LoginSign Up
← Back to Infra & APIs
Weekly · Infra & APIs · Week of May 18, 2026

Devtools spent the week wiring agents into the auth, IDE, and infra layers — not shipping new IDE features.

agent-platformsmcp-authide-embedded-workflowsenterprise-hardeningvoice-infraai-ml-scheduling
Y
By Yahya Tür
LinkedIn ↗
Generated 5h agoDrawn from 16 products

The week in devtools

The dominant motion this week was sector-wide: every infrastructure layer the developer touches is being retrofitted to treat AI agents as first-class users rather than as a UI veneer. GitHub is rebuilding Copilot as a multi-surface agent with its own client, CLI, and cloud runtime. Cursor shipped an SDK, a Security Review agent, and multi-repo cloud environments in a single sprint. Auth0, WorkOS, and Tailscale all moved on identity primitives for agents (MCP auth, MCP servers, Aperture). The IDE is no longer the destination — it is one of several entry points into systems that increasingly run agent-to-agent.

The second visible pattern is enterprise hardening around that agent surface: short-lived tokens, OIDC-based trust, fine-grained authz, and observability for AI applications. The teams that already had developer mindshare are now selling the procurement story. That is what most of the week's improvement-class shipping was about.

Leaders

GitHub had the highest-velocity week (v10.0). The notable move is Copilot's split from an IDE plug-in into a platform with persistent memory of the developer, its own CLI, and a cloud runtime that picks models automatically — including a Grok Code Fast 1 deprecation that confirms GitHub now sees model selection as its job, not the user's.

Vercel (v10.0) tied for velocity but on a different axis: a security perimeter rebuild (Trusted Sources via OIDC, WAF expansions, deployment protection) paired with AI Gateway becoming a tunable model marketplace. The combined shape is closer to "operational layer for the AI stack" than "frontend deploys."

Cursor (v8.8) stacked three distinct platform plays in one week: a developer SDK, a Security Review agent that lives inside customer codebases, and multi-repo cloud environments. The SDK turns Cursor into infrastructure other builders ship on; the rest expands the surface from editor to fleet.

Honeycomb (v7.5) reshaped its product around Canvas — natural-language investigation as the default front door — with a parallel Gen AI tab for observing AI applications. The bet is that the next default observability interface is conversational, not query-builder-first.

Kubernetes (v7.5) shipped v1.36 with a Workload API and gang scheduling for AI/ML — the first time the project has shipped first-class primitives for batch and GPU workloads instead of leaving them to CRDs. Control-plane scale work and deprecations came with it.

Wildcards

Knock (v6.3) is the most directionally interesting wildcard. Rather than building agent-facing notifications, it is reconfiguring its developer platform so an agent can spin up an entire notification flow — Skills, dynamic audiences, schema'd reusable steps — without a developer writing code. The bet is that the agent is the configuration surface, not the consumer.

Rootly (v7.5) pulled incident workflows into Claude Code and Cursor — paging, on-call context, and retros now flow into the IDE instead of a separate dashboard. It is the inverse of the usual "add an AI panel to our SaaS" pattern.

Zoho Creator (v0.0) is wild only by absence-of-shipping: a long-dormant blog reactivated this week purely to reframe its low-code product as AI-assisted, with no observable shipping behind the messaging. The pivot is currently marketing-only.

Themes that compounded

  • MCP auth went GA across multiple platforms — Auth0 shipped MCP authentication, WorkOS added MCP servers to its enterprise auth scope, and Vercel's OIDC trust model lines up with the same direction.
  • Agent skills landed as a shipping primitive — Buildkite, Ably, and Knock all shipped agent-skill packages this week, framing the agent as a CLI user with scoped tools.
  • Identity layers extended to agent governance — Tailscale Aperture, WorkOS FGA, and Auth0 FGA all moved on fine-grained authz scoped to resource types, with agents as one of the principals.
  • IDE-embedded workflows replaced standalone dashboards — Rootly into Claude Code/Cursor, Cursor's Security Review running always-on inside the codebase, and Expo MCP tools for CI all push functionality out of standalone UIs.
  • Voice-agent infrastructure consolidated toward production-readiness — ElevenLabs and Vapi both shipped enterprise-grade plumbing (SIP logs, IP allowlisting, transcriber fallbacks, monitoring) rather than new model demos.

Watch this week

The next test is whether the MCP-auth wave from Auth0, WorkOS, and Vercel translates into a shared enterprise procurement story or fragments into competing specs. The bigger pattern to watch: with Cursor, GitHub, and Honeycomb all betting their primary UI on agent-driven workflows, expect the next round of shipping to be about pricing — usage-based metering for agent compute, separate from seat-based developer pricing. Vercel's AI Gateway is already partway there; the rest will follow if customers complain about runaway agent loops.