AI Coding Agents โ€” 9-Platform Comparison

Updated 2026-07-15 14:59 UTC
Executive
Deep
โ–ธ Filters โ–ธ Lenses โ–ธ Legend
Platforms:
Lenses:
โœ… Supportedโš ๏ธ PartialโŒ Nouniqueexperimentalfreedotted = click or hover for details confidence (click)

Top Takeaways

  • Highest feature-matrix coverage: Copilot (72% of tracked feature rows). This is a coverage score โ€” not a verdict on quality, real-world success rate, privacy, enterprise maturity, or cost-effectiveness (those dimensions are listed in Research Pending).
  • Runner-up by coverage: Claude Code (70%) โ€” deepest subagent system in this matrix, only one with peer-to-peer agent comms
  • Highest customization coverage: Copilot (89%) โ€” most rows checked in agent config / plugins / marketplace
  • Highest Skills-Standard coverage: Claude Code (100%) โ€” SKILL.md originator; matrix rows reflect early-mover coverage, not third-party adoption
  • Most security risks tracked: Cursor โ€” 3 critical/high risks recorded in our risk_items list (count, not a security verdict)
  • Free/OSS options: OpenCode (54%) ยท Antigravity (51%) ยท Cline (52%)
Data freshness: 25/62 fresh (≤30d) 10 aging (31-60d) 27 stale (>60d) 44 overdue review Tracked claims have explicit last-verified dates; sections show per-section averages.

Report changelog โ€” what changed in this living report (not vendor changelogs)

  • 2026-06-19dataKiro added as 9th platform
    Added Kiro (AWS agentic IDE, kiro.dev) as the 9th compared platform across all sections: feature matrix, config, onboarding, execution, skills, subagents (kiro_default), cost (credit-pool pricing), strengths/gaps, summary card, the Init Playbook, and two risk items (workspace-trust CVE cluster โ€” high; contested autonomous-agent outage โ€” medium). Scorecard + takeaways recompute: Kiro overall 64% (rank 3 of 9). 8 new claim-kiro-* claims with kiro.dev/AWS provenance; two adversarial reviews returned SHIP.
  • 2026-06-12featureInit Playbook + per-cycle changelog
    Added new Project Initialization section with a universal manual init prompt (3-phase scan/draft/curate) and per-platform copy targets for all 8 agents. Added per-cycle changelog block at the bottom of Takeaways. Standalone reference doc (coding-agent-project-init.html) updated to match with corrections from review (OpenCode CVE numbers, Devin Desktop rebrand, Codex /init, etc.).
  • 2026-06-12dataAntigravity 2.0 ingest (Google I/O 2026, 2026-05-19) 29a0773
    Full pipeline cycle for Antigravity 2.0: 8 new candidates, 9 adjudications, 7 new claims (+ 3 bumped), new risk_item for 2.0 release-quality regressions, replaced generic blog.google source with 4 targeted Antigravity sources. Pricing claim marked stale pending tier reconciliation.
Show 8 earlier entries
  • 2026-05-21featureDecision wizard + freshness + glossary + research-pending 28b24cc
    7 UI/data additions: freshness strip atop Takeaways, cycle delta block above What's New, 15-term glossary, 4-question decision wizard (scored from registry data only), research-pending section with 9 unsourced topics, explicit risk severity + prevalence on all 12 risks, pricing as-of pills from claims.json.
  • 2026-05-04contentFilled 86 missing tooltips a3840d0
    Backfilled execution/config/skills section tooltips to bring tooltip coverage above 95%.
  • 2026-05-04fixTooltip click + tap + hover 85d6767
    Replaced native title attribute with click+tap+hover popover. Native title doesn't fire on click or touch; the new popover does.
  • 2026-05-04dataMay 4 cycle โ€” Opus 4.7 + GPT-5.5 wave 610c030
    Refreshed model references and tooltip entity escaping fix.
  • 2026-04-09dataApril 9 fetch cycle 7e0eee1
    6 material platform updates, 4 noise filtered out.
  • 2026-06-29dataWindsurf removed from report (8 platforms now)
    Cognition acquired Windsurf and rebranded to 'Devin Desktop' on 2026-06-02; the original product no longer exists as an independent coding agent. Removed Windsurf across all registry sections (matrix, config, onboarding, execution, skills, cost, strengths, summary_cards, subagents, risks), 3 claims + links, the Init Playbook card, and the cross-platform risk relabeled 'all 9 platforms' โ†’ 'all 8 platforms'. Source monitor entry commented out in sources.yaml; historical adjudications/candidates/snapshots preserved.
  • 2026-06-29dataJun 29 fetch cycle โ€” Cline 4.0, Cursor 3.9, Opus 4.8, OpenCode fix, enterprise refresh
    Fetched all 8 platform sources. Material: Cline v4.0.0 (Plugins, Customize marketplace, ClinePass, SDK runtime); Cursor 3.8/3.9 (Customize page, Marketplace leaderboard, Automations); Opus 4.8 cross-platform (Claude Code 4.7->4.8, Copilot +4.8, Cursor +4.8 โ€” Cline unconfirmed, Antigravity not yet); enterprise refresh (Stripe 1.3k PR/wk, Ramp >50%, Coinbase Forge+Mux, +Cloudflare +Browserbase, 15 in-house agents). Correctness fix: OpenCode 'archived Sep 2025' relabeled active โ€” that archive was the old Go repo (now Crush); active OpenCode is anomalyco TS rewrite (v1.17.11). Deferred as noise: Antigravity blog (already-ingested I/O 2026), GPT-5.5 (already tracked), Codex CLI alpha bump, Copilot PR-merge metric.
  • 2026-07-15dataJul 15 fetch cycle โ€” GPT-5.6 wave, security (DuneSlide + HalluSquatting), platform version bumps
    Fetched all sources + cross-cutting research. GPT-5.6 Sol/Terra/Luna (Codex/Copilot/Kiro); Anthropic Sonnet 5 + Fable 5; Grok 4.5 in Cursor. Security: Cursor DuneSlide (CVE-2026-50548/50549, patched pre-3.0) + cross-platform HalluSquatting. Version bumps: CC v2.1.209, Cursor 3.11, Cline 4.0.8, Kiro IDE 1.0.138, OpenCode 1.17.20, Antigravity CLI 1.1.2. Usage-based pricing shift (Copilot AI Credits, Cursor repricing). New entrants (Grok Build, JetBrains Junie) + protocol shifts (ACP, MCP 2026-07-28) recorded as research watch-items, not added as platforms.

