Platform

June 2026

1. 2026-06-03 · Codex

   Amazon Bedrock integration runs Codex models under AWS-managed authentication and billing

   Platform
   • An operator with AWS infrastructure can now run OpenAI models through Amazon Bedrock, moving authentication and billing under AWS IAM and cost allocation instead of an external OpenAI API path.
   • This reframes where the trust and identity boundary sits — Codex model calls become AWS-native, which changes compliance and credential-management decisions for AWS-policy organizations.
   • Verification path: provision Codex models via Bedrock, confirm IAM scoping and that no model traffic leaves the AWS-managed path before treating it as compliance-satisfying.

   Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

2. 2026-06-03 · Codex

   Sites plugin (preview) adds in-app website and web-app creation and deployment

   Platform
   • An operator can now create, deploy, and manage websites, dashboards, and web apps directly within Codex, removing the external-tool step for web deployment.
   • ChatGPT Business workspaces include Sites by default, so the operator decision is whether to allow/govern an in-product deploy surface that may already be enabled.
   • Verification path: confirm whether Sites is enabled in your Business workspace and whether agent-initiated deployments fit your hosting/governance policy before relying on it.

   Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

3. 2026-06-03 · Gemini CLI

   v0.45.0 stable bundles terminal hardening, session-context cleanup, and an MCP blacklist-bypass fix

   Platform
   • Operators on preview or older stable builds get a single upgrade decision: move to v0.45.0 to pick up Termux relaunch/resize fixes, session-context filtering on history resume, sequential tool execution for update_topic, Vim keybinding fixes, and an MCP blacklist-bypass prevention fix.
   • The MCP blacklist-bypass prevention is the security-bearing item: it closes a path where a blacklisted MCP tool/server could still be reached, so operators relying on MCP allow/deny controls should upgrade before trusting the blacklist.
   • Verification path: release tag v0.45.0 notes (published 2026-06-03T01:05:14Z) enumerate the bundled fixes.
   • Single composite upgrade decision - bundled small fixes all gated on 'upgrade to v0.45.0' stay one signal.

   Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

4. 2026-06-03 · Gemini CLI

   CI labeler switched to pull_request_target, granting write context to fork PR runs

   Platform
   • Contributors and maintainers should note the PR-size labeler now runs under pull_request_target, which executes in the base-repo context with write-capable token access on fork PRs.
   • This is the classic pwn-request surface: pull_request_target with any checkout or execution of fork-controlled content can leak the elevated token; operators forking or auditing the repo's CI should confirm the workflow does not check out and run untrusted PR code.
   • Verification path: .github/workflows/pr-size-labeler.yml line 4 trigger change from pull_request to pull_request_target.
   • Single decision for the repo-security auditor: review this workflow's token scope and whether it touches fork-controlled inputs.

   Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

5. 2026-06-03 · Agent Zero

   Remote Link renamed to Remote Control with selectable tunnel providers and handshake version advertisement

   Platform
   • Operators managing distributed deployments must update remote-connectivity terminology (Remote Link -> Remote Control) and can now choose among Cloudflare, Microsoft Dev Tunnels, Serveo, and Tailscale
   • Version advertisement in connector handshakes lets CLI clients detect server compatibility, changing how operators coordinate client/server upgrades across a fleet

   Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

6. 2026-06-03 · OpenHands

   Upgrade frontend deps (axios 1.16.0, dompurify 3.4.0) to close CVE-2026-44492 and CVE-2026-41238

   Platform
   • Two browser-facing frontend dependencies were patched in the window: axios to 1.16.0 (CVE-2026-44492, commit 73d1d9a) and dompurify to 3.4.0 (CVE-2026-41238, commit b025cd2). Two commits, one operator action: rebuild and redeploy the frontend bundle.
   • Self-hosters pinning older lockfiles must bump both manually; a stale frontend build leaves both CVEs live.

   Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

7. 2026-06-03 · Flue

   v0.9.0 breaking app-config migration: routing/provider imports, provider-ID format, SDK mount paths, and beta session-state reset

   Platform
   • Upgrading to v0.9.0 forces a developer to rewrite application imports: routing moves from `@flue/runtime/app` to `@flue/runtime/routing`, provider APIs and `observe` come from `@flue/runtime`, and Workers AI types from `@flue/runtime/cloudflare` — code will not compile until updated.
   • Provider model values now require `provider-id/model-id` format and `registerProvider()`/`configureProvider()` must share one ID; SDK mount paths now derive from `baseUrl` pathname — both are silent runtime-behavior changes that mis-route calls if not updated.
   • Persisted beta session state is now rejected; the operator must clear or migrate the session store before upgrading or sessions fail to restore — a distinct destructive pre-upgrade step gated on the same v0.9.0 cutover.
   • All of these share one verb (update-before-upgrade) for one persona (the Flue app developer) and one verification path (build + smoke-test against v0.9.0), so they route as a single platform migration signal.

   Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

May 2026

1. 2026-05-27 · OpenHands

   OpenHands becomes the GUI shell for other harnesses, with org-level LLM profiles

   Platform

   composes with Claude Code , Codex , Gemini CLI

   • Evaluators of OpenHands as a multi-agent shell: enable `ENABLE_ACP` against your preferred ACP back-end (Claude Code, Codex, Gemini CLI) and test the policy surface — the greyed-out settings while ACP is active are intentional.
   • Multi-tenant SaaS operators must confirm they are on 2026-05-22+ to get the MCP/ACP env scoping fix. Audit MCP credentials that may have been shared across org members pre-fix.
   • Enterprise admins should treat the org-level LLM profile model as the canonical place to set 'this org uses these models' policy.
   • Operators on the release channel need to know none of this is in a tagged 1.x release yet — main-branch only.

