Claude Report — 2026-04-23
- Claude Code 2.1.118 ships vim visual modes, `/cost`+`/stats`→`/usage`, custom themes, and `mcp_tool` hooks.
- Agent SDK Python v0.1.64/0.1.65 lands full SessionStore parity, `ServerToolUse`/`AdvisorToolResult` blocks.
- Downloads migrate from `storage.googleapis.com` to `downloads.claude.ai/claude-code-releases`.
- Mythos vulnerability-detection model: unauthorized third-party vendor access under investigation (Apr 22).
- github-mcp-server hits v1.0.1 and v1.0.2; claude-mem v12.3.9 adds Telegram notifier and non-blocking stop hook.
🚀 Anthropic Official
Claude Code 2.1.118
Adds vim visual (v) and visual-line (V) modes with operators, merges /cost and /stats into /usage, introduces named custom themes at ~/.claude/themes/ (plugins can ship themes via themes/), lets hooks call MCP tools directly via type: "mcp_tool", and adds DISABLE_UPDATES (stricter than DISABLE_AUTOUPDATER). Also ships claude plugin tag for validated release tagging, wslInheritsWindowsSettings policy for WSL, "$defaults" sentinel to extend auto-mode allow/deny lists, /color sync to Remote Control, and more than a dozen MCP OAuth fixes (headersHelper, missing expires_in, keychain races, insufficient_scope 403s, OAuth-flow unhandled rejections). Fixes /fork writing the full parent conversation per fork (now pointer + hydrate), credential-save corruption on Linux/Windows, and remote sessions overwriting local model in ~/.claude/settings.json.
Claude Code release distribution URL migrated
Claude Code and the installer now fetch releases from https://downloads.claude.ai/claude-code-releases instead of the old storage.googleapis.com/claude-code-dist-* bucket (added as an Apr 22 amendment to the 2.1.117 notes).
claude-agent-sdk-python v0.1.65
Adds SessionStore.list_session_summaries() + fold_session_summary() helper for O(1) per-session list views, import_session_to_store() for replaying local sessions into any adapter, a display field on ThinkingConfig forwarded as --thinking-display (overrides Opus 4.7's default "omitted"), and new ServerToolUseBlock/AdvisorToolResultBlock content types — previously dropped silently, which caused server-only tool-call messages to arrive as empty AssistantMessage(content=[]). Bundles CLI 2.1.118.
claude-agent-sdk-python v0.1.64
Delivers full SessionStore parity with the TypeScript SDK: a 5-method SessionStore protocol, InMemorySessionStore reference, --session-mirror transcript mirroring, session resume from store, 9 async store-backed helpers (list_sessions_from_store, fork_session_via_store, etc.), and a 13-contract conformance harness (claude_agent_sdk.testing.run_session_store_conformance) for third-party adapter authors. Adds copy-in S3/Redis/Postgres reference adapters under examples/session_stores/.
@anthropic-ai/claude-agent-sdk v0.2.118
Adds Options.managedSettings so embedders can pass policy-tier settings to the spawned CLI in-memory, honored below IT-controlled managed sources. v0.2.116 and v0.2.117 ship parity bumps to CLI 2.1.116 / 2.1.117.
🔌 Claude Code Plugins
None of the top 10 updated in window.
Unchanged in window: frontend-design, superpowers, context7, code-review, code-simplifier, github, playwright, feature-dev, skill-creator, claude-md-management.
🛠️ Skills
None of the top 5 updated in window.
Unchanged in window: superpowers:brainstorming, superpowers:tdd, superpowers:systematic-debugging, superpowers:writing-plans, superpowers:executing-plans.
🤖 Agents & Subagents
None of the top 5 updated in window.
Unchanged in window: superpowers:subagent-driven-development, claude-router:orchestrate, ralph-loop, claude-router:fast-executor, claude-mem:do.
🔗 MCPs & Integrations
github-mcp-server v1.0.2
Fixes set_issue_fields mutation to use correct inline fragments for the IssueFieldValue union (Apr 22).
github-mcp-server v1.0.1
Re-allows browser-based MCP clients via CORS (SDK regression) and fixes Content-Type rejection for application/json; charset=utf-8 (Apr 21).
claude-mem v12.3.9
Adds security_alert 🚨 / security_note 🔐 observation types and a fire-and-forget Telegram notifier with MarkdownV2 formatting, and makes the stop-hook summarize non-blocking (eliminates ~110s terminal block at session end via a server-side SessionCompletionHandler). Fixes double session_completed broadcasts and worker-port precedence on Windows (fallback to 37777).
context7
Ships CLI update notifications + upgrade command (#2477), adds a Context7 uninstall command (#2473), and refreshes security docs (#2487) over Apr 20-22.
Unchanged in window: modelcontextprotocol/servers, filesystem MCP.
💡 Community — Workflows & Ideas
claude-code-plugins-plus-skills v4.28.0
Revives Gemini PR Review after a 4-month silent-fail regression by switching pull_request → pull_request_target (fork PRs now receive CI + Gemini feedback), pinning PR HEAD SHA with persist-credentials: false, and fixing a broken MCP bridge pattern — 17 commits, 4 feat / 12 fix, no breaking changes.
Mythos breach investigation
Anthropic is investigating unauthorized third-party vendor access to Mythos, its vulnerability-detection model released in research preview under Project Glasswing; no breaches detected outside the vendor environment and no compromise to Anthropic's own systems (Bloomberg broke on Apr 21, Anthropic confirmed Apr 22).
📰 Quick Mentions
- Agent SDK Python #858 —
import_session_to_store()enables local→remote session replay. - Agent SDK Python #836 — parses
server_tool_useandadvisor_tool_resultblocks, unblocking advisor-tool flows. - Agent SDK Python #830 —
thinking.displayflag opens up Opus 4.7 summarized thinking. - Simon Willison on the Pro pricing confusion — dissects the Apr 22 pricing-page flip-flop for Claude Code.
- context7 #2473 — adds
uninstallcommand for Context7 setup. - github-mcp-server #2359 — CORS regression fix unblocking browser-based MCP clients.