Who Should Choose What

Solo Developer

Individual dev, personal projects, learning
OpenCode or Cline
Both are free/OSS with BYOK. OpenCode exposes 26+ hooks + npm plugins (broadest extensibility surface in our matrix). Cline offers 30+ providers and transparent per-request cost tracking.
Also consider: Antigravity 2.0 โ€” free during public preview if you want bundled Opus access, but expect the open release-quality issues (see Risks) and a non-durable pricing model

Startup Team (2-10)

Small team, shipping fast, budget-conscious
Cursor or Claude Code
Cursor v3.2: /multitask async subagents + worktrees + multi-root workspaces, Plugin Marketplace, Bugbot, Security Review beta, Cursor SDK. Claude Code v2.1.126: deepest subagent system in this matrix, Agent Teams, 22+ hooks (PreCompact + MCP-tool hook + PostToolUse output replacement), Opus 4.7 xhigh.
Also consider: Copilot if team is GitHub-centric

Enterprise / Platform Team

Org-wide rollout, security-first, compliance
GitHub Copilot
Widest IDE support (6+), built-in security scanning (CodeQL), org-level policy controls, 4.7M paid subscribers proven at scale. Agent-to-agent handoffs for complex workflows.
Also consider: Cursor Enterprise for Cursor Blame + sandbox network controls

AI/Agent Researcher

Building agent systems, multi-agent orchestration
Claude Code
Only peer-to-peer agent messaging. Agent SDK (Python + TypeScript). Teams with task dependencies. Skills โ†’ subagent delegation via context:fork. 1M ctx window.
Also consider: Codex for MCP server mode + Agents SDK integration

Security-Conscious Dev

Regulated industry, sensitive codebases
Claude Code or Copilot
Claude Code: AI vulnerability scanner (500+ zero-days found per Anthropic), 5 permission modes. Copilot: CodeQL + Autofix, org-level controls. Both ship vendor-published security-scanning features โ€” verify they cover your specific threat model and compliance regime.
Also consider: Avoid OpenCode <v1.1.10 (CVE-2026-22812)

Decision wizard โ€” answer 4, get a pick

1. Who's using it?
2. Is compliance (SOC 2 / FedRAMP / org policy) a hard requirement?
3. Cost posture?
4. Tolerance for unpatched security disclosures?
Answer the questions above to get a pick.

Core Decision Matrix

Dimension Copilot Claude Code Kiro Codex Cursor OpenCode Cline Antigravity
Features 65% 56% 65% 50% 52% 54% 42% 46%
โ–ธ breakdown
Copilot
13โœ… 5โš ๏ธ 6โŒ
Claude Code
11โœ… 5โš ๏ธ 8โŒ
Kiro
12โœ… 7โš ๏ธ 5โŒ
Codex
8โœ… 8โš ๏ธ 8โŒ
Cursor
10โœ… 5โš ๏ธ 9โŒ
OpenCode
9โœ… 8โš ๏ธ 7โŒ
Cline
8โœ… 4โš ๏ธ 12โŒ
Antigravity
11โœ… 0โš ๏ธ 13โŒ
Only Claude Code: Peer-to-peer comms
Only Antigravity: Browser subagent
Only Antigravity: Commentable artifacts
Customization 89% 78% 83% 33% 61% 0% 44% 61%
โ–ธ breakdown
Copilot
7โœ… 2โš ๏ธ 0โŒ
Claude Code
6โœ… 2โš ๏ธ 1โŒ
Kiro
6โœ… 3โš ๏ธ 0โŒ
Codex
1โœ… 4โš ๏ธ 4โŒ
Cursor
4โœ… 3โš ๏ธ 2โŒ
OpenCode
0โœ… 0โš ๏ธ 1โŒ
Cline
2โœ… 4โš ๏ธ 3โŒ
Antigravity
5โœ… 1โš ๏ธ 3โŒ
Only Copilot: Agent handoffs
Skills 50% 100% 50% 75% 50% 100% 50% 50%
โ–ธ breakdown
Copilot
1โœ… 0โš ๏ธ 1โŒ
Claude Code
2โœ… 0โš ๏ธ 0โŒ
Kiro
1โœ… 0โš ๏ธ 1โŒ
Codex
1โœ… 1โš ๏ธ 0โŒ
Cursor
1โœ… 0โš ๏ธ 1โŒ
OpenCode
2โœ… 0โš ๏ธ 0โŒ
Cline
1โœ… 0โš ๏ธ 1โŒ
Antigravity
1โœ… 0โš ๏ธ 1โŒ
Onboarding 75% 40% 50% 60% 40% 60% 70% 50%
โ–ธ breakdown
Copilot
3โœ… 0โš ๏ธ 1โŒ
Claude Code
2โœ… 0โš ๏ธ 3โŒ
Kiro
3โœ… 1โš ๏ธ 3โŒ
Codex
3โœ… 0โš ๏ธ 2โŒ
Cursor
2โœ… 0โš ๏ธ 3โŒ
OpenCode
3โœ… 0โš ๏ธ 2โŒ
Cline
3โœ… 1โš ๏ธ 1โŒ
Antigravity
2โœ… 1โš ๏ธ 2โŒ
No platform fully supports: Init command (partial only)
Execution 79% 77% 73% 65% 71% 54% 54% 50%
โ–ธ breakdown
Copilot
9โœ… 1โš ๏ธ 2โŒ
Claude Code
9โœ… 2โš ๏ธ 2โŒ
Kiro
7โœ… 5โš ๏ธ 1โŒ
Codex
7โœ… 3โš ๏ธ 3โŒ
Cursor
8โœ… 1โš ๏ธ 3โŒ
OpenCode
5โœ… 4โš ๏ธ 4โŒ
Cline
5โœ… 3โš ๏ธ 4โŒ
Antigravity
5โœ… 3โš ๏ธ 5โŒ
Only Claude Code: Comms model
Only Cursor: Model comparison
Only Antigravity: Commentable artifacts
Overall (provisional) 72% 70% 64% 57% 55% 54% 52% 51%

Overall = simple mean of the 5 dimension percentages. Each dimension percentage = (โœ… count + 0.5 ร— โš ๏ธ count) / row count, scored only over rows we track. Several enterprise-decisive dimensions (performance benchmarks, telemetry/privacy, compliance, model coverage, IDE/OS support, failure modes) are not yet scored โ€” read the Overall row as "highest coverage in this matrix today", not as a quality verdict.

Enterprise Adoption

Real-world deployment examples. These are market signals, not normalized feature scores.

Stripe โ€” Minions

Foundation: Goose (Block fork)
Scale: 1,300+ PRs/week
Invocation: Slack, CLI, Web
Human review: required
Zero human-written code. Devboxes spin up in 10s. Blueprints deterministic orchestration.

Spotify โ€” Honk

Foundation: Claude Code
Scale: 50+ features shipped
Invocation: Slack
Human review: not disclosed
Best developers haven't written code since December 2025. Stock +14.7% on earnings.

Ramp โ€” Inspect

Foundation: OpenCode
Scale: >50% of merged PRs
Invocation: Slack, Web, Chrome ext, Voice, Mobile
Human review: required
Now highest reported adoption (>50%), surpassing Abnormal's 13%. Organic uptake; warm sandbox preloading.

Coinbase โ€” Forge (formerly Claudebot/Cloudbot)

Foundation: Multi-model (model-agnostic)
Scale: 5% of PRs; Mux: 3.5x throughput, 600+ engineers, 5,068 PRs/461 repos
Invocation: Slack, Linear
Human review: context-dependent
150h โ†’ 15h PR cycle time. New Mux fleet-orchestration layer runs parallel agent fleets. Built by VP Chintan Turakhia; deep Skills/MCP integration (Datadog, Sentry, Amplitude, Snowflake).

