OpenClaw 2026.5.27, Codex 0.134, Claude Code 2.1.153, MCP Gateways, Local Code Graphs, and Private Agent Control

AgentStack Daily EP058 - OpenClaw 2026.5.27, Codex 0.134, Claude Code 2.1.153, MCP Gateways, Local Code Graphs, and Private Agent Control

Release Coverage Check

• OpenClaw - Latest stable verified: v2026.5.27, published 2026-05-28T11:41:42Z from GitHub releases. Recent episode version tags detected: v2026.5.22. Selected missing versions: v2026.5.26 and v2026.5.27, with the episode focusing on the newer security, Codex app-server, provider, cache, channel-delivery, package, and CI proof changes in v2026.5.27 while noting that v2026.5.26 made transcripts, Activity, voice/Talk, channel approvals, and gateway observability core.
• OpenAI Codex app/CLI - Latest stable verified: rust-v0.134.0, published 2026-05-26T19:13:26Z from GitHub releases. Recent episode version tags detected: rust-v0.133.0. Selected missing version: rust-v0.134.0. rust-v0.135.0-alpha.1 and rust-v0.135.0-alpha.2 were seen as prereleases and excluded from stable coverage.
• Claude Code CLI - Latest npm latest verified: 2.1.153, published 2026-05-27T21:46:58Z; npm stable dist-tag remains 2.1.145. Recent episode version tags detected: 2.1.149 and 2.1.150. Selected missing versions: 2.1.152 and 2.1.153, with the episode treating 2.1.152 as the feature release and 2.1.153 as the current latest reliability/security follow-up.
• Hermes Agent - Latest stable verified: v2026.5.16 / v0.14.0, unchanged from EP056 and EP057. No new Hermes release selected.
• Candidate verification - The selected slate excludes duplicate main coverage of Gemini Managed Agents, Codex remote/mobile/hybrid supervision, Anthropic Stainless/Glasswing, and the project-radar items used in the last approved draft except where newer release versions create a real release gap.

Runtime Target

42-50 min. Release readout up front, followed by six distinct stories around MCP governance, local code intelligence, shared agent memory, mobile/remote control of local agents, local model routing, and DGX Spark / LM Studio local-serving infrastructure.

Episode Title

OpenClaw 2026.5.27, Codex 0.134, Claude Code 2.1.153, MCP Gateways, Local Code Graphs, and Private Agent Control

Tagline

OpenClaw hardens the gateway and Codex path, Codex and Claude Code ship practical CLI updates, MCP gateway projects move from connector chaos toward governed tool access, and the GitHub radar points at local code graphs, shared agent memory, mobile approvals, and local model routers.

Feed Description

AgentStack Daily EP058 leads with a new release gap: OpenClaw v2026.5.27, Codex rust-v0.134.0, and Claude Code 2.1.152/2.1.153 all landed after the last approved draft. OpenClaw strengthens prompt/content boundaries, no-auth exposure checks, Codex app-server recovery, metadata caching, durable channel delivery, provider coverage, embedding-provider support, Pixverse, DeepInfra catalog browsing, VLLM thinking params, Claude OAuth overlays, release checks, and CI proof paths. Codex adds local conversation-history search, a profile-first configuration model, better MCP setup with per-server environment targeting and OAuth for streamable HTTP, read-only MCP concurrency, richer hook and extension context, connector-schema preservation, and remote reliability fixes. Claude Code adds code-review fix mode, skill/tool restrictions, skill reload hooks, message-display hooks, plugin suggestion marketplaces, fallback-model continuity, background/workflow status improvements, MCP and remote fixes, then follows with LFS-skip plugin source options, update/doctor visibility, stricter subagent MCP policy handling, OAuth gateway credential fixes, macOS background-agent permission continuity, and many background-session repairs. The outside slate then covers MCP gateway governance, code-intelligence tools, shared agent memory and task state, mobile control bridges for local agents, local model routers and OpenAI-compatible serving, and DGX Spark / LM Studio as a private high-performance local model server.

