipped an "always approve" mode (the bluntest of the three approaches) and separately made tool permission choices persistent across sessions with a configurable first-prompt default, reducing friction while maintaining the permission model.

Claude Code goes big with dynamic workflows

The most architecturally significant release this week is Claude Code v2.1.154, which introduces dynamic workflows — ask Claude to create a workflow and it orchestrates work across tens to hundreds of background agents for larger tasks, viewable through a new /workflows command. This is paired with Opus 4.8 support (defaulting to high effort, with fast mode at 2x the standard rate for 2.5x speed) and a lean system prompt that's now the default for all models except the older generation. Meanwhile, v2.1.152 makes /code-review --fix actionable by applying findings to your working tree, and skills can now declare disallowed-tools in frontmatter to remove tools while the skill is active. A new /reload-skills command re-scans skill directories without a restart, and v2.1.157 auto-loads plugins from .claude/skills directories (no marketplace required) with a claude plugin init scaffolding command. The bugfix releases v2.1.156 and v2.1.153 respectively fixed Opus 4.8 thinking block API errors, an MCP server reconnect loop, and a credential leak where a custom API gateway could receive the user's Anthropic OAuth token.

Cross-platform expansion and workflow improvements

Codex made two major platform moves: Computer Use now works on Windows, letting the agent operate desktop apps by seeing, clicking, and typing, and remote control supports Windows devices so you can start work on a Windows machine and check progress from ChatGPT on mobile or a Mac. Codex also integrated with Amazon Bedrock for AWS-managed deployment, adding authentication, account controls, and billing to local Codex workflows. On the TUI side, Codex CLI 0.135.0 enriched codex doctor diagnostics and added vim text-object editing, while 0.134.0 added search across local conversation history with case-insensitive matches and made --profile the primary profile selector.

Grok Build's rapid iteration continued with fixes for session state leaking into subagent conversations, the ability to open generated images and videos from the terminal, and improved tab bar navigation and WSL image paste support. Several Grok builds focused on polish: wrapping slash menu navigation, subagent UI restoration on resume, and Windows drag-and-drop image input. Devin gained a redesigned command palette with improved search and keyboard navigation, plus a files-changed trigger for automations so GitHub push events can fire only when specific files or directories are modified.

Releases covered