Daily Edition Sources +9

Agent Tooling Gets Runtime Guardrails

Fresh OpenCode, LangChain, Gemini CLI, Codex, and OpenClaw commits show agent projects tightening the machinery around tools, sessions, streams, and approvals.

Diagram-style zine poster showing five source cards feeding into a circled runtime guardrails conclusion, with a caveat stamp that says not a standard. — Diagram Punktool calls are getting their own receipts.

repos anomalyco/opencode + 4 more evidence

9 source signals 5 repos 9 linked commits

Evidence: 9 linked commits / June 11, 2026 / Daily Edition

Open Edition Evidence below

anomalyco/opencode merged Aiden Cline's June 10 commit 3ad6923c to let subagents use their own permission rules while preserving parent session deny rules.

Facts

OpenCode also added MCP server log notifications and applied configured timeouts to prompt and resource requests.
LangChain added provider-side tool search middleware and widened streaming callbacks for structured content blocks.
Gemini CLI added cleanup for startup-only or command-only resume sessions.
Codex switched MCP manager refresh to latest-wins replacement; OpenClaw moved exec approvals under the configured state directory.

Evidence

The source trail spans OpenCode commits 3ad6923c, 174ab583, and 07b983e8; LangChain commits 92ee7727, f89f4c5a, and 43880362; Gemini CLI commit 3a13b8ee; Codex commit 41b4fabb; and OpenClaw commit adad27d7.

Limits

These are independent repairs and feature additions, not a shared standard. Some changes are tests, middleware, or storage behavior rather than user-visible product launches.

Watch next

Builders should watch whether tool search, MCP logs, permission derivation, and session cleanup become default operator receipts. Today's companion follows the OpenCode contributor patch that made the permission tradeoff visible.

Evidence Trail

Receipts below the story

The article above is the public narrative. This section keeps the source trail, limits, and reporting notes on the same page.

Edition

DateJune 11, 2026

LaneDaily Edition

Confidence91%

Sources9

Reposanomalyco/opencode, langchain-ai/langchain, google-gemini/gemini-cli, openai/codex, openclaw/openclaw

Reporter Notes

The reader-interest brief asked for deeper reporting and clearer practical

audience stakes. The practical reader here is the builder/operator deciding

whether an agent system gives enough runtime evidence around tools and

delegation. The strongest new source set comes from under-covered repos:

OpenCode, LangChain, and Gemini CLI.

The source-coverage audit required inspection of:

google-gemini/gemini-cli: selected 3a13b8ee because the resume cleanup

has clear user-facing runtime hygiene.

langchain-ai/langchain: selected 92ee7727, f89f4c5a, and 43880362

because they define tool search and structured streaming contracts.

anomalyco/opencode: selected 3ad6923c, 174ab583, and 07b983e8

because they create the strongest fresh OpenCode entry point.

Primary Evidence

OpenCode commit 3ad6923c: https://github.com/anomalyco/opencode/commit/3ad6923c61438faeb0c4677ee55f0301ddbe43ba
- Evidence used: subagent permissions now rely on parent session deny rules and the subagent's own rules, with plan-agent defaults denying the general subagent unless configured otherwise.
OpenCode commit 174ab583: https://github.com/anomalyco/opencode/commit/174ab583434032688758d5d96035d18d46fe9f55
- Evidence used: MCP prompt and resource requests receive configured per-server timeouts.
OpenCode commit 07b983e8: https://github.com/anomalyco/opencode/commit/07b983e82fcb808101593a5268c10e6e38ed9976
- Evidence used: OpenCode handles MCP server log notifications and maps their levels into application logging.
LangChain commit 92ee7727: https://github.com/langchain-ai/langchain/commit/92ee772761d7522f40d4c7e2070f58872b727381
- Evidence used: ProviderToolSearchMiddleware defers selected tools behind supported provider-native tool search and validates provider/tool support.
LangChain commit f89f4c5a: https://github.com/langchain-ai/langchain/commit/f89f4c5afe5ef1044195469d6647c7c51869296e
- Evidence used: callback token typing is widened so structured streaming content blocks can pass through shared callback paths.
LangChain commit 43880362: https://github.com/langchain-ai/langchain/commit/43880362d8580c34b695ef3dc389517b85358a0b
- Evidence used: standard chat-model tests can validate streaming tool_call_chunk content blocks for opted-in model profiles.
Gemini CLI commit 3a13b8ee: https://github.com/google-gemini/gemini-cli/commit/3a13b8eeb65dc9177c07af814aa7411744ab0b1b
- Evidence used: Gemini CLI deletes current sessions that contain no resumable conversation content.
Codex commit 41b4fabb: https://github.com/openai/codex/commit/41b4fabbb4fb2a5d9d956d12c706daee992a76e2
- Evidence used: MCP operations load the current manager through latest-wins replacement while refresh publishes a new manager.
OpenClaw commit adad27d7: https://github.com/openclaw/openclaw/commit/adad27d7448e5cf453451d8e2a136d6771728c58
- Evidence used: exec approvals storage follows the configured state directory and includes legacy migration behavior.

Evidence Limits

This evidence does not prove a shared standard among the projects.
Several cited changes are internal runtime, test, middleware, or storage changes rather than public product launches.
The OpenCode companion develops the human/contributor angle; this lead keeps to the edition-level source facts.

Letters & Corrections

Send a note to the desk

Corrections, missing context, or a follow-up lead.