Story Slate

1. OpenClaw 2026.5.27, Codex 0.134, and Claude Code 2.1.153 close the release gap

OpenClaw's current stable release tightens group-prompt boundaries, repeated-dot hostname normalization, side-effecting command-wrapper blocks, unsafe Node runtime environment override blocks, no-auth Tailscale exposure rejection, and admin-only node/device-role approvals. It also improves Codex app-server runs by resolving runtime models first, routing workspace memory through tools, making shared app-server clients survive startup and spawned-helper failures, preserving hook relay generations across restarts, and avoiding false runtime live switches. Gateway and reply paths reduce hot-path rediscovery through session reads, plugin metadata fingerprints, auth env snapshots, auto-enabled plugin config, tool-search catalogs, and stable metadata caches. Provider coverage adds core OpenAI-compatible embedding providers, DeepInfra credential-aware model browsing, Pixverse video generation and region selection, VLLM thinking params, Claude CLI OAuth overlays for PI auth profiles, and bare direct Anthropic model IDs. Codex rust-v0.134.0 adds local conversation-history search, profile-first configuration, per-server MCP environment targeting, OAuth options for streamable HTTP MCP, connector schema preservation, read-only MCP concurrency, richer extension and hook context, and remote reliability fixes. Claude Code's current latest adds /code-review --fix, /simplify invoking fix review, disallowed-tools in skills and slash commands, /reload-skills, SessionStart skill reloads and titles, MessageDisplay hooks, plugin suggestion marketplaces, fallback-model continuity, more readable thinking summaries, background/workflow timing, MCP dedupe fixes, remote MCP proxy fixes, LFS-skip marketplace source options, update/doctor visibility, stricter subagent MCP policy handling, OAuth gateway credential fixes, macOS background-agent permission persistence, and many background-session repairs. Hermes stays on v2026.5.16, so it belongs in the compatibility watch lane rather than the release block. Technical depth angle: explain content boundary hardening, gateway metadata caches, Codex app-server resilience, embedding-provider core registration, DeepInfra catalog loading, MCP profile/env/OAuth setup, connector schema preservation, read-only MCP concurrency, Claude skill tool restrictions, message-display hooks, fallback-model continuity, subagent MCP policy enforcement, and why npm latest differs from stable. Actionability angle: upgrade OpenClaw, Codex, and Claude Code together; verify one Gateway reply path, one Codex app-server run, one local conversation-history search, one profile-based Codex config, one streamable HTTP MCP server, one Claude skill with disallowed-tools, one /code-review --fix run on a harmless diff, and one background Claude session across an upgrade. Listener hook: this release block is the useful kind of plumbing: fewer stale clients, safer tool boundaries, better provider coverage, and coding CLIs that remember more of the work without leaking authority. Primary links: https://github.com/openclaw/openclaw/releases/tag/v2026.5.27, https://github.com/openclaw/openclaw/releases/tag/v2026.5.26, https://github.com/openai/codex/releases/tag/rust-v0.134.0, https://raw.githubusercontent.com/anthropics/claude-code/main/CHANGELOG.md, https://www.npmjs.com/package/@anthropic-ai/claude-code

2. MCP gateway projects are turning tool access into governed infrastructure

IBM ContextForge and Jarvis Registry are both pushing a similar idea: an agent stack should not accumulate one-off MCP servers, random REST wrappers, and private tool endpoints with no common control plane. ContextForge is an MCP, A2A, REST, and gRPC gateway/registry/proxy with centralized governance, discovery, observability, plugins, OpenTelemetry, Redis-backed federation, and Kubernetes deployment paths. Its latest release completes a React Admin UI rewrite, improves database migrations with Alembic, strengthens OAuth flows, and improves multi-replica behavior. Jarvis Registry is an MCP and A2A agent gateway with OAuth/OIDC identity, ACLs, semantic discovery, request logging, Prometheus metrics, and workflow orchestration. Its latest release adds a workflow execution engine with MongoDB-backed run state, A2A and MCP step dispatch, pause/resume/cancel/retry APIs, persisted workflow endpoints, OAuth 2.1 refresh-token rotation, access-token scope negotiation, and A2A discovery inside search and gateway tools. Technical depth angle: explain gateway versus registry versus proxy, MCP and A2A federation, tool discovery, REST/gRPC-to-MCP translation, OAuth/OIDC identity, ACLs, refresh-token rotation, OpenTelemetry traces, workflow run state, pause/resume/cancel/retry semantics, and multi-replica reliability. Actionability angle: treat these as evaluation targets for private tool sprawl: put one harmless read-only MCP server behind a gateway, enforce identity, inspect discovery output, trace one call, and prove a disabled tool or disabled A2A agent does not appear to the coding assistant. Listener hook: once agents can act across more systems, the boring-sounding registry becomes the part that decides whether the stack is controlled or just lucky. Primary links: https://github.com/IBM/mcp-context-forge, https://github.com/IBM/mcp-context-forge/releases/tag/v1.0.2, https://github.com/ascending-llc/jarvis-registry, https://github.com/ascending-llc/jarvis-registry/releases/tag/asc0.3.1

