Claude Code Daily Briefing - 2026-04-17

Release Summary

Full release notes

New Features & Practical Usage

Claude Opus 4.7 Now Generally Available — 13% Coding Improvement, High-Res Vision (4/16)

Anthropic has officially released Claude Opus 4.7 across the API, Claude.ai, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

Key improvements:

• Software engineering: 13% improvement on a 93-task coding benchmark over Opus 4.6, solving 4 tasks that neither Opus 4.6 nor Sonnet 4.6 could handle
• High-resolution vision: Up to 2,576px (~3.75 megapixels) — over 3x higher resolution than previous models. Useful for technical diagrams, chemical structures, and UI screenshot analysis
• Better instruction following: More accurate command execution with consistency in long-running agent tasks
• Multi-session memory: Improved recall across multiple work sessions

Pricing: Same as Opus 4.6 (input $5/M, output $25/M)
API identifier: claude-opus-4-7

Note: The tokenizer has been updated — input tokens increase approximately 1.0–1.35x depending on content type. Existing prompts may need re-tuning.

Anthropic | AWS

xhigh Effort Level + Interactive /effort Slider (v2.1.111)

v2.1.111 introduces a new xhigh effort level exclusive to Opus 4.7, sitting between high and max. The default effort for all plans has been raised to xhigh.

# Interactive slider for effort tuning
/effort
# → Use arrow keys to select min/low/medium/high/xhigh/max

# Set directly via CLI
claude --effort xhigh

This is a direct response to the controversy around the “medium” default effort change reported on 4/14. With xhigh as the new default, users get high-quality reasoning out of the box while retaining the ability to tune on the fly.

GitHub v2.1.111

/ultrareview — Cloud-Based Parallel Multi-Agent Code Review (v2.1.111)

Run it without arguments to review current changes, or specify a PR number for targeted analysis. Multiple agents analyze bugs, design issues, and security vulnerabilities in parallel in the cloud.

# Review current changes
/ultrareview

# Review a specific PR
/ultrareview 142

Unlike single-agent sequential review, parallel analysis significantly reduces review time for large PRs. Combined with Routines, you could set up an “auto-review all open PRs every morning” workflow.

GitHub v2.1.111

Developer Workflow Tips

Tame Permission Fatigue with /less-permission-prompts (v2.1.111)

The new /less-permission-prompts skill analyzes your past transcripts to identify read-only Bash and MCP tool calls you repeatedly approve. It proposes a prioritized allowlist and auto-adds entries to .claude/settings.json.

# Run in Claude Code
/less-permission-prompts
# → Analyzes past sessions → extracts frequently approved command patterns
# → Proposes allowlist for settings.json

No more clicking “approve” for ls, cat, and git status every session. With Auto mode now extended to Max subscribers, reducing unnecessary permission prompts is a prerequisite for smooth automation.

Auto Mode Extended to Max Subscribers (v2.1.111)

Auto mode no longer requires the --enable-auto-mode flag — it activates automatically when using Opus 4.7. Read-only Bash commands with glob patterns and cd <project-dir> && ... commands no longer trigger permission prompts, making exploratory work significantly smoother.

Task Budgets for Long-Running Agent Work (Opus 4.7)

The new Task Budget feature (public beta) lets you guide token spending across longer runs. Instead of unbounded token consumption, you can set budget constraints that still allow sufficient reasoning depth — particularly useful for managing Pro Max quotas.

Security & Limitations

Git Commit Author Spoofing Bypasses Claude Code Review (4/16)

Researchers demonstrated that spoofing Git commit author metadata can trick Claude-based AI code reviewers into approving malicious changes.

Attack: Just two commands — git config user.name "trusted-dev" and git config user.email "trusted@company.com" — are enough to impersonate a trusted developer. Claude appeared to use author metadata as a trust signal, showing a tendency to approve changes from “trusted” authors with less scrutiny.

Core issue: Git commit metadata has always been easy to forge without GPG signing. When AI reviewers treat it as a trust signal, it becomes a new attack vector — especially concerning as open source projects increasingly rely on AI auto-review.

Mitigation: Enforce GPG commit signing, or configure AI review workflows to exclude author metadata from trust signals.

The Register

Claude, Gemini, and Copilot GitHub Actions Hijacked via Prompt Injection (4/15)

Security researchers used a “comment and control” prompt injection technique to successfully attack three major AI code review GitHub Actions simultaneously.