Shopify โ€” Roast

Foundation: Claude Code CLI
Scale: not disclosed
Invocation: CLI
Human review: required
Open-source Ruby gem (roast-ai). DSL for structured AI workflows.

Uber โ€” Validator + Autocover + Picasso

Foundation: LangGraph
Scale: 21,000 dev hours saved
Invocation: IDE, Workflow
Human review: not disclosed
5,000 developers, hundreds of millions LOC. 10% test coverage increase.

Abnormal AI โ€” Internal agents

Foundation: Custom
Scale: 13% of PRs
Invocation: not disclosed
Human review: not disclosed
13% of PRs from background agents (Feb 2026); since surpassed by Ramp (>50%). Migrating to Modal.

StrongDM โ€” Software Factory

Foundation: Cursor (YOLO mode)
Scale: $1K/day/engineer in tokens
Invocation: Spec-driven
Human review: eliminated
Most radical: no human code, no human review. Code as opaque weights validated by behavior.

Cloudflare โ€” AI Gateway + multi-agent Code Reviewer (harness, not agent)

Foundation: In-house harness (OpenCode/Windsurf assistant layer; Workers + Durable Objects)
Scale: 3,683 users (93% of R&D); 241B tokens/30d; $1.19/code review
Invocation: IDE assistant + GitLab CI
Human review: augmented (multi-agent reviewer)
"Build the harness, not the agent." MCP Server Portal (13 servers, 182+ tools); auto-generated AGENTS.md across ~3,900 repos; publishes unit economics ($1.19/review).

Browserbase โ€” Internal maintenance agents

Foundation: Custom (internal)
Scale: not disclosed (maintenance-focused)
Invocation: Automated (CI / maintenance)
Human review: not disclosed
Agents-as-maintainers: auto-clean code/config as features ramp down โ€” breaks the product-bloat -> LLM-degradation loop (Kyle Jeong).
Source: Ry Walker Research ยท 2026-06-11

Claude Code

  • Auto: 3 built-in subagents auto-delegate; Chrome browser (beta); cloud VMs; Claude Code Security (AI vuln scanner)
  • Config: Custom agents via .claude/agents/*.md; Agent Teams; plugins; Auto Memory
  • New: Opus 4.8 GA (May 28) + xhigh effort tier (v2.1.111); native binary distribution (v2.1.113); PreCompact + MCP-tool hooks + PostToolUse output replacement (22+ events); /ultrareview cloud multi-agent review; PowerShell tool (Windows preview); Vim visual modes; 1-hour prompt cache TTL; per-model cost breakdown; screen-reader mode (--ax-screen-reader) + Chrome extension; Anthropic model lineup adds Sonnet 5 (Jun 30) + Fable 5 (redeployed Jul 1); current v2.1.209

GitHub Copilot

  • Auto: Agent Mode (local); Coding Agent (50% faster, GH Actions); Cloud Agent (research+plan+code); Copilot SDK (public preview); GPT-5.5 GA (Apr 24) + Opus 4.8 GA (May 28) + GPT-5.6 Sol/Terra/Luna (Jul 9); auto model selection in CLI
  • Config: Custom agents via .github/agents/*.agent.md; hooks; skills; handoffs; BYO LLM key (VS Code); C++ in CLI (preview); US+EU data residency + FedRAMP-authorized models; org runner controls + firewall
  • New: GPT-5.6 Sol/Terra/Luna GA (Jul 9); /security-review slash command (public preview, Jul 14); usage-based AI Credits pricing (Jun 1); Opus 4.8 GA (May 28); Opus 4.7 GA (Apr 16) + GPT-5.5 GA (Apr 24); GPT-5.2/5.2-Codex deprecation (May 1); Opus 4.6 Fast retired (Apr 10); code review consumes Actions minutes from June 1 2026; paused new Copilot Business self-serve signups (Apr 22)

Cursor

  • Auto: Explore/Bash/Parallel subagents; /multitask async subagents (v3.2); BG Agents (8 cloud, self-hosted); Long-Running Agents; Bugbot PR review; Multi-Agent Judging; Security Review beta (always-on PR vuln + prompt-injection scanner)
  • Config: .cursor/agents/*.md + UI modes; .cursor/skills/; Hooks (12 events); Plugin Marketplace + Team Marketplace controls; /worktree + /best-of-n + /multitask; multi-root workspaces (single agent, multiple repos); Cursor SDK (TypeScript public beta); Composer 2 model; Canvases (durable visual artifacts); Customize page (v3.9); supports Claude Opus 4.8 + Grok 4.5 (all plans, Jul 8)
  • New: v3.11 (Jul 10) โ€” side chats (/side, /btw), conversation search (Cmd+F transcript index), redesigned project/repo pickers; usage-based repricing ($40 seat, Jul 1); v3.9 (Jun 22) โ€” Customize page (unified plugins/skills/MCP/subagents/rules/commands/hooks) + Marketplace leaderboard + plugin canvases (Hex/Atlassian) + multi-VCS marketplace imports (GitLab/BitBucket/Azure DevOps); v3.8 (Jun 18) Cursor Automations (/automate skill, Slack emoji + 5 GitHub triggers, computer use)

Cline

  • Auto: use_subagents (v3.58+) parallel workers; Plan/Act modes; checkpoints; tool-call loop detection (v3.76); enterprise skills management with remote config (v3.80)
  • Config: 30+ providers + Opus 4.7 + GPT-5.5 + SAP AI Core + Z AI + Azure Blob; SKILL.md; 4 hooks; CLI 2.0 + JetBrains + ACP; BYOK; Node heap 8GB (OOM fix); Cline Plugins + Customize marketplace + ClinePass; current v4.0.8 + CLI v3.0.40
  • New: v4.0.0 (Jun 2026) โ€” SDK-backed VS Code runtime; Cline Plugins (custom tools/workflows/skills/MCP); Customize marketplace (install/manage Skills, MCP, Plugins); ClinePass managed provider; reasoning-effort incl. xhigh for DeepSeek; +models GLM 5.2, Kimi K2.7, Qwen 3.7

OpenAI Codex

  • Auto: Cloud containers; local worktrees; App Automations (unprompted work)
  • Config: AGENTS.md + config.toml (roles); /review; open-source CLI (Rust); first-class plugins (sync/browse/install); path-based sub-agent addresses; Windows sandbox proxy networking; Bedrock model support (v0.128); expanded permission profiles + persistent goal workflows; current v0.145.0-alpha
  • New: v0.128.0 (Apr 30) persistent goal workflows + expanded permission profiles; Bedrock model support; configurable TUI keymaps; plan-mode nudges; external agent session imports; GPT-5.5 / 5.5 Pro available via API; GPT-5.6 Sol/Terra/Luna (Jul 9) + programmatic tool calling + multi-agent + Private Link

OpenCode free MIT free active v1.17.20

  • Auto: Build + Plan agents; General & Explore subagents (parallel); GitHub Agent (Actions-based); hidden context agents
  • Config: 6 extensibility layers: AGENTS.md (CLAUDE.md compat), MCP (OAuth 2.0), npm plugins, 26+ hooks, SKILL.md, custom tools; Ollama local models; 6 config precedence levels
  • New: v1.17.20 (Jul 13, bugfixes); v1.17.11 (Jun 25) session snapshots + revert controls; actively maintained TS rewrite at anomalyco/opencode (weekly releases). NOTE: the 'archived Sep 2025' status was the original Go repo (opencode-ai/opencode), which became Crush โ€” not this project.

