FIELD DIGEST

Brex open-sources CrabTrap agent proxy (agents).

CrabTrap is an open-source HTTP proxy that sits between your AI agents and external services. Instead of hardcoded allowlists or regex rules, you define safety policies in natural language and an LLM judges each outbound request against them before execution. The architecture is transparent: drop it in front of any HTTP-calling agent without modifying agent code. If you run agents that touch APIs, databases, or third-party services, this is the missing enforcement layer. Star the repo, read the Brex engineering blog on design tradeoffs, and evaluate it against whatever agent pipeline you have in production.

SpaceX acquires Cursor for $60 billion (platform).

SpaceX announced an agreement to acquire Anysphere, the company behind Cursor, for $60 billion. If you build on Cursor or integrate with its API, expect product direction to shift. The price tag tells you where the market thinks coding agents sit: strategic infrastructure, not developer tooling. Nothing to do today except start evaluating how tightly your workflows are coupled to Cursor and whether that coupling is a risk you want to carry into next quarter.

Claude Code pricing may hit $100/month (platform).

Anthropic updated their pricing page to suggest Claude Code might leave the Pro plan entirely and require a separate $100/month subscription, then walked it back as "confusing." Simon Willison, HN, and r/LocalLLaMA all covered the whiplash. Separately, Anthropic re-allowed OpenClaw-style wrappers after previously blocking them. If Claude Code is load-bearing in your daily workflow, build a fallback path now. Local models, alternative wrappers, or a second coding agent should be on your bench before this resolves.

Roo Code shuts down at 3M installs (platform).

Roo Code, the popular VS Code extension and Cline alternative, is being discontinued. The team is pivoting to Roomote, a cloud-based coding agent. If you use Roo Code, start migrating now. The broader pattern: local VS Code extensions are losing ground to cloud-native agent platforms. Combined with the Cursor acquisition, the entire local-extension model for coding agents looks increasingly fragile. Diversify your toolchain across at least two agents that use different hosting models.

Claude Mythos finds real Firefox zero-days (security).

Mozilla and Anthropic used an early version of Claude Mythos Preview to audit Firefox source code. It found and helped fix actual zero-day vulnerabilities shipped in Firefox 150. This is not a toy CTF demo. It is production browser code, real bugs, real patches. If you run a security team and have been skeptical about LLM-assisted auditing, this is the benchmark to evaluate against. Read Bobby Holley's writeup for the methodology. The practical ceiling for automated code review just moved significantly.

FlashKDA ships 2.2x faster Kimi inference (inference).

Moonshot released FlashKDA, CUTLASS-based kernels implementing Kimi's Delta Attention mechanism. Benchmarks show 2.22x speedup over the Triton baseline on H20 hardware. If you are self-hosting Kimi K2.6, these kernels are the difference between viable and too-slow inference at scale. Drop-in replacement for existing attention kernels. Pair with the GGUF quants now available from Unsloth and ubergarm for a full self-hosted deployment stack.

Kimi K2.6 crosses into production territory (inference).

Day two of intense community coverage. GGUF quants are shipping from multiple sources, FlashKDA kernels landed, and real deployment guides are appearing. The community perception is shifting from "interesting release" to "production-viable open alternative to Opus 4.7." If you have been waiting for the ecosystem to mature before testing, the ecosystem matured this week. Grab the quants, run the benchmarks on your hardware, and see if inference cost pencils out against your current API spend.

Ctx persists context across coding agents (tooling).

Ctx is a new SQLite-backed tool that stores workstream context (decisions, todos, notes) and makes it resumable across both Claude Code and Codex sessions. If you switch between coding agents or lose thread between sessions, this is a practical fix you can install today. The tool addresses a real friction point: agent sessions are stateless by default, and rebuilding context each time costs tokens and attention. Lightweight, local-first, worth a 15-minute evaluation.

Qwen 3.6 becomes the local coding default (inference).

Fourth consecutive day of Qwen 3.6 coverage. Qwen3.6-Max-Preview is live with 617 HN points. The community is publishing local deployment configs, head-to-head comparisons with Gemma 4, and coding agent benchmarks. The 35B-A3B MoE variant is becoming the default recommendation for local coding tasks. If you run a local model stack and have not tested this variant yet, the community consensus is forming fast. Benchmark it against whatever you currently run for code completion and generation.

Vercel breach traced to OAuth exploit chain (security).

Third day of Vercel incident coverage. New details: the breach originated from a Roblox cheat tool combined with an AI tool exploiting OAuth flows. Trend Micro published a full technical analysis. If you deploy on Vercel and have not rotated your environment variables, do it now. This is not theoretical. The attack chain is documented, the vector is understood, and your secrets may be exposed. Rotate credentials, audit OAuth scopes, and review what third-party integrations have access to your Vercel projects.

Ling-2.6-Flash revealed as stealth benchmark model (inference).

The mystery model that made waves on benchmarks a few days ago turns out to be Ling-2.6-Flash, previously tracked as "Elephant Alpha." Worth watching if it gets open weights. The flash-tier model race now has another strong contender alongside Qwen and Gemma variants. No action required today, but add it to your evaluation list for the next round of model comparisons.

Daemons pivots to agent cleanup tooling (agents).

Charlie Labs shut down their coding agent to build Daemons, tooling for monitoring and fixing agent-generated code in production. The pivot itself is the signal: agent cleanup is becoming its own product category. As more teams ship agent-written code, the gap between "code that passes tests" and "code that holds up in production" needs dedicated tooling. If you run agents that commit code, keep this on your radar for when it ships.

GoModel offers a Go-native AI gateway (tooling).

A solo-founder-built open-source AI gateway that routes between OpenAI, Anthropic, and other providers. Lightweight alternative to LiteLLM if your stack is Go-native and you want to avoid the Python dependency. Early stage, but the routing layer is functional and the codebase is small enough to audit in an afternoon. If you have been looking for provider abstraction without pulling in a large Python framework, give it a read.