Issue #9

April 6, 20265 min read

Claude Code Leak Sparks Security Concerns

Claude Code now offers an interactive Bedrock setup wizard, per-model cost breakdowns, and flicker-free rendering via a new env var. Anthropic's source-code leak drew coverage from the Wall Street Journal and Wired, while BBC reported on widespread frustration with usage limits.

Anthropic Races to Contain Leak of Code Behind Claude AI Agent — Wall Street Journal

On this page

Highlight
Worth Knowing
Under the Hood
From Anthropic
In the News

Highlight

You Can Now Set Up Bedrock Through an Interactive Wizard

If you use AWS Bedrock, you no longer need to manually configure credentials and regions. A new interactive wizard on the login screen walks you through AWS authentication, region selection, credential verification, and model pinning step by step. Previously this required editing config files or environment variables by hand, so this should significantly reduce setup friction for Bedrock users.

Worth Knowing

You Can Now See Per-Model and Cache-Hit Cost Breakdowns

The /cost command now breaks down your spending by model and shows cache-hit ratios for subscription users. If you've been wondering where your tokens go, this gives you the visibility to understand which models and which cache patterns are driving your usage.

Headless Sessions Can Now Pause and Resume at Tool Calls

You can now return a "defer" decision from PreToolUse hooks, which pauses a headless session at that tool call. Resume it later with -p --resume and the hook re-evaluates, giving you a human-in-the-loop checkpoint for automated pipelines without blocking the entire session.

You Can Opt Into Flicker-Free Rendering With a New Env Var

If you've noticed visual flicker during streaming, setting CLAUDE_CODE_NO_FLICKER=1 enables alt-screen rendering with virtualized scrollback. This is especially useful in terminals like iTerm2 and Ghostty where layout shifts during heavy output could cause artifacts.

You Now See How Many Tokens Will Be Sent Uncached

When you return to a session after the prompt cache has expired, a footer hint now shows roughly how many tokens your next turn will send uncached. This helps you decide whether to continue an old session or start fresh with /clear.

Edit Now Works on Files Viewed Through Bash Commands

If Claude has already seen a file's contents through a cat or sed -n command, the Edit tool can now modify it directly without a separate Read call. This removes a redundant step that previously added latency and token cost to common editing workflows.

Under the Hood

Fixes for autocompact thrash loops, resume reliability, and rate-limit dialog crashes

The autocompact system no longer burns API calls when context refills immediately after compacting -- it now stops after three cycles and shows an actionable error. Transcript chain breaks on --resume that could lose conversation history are fixed, as is an infinite loop where the rate-limit dialog would repeatedly auto-open and eventually crash your session. Edit/Write tools no longer double CRLF on Windows or strip Markdown hard line breaks.

60% faster diffs for large files, linear-time SSE streaming, and reduced output tokens

Write tool diffs are 60% faster on files containing tabs, &, or $. SSE frame handling and transcript writes for long sessions both dropped from quadratic to linear time. The Edit tool now uses shorter old_string anchors, reducing output tokens per edit.

From Anthropic

Claude Blog · 8 min read

Harnessing Claude's intelligence

This post covers three patterns for building on the Claude Platform -- balancing latency, cost, and intelligence as models evolve. If you're designing agents or tools on top of the API, the guidance on when to cache, when to stream, and how to structure tool surfaces applies directly to your work.

Claude Blog · 8 min read

Harnessing Claude's intelligence

In the News

Wall Street Journal · 5 min read

Anthropic Races to Contain Leak of Code Behind Claude AI Agent

Anthropic's internal source code for Claude Code leaked publicly, prompting a scramble to contain the fallout. If you've seen unofficial forks circulating, be aware that some have been bundled with malware -- stick to official installs.

Wall Street Journal · 5 min read

Anthropic Races to Contain Leak of Code Behind Claude AI Agent

Wired · 6 min read

Security News This Week: Hackers Are Posting the Claude Code Leak With Bonus Malware

Hackers have been repackaging the leaked Claude Code source with embedded malware and distributing it through GitHub and other channels. If you're tempted to inspect the leaked code, exercise caution -- only install Claude Code through official channels.

Wired · 6 min read

Security News This Week: Hackers Are Posting the Claude Code Leak With Bonus Malware

Wired · 5 min read

Cursor Launches a New AI Agent Experience to Take On Claude Code and Codex

Cursor launched a new agentic coding experience positioned as a direct competitor to Claude Code and OpenAI's Codex. The competitive landscape for AI-powered development tools continues to intensify.

Wired · 5 min read

Cursor Launches a New AI Agent Experience to Take On Claude Code and Codex

Cursor launched a new agentic coding experience positioned as a direct competitor to Claude Code and OpenAI's Codex. The competitive landscape for AI-powered development tools continues to intensify.

BBC News · 4 min read

Claude Code users hitting usage limits 'way faster than expected'

BBC reports on widespread user frustration with Claude Code usage limits on subscription plans. This week's new per-model cost breakdown in /cost and uncached-token hints should help you understand and manage your consumption.

BBC News · 4 min read

Claude Code users hitting usage limits 'way faster than expected'

Between the source code leak fallout and a packed set of releases, it was an unusually eventful week. If you haven't checked your /cost breakdown yet, it's worth a look -- especially with the new cache-hit visibility.