Back to Blog
claude-code weekly-update sonnet-4.6 worktrees security desktop

What's Up Claude Code: Week of February 17th

Olivier Legris ·

TL;DR

The theme this week: Claude Code is becoming infrastructure, not just a tool. Anthropic shipped Sonnet 4.6 (1M context, strongest Sonnet ever), built-in worktree isolation for parallel agents, a security scanner, and desktop session mobility — all signaling that Claude Code is evolving from “coding assistant” into a platform for autonomous software engineering.

Meanwhile, the community is building the ecosystem around it: Nightshift burns leftover tokens overnight to ship cleanup PRs while you sleep. Chell and Paseo give you mobile/desktop UIs for managing agent fleets. Greenlight puts permission approvals on your iPhone. Void-Box runs agent pipelines in KVM micro-VMs for production isolation. The gap between “demo” and “daily driver” is closing fast — on both the official and community sides.

Seven releases (v2.1.44 → v2.1.50), a massive memory leak purge that finally makes long sessions viable, and Claude Code’s first birthday — celebrated with a 220+ project hackathon gallery that reads like a preview of 2027. Solo devs shipping Alzheimer’s detection, Indonesian legal platforms, and self-improving agent swarms — in 6 days.

1. Sonnet 4.6

The big model drop this week: Claude Sonnet 4.6 launched on Tuesday. It’s a full upgrade across coding, computer use, long-context reasoning, agent planning, knowledge work, and design — with a 1M token context window in beta.

Available on all plans, Cowork, Claude Code, the API, and all major cloud platforms. The free tier now defaults to Sonnet 4.6 and includes file creation, connectors, skills, and compaction.

For Claude Code users, this means a significantly stronger mid-tier model. If you’ve been using Sonnet 4.5, switch in /model — the 1M context alone is worth it. Note: Sonnet 4.5 with 1M context is being removed from the Max plan in favor of 4.6 (v2.1.49).

2. Built-in Git Worktree Isolation

Boris Cherny announced built-in worktree support for Claude Code CLI. Agents can now run in parallel without interfering with each other — each gets its own worktree.

New in v2.1.50:

  • isolation: worktree in agent definitions — declarative worktree isolation
  • WorktreeCreate and WorktreeRemove hook events — automate setup/teardown when worktrees are created or removed
  • Works with non-git VCS too (Mercurial, Perforce, SVN) via worktree hooks

The desktop app had this for a while, but bringing it to CLI makes parallel agent workflows practical for everyone. Combined with the ctrl+f keybinding (v2.1.47) to kill all background agents, the multi-agent ergonomics are genuinely usable now.

3. Claude Code Security Scanner

Announced Friday: Claude Code Security is now in limited research preview. It scans codebases for vulnerabilities and suggests targeted software patches for human review.

The community is already putting it to work — Opus 4.6 found 500+ vulnerabilities in open-source code, with patches being contributed upstream. This is the kind of tool that traditional SAST scanners miss because it actually understands the code.

4. Desktop App: Preview, PR Monitoring & Session Mobility

The desktop app got a major update on Friday:

  • App previews — Claude can now preview your running apps, review code, and handle CI failures in the background
  • PR monitoring — Open a PR and Claude tracks CI in the background. With auto-fix, it attempts to resolve failures automatically. With auto-merge, PRs land as soon as checks pass
  • Session mobility — Run /desktop to bring a CLI session into the desktop app, or push it to the cloud and pick it up from the web or your phone

The session mobility piece is particularly interesting. Combined with the --sdk-url WebSocket flag spotted last week, Claude Code is clearly decoupling from “you must be in a terminal.”

5. The Great Memory Leak Purge

v2.1.47 and v2.1.50 were dominated by memory leak fixes. If you’ve ever had Claude Code grind to a halt in long sessions, this week was for you:

  • Completed teammate tasks never garbage collected from session state — fixed
  • API stream buffers, agent context, and skill state retained after use — fixed
  • Yoga WASM linear memory never shrinking — fixed (periodic parser reset)
  • LSP diagnostic data never cleaned up after delivery — fixed
  • File history snapshots growing unboundedly — now capped
  • Shell command output causing unbounded RSS growth — fixed
  • TaskOutput retaining lines after cleanup — fixed
  • CircularBuffer retaining cleared items — fixed
  • ChildProcess and AbortController references retained after cleanup — fixed
  • Tree-sitter parser WASM memory growing indefinitely — periodic reset added
  • O(n²) message accumulation in agent progress updates — eliminated

Plus: internal caches now clear after compaction, and large tool results are freed after processing. Long sessions should feel dramatically more stable.

