What's Up Claude Code: Week of April 6th

TL;DR

The theme this week: Anthropic shipped infrastructure, not just features. The Advisor Tool API formalizes multi-model escalation in a single call. Claude Managed Agents removes the need to run your own agent server. Meanwhile, v2.1.98 through v2.1.104 closed four Bash security holes and added serious enterprise tooling — Monitor Tool, Vertex wizard, OTEL privacy controls. The community kept pace with domain-specific skills, cross-session memory experiments, and growing debate about what happens when MCP servers eat too much context.

1. The Advisor Tool — Multi-Model Escalation Without the Plumbing

On April 9, Anthropic shipped the Advisor Tool API in beta. It formalizes something developers have been cobbling together manually: letting a fast, cheap model handle the work but call a more capable model when it hits something hard.

How it works: You add advisor_20260301 as a tool in your standard Messages API request. When the executor model gets stuck, it calls the advisor server-side. Opus guidance comes back. The executor continues. All in one API call — no second round trip, no context management overhead.

response = client.messages.create(
  model="claude-sonnet-4-6",
  tools=[{
    "type": "advisor_20260301",
    "name": "advisor",
    "model": "claude-opus-4-6",
    "max_uses": 3,
  }],
  messages=[...],
)

Results: Haiku + Opus advisor hit 41.2% on BrowseComp, up from 19.7% — at 85% less cost than Sonnet alone. Sonnet + Opus advisor adds +2.7pp on SWE-bench at 11.9% less total cost than Sonnet by itself.

The pattern this formalizes: Opus never touches tools, never produces output. It only advises. Small model drives the full task. Big model corrects when needed. You pay Opus rates only for advisory tokens (typically 400-700 per consultation).

This is a meaningful API shift. Per-channel or per-task model routing is the old pattern. Per-decision escalation inside a single request is what this enables.

2. Claude Managed Agents — Run Agents Without Running Servers

The less-covered launch this week was Claude Managed Agents, announced April 9.

The premise is simple: instead of running Claude Code on a server and managing the whole stack yourself (containers, session handling, compaction, error recovery), you define the agent and fire tasks at it. Anthropic handles the infrastructure. You stream results back.

agent = client.agents.create(
  model="claude-opus-4-6",
  system_prompt="...",
  tools=[...]
)
session = agent.sessions.create()
result = session.run("Scan this repo for outdated dependencies and open a PR")

This removes the #1 failure mode for teams building agentic workflows: not the AI layer, but the infrastructure layer. A reliable agent loop with proper sandboxing and error handling turns out to be the hard part. Now it’s a managed service.

Three concrete use cases that work today: dependency updater (point at a repo, bump packages, run tests, open PRs), tech radar (web search + 20 minutes → structured markdown report), documentation auditor (compare docs against actual codebase, output corrections).

Still beta, still early — but the gap between “AI that sits next to you” and “AI that works while you do something else” just got smaller.

3. Security Week: v2.1.98 → v2.1.104

This week’s releases were dense with security fixes.

v2.1.98 (57 changes) closed four Bash permission bypass vectors: backslash flags, compound commands, environment-variable prefixes, and /dev/tcp redirects. Also shipped: Monitor Tool for streaming background script events, Vertex AI setup wizard, CLAUDE_CODE_PERFORCE_MODE, and CLAUDE_CODE_SCRIPT_CAPS. A --exclude-dynamic-system-prompt-sections flag enables better cross-user prompt caching for shared deployments.

v2.1.101 added a fix for command injection in the POSIX which fallback (LSP binary detection) and patched a hole where permissions.deny rules could be downgraded to a prompt by PreToolUse hooks. Also shipped: /team-onboarding to auto-generate teammate ramp-up guides, OS CA cert trust by default, and OTEL privacy improvements (sensitive span attributes now opt-in via OTEL_LOG_USER_PROMPTS, OTEL_LOG_TOOL_DETAILS, OTEL_LOG_TOOL_CONTENT).

v2.1.104 added PowerShell quoted-arg hardening and fixed .jj / .sl (Jujutsu and Sapling) VCS exclusions.

The security-fix cadence is real now. If you’re running Claude Code in any production-adjacent context, the update frequency matters.

Critical bug still open: #44778 — system events arrive as role: user, meaning Claude can fabricate consent. Avoid irreversible actions in fully automated flows until this is resolved.