3. Local code graph tools are replacing blind grep with agent-readable structure

Codanna and Roam Code are fresh code-intelligence projects with specific release and capability details worth profiling. Codanna is a Rust local code intelligence MCP server and CLI for Claude, Gemini, and Codex. Its latest release improves method-call resolution by disambiguating static calls by receiver type, inferring receiver types for instance calls, and adding inheritance-aware PHP resolution; the breaking change is that wrong-class same-name methods are now left unresolved instead of being confidently wrong. Roam Code is a local Python codebase intelligence layer with a SQLite code graph, hundreds of commands and MCP tools, policy modes, secret scrubbing, change evidence packets, code graph attestations, PR replay, blast-radius checks, affected tests, complexity scoring, and air-gapped operation. The common move is from "agent reads files until it guesses" to "agent queries symbol, call, dependency, and evidence structures before editing." Technical depth angle: explain symbol graphs, static versus instance method resolution, receiver inference, inheritance-aware call edges, Tantivy fields, local SQLite indexes, blast-radius calculation, affected-test discovery, HMAC-linked change evidence, MCP policy modes, and why unresolved is safer than falsely resolved. Actionability angle: test Codanna against one repo by indexing it and asking for callers, callees, and semantic search before an edit; test Roam with health and preflight on a risky symbol before allowing an agent to touch the code. Listener hook: a coding agent that sees an accurate call graph can be less dramatic than a bigger model guessing from search results. Primary links: https://github.com/bartolli/codanna, https://github.com/bartolli/codanna/releases/tag/v0.9.22, https://github.com/Cranot/roam-code, https://github.com/Cranot/roam-code/releases/tag/v13.4

4. Shared local memory and task state are becoming the missing layer between parallel agents

The Agent Guild project is a single Go binary with a first-class MCP server, embedded SQLite, BM25 plus semantic retrieval, local-only state, and atomic task claims. The useful idea is not just memory; it is shared state across Claude Code, Codex, Cursor, and other MCP clients so parallel agents can recover project context, claim tasks without collisions, record outcomes, and leave a handoff. Its latest release tightens local file permissions on ~/.guild/ and SQLite sidecars, validates catalog taxonomy upfront, makes concurrent quest event ordering deterministic, adds stable secondary sorts, and improves install path resilience. SwarmVault and Awareness-Local point in the same direction from a knowledge-graph and agent-memory angle: local-first memory that persists outside a transient context window and can be queried by more than one agent surface. Technical depth angle: explain local MCP state stores, SQLite sidecar permissions, BM25 plus vector fusion, atomic work claims, deterministic event ordering, handoff records, catalog taxonomy validation, and why shared memory differs from dumping old transcripts into every prompt. Actionability angle: use a shared memory/task layer only after defining what agents are allowed to write; start with project summary, active tasks, decisions, and handoff notes, then test two different agent clients reading the same state before allowing either one to auto-claim work. Listener hook: the agent-stack problem is no longer "can one agent remember this"; it is "can several agents avoid rediscovering, colliding, and forgetting the same thing." Primary links: https://github.com/mathomhaus/guild, https://github.com/mathomhaus/guild/releases/tag/v0.3.2, https://github.com/swarmclawai/swarmvault, https://github.com/edwin-hao-ai/Awareness-Local

5. Mobile control bridges are attacking the babysitting problem without moving execution off the local machine

Lucarne is a Rust resident process for supervising local coding agents through Telegram or WeChat without hooks, skills, MCP, or project changes. It watches local Claude, Codex, Gemini, Copilot, and Pi sessions, sends notifications for approvals, clarifying questions, failures, and progress, and lets a user resume or act from an existing messaging channel while the agent keeps running on the local computer. The latest release downgrades stale watch session targets, but the bigger product shape matters: it separates the execution boundary from the attention boundary. The local machine still owns files, credentials, and tools; the phone becomes the approval and notification surface. Technical depth angle: explain resident session watchers, session target freshness, mobile notification routing, quoting a message back into the matching context, local execution boundaries, approval events, and how this differs from remote hosted coding agents. Actionability angle: evaluate this class of tool against one low-risk local agent task: does the phone notification arrive at the right decision point, does reply routing return to the correct workspace/session, and does the tool avoid adding new authority surfaces such as extra MCP servers or repository hooks? Listener hook: the best agent run is often local and boring until it needs a human for thirty seconds; mobile control bridges are trying to make that thirty seconds happen anywhere. Primary links: https://github.com/tuchg/Lucarne, https://github.com/tuchg/Lucarne/releases/tag/v0.4.2

