Vibe Coding Weekly #36
Google killed Gemini CLI and 6,000 contributors' trust in one stroke. Plus Codex learns by watching you work, a single fake Sentry error hijacks every major coding agent.
This week in one satisfying refactor:
The Big Story: Google shut down Gemini CLI on June 18 — 103K GitHub stars, 6,000 community contributors, and every CI/CD pipeline that depended on the
geminicommand stopped receiving responses overnight. The replacement, Antigravity CLI, is a closed-source Go binary with no 1:1 feature parity at launch.The Automation: Codex shipped Record & Replay on macOS — show it a workflow once, and the language model converts the demonstration into a reusable, inspectable, editable skill. No scripting, no rule-based heuristics. Cursor matched the moment with /automate, Slack emoji triggers, and computer use for cloud agents — all on the same day.
The Safety Net: Claude Code v2.1.183 now blocks destructive git commands in auto mode —
git reset --hard,git checkout -- .,git clean -fd, andgit stash dropare all rejected unless you explicitly ask for them. Same goes forterraform destroy,pulumi destroy, andcdk destroy.
If you only read one thing this week: A security team called Tenet published a new attack class called “Agentjacking” — and the results are uncomfortable. One fake Sentry error report, injected through a publicly accessible DSN, was enough to hijack AI coding agents into running attacker-controlled code on developer machines. Claude Code, Cursor, and Codex all fell for it with an 85% success rate. The attack bypasses every traditional security control because every action in the chain is technically authorized. Tenet found 2,388 organizations with exposed Sentry DSNs during their validation window. Sentry acknowledged the issue the same day it was disclosed — and declined to fix it, calling the attack class “technically not defensible” at the platform level. Read more →
Key Takeaways
Gemini CLI’s shutdown is the open-source trust story of the year: Google accepted 6,000+ merged pull requests under Apache 2.0 with a CLA that granted perpetual, irrevocable rights — then used that code to build Antigravity CLI, a closed-source successor. Enterprise users with Gemini Code Assist Standard/Enterprise licenses keep access, but every free and Pro user lost their CLI on June 18 with no open-source alternative. Read more →
Claude Code Artifacts turn coding sessions into live, shareable web pages: Artifacts publish to a private URL on claude.ai, update in real-time as the session works, support version history, and enforce org-only visibility via strict CSP — 16 MiB per page, no external network requests. PR walkthroughs, dashboards, and incident pages that stay current without anyone manually updating them. Read more →
Codex Record & Replay teaches the agent by demonstration instead of description: Show Codex a workflow — uploading a YouTube video, filing an expense report — and it generalizes the steps into a reusable skill using the language model, not rule-based heuristics. The skill is inspectable and editable. Available on macOS for Plus, Pro, Business, Enterprise, and Edu tiers. Read more →
Claude Design now imports your design system from GitHub and round-trips code with Claude Code: The /design and /design-sync commands create a bidirectional pipeline between design and code — the first time a major AI tool has closed the design-to-implementation loop without screenshots or manual rebuilds. Nine new export destinations (Adobe, Canva, Lovable, Replit, Vercel) and shared token limits across Claude products complete the overhaul. Read more →
Cursor 3.8 makes automations triggerable from Slack and GitHub — with computer use for cloud agents: The /automate skill lets you describe an automation in plain language, but the real addition is five new GitHub triggers (issue comments, PR reviews, review thread resolution, Actions completion) and Slack emoji triggers that let teams kick off agent workflows without opening the IDE. Read more →
Growing at 20% new subscribers per week.
The stories this week aren’t hard to find. What’s hard is knowing which ones actually matter before your team asks you on Monday.
That’s the only thing Vibe Coding Weekly does: cut through the volume so you arrive at the week with context, not anxiety.
Subscribers also get Change Management in Agentic AI Adoption — the framework for the conversation that always comes after “we should use AI more”: how to actually move an organization that didn’t ask to be moved. Included with every subscription.
📦 Releases & News
Devin Desktop v3.2.16: Plugin System for Devin Local
Devin Local is becoming an extensible platform. The June 16 release introduces a plugin system (preview, opt-in for enterprises) that lets teams add custom tools, skills, and integrations to their local agent. Subagents can now call MCP tools directly — a meaningful expansion of what Devin Local can reach without routing through the cloud. Teams also gain CLI permission scopes to enforce terminal allow/deny lists, giving enterprises the governance layer they’ve been requesting since the Windsurf-to-Devin transition.
