Hey Everyone π,
John Lindquist here with the 36th issue of AI Dev Essentials!
This week Anthropic, OpenAI, and Block co-founded the Agentic AI Foundation under the Linux Foundation, donating MCP, AGENTS.md, and goose to ensure open governance for the agentic future. Mistral AI dropped Devstral 2 with their new Mistral Vibe CLI for end-to-end code automation. The Claude Agent SDK got major upgrades including 1M context window support and sandboxing. Google AlphaEvolve entered private preview on Google Cloud. And a critical React2Shell vulnerability (CVE-2025-55182) sent the React ecosystem scrambling with Vercel deploying auto-fix tools.
On the vision model front, Z.ai released GLM-4.6V with native function calling for multimodal workflows. Google and Replit announced a partnership to bring "enterprise vibe-coding" mainstream, while NotebookLM expanded mobile features with direct camera uploads.
Microsoft invited me to guest speak at their AI Dev Days event tomorrow, so I've been preparing a talk called "Scripting Copilot" to show off what you can do when you pipe and compose AI agents together. I'll be teaching how to build reproducible agentic workflows for your team.
Lastly, I have a couple of awesome announcements that I'll save for next week... so stay tuned!
β‘ Claude Code Power User Workshop β π Dec 19 π¨ THIS FRIDAY β Register Now
π dev.build Lessons
Bridge Automated and Human-in-the-Loop AI Workflows with Claude Code
Learn how to create persistent, reusable Claude Code sessions using --session-id and --resume flags. The lesson demonstrates a powerful triage pattern: use a cheap, fast model (Haiku) for initial checks, then automatically escalate to a more powerful model (Opus) in interactive mode only when issues are detected.
(dev.build)
π Major Announcements
Breaking Agentic AI Foundation Launches Under Linux Foundation
On December 9, 2025, the Linux Foundation announced the Agentic AI Foundation (AAIF), with Anthropic donating MCP, OpenAI donating AGENTS.md, and Block donating goose.
Founding Members & Contributions:
- Anthropic: Model Context Protocol (MCP) - 10,000+ servers, 97M+ monthly SDK downloads
- OpenAI: AGENTS.md - instruction standard adopted by 60,000+ projects
- Block: goose - open-source, local-first AI agent framework
Platinum Members (8): AWS, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft, OpenAI
Gold Members (18): Adyen, Arcade.dev, Cisco, Datadog, Docker, Ericsson, IBM, JetBrains, Okta, Oracle, Runlayer, Salesforce, SAP, Shopify, Snowflake, Temporal, Tetrate, Twilio
GitHub contributed OAuth flows, MCP Registry, and enterprise governance features.
(Linux Foundation, Anthropic, Block, GitHub Blog, TechCrunch)
π¬ It's nice to see important projects being taken under a neutral foundation rather than owned by a single enterprise. This ensures these projects will benefit all the tools out there rather than being focused solely on supporting the company that owns them.
Breaking Mistral AI Releases Devstral 2 and Mistral Vibe CLI
Mistral AI announced Devstral 2 on December 9, 2025, alongside Mistral Vibe, their open-source CLI for end-to-end code automation.
Devstral 2 Models:
- Devstral 2 (123B): 256K context, modified MIT license, requires 4+ H100 GPUs
- Devstral Small 2 (24B): 256K context, Apache 2.0 license, runs on single GPU/CPU
Performance: 72.2% on SWE-bench Verified (5x smaller than DeepSeek V3.2 with near-equivalent performance)
Mistral Vibe CLI: Open-source (Apache 2.0), project-aware context, @ autocomplete for files, ripgrep integration, Zed IDE extension available.
Pricing: Currently free via API. Future: $0.40/$2.00 per M tokens (Devstral 2), $0.10/$0.30 (Small 2)
(Mistral AI, TechCrunch, VentureBeat)
π¬ These are extremely impressive releases. I need to set aside some time to compare if the slight trade-off in intelligence is worth the massive wins in cost and open source flexibility. You can feel open source models breathing down the necks of the big ones, and it's exciting times for everyone to get more access and more usage out of the tooling we know and love.
Tool Claude Agent SDK Gets 1M Context and Sandboxing
Anthropic shipped major updates to the Claude Agent SDK including 1M context window support, sandboxing, and Skills integration.
1M Context: Enable via betas: ['context-1m-2025-08-07']. Compatible with Sonnet 4/4.5. 78.2% on SWE-bench with 1M context.
Sandboxing: Command sandboxing, network controls (allowLocalBinding, allowUnixSockets), command exclusions, violation handling.
Skills: Configure settingSources: ['user', 'project'], add "Skill" to allowedTools. Auto-discovered from .claude/skills/.
(Anthropic Engineering, Agent SDK Docs, Skills Guide)
π¬ I'm most excited about the version 2 of the TypeScript SDK they're sneaking in, which completely rewrites parsing out conversations with much simpler scripting logic. The version 1 SDK felt pretty clunky, but the new approach feels just like iterating through a loop. Definitely expect more lessons about it from me.
Tool Google AlphaEvolve Enters Private Preview
Google Cloud announced AlphaEvolve's private preview on December 9, 2025, making the Gemini-powered algorithm design agent available to enterprises.