6. Claude Code Turns One 🎂 + The Hackathon That Proved It

Claude Code celebrated its first birthday this week. Anthropic hosted a party in SF on February 21st with live demos, top hackathon projects, and cake. Boris noted it started as a hackathon project one year ago — now it’s how thousands of founders build.

But the real story is the “Built with Opus 4.6” hackathon — 500+ builders, 220+ submissions, and a gallery that reads like a preview of what software looks like in 2027. Here’s what stands out:

The Pattern: Claude Code as Full-Stack Enabler

The most striking theme across submissions isn’t “AI chatbot” — it’s solo developers building production systems in 6 days that would have taken teams months. Multiple projects report 20K+ lines of code, 100+ PRs, and complete deployment pipelines, all pair-programmed with Claude Code.

Standout Projects by Category

🏗️ Agent Infrastructure (the picks that matter most for this community):

  • ATP (Agent Trigger Protocol) by David Fant — “MCP gave agents tools. ATP gives agents triggers.” An open protocol for agents to subscribe to real-world events and resume autonomously. Claude sends an email, a reply arrives 3 hours later, Claude picks it back up. This is the async agent primitive everyone’s been building manually.
  • Heimdall by Marwane Chahed — MCP governance proxy that intercepts every tool call, enforces YAML policies, and produces tamper-evident audit trails. Its unique “RESHAPE” action transforms arguments in-flight (e.g., redacts secrets) without blocking the agent. 197 tests, MIT licensed.
  • CCX by Anas Moujahid — “Controlled Digital Employee” that runs 24/7 on your server, takes tasks through Slack, and ships PRs. Two Opus processes (Manager + Worker) with an 8-point acceptance gate and 3-tier crash recovery for multi-hour autonomous sessions.
  • Claude Code Canary by Geoffrey Young — Security research proving that Claude Code plugins can inject fabricated content via the hook system’s exit-2 stderr channel. Built a defense that intercepts third-party plugins and audits them with Opus before execution.

🧬 Science & Healthcare (where AI stops being a toy):

  • AlzheimerVoice by Remi François — Detects early signs of Alzheimer’s, Parkinson’s, and depression through voice analysis. 107 biomarkers across 11 cognitive domains, 80+ ingested research papers, 35-rule differential diagnosis. A 5-minute daily conversation is all it takes.
  • Clinical Trial Compass by Justin Knoll — Connects Apple Health data with 500K+ clinical trials via a 6-stage agent pipeline. Fewer than 5% of US cancer patients participate in trials despite 70% willingness — the gap is access, not reluctance.
  • BioStack.Dev by Petros Hong — AI-native IDE for synthetic biology: genetic circuit design, CRISPR guide generation, codon optimization, and simulation. Replaces 4-5 expensive biotech tools with one credit-based platform.
  • Ehrlich — Multi-model scientific discovery engine: Opus as Director, Sonnet as parallel Researchers across 91 tools and 28 data sources, Haiku as Summarizer.

🔧 Developer Tools (solving real pain points):

  • Mori by Parth Sharma — Database proxy that lets agents do whatever they want to production without consequences. Reads hit prod, writes get captured in a shadow DB. 9 database engines, 14 auth providers, MCP server included. The dream workflow.
  • Kekule by Ansh Tulsyan & Jack Armitage — Self-improving agent swarm that runs SWE-bench tasks, diagnoses failures, invents new verification strategies, and improves across epochs. Resolved 2 tasks the current SOTA couldn’t.
  • ROBO.APP by Matt Silverman — iOS app that turns 9 phone sensors (LiDAR, camera, BLE, HealthKit, motion) into APIs any agent can use via MCP. 336 commits, 100 PRs, ~22K lines in 6 days.

🌍 Accessibility & Public Good:

  • Pasal.id by Ilham Firdausi Putra — First open, AI-native platform for Indonesian law. 40,000+ regulations and 937,000+ articles transformed from locked PDFs into searchable data with an MCP server. Opus verifies parsed text against original PDFs using vision.
  • GSD by Mike Endale — “100 billion form submissions per year at every level of US government.” GSD is a personal agent that replaces bureaucracy with a single conversation. Losing your job in California means 12 forms and 564 fields — GSD handles it all.
  • AgriAgent by Medoune Balde — Multi-agent platform for 500M+ smallholder farmers. AI chat with crop disease photo analysis, full voice interface, SMS for areas without internet. Trilingual: French, English, Wolof.