Antigravity free

  • Auto: Browser subagent; Knowledge Subagent (async KI distillation); dynamic subagents (parallel workflows, 2.0); scheduled tasks (cron-style, 2.0); semantic skill activation
  • Config: GEMINI.md + AGENTS.md rules โ†’ Workflows โ†’ Skills; Gemini 3.5 Flash (primary, 2.0) + Gemini 3 Pro + Gemini 3 Deep Think + Claude Sonnet/Opus 4.6 + GPT-OSS; Terminal Policy (Off/Auto/Turbo); no custom agent defs or hooks
  • New: 2.0 (2026-05-19, Google I/O): standalone desktop app (no longer a VS Code fork), new Antigravity CLI, new Antigravity SDK via Gemini API, Antigravity in Gemini Enterprise Agent Platform; project-based context across folders; worktree support; live voice transcription; CLI 1.1.2 (Jul 2026): create-file full-diff shortcut, headless OAuth, 5000+-step perf, permission-allowlist fixes; ADK Go 2.0 multi-agent framework (blog)
  • Pricing: Free preview including Claude Opus. New $100/mo Google AI Ultra plan with 5ร— AI Pro capacity ($249.99 legacy tier relationship unresolved); see Cost section for caveats.

Kiro

  • Auto: Autopilot autonomous mode + Supervised per-hunk review; up to 4 parallel subagents; agent hooks on save/PR; Auto model selection
  • Config: Custom agents (.kiro/agents/); steering files; SKILL.md skills; MCP; Powers extensions; specs (Requirementsโ†’Designโ†’Tasks)
  • New: GA Nov 2025 (Kiro CLI, checkpointing, property-based spec testing, team plans); re:Invent Powers (Figma/Netlify) + preview autonomous agents; credit-pool pricing + Auto agent (1ร—); models Auto / Sonnet 4.6 / Opus 4.8 + GPT-5.6 Sol/Terra/Luna (Jul 14); IDE 1.0.138 (faster sessions, PowerShell trust); hooks on agent writes + lazy MCP auth + multi-window sync (1.0.116); CLI 2.12 (expanded MCP OAuth); workspace-trust CVEs patched through 0.8.140

Quick Feature Matrix 7 claims ยท 86%

Feature Claude Code Copilot Cursor Cline Codex OpenCode Antigravity Kiro
Custom agent defs โœ… โœ… โœ… โŒ โš  Roles+MCP โœ… .opencode/agents/ โŒ โœ… JSON in .kiro/agents/
Cloud execution โš  Web VMs โœ… GH Actions โœ… โŒ โœ… โš  Headless + GH Actions โŒ โœ… Kiro Web
Git worktree isolation โœ… โš  Branch โœ… โš  Checkpoints โœ… โŒ No sandbox โŒ โš  Cloud isolated envs
Peer-to-peer comms โœ… โŒ โŒ โŒ โŒ โŒ โŒ โŒ
Parallel agents โœ… โœ… Coding Agent โœ… โœ… โœ… โœ… Native โœ… โœ… โ‰ค4 subagents
Built-in code review โŒ โœ… @copilot โš  Bugbot โŒ โœ… โš  via GitHub Agent โŒ โœ… Supervised mode
Browser subagent โš  Chrome โŒ โš  โš  Built-in โŒ โš  webfetch only โœ… โŒ
Commentable artifacts โŒ โŒ โŒ โŒ โŒ โŒ โœ… โš  Inline hunk chat
Knowledge Base โš  Auto Memory โœ… Agentic Memory โš  Memories โš  Memory Bank โš  Memory โš  Session-scoped โœ… KIs + Brain โš  Steering + knowledge tool
Open source โŒ โš  Chat OSS โŒ โœ… โœ… CLI โœ… MIT (109Kโ˜…) โŒ โš  Code OSS base
Hooks โœ… โœ… โœ… โœ… โš  Experimental โœ… 26+ events โŒ โœ… Agent hooks
Task dependencies โœ… โŒ โŒ โŒ โŒ โš  Todo tool โŒ โœ… Dependency graph
Session resumption โœ… โœ… โœ… โœ… โœ… โœ… SQLite โœ… โš  History + switching
Agent Skills โœ… โœ… โœ… โœ… โœ… โœ… SKILL.md โœ… โœ… SKILL.md (open std)
Workflows โš  via Skills โš  Prompts+Skills โš  Commands โœ… โš  via Skills โš  via Skills โœ… โœ… Specs + automations
Multi-vendor models โŒ โœ… Auto+BYOK โœ… โœ… โŒ โœ… 75+ providers โœ… โœ… Claude + open-weight
Native IDE โŒ โœ… 6+ IDEs โœ… โš  VS Code + JetBrains + CLI โŒ โœ… 6 surfaces โœ… โœ… Code OSS-based
Arena / model A/B โŒ โŒ โœ… Judging โŒ โŒ โŒ โŒ โŒ
Agent Manager UI โŒ โœ… Agents Panel โŒ โŒ โœ… App โš  TUI + web โœ… โš  CLI only
Agent-to-agent handoffs โš  Teams โœ… unique unique โŒ โŒ โŒ โŒ โŒ โš  Hierarchical
Voice input โœ… /voice unique unique โŒ โŒ โŒ โš  Web only โŒ โŒ โŒ
Remote / mobile access โœ… Remote Control unique unique โš  GH Mobile โŒ โŒ โš  Web UI โš  HTTP server โŒ โœ… Web + iOS
AI security scanning โœ… Security โš  CodeQL + Autofix โŒ โŒ โš  Security โŒ โŒ โŒ
Free tier โŒ โœ… Free โš  โœ… OSS โš  Promo โœ… MIT + free models โœ… Full โœ… $0 ยท 50 credits/mo