6. Local model routers are getting hardware-aware instead of treating every model endpoint as the same

SmarterRouter is an OpenAI-compatible router for Ollama, llama.cpp, and OpenAI-style endpoints that profiles models, estimates VRAM, tracks capability metadata, supports semantic caching, and chooses models based on task and local hardware. Its latest release adds dynamic model metadata extraction, Gemma 4 detection heuristics, MoE-aware VRAM estimation, and automatic capability detection from Ollama's /api/show endpoint. That lines up with OpenClaw's own current release adding core OpenAI-compatible embedding providers, DeepInfra catalog browsing, VLLM thinking params, and better provider/model handling. The story is not one router winning; it is that local stacks need capability-aware routing for embeddings, vision, tool calling, long context, MoE models, and thinking modes. Technical depth angle: explain OpenAI-compatible gateways, Ollama and llama.cpp backends, model capability detection, VRAM estimation, MoE active parameter counting, quantization-aware sizing, semantic caching, embeddings as first-class providers, and thinking-parameter propagation for VLLM. Actionability angle: run one router in front of a local Ollama library, list model capabilities, route embeddings separately from chat, and compare a cheap local model, a larger local model, and a cloud fallback on the same low-risk coding or summarization task. Listener hook: local AI stops feeling local when every request manually asks "which model should I use"; routers are the first step toward making the hardware part of the stack instead of a guessing game. Primary links: https://github.com/peva3/SmarterRouter, https://github.com/peva3/SmarterRouter/releases/tag/2.2.5, https://github.com/openclaw/openclaw/releases/tag/v2026.5.27

7. DGX Spark plus LM Studio shows the local AI server pattern getting more polished

NVIDIA's LM Studio on DGX Spark guide shows a concrete local-serving pattern: deploy LM Studio on a DGX Spark device, run models such as Nemotron 3 Nano Omni locally with GPU acceleration, then use the model from a laptop. The optional LM Link path creates an encrypted link so Spark-hosted models appear remote-local to another machine without same-LAN assumptions or opening a public service. The guide is older than the same-day release block, but it fits the current stack because OpenClaw and local model routers are moving toward OpenAI-compatible providers, embeddings, VLLM thinking params, provider catalogs, and local/hybrid execution. DGX Spark is no longer just "a fast box"; in this pattern it becomes a private model appliance that can serve laptops, coding agents, and local gateways. Technical depth angle: explain LM Studio serving, DGX Spark as a private LLM server, encrypted model-linking, local OpenAI-compatible clients, on-device model privacy, laptop-to-appliance workflow, and where this complements Ollama, VLLM, and provider routers. Actionability angle: treat local hardware as a service boundary: expose only the local model endpoint needed, test latency and context capacity from the laptop, keep credentials on the client side when possible, and compare one local model route against a subscribed cloud model before moving daily agent work. Listener hook: the interesting hardware story is not benchmark bragging; it is a desk-side model server that can be treated like infrastructure by the rest of the agent stack. Primary links: https://build.nvidia.com/spark/lm-studio/overview, https://blogs.nvidia.com/blog/dgx-spark-and-station-open-source-frontier-models/