Proven Results: Recovered 0.7% of Google's global compute, sped up Gemini kernel by 23%, designed new matrix multiplication algorithm beating methods since 1969.
Applications: Biotech molecular simulation, logistics routing, general algorithm optimization.
(Google Cloud, DeepMind)
π¬ Algorithms drive the world, and even the smallest wins end up saving massive compute and massive amounts of money while making the world operate better. Sticking AIs on these problems to automatically benchmark and find better ways is one of the most important things going on in the field right now.
π οΈ Developer Tooling Updates
Breaking React2Shell Vulnerability (CVE-2025-55182) - CVSS 10.0
A critical RCE vulnerability affecting React 19.x and Next.js 15.0.0-16.0.6 was disclosed December 3, 2025, with active exploitation in the wild.
Vercel Auto-Fix: Vercel Agent detects vulnerable projects and opens PRs to patch. WAF rules deployed December 5.
Fix: npx fix-react2shell-next. Patched versions: React 19.0.1, 19.1.2, 19.2.1. Rotate all secrets after patching.
(Vercel, Trend Micro, AWS Security)
π¬ If you're running React 19 or Next.js 15-16, stop reading and patch now. CVSS 10.0 with active exploitation. Run the fix command, update dependencies, rotate secrets.
Tool Vercel AI SDK 6 Beta Ships
Vercel released AI SDK 6 Beta with a unified agent interface, human-in-the-loop patterns, and structured data alongside tool calling.
Install: npm install ai@beta @ai-sdk/openai@beta @ai-sdk/react@beta
Migration guide: https://v6.ai-sdk.dev/docs/migration-guides/migration-guide-6-0
(AI SDK 6 Beta, Migration Guide)
Tool Z.ai Releases GLM-4.6V with Native Visual Function Calling
Z.ai released GLM-4.6V on December 8, 2025, featuring native function calling in a vision-language model.
Models: GLM-4.6V (106B) and GLM-4.6V-Flash (9B). 128K context window. MIT license.
Capabilities: Pass raw image data to tools, generate HTML/CSS/JS from screenshots.
Pricing: $0.30/$0.90 per M tokens (GLM-4.6V), Flash is free.
(Z.ai, VentureBeat, MarkTechPost)
π¬ It's easy to underestimate just how important multimodal input is, and this is probably the best open source option we have right now. Any sort of workflow where you're analyzing images, definitely give this a shot.
Tool Vercel for Platforms Enables Multi-Tenant SaaS
Vercel announced Vercel for Platforms on December 5, 2025, for multi-tenant and multi-project platforms.
Features: Wildcard domains with auto SSL, custom domain SDK, routing middleware, programmatic domain management.
(Vercel Docs, Changelog)
π€ AI Ecosystem Updates
Ecosystem Google and Replit Partner on Enterprise Vibe-Coding
Google Cloud and Replit announced a partnership expansion on December 4, 2025, integrating Gemini models for enterprise vibe-coding.
Replit Growth: $250M funding (Sept 2025), $3B valuation, revenue from $2.8M to $150M annualized.
Google AI Studio: Describe apps in natural language, generate React/Angular, one-click deploy to Cloud Run.
(CNBC, Google Cloud)
π¬ Replit's revenue growth from $2.8M to $150M is staggering. I'm still more comfortable in Claude Code for complex projects, but vibe-coding tools are becoming the entry point for a new generation of developers.
Tool NotebookLM Expands Mobile with Camera Integration
Google rolled out NotebookLM mobile updates in December 2025 with direct camera capture and podcast progress saving.
Features: Camera capture for whiteboards/notes, infographics and slides on mobile, 50% chat quality improvement.
(9to5Google, Jetstream)
π¬ The camera integration is exactly what I've been wanting. Snap a photo of a whiteboard and immediately add it as a source. Game-changer for meetings.
Ecosystem OpenAI Hires Former Slack CEO as CRO
OpenAI announced Denise Dresser, former Slack CEO, as Chief Revenue Officer on December 9, 2025.
(OpenAI)
Research Anthropic Launches Interviewer Tool
Anthropic released Anthropic Interviewer on December 4, 2025, for gathering AI perspectives at claude.ai/interviewer.
(Anthropic)
β‘ Quick Updates
Cursor Gets New Codex Model
- Free until December 11, optimized agent harness (Cursor)
Mixboard Gets Nano Banana Pro
- Create presentations with latest image generation (Google Labs)
GPT-5.2 Possibly Testing (Rumor)
- Codename "olive-oil-cake" found in Notion codebase (unconfirmed)
Professional AI Usage Dataset Released
- 1,250 interviews on Hugging Face (Dataset)
β¨ Workshop Spotlight
Claude Code Power User Workshop (π¨ THIS FRIDAY! π¨)
What you'll learn:
- Context Engineering: Control what context Claude sees
- TypeScript SDK: Script Claude programmatically
- Custom Hooks: Automate repetitive tasks
- Model Context Protocol: Integrate APIs securely
- Claude Code Skills: Build custom skills
- Live Q&A: Get your questions answered
Friday, Dec 19 @ 9:00 AM PST
Register Now ($375) β $300 for egghead Pro Members
Did you enjoy this issue? Share it with a friend.
Β© 2025 John Lindquist β’ egghead.io