Built-in Agents & Subagents 4 claims ยท 84%

Claude Code 5 agents
AgentCapabilityPurposeToolsModelAccess
Explore Search Search files & codebase Glob, Grep, Read, Bash (read-only) Haiku ๐Ÿ”’ Read 3 thoroughness levels: quick ยท medium ยท very thorough
Plan Plan Plan by researching codebase Read, Glob, Grep, Bash Sonnet ๐Ÿ”’ Read
General-purpose Execute Execute complex multi-step operations All tools Sonnet โœ Read/Write
Team Lead experimental Coordinate Coordinate teammates via task list All + SendMessage, TaskList Opus โœ R/W 2โ€“5 teammates recommended; tested up to 16 experimental
Teammate (ร—N) experimental Execute Coordinate Execute tasks with peer messaging All + SendMessage (peer-to-peer) Sonnet โœ R/W Agent Teams experimental
Copilot 5 agents
AgentCapabilityPurposeToolsModelAccess
Plan Mode Plan Plan & approve blueprint before coding search, fetch (read-only) Auto ๐Ÿ”’ Plan output Review & approve before agent starts coding
Agent Mode Execute Execute autonomous edits in IDE All IDE tools, terminal, file R/W Claude Sonnet 4.5 โœ R/W Multi-file editing, terminal, auto-fix. 6+ IDEs
Coding Agent Execute Cloud Execute autonomous cloud dev โ†’ PR Full R/W in GH Actions sandbox Claude Sonnet 4.5 โœ R/W Issueโ†’PR autonomous. Security scanning built-in. Consumes GH Actions minutes + premium requests
Custom Agent (ร—N) Execute Execute specialized tasks per profile Configurable via tools property Configurable โœ R/W .github/agents/*.agent.md; handoffs between agents (IDE only; not yet on GitHub.com); org/enterprise level
Agents Panel unique Coordinate Coordinate all agent sessions View, steer, resume sessions N/A โš  Monitor Agent HQ: mission control for Copilot + 3rd-party agents unique
Cursor 7 agents
AgentCapabilityPurposeToolsModelAccess
Explore Search Search codebase semantically Semantic search, grep, file read Fast ๐Ÿ”’ Read Parallel searches
Bash Execute Execute shell commands Terminal Inherit โš  Execute only
Custom Subagent (ร—N) Execute Execute user-defined parallel tasks Configurable per agent Configurable โœ R/W .cursor/agents/*.md (v2.4+) + UI modes ; async, nested (v2.5)
Background Agent Execute Cloud Execute autonomous dev in cloud Full R/W in remote Ubuntu VM (AWS) Max Mode โœ R/W Up to 8 parallel; ~$4.63/PR observed; Slack/Linear notify
Long-Running Agent Execute Cloud Autonomous multi-hour/day execution Full R/W, plans + multi-agent verification Max Mode โœ R/W Ultra/Teams/Enterprise. cursor.com/agents. Research preview
Browser Browse Browse via MCP integration DOM, screenshots, console, network Inherit ๐Ÿ”’ Read
Bugbot Execute Review PRs on GitHub GitHub PR analysis, custom rules Dedicated โš  Review $40/user/mo add-on (200 PRs). 70% resolution. .cursor/BUGBOT.md rules
Cline 1 agent
AgentCapabilityPurposeToolsModelAccess
Research Subagent (ร—N) Search Search across codebase in parallel (native use_subagents tool, v3.58.0+) read_file, list_files, search_files, list_code_definition_names, execute_command (ro), use_skill Inherit ๐Ÿ”’ Read No writes, no browser, no MCP, no nesting
Codex 4 agents
AgentCapabilityPurposeToolsModelAccess
Cloud Task Execute Cloud Execute parallel tasks in containers Full R/W in sandbox gpt-5.3-codex โœ R/W (sandboxed) Up to 4 best-of-N; no inter-task comms
Local Worktree Execute Execute independent local tasks Full R/W in worktree Inherit โœ R/W
MCP Server Coordinate Coordinate by exposing Codex as tool codex + codex-reply via MCP Configurable โš  Proxy Multi-agent orchestration via Agents SDK
Automations unique Execute Config Unprompted scheduled work (issue triage, alerts, CI/CD) Background worktrees or project dir Inherit โœ R/W Results in Triage inbox unique
OpenCode 6 agents
AgentCapabilityPurposeToolsModelAccess
Build Plan Execute Full development: plan, code, test, debug All 15 tools: bash, edit, write, read, grep, glob, list, patch, lsp, skill, todo, webfetch, websearch, question Configurable โœ R/W Primary agent. AGENTS.md instructions. Thinking budget toggle (Ctrl+T)
Plan Plan Read-only analysis & planning Read, Grep, Glob, List, LSP Configurable ๐Ÿ”’ Read No writes. Analysis & architecture planning
General (subagent) Execute Parallel multi-step operations All tools (inherited from parent) Configurable โœ R/W Parallel execution via multiple tool-use blocks
Explore (subagent) Search Fast read-only codebase search Read, Grep, Glob, List Fast model ๐Ÿ”’ Read Lightweight, rapid exploration
GitHub Agent Execute Cloud Respond to /opencode on issues & PRs Full R/W in GitHub Actions Configurable โœ R/W opencode github install โ†’ GitHub App. Creates branches, reviews code
Custom Agent (ร—N) Execute User-defined specialized agents Configurable per agent Configurable โœ R/W .opencode/agents/*.md or opencode.json; per-agent MCP, tools, model, yolo
Antigravity 3 agents
AgentCapabilityPurposeToolsModelAccess
Main Coding Agent Plan Execute Plan, execute codegen, coordinate All IDE tools, terminal, file R/W Gemini 3.1 Pro โœ R/W Planning Mode vs Fast Mode; Terminal Policy: Off ยท Auto ยท Turbo
Browser Subagent unique Browse Browse, automate, test, record video Navigate, click, scroll, type, screenshot, JS exec, video Gemini 2.5 CU โš  Browser only Isolated Chrome profile; WebP video recording; requires browser extension unique
Knowledge Subagent unique Search Async background distillation of conversations into Knowledge Items Read conversation logs, write KIs Inherit ๐Ÿ”’ Read Two-tier retrieval: KIs (fast) โ†’ conversation logs (fallback) unique
Kiro 1 agent
AgentCapabilityPurposeToolsModelAccess
kiro_default General Default delegated subagent (general-purpose tasks) Inherited / configurable Auto โ‰ค4 concurrent ยท isolated context ยท returns via summary tool ยท hierarchical delegation

Custom Agent Configuration 4 claims ยท 88%

Feature Claude Code Copilot Cursor Cline Codex OpenCode Antigravity Kiro
Custom agents โœ… .claude/agents/*.md โœ… .github/agents/*.agent.md โœ… .cursor/agents/*.md โŒ โš  Roles + MCP opencode.json + .opencode/agents/*.md โŒ Rules + Workflows + Skills โœ… .kiro/agents/ (JSON/MD)
Model selection haiku ยท sonnet ยท opus ยท inherit Auto (default) / model: per agent fast ยท inherit ยท model ID Per-mode Per-profile / --model 75+ providers; Ctrl+T thinking toggle Per-conversation Gemini + Claude + GPT Auto ยท Claude ยท open-weight
Tool restriction โœ… Allow/deny list + MCP โœ… tools: array in YAML โœ… Same + readonly โš  โš  Sandbox modes Per-agent + per-skill YAML โš  โœ… Allow-list + @server
Permission modes โœ… 5 modes โš  PR review gated โš  Yolo โš  --yes โš  3 modes 3 modes (ask / YOLO / per-agent) โœ… 3 levels โœ… Autopilot/Supervised
Agent handoffs โš  Teams messaging โœ… handoffs property unique unique โŒ โŒ โŒ โŒ No handoffs โŒ โš  Parallel; no peer
Marketplace โœ… Plugin marketplace โœ… MCP Registry + awesome-copilot โœ… Plugin Marketplace โš  MCP Marketplace โŒ npm plugins (@opencode-ai/plugin) โœ… MCP Store โœ… Open VSX + Powers
Alternative Customization
Skills (SKILL.md) โœ… .claude/skills/ context:fork โ†’ subagent โœ… .github/skills/ + personal + .claude/ cross-compat โœ… + Commands + Hooks โœ… .cline/skills/ โœ… .agents/skills/ .opencode/skills/ + ~/.config/opencode/skills/ โœ… .agent/skills/ โœ… .kiro/skills/
Rules CLAUDE.md .github/copilot-instructions.md .cursor/rules/ .clinerules/ + AGENTS.md fallback AGENTS.md + config.toml AGENTS.md (6-level precedence) GEMINI.md + .agent/rules/*.md Steering (.kiro/steering/)
Workflows โš  via Skills โš  Prompts+Skills โš  Commands โœ… โš  via Skills Custom agents + Skills + hooks โœ… Chainable โš  via Specs/Powers
Knowledge Base โŒ โœ… Agentic Memory โš  Memories โš  Memory Bank โŒ AGENTS.md (6-level precedence) โœ… KIs + Brain unique unique โš  Steering + resources
Plugins โœ… /plugin install โœ… plugin.json packages โŒ โŒ โŒ npm + hooks + MCP + ACP โŒ โœ… Open VSX