Codex CLI v0.141.0: Encrypted Relay Channels and Plugin Marketplace
The June 18 stable release ships 87 changes with a clear security theme: remote executors now communicate through authenticated, end-to-end encrypted Noise relay channels, and cross-platform execution maintains native working directories across system boundaries. The plugin marketplace gets more informative automation — codex plugin marketplace list --json now includes each marketplace source, and plugin lists return from cached catalogs before refreshing in the background. Combined with tool search caching and reduced memory consumption, this is the most infrastructure-focused Codex release in months.
Claude Code v2.1.183: Auto Mode Safety Blocks Destructive Commands
The June 19 release is all about preventing the agent from doing things you didn’t ask for. Destructive git commands — git reset --hard, git checkout -- ., git clean -fd, git stash drop — are now blocked in auto mode unless you explicitly request them. The same goes for git commit --amend on commits the agent didn’t make, and terraform destroy, pulumi destroy, and cdk destroy. Also adds model deprecation warnings in print mode and a new attribution.sessionUrl setting to omit claude.ai session links from commits and PRs.
Tenet Security Launches with $6M Seed Round and Agentjacking Disclosure
The same day Tenet Security published its Agentjacking research, the company emerged from stealth with a $6M seed round led by The Westly Group (early SentinelOne investor). Founded by ex-Cisco AI Defense researchers, Tenet’s core technology — patent-pending “Agent-side Simulation” — predicts an AI agent’s likely next actions before they execute in production. The timing is deliberate: a new attack class and a funded startup to address it, launched on the same day.
OpenCode v1.17.7 / v1.17.8 / v1.17.9: MCP Compatibility Push
Three OpenCode releases in one week, all focused on making the MCP ecosystem work more reliably. v1.17.7 (June 14) fixes plugin client server reuse and adds ACP shell tool visibility. v1.17.8 (June 17) makes OpenAI-compatible providers accept MCP tool schemas that previously failed validation and fixes Cloudflare AI Gateway key handling. v1.17.9 (June 21) honors configured agent step limits and improves prompt caching. Small individually, but collectively they reflect OpenCode’s bet on being the most interoperable agent in the market.
📚 Tutorials and Resources
Kiro CLI V3 Early Access: Spec-Driven Development Comes to the Terminal
Kiro CLI V3 launches in early access on June 17, running alongside existing 2.x installations via kiro-cli --v3. The new version brings the unified agent harness used across IDE and Web to the terminal for the first time — with spec-driven development, a capability-based permissions model, enhanced hooks with a standalone file format, and tag-based agent configuration. Two days later (June 19), Kiro Web shipped Automations: schedule recurring work with GitHub/GitLab repos, up to 5 schedules per automation, each running autonomously in a sandbox and opening PRs when done.
Claude Code v2.1.181: Inline Config, Bun 1.4, and Streaming Overhaul
The June 17 release adds /config key=value syntax for changing settings without leaving the conversation — a small but meaningful friction reduction for power users who constantly toggle features. Under the hood, the bundled Bun runtime upgrades to 1.4, streaming now delivers long paragraphs line-by-line instead of waiting for the first break, and sandbox.allowAppleEvents opens macOS automation capabilities in sandboxed sessions. A new CLAUDE_CLIENT_PRESENCE_FILE environment variable lets server setups suppress mobile notifications.
💡 Others
Fable 5 Tops Terminal-Bench 2.1 — But No One Can Use It
The Terminal-Bench 2.1 leaderboard updated on June 17 with Claude Fable 5 entries — and the gap is striking. Fable 5 hit 88.0%, the first model to break 85% on this benchmark, sitting 4.6 points ahead of GPT-5.5 at 83.4%. Claude Code + Fable 5 scored 83.1%, Terminus 2 + Fable 5 at 80.4%. The irony: the model that topped the leaderboard remains suspended under a US export-control directive since June 12, meaning no one can actually use it.
Next week, the stack keeps moving. So does this newsletter. Fall behind one week, and you’ll spend the next three catching up.
Every week, a new model drops. A new agent framework ships. A new “this changes everything” thread goes viral. And you still have actual code to write.
Every Monday, you open your inbox and already know what matters. You’ve skipped three viral threads that turned out to be nothing. You know that Google killed Gemini CLI and 6,000 contributors’ trust overnight, that a single fake Sentry error can hijack every major coding agent on the market, and that your Claude Code sessions can now become live web pages your team watches update in real time. You didn’t spend your weekend reading to know this. We did.
That’s what Vibe Coding Weekly is. For developers, architects, tech leads, and everyone building or managing software in the age of AI.
Clean code and positive vibes,
Angel.