GitHub Project Radar

• IBM ContextForge - https://github.com/IBM/mcp-context-forge - Python MCP, A2A, REST, and gRPC gateway/registry/proxy for centralized governance, discovery, observability, plugins, OpenTelemetry, Redis-backed federation, and Kubernetes deployment. GitHub API check on 2026-05-28 showed 3,782 stars, 676 forks, created 2025-05-08, pushed 2026-05-28. Latest release v1.0.2 shipped 2026-05-26 with Admin UI rewrite completion, Alembic database migrations, OAuth-flow improvements, security fixes, and multi-replica reliability work. Stack improvement angle: put private MCP and legacy API tools behind one governed endpoint instead of wiring every coding agent directly to every server. Try now: place one read-only internal tool behind ContextForge, inspect discovery, auth, trace output, and disabled-tool behavior before allowing mutating tools.
• Jarvis Registry - https://github.com/ascending-llc/jarvis-registry - Python MCP/A2A gateway and workflow orchestration platform with OIDC identity, ACLs, semantic discovery, request logging, OpenTelemetry, Prometheus, and enterprise-tool registration. GitHub API check on 2026-05-28 showed 1,014 stars, 131 forks, created 2025-10-04, pushed 2026-05-28. Latest release asc0.3.1 shipped 2026-05-26 with MongoDB-backed workflow execution state, A2A/MCP step dispatch, runtime control APIs, persisted workflow endpoints, OAuth 2.1 refresh-token rotation, and scope negotiation. Stack improvement angle: turn a scattered tool registry into a controlled workflow runtime where agents discover, invoke, pause, resume, cancel, and retry work under identity policy. Try now: register one MCP server and one mock A2A agent, then verify search, scope negotiation, workflow execution, and cancellation.
• Codanna - https://github.com/bartolli/codanna - Rust local code intelligence MCP server and CLI compatible with Claude, Gemini, and Codex. GitHub API check on 2026-05-28 showed 681 stars, 61 forks, created 2025-07-24, pushed 2026-05-20. Latest release v0.9.22 improves method-call resolution by receiver type, instance-call inference, and inheritance-aware PHP resolution. Stack improvement angle: give coding agents precise local symbol/call/document search before they edit, especially where same-name methods and language-specific inheritance make grep misleading. Try now: index one repo, ask Codex or Claude Code to find callers and blast-radius-relevant functions through Codanna before making a small refactor.
• Roam Code - https://github.com/Cranot/roam-code - Python local codebase intelligence CLI and MCP server with a SQLite code graph, many commands/tools, secret scrubbing, policy modes, tamper-evident change evidence, code graph attestations, PR replay, and blast-radius checks. GitHub API check on 2026-05-28 showed 466 stars, 46 forks, created 2026-02-09, pushed 2026-05-25. Latest release v13.4 shipped 2026-05-21. Stack improvement angle: make agents prove what they read, what changed, what could break, and which checks ran before a PR or local patch is accepted. Try now: run roam health and roam preflight on one risky symbol, then compare the agent's edit plan before and after the preflight evidence.
• The Agent Guild - https://github.com/mathomhaus/guild - Go local MCP server and SQLite-backed memory/task substrate for sharing project context, semantic/keyword search, and atomic work claims across AI coding agents. GitHub API check on 2026-05-28 showed 298 stars, 44 forks, created 2026-04-20, pushed 2026-05-27. Latest release v0.3.2 shipped 2026-05-27 with tighter local file permissions, catalog validation, deterministic quest ordering under load, stable sorts, and install resilience. Stack improvement angle: let Claude Code, Codex, Cursor, or other agents share local project state without relying on one chat transcript. Try now: create one project state store, write an active task and decision record, then have two different agent clients read and update it without colliding.
• Lucarne - https://github.com/tuchg/Lucarne - Rust resident bridge for receiving local coding-agent notifications and approvals through Telegram or WeChat without hooks, skills, MCP, or project changes. GitHub API check on 2026-05-28 showed 182 stars, 8 forks, created 2026-05-17, pushed 2026-05-28. Latest release v0.4.2 shipped 2026-05-28. Stack improvement angle: keep Codex, Claude, Gemini, Copilot, or Pi execution local while making approval, clarification, and failure moments reachable from a phone. Try now: run one low-risk Codex or Claude session, step away, and verify that approval and resume routing return to the correct session.
• SmarterRouter - https://github.com/peva3/SmarterRouter - Python OpenAI-compatible local model router for Ollama, llama.cpp, and OpenAI-style endpoints with model profiling, semantic caching, failover, metrics, and hardware-aware routing. GitHub API check on 2026-05-28 showed 131 stars, 11 forks, created 2026-02-16, pushed 2026-05-10. Latest release 2.2.5 adds Gemma 4 support, dynamic model metadata extraction, automated capability detection from Ollama, MoE-aware VRAM estimation, and quantization-aware sizing. Stack improvement angle: route local and cloud model calls by capability and hardware fit instead of hand-picking a model for every agent task. Try now: put it in front of local Ollama models, inspect detected capabilities, and route embeddings, simple summaries, and tool-heavy prompts differently.

Extra Research Candidates

• OpenClaw v2026.5.26 transcript and Activity changes - Primary source: https://github.com/openclaw/openclaw/releases/tag/v2026.5.26. Technical depth angle: if the transcript path becomes the next episode's deeper story, explain core transcript capture, source-provider chunks, cleaned user turns, media provenance, Codex mirrors, WebChat replies, CLI/TUI replay, Activity, gateway traces, OpenTelemetry LLM spans, and alertable telemetry.
• Claude Code stable versus latest policy - Primary source: https://www.npmjs.com/package/@anthropic-ai/claude-code and https://raw.githubusercontent.com/anthropics/claude-code/main/CHANGELOG.md. Technical depth angle: explain when to follow npm latest, when enterprise or local policy should pin stable, and how /doctor, update channels, background sessions, managed MCP settings, and macOS permissions change upgrade risk.
• OpenAI Codex 0.135 alpha lane - Primary source: https://github.com/openai/codex/releases. Technical depth angle: watch the alpha tags but do not promote them into stable release coverage until a non-prerelease tag lands.

