AI Coding News

April 10, 2026

Key Signals

  • GitHub Copilot is hitting capacity limits, triggering rate-limit enforcement, a model retirement, and a trial pause in a single day. New service-reliability limits and per-model capacity limits are rolling out to all Copilot users, Opus 4.6 Fast has been retired for Pro+ subscribers, and new Copilot Pro free trials have been paused due to widespread abuse. Taken together, these moves signal that Copilot's explosive growth has outrun its infrastructure—GitHub is now openly rationing access while it works on "durable solutions." Developers on the Pro+ tier are losing a model option with no replacement beyond the standard Opus 4.6, and prospective users can no longer trial the product at all. [1][2]

  • Anthropic temporarily banned OpenClaw creator Peter Steinberger from accessing Claude, exposing deepening friction between AI model providers and the open-source harness ecosystem. The ban—reversed within hours after going viral—came just days after Anthropic began requiring OpenClaw users to pay separately via API rather than through Claude subscriptions, a policy Steinberger has called a "claw tax." Steinberger, now employed at OpenAI, maintains he was only using Claude to test OpenClaw compatibility and was complying with the new rules. The incident underscores a growing tension: model providers increasingly want to control the agentic layer, while open-source harnesses like OpenClaw aim to remain model-agnostic. [3]

  • Claude Code v2.1.101 pushes hard on enterprise readiness, shipping a /team-onboarding command, automatic OS CA certificate trust for corporate TLS proxies, and a critical command-injection security fix. The release also auto-creates cloud environments for /ultraplan and remote sessions, removing a manual setup step. On the security side, a command-injection vulnerability in the POSIX which fallback used by LSP binary detection was patched, along with a memory leak in long sessions and dozens of --resume reliability issues. This is one of the largest Claude Code releases in recent weeks, touching plugins, MCP tools, subagent handling, and cross-platform compatibility. [4]

  • OpenAI Codex 0.119.0 makes WebRTC the default for realtime voice sessions and dramatically expands MCP support with Apps, resource reads, and server-driven elicitations. Remote workflows gained egress websocket transport, remote --cd forwarding, and an experimental codex exec-server subcommand. The codebase itself was significantly refactored, with codex-core slimmed through major crate extractions for MCP, tools, config, model management, and auth. This release positions Codex as a multimodal, voice-first agentic tool with deep extensibility. [5]

  • Copilot SDK v0.2.2 achieves full cross-language parity for the sessionFs feature, enabling serverless and multi-tenant Copilot integrations across Node.js, .NET, Go, and Python. The release also ships enableConfigDiscovery for automatic MCP server and skill directory discovery, and model capabilities overrides that allow changing vision support or other features mid-session without replacing the full capabilities object. A breaking change in the Go SDK switches event.Data to a typed interface, requiring type assertions. These capabilities are foundational for third-party developers building hosted Copilot experiences. [6]

  • Copilot CLI shipped two releases in a single day—v1.0.23 and v1.0.24—adding new --mode, --autopilot, and --plan flags alongside hook and model-field improvements. v1.0.23 is the bigger release, introducing direct agent-mode flags, slash commands that work during agent execution, reasoning token usage display, and a Bazel/Buck label parsing fix. v1.0.24 follows up with preToolUse hook improvements, flexible model display names (e.g. "Claude Sonnet 4.5"), terminal state restoration after crashes, and a redesigned exit screen with the Copilot mascot. The two-release cadence reflects the rapid iteration pace of the CLI. [7][8]

AI Coding News

  • Anthropic temporarily banned OpenClaw creator Peter Steinberger from accessing Claude, then reversed the decision hours later after the post went viral on X. The suspension, flagged as "suspicious" activity, came on the heels of Anthropic's recent pricing change that requires OpenClaw users to pay separately through Claude's API instead of through subscriptions. Steinberger, who now works at OpenAI, said he was only testing OpenClaw compatibility with Claude and was following the new rules. He criticized the timing: "Funny how timings match up, first they copy some popular features into their closed harness, then they lock out open source"—a likely reference to Claude Dispatch, which shipped shortly before the pricing change. When asked why he uses Claude at all given his OpenAI employment, he separated his OpenClaw Foundation work from his OpenAI role, and hinted he is "working on" making OpenClaw users prefer ChatGPT. [3]

  • A new freeCodeCamp tutorial walks through building a secure AI PR reviewer using Claude, GitHub Actions, JavaScript, Zod, and Octokit. The guide treats both the code diff and LLM output as untrusted input—a security-first approach that includes secret redaction, diff trimming, structured JSON output with Zod validation, and fail-closed fallbacks. The architecture triggers on PR events, fetches the diff through GitHub Actions, sanitizes it before sending to Claude, validates the structured response, and posts results as PR comments. The emphasis on prompt injection defense and schema validation makes this a useful reference for teams integrating LLMs into their CI/CD pipelines. [9]

Feature Update

  • GitHub enforces new rate limits and retires Opus 4.6 Fast from Copilot Pro+. Two types of limits are being introduced: service-reliability limits that require waiting for a session reset, and model-specific capacity limits that allow switching to an alternative model or Auto mode. Opus 4.6 Fast is retired immediately for Pro+ users, with Opus 4.6 recommended as an alternative. GitHub advises distributing requests more evenly over time and notes it is "actively exploring new ways to offer increased capacity." [1]