Agent Skills Open Standard 1 claim ยท 88%

Feature Claude Code Copilot Cursor Cline Codex OpenCode Antigravity Kiro
SKILL.md support โœ… Native Creator of standard โœ… Native VS Code, CLI, Coding Agent โœ… Native v2.4+ (Jan 2026) โœ… Native Always-on since v3.57 โœ… Native Dec 2025+ โœ… YAML frontmatter โœ… Native โœ… Required SKILL.md
Skill location .claude/skills/ ยท ~/ .github/skills/ ยท ~/.copilot/skills/ + .claude/skills/ cross-compat .cursor/skills/ ยท ~/ ยท built-in .cline/skills/ ยท ~/.agents/skills/ + .clinerules/ + .claude/ paths .agents/skills/ ยท ~/ .opencode/skills/ + ~/.config/opencode/skills/ On-demand via built-in skill tool .agent/skills/ .kiro/skills/ ยท ~/
Activation Auto + /skill Auto + /slash command Auto + explicit Auto + use_skill Auto + $skill Pattern + on-demand (glob matching) Semantic auto Auto + /skill
Platform extensions context:fork, $ARGUMENTS Prompts + Instructions + Hooks + Plugins Commands + Hooks Cross-agent paths openai.yaml sidecar npm plugins + MCP + hooks + ACP scripts/ + refs/ Open standard ยท references/
Spawn agents? โœ… context:fork โŒ โŒ โŒ โš  โœ… Native multi-agent โŒ โŒ
Precedence Project first Repo first Project first Global first CWD โ†’ root 6-level hierarchy Workspace first Workspace first

Project Onboarding & Agent Memory

Feature Claude Code Copilot Cursor Cline Codex OpenCode Antigravity Kiro
Instruction Files
Primary file CLAUDE.md .github/copilot-instructions.md .cursor/rules/*.mdc .clinerules AGENTS.md AGENTS.md / CLAUDE.md GEMINI.md Steering files (no single file)
Format Markdown + YAML (rules) Markdown + YAML (.instructions) YAML frontmatter (4 modes) Markdown + YAML (paths) Markdown + Starlark Markdown + JSON Markdown + YAML Markdown (agents JSON)
Hierarchy depth 4 levels + rules + @import 3 levels (accumulate) 3 levels + legacy 2 levels + cross-read N levels (walk-down) 7 sources 3 levels + rules dir 2 levels (workspace > global)
Memory & Persistence
Auto-memory โœ… MEMORY.md (local, per-project) โœ… Server-side (28-day expiry) โŒ Rules only โš  Memory Bank (prompt-driven) โœ… MEMORY.md (SQLite pipeline) โŒ SQLite sessions only โš  /memory add (manual) โœ… Foundation always loaded
Ignore, Init & Setup
Ignore file permissions.deny Web UI (Biz/Ent) .cursorignore .clineignore โŒ (sandbox only) .opencodeignore (WIP) .geminiignore โŒ
Init command /init /init, /create-instruction Cmd+Shift+P /newrule codex login + web UI /init First-launch wizard โš  GUI: Generate Steering Docs
Setup script โŒ copilot-setup-steps.yml โŒ โŒ codex-setup.sh (cloud) โŒ โŒ โŒ
Cross-Platform Compatibility
Reads AGENTS.md โŒ (use @import) โœ… โœ… โœ… โœ… โœ… โœ… (v1.20.3) โœ…
Reads other configs โŒ โŒ โŒ โœ… .cursor/ .windsurf/ .claude/ โŒ โœ… CLAUDE.md + .claude/skills/ โŒ โŒ (no CLAUDE.md)
Agent Skills (SKILL.md) โœ… (originator) โœ… .github/skills/ .cursor/skills/ .cline/skills/ โœ… .opencode/skills/ .agent/skills/ โœ… .kiro/skills/

Execution, Coordination & Lifecycle 8 claims ยท 85%

Feature Claude Code Copilot Cursor Cline Codex OpenCode Antigravity Kiro
Parallelism & Isolation
Parallel execution โœ… Subagents + Teams โœ… Multiple Coding Agents โœ… 8 local + BG agents โœ… use_subagents Read-only; CLI-powered โœ… Cloud tasks โœ… Native parallel tools โœ… Agent Manager โœ… โ‰ค4 subagents
File isolation โš  Worktrees โœ… / Teams: LWW โœ… Ephemeral branch โœ… Git worktrees โš  Checkpoints โœ… Worktrees + containers โŒ No sandbox โŒ โš  Cloud sandbox; local shared
Context isolation โœ… Summary returns โœ… โœ… โœ… โœ… โš  Session-scoped + compaction โœ… โœ… Per-subagent context
Communication & Coordination
Comms model โœ… Peer-to-peer unique unique Handoffs Parentโ†’child Parentโ†’child โš  spawn_agent โŒ No peer comms โŒ โš  Hierarchical + summary
Shared task lists โœ… JSON w/ dependencies โŒ โŒ โŒ โŒ โš  Todo tool (session) โš  Artifacts โœ… Spec list + todo tool
Userโ†’agent access โœ… 12 surfaces unique unique โœ… Issues / PRs / Slack / Teams / Linear / Jira / IDE + 4 more โœ… Web/Slack โœ… CLI + JetBrains + ACP โœ… CLI/IDE/App/Cloud + GH/Slack/Linear โœ… 6 surfaces โœ… Inbox unique unique โœ… Mid-turn redirect
Session resumption โš  Subagents: โœ… Teams: โŒ โœ… PR iterate + IDE resume โœ… โœ… โœ… resume/fork โœ… SQLite sessions โœ… โš  History + switching
Cloud execution โš  Web VMs + GH Actions + GitLab CI/CD โœ… GH Actions โœ… AWS VMs โŒ โœ… Codex Cloud โš  Headless + GH Actions โŒ โœ… Kiro Web (preview)
Hooks, Review & Quality
Hook events โœ… 22+ โœ… 8 โœ… 12 โœ… 4 โš  2 experimental experimental โœ… 26+ events (11 categories) โŒ โœ… File/prompt/tool/task
Code review โœ… /security + AI scanner โœ… @copilot + IDE + security โš  Bugbot โš  Pipe pattern โœ… /review unique unique โš  GitHub Agent โš  Artifacts โœ… Supervised per-hunk
Model comparison โš  Manual tiering โš  Auto select โœ… Multi-Agent Judging โš  โš  โŒ โš  โŒ
Commentable artifacts โŒ โŒ โŒ โŒ โŒ โŒ โœ… unique 6 types unique โš  Inline hunk chat
3rd-party agents โŒ โœ… Claude + Codex on GitHub + VS Code unique unique โŒ โŒ โŒ โœ… Custom agents + MCP + ACP โŒ โš  Skills + MCP