The Bigger Picture

A year ago, Claude Code was a hackathon project. This week, 500 people used it to build production-grade systems in healthcare, law, agriculture, infrastructure, security, and science — most of them solo developers.

The gallery isn’t just impressive projects. It’s evidence of a phase transition: the barrier to building meaningful software has dropped below “one person, one week.” The projects that won aren’t the flashiest — they’re the ones solving real problems for real people (roads in Uganda, farmers in Senegal, elderly patients in nursing homes, 280 million Indonesians who can’t read their own laws).

That’s what Claude Code turning one actually means.

7. Anthropic Research: Measuring Agent Autonomy

Anthropic published new research on agent autonomy — analyzing millions of interactions across Claude Code and their API. Key finding: software engineering makes up ~50% of agentic tool calls, but other industries are emerging fast.

The central lesson: “autonomy is co-constructed by the model, user, and product. It can’t be fully characterized by pre-deployment evaluations alone.” For the Claude Code community, this validates the pattern we’re seeing — people are gradually increasing the autonomy they grant to their agents as trust builds.

8. Quality of Life & Bug Fixes

New features:

  • claude agents CLI command to list all configured agents (v2.1.50)
  • ConfigChange hook event for enterprise security auditing (v2.1.49)
  • chat:newline keybinding action for configurable multi-line input (v2.1.47)
  • last_assistant_message in Stop hook inputs (v2.1.47)
  • CLAUDE_CODE_DISABLE_1M_CONTEXT env var (v2.1.50)
  • Opus 4.6 fast mode now includes 1M context (v2.1.50)
  • Windows ARM64 improvements continue
  • spinnerTipsOverride for custom spinner tips (v2.1.45)
  • Plugin-provided commands, agents, and hooks now available immediately after install — no restart needed (v2.1.45)

Notable bug fixes:

  • Bash permission classifier could hallucinate match descriptions, incorrectly granting permissions — fixed (v2.1.47)
  • Unicode curly quotes silently corrupted by Edit tool — fixed (v2.1.47)
  • Parallel file writes: one failure no longer aborts all sibling operations (v2.1.47)
  • Plan mode lost after compaction — fixed (v2.1.47)
  • Custom agent model field ignored for team teammates — fixed (v2.1.47)
  • Ctrl+C/ESC silently ignored when background agents running — fixed (v2.1.49)
  • /rename custom titles lost after resume — fixed (v2.1.47)
  • Agent Teams failing on Bedrock, Vertex, Foundry — fixed (v2.1.45)

Built with Claude Code

Community highlights this week:

Nightshift — A “Roomba for your codebase” that burns your leftover Claude/Codex tokens overnight to find dead code, doc drift, test gaps, and security issues. Everything lands as a PR so worst case you just close it.

Chell (GitHub) — Desktop + iOS/Android native apps for managing multiple Claude Code sessions. Free, cross-platform, worktree-style project isolation with live terminal output and lock screen notifications on mobile.

Greenlight — iOS app that surfaces Claude Code permission prompts to your phone. Pattern-based “always allow” rules, command risk intelligence for 170+ CLI tools.

Paseo (GitHub) — Self-hosted Claude Code UI with git worktree management for parallel agents, integrated terminal, and local voice mode. Tauri + React + TypeScript.

cache-audit — Claude Code skill that audits your setup against Anthropic’s 6 prompt caching rules. The author caught 30-40k tokens being loaded on startup from ignored git dirs.

hmem — Portable agent memory via MCP. SQLite-backed hierarchical memory that works across Claude Code, Cursor, Gemini CLI — same .hmem file on any machine.

Void-Box — Rust runtime that isolates each agent pipeline stage in its own KVM micro-VM. Per-stage isolation, policy-enforced execution, OTLP observability baked in. For production multi-agent pipelines where blast radius actually matters.

Edictum — Runtime governance library that intercepts AI agent tool calls before execution and enforces safety contracts in YAML. 6 framework adapters including Claude Agent SDK.

Token usage cut 65% via dependency graphs — A developer built a local dependency graph served via MCP, cutting Claude Code’s token usage by 65% by providing only the relevant dependency chain instead of letting it read everything.

Community Events

Another massive week for Claude Code meetups — 19 events across 4 continents:

This week:

Coming up next week:

Want to host one in your city? Submit an event on Luma →