Show Notes

OpenClaw v2026.5.27 and v2026.5.26, Codex rust-v0.134.0, Claude Code 2.1.153, and Hermes v2026.5.16 set the release context. OpenClaw tightens content boundaries, no-auth exposure checks, Codex app-server recovery, provider catalogs, embedding providers, Pixverse, VLLM thinking params, Claude OAuth overlays, channel delivery, metadata caches, package checks, and CI proof paths. Codex adds local conversation-history search, profile-first config, better MCP setup, streamable HTTP OAuth, read-only MCP concurrency, connector schema preservation, richer hook and extension context, and remote reliability fixes. Claude Code adds code-review fix mode, skill tool restrictions, skill reload hooks, message-display hooks, marketplace suggestions, fallback-model continuity, update/doctor visibility, stricter subagent MCP policy handling, OAuth gateway credential fixes, and background-session repairs. Then the episode moves into current stack stories: governed MCP gateways, local code graph tools, shared local agent memory, mobile control bridges, local model routers, and DGX Spark plus LM Studio as a private model server.

[00:00] Opening: the stack gets stricter and more local
The most useful agent-stack updates this week are not splashy model demos. They are the parts that decide whether an agent can act safely, recover cleanly, choose the right provider, and find the right code before editing. OpenClaw's new release is about sharper content boundaries, less gateway churn, safer exposure checks, steadier Codex app-server behavior, better providers, and more reliable delivery. Codex's update makes local history, profiles, MCP setup, schema handling, and remote reliability more serious. Claude Code's latest changes make review, skills, hooks, fallback models, MCP policy, update state, and background sessions easier to trust.

[03:00] OpenClaw v2026.5.27, Codex 0.134, and Claude Code 2.1.153
OpenClaw's release has a clear security line. Group prompt text stays out of the system prompt. Repeated-dot hostnames get normalized. Side-effecting command wrappers and unsafe Node runtime environment overrides are blocked. No-auth Tailscale exposure is rejected. Node and device-role approvals require admin authority. That matters because agent stacks are increasingly connected to real channels, local machines, and private networks; the gateway has to reject weird authority shapes before they reach the model.

The Codex-specific OpenClaw work matters just as much. Runtime models resolve first, workspace memory routes through tools, shared app-server clients survive startup and spawned-helper failures, hook relay generations survive restarts, and false runtime live switches are avoided. The gateway also does less rediscovery on hot paths: session reads, plugin metadata fingerprints, auth snapshots, plugin config, tool-search catalogs, and stable metadata caches all get reused more intelligently. Provider coverage expands with core OpenAI-compatible embedding providers, full credential-aware DeepInfra model browsing, Pixverse video generation and region selection, VLLM thinking params, Claude CLI OAuth overlays for PI profiles, and direct Anthropic model IDs.

Codex 0.134 is a practical CLI release. Local conversation-history search means old work is searchable by content with previews. Profile-first configuration makes `--profile` the main way to select permissions and sandbox behavior. MCP setup improves with per-server environment targeting and OAuth options for streamable HTTP servers. Connector tool schemas preserve local references and definitions better, oversized schemas compact before exposure, and read-only MCP tools can run concurrently when they advertise the right hint. Extension and hook context also gets richer, including conversation history for extension tools and subagent identity in hook inputs.

Claude Code's latest line is split between feature work and cleanup. The feature release adds `/code-review --fix`, lets `/simplify` invoke that fix path, allows skills and slash commands to remove tools with `disallowed-tools`, adds `/reload-skills`, lets SessionStart hooks reload skills and set titles, adds MessageDisplay hooks, and introduces managed plugin suggestion marketplaces. It also switches to a configured fallback model for the rest of a session when the primary model is unavailable. The follow-up release adds LFS-skip options for plugin marketplace sources, update visibility in `/doctor`, combined MCP authentication notices, macOS background-agent permission continuity, stricter subagent MCP policy handling, a fix for custom API gateways receiving the wrong OAuth credential, and many background-session repairs.