Cost & Efficiency 12 claims ยท 83%

Platform Pricing Approx. Cost Key Optimization
Claude Code Subscription + API (BYOK)as of 2026-05-04 ยท 72d old $20 Pro โ†’ $100โ€“$200 Max Team $25โ€“$150/seat. API: Haiku $1/$5, Sonnet $3/$15, Opus $5/$25 per 1M tokens Haiku explore (~10ร— cheaper) โ†’ Sonnet โ†’ Opus. Max sub vs API breakeven ~$200/mo. Batch API 50% off
Copilot 5 tiers + premium requestsas of 2026-05-04 ยท 72d old $0 Free โ†’ $10 Pro โ†’ $39 Pro+ $19โ€“$39/user org. Coding Agent: GH Actions min + premium reqs. Overage $0.04/req Auto model selection (10% multiplier discount). Free model after quota. Reserve Pro+ models for complex tasks
Cursor Subscription + usageas of 2026-05-04 ยท 72d old $20 Pro โ†’ $200 Ultra BG Agents: ~$4.63/PR (Max Mode). Bugbot: $40/user/mo (200 PRs) Explore auto fast model. Worktrees avoid retry costs. Multi-Agent Judging (best-of-N)
Cline BYOK (any provider) + Cline Provideras of 2026-05-04 ยท 72d old $0 extension + API costs ~$20โ€“200/mo typical. Teams $20/mo. Enterprise custom Plan cheap + Act capable. --max-turns. Auto Compact. Per-request cost tracking
Codex ChatGPT tiers + APIas of 2026-05-04 ยท 72d old Free promo โ†’ $20โ€“$200/month Business $25-30/user. API: $1.25/$10 per 1M tokens. codex-mini: 4ร— more usage GPT-5.3-Codex-Spark for fast tasks (>1K tok/s). codex-mini-latest 75% prompt caching. Explorer role for cheap reads
OpenCode Free (MIT) + OpenCode Black free $0 BYOK โ†’ $20โ€“$200 Black Free models available. Ollama: $0 local. Enterprise: custom per-seat $0 core + BYOK (zero markup). Ollama local = truly free. Zen gateway pay-per-token. Free tier models for zero-cost start
Antigravity Free (preview) + AI Pro $19.99 + AI Ultra $100/mo (new, 5ร— AI Pro)as of 2026-05-19 ยท 57d old $0 (preview) | AI Pro $19.99/mo | AI Ultra $100/mo Free: weekly quota (~2-3h intensive). Fast Mode saves budget. Multi-model: Opus via preview only
Kiro Subscription + credit pool (PAYG overage $0.04/cr, off by default)as of 2026-06-19 Free $0 (50 cr) ยท Pro $20 (1,000) ยท Pro+ $40 (2,000) ยท Pro Max $100 (5,000) ยท Power $200 (10,000). Credits don't roll over Use the Auto agent (1ร— credits vs 1.3ร— forced Sonnet 4); keep overage off; size tier to monthly burn

Unique Strengths & Key Gaps 7 claims ยท 82%

Copilot

  • + Widest IDE + platform reach (VS Code, JetBrains, Xcode, Eclipse, CLI (GA Feb 2026), GitHub.com, Slack, Teams, Linear, Jira (Mar 2026))
  • + Agent-to-agent handoffs unique + Agent HQ (mission control for multi-agent coordination)
  • + 3rd-party agents (Claude + Codex assignable on GitHub PRs/Issues) unique
+6 more strengths
  • + Agentic Memory + built-in code review + security scanning (CodeQL)
  • + Plugins (plugin.json: agents + skills + hooks in one package); 6 hook events
  • + Auto model selection (10% premium discount); 4.7M paid subscribers (as of late 2025)
  • + Coding Agent runs in GitHub Actions (full CI/CD integration)
  • + US + EU data residency + FedRAMP-authorized models (Apr 13) โ€” strongest enterprise compliance posture in the comparison
  • + GPT-5.5 GA (Apr 24) and Opus 4.7 GA (Apr 16) on launch day
  • - No peer-to-peer comms or task lists
  • - No Arena / model A/B comparison
  • - Coding Agent costs GH Actions minutes + premium requests
+3 more gaps
  • - Agent Mode single-session in IDE (no background persistence)
  • - No worktree-based isolation
  • - Custom agents .agent.md: model + handoffs not yet on GitHub.com

Claude Code

  • + Only peer-to-peer agent messaging (Teams: bidirectional inter-agent comms)
  • + Deepest subagent system (3 built-in + custom .md definitions + Teams orchestration)
  • + 17 hooks (most of any platform); 5 permission modes (allowlist โ†’ deny); resumable subagents
+8 more strengths
  • + 12 surfaces unique : CLI, VS Code, JetBrains, Desktop app, Web VMs, Remote Control, GH Actions, GitLab CI/CD, Slack, Chrome, Mobile, Agent SDK
  • + Remote Control unique : local terminal โ†’ mobile/web (no cloud โ€” runs on your machine)
  • + Voice Mode unique : /voice + hold spacebar to talk (Mar 2026, rolling out)
  • + Claude Code Security : AI vulnerability scanner (Opus 4.6); 500+ zero-days found in OSS
  • + Skills โ†’ subagent delegation via context:fork; Agent SDK (Python + TypeScript) + headless mode
  • + Session teleportation (local โ†” cloud seamless); Auto Memory; Opus 4.6 (1M ctx, 128K output, adaptive thinking)
  • + Open-source sandbox runtime; /compact for long sessions; Plugin marketplace
  • + Opus 4.7 + xhigh effort tier (v2.1.111, Apr 16)
  • - Cloud execution GitHub-only (research preview; no GitLab repos in VMs)
  • - Chrome integration beta (no Bedrock/Vertex); Pro limited to Haiku in Chrome
  • - Teams: no resume; last-write-wins file isolation
+5 more gaps
  • - Claude-only models (no multi-vendor)
  • - No Arena / model A/B comparison
  • - Remote Control: Max-only (Pro coming soon); no Team/Enterprise yet
  • - Voice Mode: 5% rollout (Mar 2026); not yet GA
  • - No GUI IDE (terminal-first; VS Code ext is companion, not fork)

