LoginSign Up
← Back to Infra & APIs
Weekly · Infra & APIs · Week of May 25, 2026

Devtools rewires itself for agents: SDLC platforms, short-lived tokens, and MCP-fronted observability all shipped this week.

agent-native-inframcpide-platformsagent-identityagent-operable-observabilityci-cd
Y
By Yahya Tür
LinkedIn ↗
Generated 1h agoDrawn from 15 products

The week in devtools

The throughline is unmistakable: devtools vendors are no longer adding AI features to existing surfaces — they are rebuilding the surfaces around agents as first-class users. Cursor turned its IDE into an SDLC platform with always-on Security Reviewer and a PR review surface inside Cursor 3. Vercel made its Sandbox a runtime for Anthropic-hosted Claude Managed Agents, then quietly piloted a flat-rate CDN to defuse years of bill-shock complaints. Buildkite published official skills for Claude Code and Cursor and stood up OAuth 2.0 Token Exchange so bots authenticate via signed JWTs rather than static personal tokens. Honeycomb relaunched Canvas as a multiplayer investigation surface where humans and agents share the same incident.

Underneath all of it, MCP is becoming the integration substrate. Auth0 took Auth for MCP to GA. SigNoz exposed logs, traces, and metrics through its own MCP server so Cursor and Copilot can query observability data directly. Dust extended its MCP plumbing so tool-returned images flow into the agent. Ably's CLI 1.1 ships an ably init that drops Agent Skills into whichever IDE you use. The shared assumption: every devtool will be operated by an agent at least as often as by a human, and the primitives — identity, transport, observability, CI — have to move accordingly.

Leaders

  • Cursor — Security Reviewer and Vulnerability Scanner went beta on Teams and Enterprise, while PR review moved inside Cursor 3 alongside the Agents Window. The product is now openly competing with GitHub for review, Snyk for vuln scanning, and Linear for project surface — all without leaving the editor.
  • Vercel — Two sparks in one week: Claude Managed Agents can now execute on Vercel Sandbox (Anthropic-hosted, Vercel-run), and Flat Rate CDN entered limited beta on Pro. The first nails Vercel into the agent runtime layer; the second is a long-overdue pricing concession.
  • Ably — CLI 1.1 added ably init, a one-command install that pulls the CLI, runs OAuth, and writes Agent Skills into Claude Code, Cursor, Codex, or Gemini. Combined with the AI Transport SDK 0.1, Ably is positioning realtime infrastructure as the default tool-calling fabric.
  • Buildkite — Three sparks: official agent skills for Claude Code and Cursor (npx install), plus OAuth 2.0 Token Exchange on Enterprise so orgs mint short-lived API tokens from their own JWKS. Per-user API rate limits landed in the same window — a soft predecessor to deprecating personal access tokens.
  • Honeycomb — Canvas relaunched with auto-investigations, multiplayer review, custom skills, and a GitHub integration. The pitch shifts from "query your telemetry" to "investigate alongside agents that know your system," and Canvas is now propagating into Home, Slack, and traces.

Wildcards

  • Cohere — Off the agent-infra throughline but worth flagging: Command A+ shipped as the new flagship, and Cohere Transcribe (the company's first speech-to-text model, 14 languages) arrived the same cycle. The deliberate narrowing to four product lines — Command, Embed, Rerank, Transcribe — is the strategic move underneath the model drops.
  • Kubernetes — 1.36 formalized gang scheduling with a PodGroup API and a clean separation of workload templates from runtime state. Less about agents, more about the other pressure on the control plane: AI/ML batch workloads at scale.

Themes that compounded

  • Agent-issued identity: Buildkite OAuth Token Exchange, Auth0's Auth for MCP GA, Tailscale's Aperture CLI gating Claude Code and Gemini — the static-token era is ending.
  • MCP as the integration bus: SigNoz, Dust, v0, Expo, and Ably all shipped MCP-shaped surface this week. The protocol is no longer optional plumbing.
  • IDE platforms eating the SDLC: Cursor (PR review, security scanning, multi-repo), v0 (terminal access, OAuth MCP, browser screenshots), GitHub Copilot (auto model routing, staged npm publishing) — each is widening the editor's blast radius.
  • Observability becomes agent-operable: Honeycomb Canvas, SigNoz MCP, Depot's metrics CLI and JSON status output — telemetry is being shaped for programmatic readers, not just dashboards.
  • CI/CD normalization: Depot CI shipped nested virtualization, workflow summaries, secret variants, and log streaming — methodically closing feature parity with GitHub Actions while Buildkite reworks identity underneath.

Watch this week

The next shoe to drop is write-capable MCP in observability — SigNoz's roadmap implies silence-alert and acknowledge-incident actions, which would move AI assistants from read-only investigators to incident-response participants. On identity, watch whether Buildkite or Auth0 starts deprecating long-lived personal tokens now that token exchange is GA; the per-user API rate limit looks like the warning shot. And keep an eye on Cursor's Agents Window — if deploy or post-merge verification agents land next, the gap between "writing code" and "shipping code" effectively closes inside one surface.