[12:00] MCP gateways become governed infrastructure
IBM ContextForge and Jarvis Registry are the kind of GitHub projects that make MCP feel less like a pile of connector demos and more like infrastructure. ContextForge federates MCP, A2A, REST, and gRPC APIs behind a registry and proxy with governance, discovery, observability, plugins, OpenTelemetry, Redis-backed federation, and Kubernetes deployment. Its latest release completes a React Admin UI rewrite, improves database migrations, strengthens OAuth flows, and improves multi-replica deployment behavior.

Jarvis Registry is aiming at the same tool-governance problem from a workflow angle. It gives copilots and autonomous agents a single secure MCP and A2A gateway with identity, access control, semantic discovery, audit logs, and metrics. Its latest release adds a workflow execution engine with MongoDB-backed run state, dispatch to A2A agents and MCP servers, pause/resume/cancel/retry APIs, persisted workflow endpoints, OAuth refresh-token rotation, access-token scope negotiation, and A2A discovery through search and gateway tools.

The practical question is simple: when a coding agent asks for a tool, where does discovery happen, where does identity live, and where is the trace after the call? If the answer is "inside a dozen separate configs," a gateway or registry is worth testing.

[19:00] Code graph tools give agents better local sight
Codanna and Roam Code are two useful examples of local code intelligence becoming agent-readable. Codanna is a Rust MCP server and CLI for code search, symbols, calls, and documents. Its latest release improves method-call resolution: static calls disambiguate by receiver type, instance calls infer receiver types from caller parameters, and PHP gets inheritance-aware resolution. The breaking change is the right kind of conservative: a call that previously resolved to a wrong same-name method now returns unresolved.

Roam Code is more of an agent preflight and evidence layer. It builds a local SQLite code graph across many languages, exposes a large CLI and MCP surface, runs locally by default, scrubs secrets from MCP responses, and packages change evidence so an AI-assisted edit can answer what authority existed, what context was read, what changed, what could break, what policy applied, what verified it, and who accepted the risk. Its `preflight` shape is especially useful before a risky edit: blast radius, affected tests, complexity, coupling, and conventions before the agent changes files.

The stack improvement is not abstract. Before a coding agent touches a large repo, it should ask a local code graph what symbol it is editing, who calls it, what tests could matter, and what dependency path could break. That is better than asking the model to infer architecture from a grep sprint.

[26:00] Shared local memory and task state reduce parallel-agent collisions
The Agent Guild project targets a different pain point: several agents working around the same project but losing state between sessions. It is a single Go binary with an MCP server, local SQLite, BM25 plus semantic retrieval, and atomic task claims. Claude Code, Codex, Cursor, or another MCP client can read the same project context, claim work, record outcomes, and leave handoffs. Its latest release tightens local file permissions, validates catalog kinds upfront, makes event ordering deterministic under concurrent writes, and stabilizes same-timestamp reads.

This matters because agent memory is often treated as a personal notebook for one model session. The more useful version is shared local project state: decisions, active work, claimed tasks, blocked tasks, and handoff notes that survive compaction and can be read by more than one agent surface. The first test should be small: one project state store, two clients, one task claim, one handoff, and no collision.

[31:00] Mobile control bridges keep local execution but move the approval surface
Lucarne is a lightweight answer to the babysitting problem. It watches local coding-agent sessions and sends approvals, clarification requests, failures, and progress to Telegram or WeChat. It does this without adding hooks, skills, MCP, or project changes. Claude, Codex, Gemini, Copilot, and Pi remain on the local computer; the phone becomes the attention surface.

That distinction matters. Hosted remote agents move both execution and supervision away from the local machine. A control bridge keeps files, credentials, and tools local, then routes the human attention moments through an existing messaging channel. The thing to verify is not whether a notification arrives once. Verify that it arrives at the right decision point, routes the reply back to the right workspace and session, and does not add a new broad authority surface.

[36:00] Local model routers become hardware-aware
SmarterRouter is an OpenAI-compatible router for Ollama, llama.cpp, and OpenAI-style endpoints. It profiles models, tracks capability metadata, estimates VRAM, supports semantic caching, and routes prompts by task and local hardware. Its latest release adds dynamic model metadata extraction, Gemma 4 support, automated capability detection from Ollama, MoE-aware VRAM estimation, and quantization-aware sizing.