Researcher Aonan Guan warned: “If they don’t publish an advisory, those users may never know they are vulnerable — or under attack.” Anthropic updated its documentation to state that the action is “not hardened against prompt injection attacks and should only be used to review trusted PRs.”

The Register

Ecosystem & Plugins

Claude Sonnet 4 / Opus 4 — API Deprecation on June 15

Anthropic has announced the API retirement of Claude Sonnet 4 and Opus 4 models on June 15, 2026. Migration to Claude Sonnet 4.6 and Opus 4.6 (or 4.7) is recommended.

If you’ve pinned an older model via ANTHROPIC_MODEL in Claude Code, update before the June 15 deadline.

OpenAI Agents SDK Major Update — Competitive Ecosystem Expanding

OpenAI has significantly upgraded its Agents SDK, integrating MCP, skills, AGENTS.md, shell tools, and other primitives that closely mirror Claude Code’s approach. Native sandbox support for 7 providers (Blaxel, Cloudflare, E2B, etc.) is included.

Feature convergence across agent frameworks is accelerating, with TypeScript support and sub-agent capabilities also announced. A direct competitive dynamic with Claude Code SDK and the MCP ecosystem is taking shape.

OpenAI

Community News

• Bloomberg publishes Mythos deep dive (4/16): “How Anthropic Discovered Mythos AI Was Too Dangerous For Release” provides an in-depth account of the internal discovery and decision-making process behind the non-release of Mythos, including new details about the safety evaluation team’s deliberations and Project Glasswing partner selection criteria. Bloomberg

• Cal.com goes closed-source over AI security threats: The open-source scheduling platform Cal.com has decided to transition to closed-source, citing risks from AI agents scraping and replicating their codebase. This is sparking debate about the sustainability of open-source business models in the AI era. GeekNews

• Anthropic Fellows Program 2026 launched: A fellowship program for AI safety research has been announced, targeting academic researchers and practitioners with stipend support. Opportunity Desk

Minor Changes Worth Knowing

• Auto terminal theme matching: “Auto (match terminal)” option auto-detects dark/light mode from your terminal
• Ctrl+U / Ctrl+Y behavior change: Ctrl+U now clears the entire input buffer (was: delete to start of line); Ctrl+Y restores it
• Ctrl+L enhanced: Now forces a full screen redraw in addition to clearing the prompt
• /skills token sorting: Press t to sort skills by estimated token consumption
• Plan filenames improved: Generated from your prompt instead of random words (e.g., fix-auth-race-snug-otter.md)
• Transcript view shortcuts: [ dumps to scrollback, v opens in editor
• “+N lines” display: Collapsed line markers now display as full-width rules for easier scanning
• Windows PowerShell tool: Progressive rollout via CLAUDE_CODE_USE_POWERSHELL_TOOL env var
• iTerm2 + tmux tearing fixed: Terminal display tearing issue resolved
• Typo suggestions: claude udpate → “Did you mean claude update?”

Recommended Reads

• “Do You Even Need a Database?”: A hands-on experiment benchmarking file scan, in-memory map, and on-disk binary search across Go, Bun, and Rust. In-memory maps hit 169k req/s vs SQLite’s 25k req/s — enough for 90–600M DAU. The comment thread features strong counterarguments about ACID guarantees being the real value of databases. A useful mental model for early-stage product architecture decisions. Original

• “A Farewell to Agile”: Argues that Agile was a repackaging of 1970s principles, and that in the LLM era, Spec-Driven Development matters more. The comment section pushes back hard, with the majority arguing the problem is formalization and misunderstanding of Agile, not Agile itself. A thought-provoking read on how AI coding tools intersect with development methodology. Original

• “How Anthropic Discovered Mythos Was Too Dangerous”: Bloomberg’s long-form deep dive tracing the internal journey from Mythos’s discovery to the decision not to release it. A rare window into how AI safety evaluations actually work in practice. Bloomberg

Interesting Projects & Tools

• Lazyagent — TUI for tracking multiple coding agent sessions: Solves the problem of tracking Claude Code, Codex, and OpenCode when running multiple agents simultaneously. Features include tool call and session lifecycle filtering, inline diff rendering for Edit/Write events, parent-child sub-agent hierarchy tracking, and full event payload search. GitHub

• NexiBase — Open-source full-stack CMS built on Next.js 16: A content management system leveraging the latest Next.js 16 features with a full-stack architecture. No separate backend needed — useful as a boilerplate reference for developers starting Next.js projects with Claude Code. GeekNews