   Run: 2026-05-27-weekly-digest-2026-05-13_2026-05-27-frontier-v0

2. 2026-05-27 · Hermes Agent

   Hermes ships PyPI, lazy adapter install, native Windows beta

   Platform

   composes with Aider , Cline , Codex , Continue

   • Builders who bounced off the prior clone-and-shell installer should re-evaluate Hermes — `pip install hermes-agent` plus lazy adapter install plus Windows beta plus Zed ACP Registry listing materially lower the floor.

   Run: 2026-05-27-weekly-digest-2026-05-13_2026-05-27-frontier-v0

3. 2026-05-12 · Pi Coding Agent

   Package scope migration to earendil-works; harness SDK stream config

   Platform
   • Operators with global Pi installs should run `pi update --self` once @earendil-works/pi-coding-agent is published to migrate from the old @mariozechner scope.
   • Operators with Pi pinned in CI, Dockerfiles, or package.json by the old @mariozechner/pi-coding-agent name should update their references to @earendil-works/pi-coding-agent.

   Run: 2026-05-12-partial-cycle-pi-coding-agent-2026-05-07_2026-05-12-frontier-v0

4. 2026-05-12 · OpenClaw

   Per-agent message restrictions, gated code install, and onboarding wayfinding

   Control PlanePlatform
   • Operators deploying public-facing or sandboxed agents should evaluate `tools.message.crossContext` and `tools.message.actions.allow` overrides to restrict agent message sends to the current conversation without changing the global bot policy.
   • Operators running long-horizon OpenClaw sessions should know that session memory is now bounded: the memory dreaming promotion cap compacts oldest auto-promoted sections while preserving user-authored notes. Unbounded auto-memory growth is no longer the default behavior.
   • Operators deploying OpenClaw for new users should test the improved CLI onboarding wayfinding: setup, onboarding, configure, and channel commands now explain the next useful command at each step.

   Run: 2026-05-12-partial-cycle-openclaw-2026-05-07_2026-05-12-frontier-v0

5. 2026-05-12 · Hermes Agent

   Hermes drops mistralai from [all] extras after PyPI quarantine of 2.4.6

   Platform
   • Operators who installed hermes-agent[all] on or around 2026-05-12 should verify whether mistralai==2.4.6 is present in their environment and remove it if so.
   • Operators needing Mistral Voxtral TTS must switch to explicit hermes-agent[mistral] install; it no longer ships in [all] while quarantine is active.

   Run: 2026-05-12-partial-cycle-hermes-refresh-2026-05-12-frontier-v0

6. 2026-05-12 · Flue

   Flue: programmable harness with run observability, virtual sandbox, and shell env security fix

   Platform
   • Operators using shell env for credentials in pre-v0.4.1 Flue sessions should verify their session store does not contain unredacted values — the v0.4.1 shell env redaction fix is a security patch.
   • Operators using `sandbox: 'local'` should re-test: it is now genuinely local (direct host access, no just-bash), changing the isolation boundary for agents running in CI.
   • Operators building on Flue should evaluate `flue logs` and run history (v0.5.0) as the primary evidence trail for autonomous agent invocations.

   Run: 2026-05-12-partial-cycle-flue-2026-05-07_2026-05-12-frontier-v0

7. 2026-05-07 · OpenHands

   Agent harnesses are becoming full development platforms.

   Platform

   Run: 2026-05-07-expanded-watchlist-dry-run

8. 2026-05-07 · OpenClaw · OpenHands · Agent Zero

   Accessibility is becoming a frontier capability.

   Platform

   Run: 2026-05-07-expanded-watchlist-dry-run

9. 2026-05-07 · OpenClaw · Agent Zero · Hermes Agent · Pi Coding Agent · Gemini CLI · OpenHands

   Accessibility is a frontier capability, not marketing polish

   Platform
   • Everyday adoption depends on setup recovery, visible progress, voice/chat surfaces, readable UI, OAuth clarity, and fewer dead ends.

   Run: 2026-05-07-commit-harvest-2026-04-23_2026-05-07-frontier-v1

10. 2026-05-07 · Pi Coding Agent · Hermes Agent · OpenClaw · Codex · Gemini CLI · OpenHands

    Integrations are volatile; the operating loop has to be durable

    Platform
    • Provider lists, plugin systems, transports, and model profiles will keep changing.

    Run: 2026-05-07-commit-harvest-2026-04-23_2026-05-07-frontier-v1

11. 2026-05-06 · Codex · Claude Code · Gemini CLI · Hermes Agent · Pi Coding Agent

    Plugin, extension, and skill ecosystems are becoming the integration surface.

    Platform
    • The practical power of worker CLIs increasingly depends on plugins, hooks, extensions, skills, and transport modules, not just the base model.
    • Adapter receipts should include enabled plugin/extension/skill surfaces and should distinguish worker-local skills from Bitter-owned memory.

    Run: 2026-05-06-manual-2026-04-22_2026-05-06-frontier-v0

12. 2026-05-06 · Pi Coding Agent · Gemini CLI · Codex

    Worker integrations are not durable doctrine.

    Platform
    • Pi removed built-in Gemini CLI and Antigravity support while adding many providers; Gemini preview/nightly channels differ materially; Codex alpha releases and app-server surfaces move quickly.
    • Keep worker adapters thin, versioned, source-contracted, and replaceable. The stable Bitter asset is the run contract and receipt chain.

    Run: 2026-05-06-manual-2026-04-22_2026-05-06-frontier-v0