This lines up with OpenClaw's release because local model stacks need more than a list of endpoint URLs. Embeddings, tool calling, vision, long context, thinking parameters, quantization, MoE active parameters, and VRAM limits all affect which model should handle a task. A local router should know that a tiny local model can summarize logs, a larger local model can inspect code, an embedding endpoint should be separate, and a subscribed cloud model should be reserved for work where it changes the outcome.

[41:00] DGX Spark plus LM Studio looks like a private model appliance
NVIDIA's LM Studio on DGX Spark guide is a concrete local-serving pattern. Run LM Studio on a Spark device, serve a model locally with GPU acceleration, and use it from a laptop. With LM Link, the Spark-hosted model can appear to another machine over an encrypted link without same-LAN setup or opening a public service.

That is relevant because the rest of the stack is becoming friendlier to OpenAI-compatible providers, local embedding providers, model routers, and hybrid execution. A DGX Spark in this pattern is not just a fast desktop. It is a private model appliance: local enough to keep data and inference close, service-shaped enough that laptops and agent gateways can use it, and isolated enough that it can be treated as a real boundary.

[46:00] Close
The EP058 queue is concrete. Upgrade OpenClaw for content boundaries, provider coverage, Codex app-server resilience, and gateway hot-path cleanup. Upgrade Codex for local history search, profiles, MCP setup, schema preservation, and read-only tool concurrency. Upgrade Claude Code for review fixes, tool-restricted skills, skill reloads, message-display hooks, fallback models, update visibility, and stricter subagent MCP policy. Then pick one infrastructure experiment: a governed MCP gateway, a local code graph, a shared state store, a mobile control bridge, a local model router, or a DGX Spark / LM Studio private-serving path. The theme is practical: more agent capability only helps if the stack can govern tools, see code accurately, share state, reach the human at the right moment, and route models by what the hardware can actually do.

Chapters

• 00:00 The stack gets stricter and more local
• 03:00 OpenClaw v2026.5.27, Codex 0.134, and Claude Code 2.1.153
• 12:00 MCP gateways become governed infrastructure
• 19:00 Code graph tools give agents better local sight
• 26:00 Shared local memory and task state reduce parallel-agent collisions
• 31:00 Mobile control bridges keep local execution but move the approval surface
• 36:00 Local model routers become hardware-aware
• 41:00 DGX Spark plus LM Studio looks like a private model appliance
• 46:00 Close

Verified Links

• OpenClaw v2026.5.27: https://github.com/openclaw/openclaw/releases/tag/v2026.5.27
• OpenClaw v2026.5.26: https://github.com/openclaw/openclaw/releases/tag/v2026.5.26
• Codex rust-v0.134.0: https://github.com/openai/codex/releases/tag/rust-v0.134.0
• Claude Code changelog: https://raw.githubusercontent.com/anthropics/claude-code/main/CHANGELOG.md
• Claude Code npm package: https://www.npmjs.com/package/@anthropic-ai/claude-code
• Hermes Agent v2026.5.16: https://github.com/NousResearch/hermes-agent/releases/tag/v2026.5.16
• IBM ContextForge: https://github.com/IBM/mcp-context-forge
• IBM ContextForge v1.0.2: https://github.com/IBM/mcp-context-forge/releases/tag/v1.0.2
• Jarvis Registry: https://github.com/ascending-llc/jarvis-registry
• Jarvis Registry asc0.3.1: https://github.com/ascending-llc/jarvis-registry/releases/tag/asc0.3.1
• Codanna: https://github.com/bartolli/codanna
• Codanna v0.9.22: https://github.com/bartolli/codanna/releases/tag/v0.9.22
• Roam Code: https://github.com/Cranot/roam-code
• Roam Code v13.4: https://github.com/Cranot/roam-code/releases/tag/v13.4
• The Agent Guild: https://github.com/mathomhaus/guild
• The Agent Guild v0.3.2: https://github.com/mathomhaus/guild/releases/tag/v0.3.2
• SwarmVault: https://github.com/swarmclawai/swarmvault
• Awareness-Local: https://github.com/edwin-hao-ai/Awareness-Local
• Lucarne: https://github.com/tuchg/Lucarne
• Lucarne v0.4.2: https://github.com/tuchg/Lucarne/releases/tag/v0.4.2
• SmarterRouter: https://github.com/peva3/SmarterRouter
• SmarterRouter 2.2.5: https://github.com/peva3/SmarterRouter/releases/tag/2.2.5
• LM Studio on DGX Spark: https://build.nvidia.com/spark/lm-studio/overview
• NVIDIA DGX Spark and DGX Station: https://blogs.nvidia.com/blog/dgx-spark-and-station-open-source-frontier-models/