  • GitHub pauses new Copilot Pro free trials to combat widespread abuse. Existing trials are unaffected, and Copilot Free and paid subscriptions remain available. GitHub says it is working on improved safeguards and will reopen trials once protections are in place. New users wanting Copilot access must now subscribe directly. [2]

  • GitHub Copilot cloud agent's validation tools now run 20% faster by executing in parallel. CodeQL, the GitHub Advisory Database, secret scanning, and Copilot code review now run simultaneously rather than sequentially when the cloud agent writes code. The agent still attempts to resolve any issues it finds before finishing and requesting human review. Validation tool selection is configurable per repository under Copilot → Cloud agent settings. [10]

  • GitHub Copilot usage metrics API now aggregates cloud agent active user counts at enterprise and organization levels. Three new nullable fields—daily_active_copilot_cloud_agent_users, weekly_active_copilot_cloud_agent_users, and monthly_active_copilot_cloud_agent_users—appear in both 1-day and 28-day reports. These sit alongside existing metrics like monthly_active_agent_users, giving admins a complete view of Copilot adoption across surfaces. [11]

  • GitHub Copilot CLI activity is now integrated into the main usage metrics totals and feature breakdowns. Top-level fields such as code_generation_activity_count, loc_added_sum, and user_initiated_interaction_count now reflect combined IDE + CLI contributions. CLI appears as feature=copilot_cli in totals_by_feature, totals_by_model_feature, and totals_by_language_feature breakdowns. Dashboards that assumed IDE-only numbers will see higher values. [12]

  • Copilot CLI v1.0.23 adds --mode, --autopilot, and --plan flags for direct agent-mode startup. The release also enables slash commands like /diff, /agent, /feedback, /ide, and /tuikit to work while the agent is running, adds reasoning token usage display in per-model breakdowns, fixes Bazel/Buck build target labels being misidentified as file paths, and adds Ctrl+L to clear the terminal without clearing the conversation. The remote tab now shows Copilot coding agent tasks and supports steering via the Tasks API. [7]

  • Copilot CLI v1.0.24 improves hook handling and custom agent model flexibility. preToolUse hooks now respect modifiedArgs/updatedInput and additionalContext fields, and the custom agent model field accepts display names and vendor suffixes from VS Code (e.g., "Claude Sonnet 4.5", "GPT-5.4 (copilot)"). Terminal state is now correctly restored after CLI crashes like OOM or segfaults, and the exit screen has been redesigned with the Copilot mascot. [8]

  • Copilot SDK v0.2.2 ships cross-SDK sessionFs, model capabilities overrides, and enableConfigDiscovery. The sessionFs feature, previously Node.js-only, now works across .NET, Go, and Python, allowing session-scoped storage to be redirected to custom backing stores—essential for serverless and multi-tenant deployments. Model capabilities can be overridden individually without replacing the full capabilities object, and enableConfigDiscovery automatically merges MCP server configs and skill directories from the working directory. The Go SDK has a breaking change: event.Data is now a typed interface requiring type assertions. [6]

  • Claude Code v2.1.101 ships /team-onboarding, OS CA cert trust, and critical security fixes. The /team-onboarding command generates a teammate ramp-up guide from local usage patterns. OS CA certificate store trust is enabled by default, eliminating extra setup for enterprise TLS proxies. A command-injection vulnerability in the POSIX which fallback for LSP binary detection was patched. Other fixes address a memory leak in the virtual scroller for long sessions, --resume losing conversation context on large sessions, subagents not inheriting MCP tools from dynamically-injected servers, and dozens of plugin, MCP, and cross-platform compatibility issues. [4]

  • OpenAI Codex 0.119.0 defaults to WebRTC for realtime voice and expands MCP App support. Realtime voice sessions now use the v2 WebRTC path by default with configurable transport, voice selection, and native TUI media. MCP Apps gained resource reads, tool-call metadata, custom-server tool search, server-driven elicitations, and file-parameter uploads. Remote workflows now support egress websocket transport, sandbox-aware filesystem APIs, and an experimental codex exec-server subcommand. The TUI gained Ctrl+O for copying agent responses, /resume by ID or name, and Warp OSC 9 notification support. [5]

  • OpenCode v1.4.3 fixes OAuth agent creation and adds fast mode variants for Claude and GPT models. Agent creation for OpenAI accounts authenticated with OAuth now works correctly. Interrupted Bash commands keep their final output and truncation details instead of ending as aborted. The TUI's hidden session scrollbar has been restored as the default, and configurable OAuth redirect URIs are now supported for remote MCP servers. [13]

  • Gemini CLI nightly v0.39.0 refactors the subagent tool into a unified invoke_subagent tool and migrates chat recording to JSONL streaming. The release also centralizes Linux sandbox path resolution, adds explicit git identity env vars to prevent sandbox checkpointing errors, suppresses unhandled AbortError logs during request cancellation, implements the useAgentStream hook, and fixes subagent memory leaks using AbortSignal in MessageBus. [14]