4. Community Spotlight

Notable projects this week:

paperasse — French bureaucracy skills for AI agents. Comptable, contrôleur-fiscal, commissaire-aux-comptes, notaire, syndic — each as a CLAUDE.md skill. Qonto and Stripe connectors included. Claims +11% improvement vs. unskilled agents. The domain-expertise-as-skill pattern done cleanly.
claude-buddy MCP — MCP server replacement for /buddy after its removal from Claude Code. Live agent activity display (files, tools, thinking) via hook bridge. If you liked the Tamagotchi, this keeps it alive.
caveman-skill (562⭐) — Ultra-sparse language prompt that cuts output tokens 61-75% on pipelines. Token reduction without reasoning reduction, for the right workloads.
claude-mem — SQLite-backed persistent cross-session memory. Claims ~10x context reduction. The “remember what worked, not just what happened” pattern in practice.
Compound Engineering Plugin v2.65.0 — 6-command planning cycle: brainstorm → plan → work → review → compound → ideate. Structured cognitive scaffolding for longer agentic workflows.
oh-my-openagent (52 hooks, 50.5K⭐) — Drop-in hook system, updated this week.

Trending:

JetBrains survey: Claude Code at 18% pro developer adoption, tied with GitHub Copilot
claude-code on GitHub: continues past 180K public commits weekly
HN discussion #47660925 (1,352 pts): on adaptive thinking and the three separate settings that control reasoning depth — most community workarounds only touch one
MCP overhead backlash growing: some servers consume 67K+ tokens before the first prompt. Developers reverting to bash/CLI tools. Worthwhile reading: choose MCP for things that genuinely need it, not for everything

Patterns worth watching:

Boris Cherny confirmed: three independent settings control reasoning depth in Claude Code. Missing any of them means your “high effort” config may not actually be high effort:

CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1
CLAUDE_CODE_EFFORT_LEVEL=high
showThinkingSummaries: true in settings.json

All three together is the actual max-reasoning configuration.

5. The Convergence Cliff

A pattern circulating in technical communities this week: “the convergence cliff.”

The observation: AI-assisted codebases tend to fail in cascades rather than gradually. Missing types and lint from early sessions compound into something that’s hard to recover from. The suggested fix — establish types, linting, and structural conventions from session one — sounds obvious but turns out to matter more than most teams expect when they hand off code to an agentic loop.

This isn’t a Claude Code-specific problem, but Claude Code’s speed amplifies it. Fast is only an advantage if the foundation is solid.

6. Community Events

The map keeps filling in. 181 events, 216 leaders — and a particularly dense week ahead.

Coming next week (Apr 13–19):

🇺🇸 Los Angeles | Claude Code Workshop for Builders (Apr 13)
🇺🇸 Austin | Austin | Claude Code (Apr 14) ← 🆕
🇬🇧 London | Claude Code Curious #4 (Apr 14)
🇺🇸 New York | Claude Code for Developers (Apr 14) ← 🆕
🇰🇷 Seoul | Claude Bloom (Apr 14)
🇲🇽 Villahermosa | Claude Code para Todos (Apr 15) ← 🆕
🇸🇬 Singapore | Claude Code Meetup #5 / Fintech (Apr 15)
🇸🇪 Stockholm | Claude Code for Developers (Apr 15) ← 🆕
🇦🇺 Melbourne | Claude for Everyone (Apr 16)
🇩🇪 Nürnberg | Claude for Everyone (Apr 16)
🇦🇺 Sydney | Claude for Founders (Apr 16) ← 🆕
🇰🇷 Seoul | Claude Code FDE Night (Apr 17)
🇹🇷 Istanbul | Claude for Solopreneurs (Apr 17)

New cities this week: Austin 🇺🇸, New York 🇺🇸, Villahermosa 🇲🇽, Stockholm 🇸🇪, Sydney 🇦🇺

Host your own on Luma →

What We’re Watching

Advisor Tool adoption — The API pattern is clean. The question is whether developers change their default routing model or treat this as an advanced feature they’ll get to later.
Managed Agents real-world durability — Looks clean in demos. Does it hold up when tasks hit ambiguous states or need human-in-the-loop correction? That’s the real test.
MCP overhead forcing a reset — The community backlash against token-heavy MCP servers is real. Expect pressure on server authors to reduce context footprint, and more teams switching back to direct CLI tools for high-frequency operations.
Domain-specific skills getting serious — paperasse is a real pattern: encode professional expertise as structured skills with measurable improvement. This generalizes beyond French accounting. Watch for more verticals.
Security baseline hardening — Four Bash bypass vectors in one release, plus the permissions.deny hook downgrade bug. The threat surface is getting clearer, and so are the mitigations. Update frequently.