Kiro

  • + Spec-driven development as the core unit of work (Requirementsโ†’Designโ†’Tasks; the spec is the source of truth, code is a build artifact)
  • + Event-driven agent hooks fire on save/PR/repo events (run tests, update docs, cascade spec changes)
  • + Steering files (.kiro/steering/) for persistent project knowledge with 4 inclusion modes
+3 more strengths
  • + Powers extension system (launch partners Figma + Netlify) + Kiro CLI sharing the same steering/MCP config
  • + Property-based testing measures whether code matches the spec
  • + AWS-grade trust: HIPAA-eligible, GovCloud, IP indemnity, no training on paid-tier content
  • - Kiro Web + autonomous agents still preview (autonomous agent is one-per-developer)
  • - No bring-your-own-key or non-Bedrock model routing โ€” models are AWS-hosted (Claude + select open-weight); no OpenAI/Gemini/local-model option
  • - Credits do not roll over month-to-month (penalizes bursty usage)
+1 more gaps
  • - Notable first-year security track record: multiple workspace-trust code-execution CVEs in 2026

Codex

  • + 5 surfaces (CLI + IDE + App (macOS + Windows) + Cloud) โ€” widest Codex-specific reach
  • + Codex App (macOS + Windows Mar 2026): command center with worktrees, Automations (unprompted scheduled work) unique
  • + Built-in /review + GitHub @codex PR reviews (GPT-5-Codex trained for review)
+5 more strengths
  • + Open-source CLI (Rust, Apache 2.0) + Agent Skills Standard support
  • + Cloud containers + local worktrees; resume & fork sessions
  • + GPT-5.3-Codex-Spark (>1K tok/s on Cerebras); mid-turn steering
  • + Multi-agent: spawn_agent (experimental) + MCP server + Agents SDK
  • + v0.128.0 (Apr 30): persistent goal workflows + expanded permission profiles + Bedrock model support
  • - Hooks experimental only (2 events: SessionStart, Stop โ€” Mar 2026; full system in design)
  • - No markdown agent definition files (AGENTS.md โ‰  agent personas)
  • - Cloud tasks independent (no inter-task comms)
+3 more gaps
  • - OpenAI models only (no multi-vendor)
  • - App: macOS only (Windows alpha)
  • - Memory system experimental (Phase 1/2)

Cursor

  • + Subagents (async, nested tree, v2.4+)
  • + Long-Running Agents (multi-hour/day, research preview)
  • + Plugin Marketplace (v2.5: Stripe, Vercel, AWS, etc.)
+8 more strengths
  • + Composer 2 (proprietary thinking model)
  • + Cloud BG Agents (8 parallel); Bugbot PR review (70% resolution); Automations (Mar 2026: event-triggered cloud agents for Slack/Linear/GitHub/PagerDuty)
  • + .cursor/agents/*.md + Skills + Hooks (12 events) + JetBrains via ACP (Mar 2026)
  • + Cursor Blame (AI attribution, Enterprise)
  • + Multi-Agent Judging; Sandbox network controls
  • + v3.2 (Apr 24): /multitask async subagents + worktrees + multi-root workspaces
  • + Security Review beta + Vulnerability Scanner (Apr 30)
  • + Cursor SDK public beta (Apr 29)
  • - No peer comms or Copilot-style handoffs
  • - Long-running agents research preview only
  • - BG agents expensive (~$4.63/PR)
+2 more gaps
  • - Closed source IDE (VS Code fork with proprietary additions)
  • - No blind model comparison (Arena equivalent)

OpenCode

  • + Only truly open-source + provider-agnostic agent (MIT, 120Kโ˜…, TypeScript/Bun, 75+ providers incl. Ollama local)
  • + Client/server architecture : Hono HTTP server (port 4096) enables TUI, web, mobile, Docker, IDE control unique
  • + Deepest extensibility : 26+ hooks (most of any platform), MCP (OAuth 2.0), npm plugins, SKILL.md, custom tools, ACP
+5 more strengths
  • + 6 surfaces : TUI, CLI, web, desktop (Tauri), IDE extensions (VS Code/Cursor/Zed/Windsurf), ACP server
  • + Adaptive thinking (v1.2.7): Claude Sonnet 4.6 + Gemini 3.1 medium reasoning; Ctrl+T toggle
  • + CLAUDE.md compatible (AGENTS.md); GitHub Agent (Actions-based); OpenTUI (Zig + SolidJS, 60fps)
  • + 2.5M+ monthly active developers; 10M+ downloads; 700+ contributors
  • + Actively maintained: v1.17.11 (Jun 2026), ~weekly releases (anomalyco/opencode, TS rewrite)
  • - CVE-2026-22812 : CVSS 10.0 RCE in HTTP server (pre-v1.0.216) โ€” unauthenticated, any website could execute commands
  • - No native sandboxing ("UX feature, not security boundary")
  • - No peer-to-peer inter-agent comms
+4 more gaps
  • - No dedicated cloud sandbox (headless + GH Actions only)
  • - Browser limited to webfetch/websearch (no DOM, no screenshots)
  • - Team acknowledged being "overwhelmed" with growth pace
  • - Benchmarks: slower than Claude Code (16m vs 9m, but more thorough)

Cline

  • + Fully open source (Apache 2.0, 58K+ stars; most starred AI coding agent)
  • + gRPC architecture : multi-platform (VS Code, JetBrains, CLI 2.0 (TUI+headless), Zed/Neovim via ACP)
  • + 30+ providers incl. local Ollama; BYOK w/ per-request cost tracking (most transparent)
+5 more strengths
  • + 4 hooks; Plan/Act modes; checkpoints; CLI pipe chaining; Workflows
  • + MCP Marketplace (300+ servers); Skills (always-on since v3.57); Memory Bank
  • + Subagents (v3.58): parallel read-only exploration agents; Teams/Enterprise tiers available
  • + Opus 4.7 (v3.79.0) + GPT-5.5 (v3.82.0) + SAP AI Core + Z AI providers
  • + Enterprise skills management with remote config (v3.80.0)
  • - Subagents currently read-only (research focus, not general-purpose)
  • - No custom agent defs; no agent-to-agent handoffs
  • - No cloud execution; hooks macOS/Linux only (no Windows)
+2 more gaps
  • - No background/headless agents
  • - Extension-based (depends on host IDE, not standalone)

Antigravity

  • + Agent Manager (Mission Control, up to 5 parallel agents) unique
  • + Commentable artifacts (6 types: plans, diffs, walkthroughs, screenshots, browser recordings) unique
  • + Browser subagent w/ WebP video recording (dedicated Gemini 2.5 CU model)
+4 more strengths
  • + Knowledge Subagent : async distillation of conversations into KIs unique
  • + Multi-model (7-8): Gemini 3.1 Pro (3 thinking levels, replaced 3 Pro Feb 19), Claude Opus 4.5 Thinking (80.9% SWE-bench), GPT-OSS
  • + Free preview incl. Opus; Google One AI Pro $19.99 / Ultra $249.99
  • + Gemini 3.1 Pro (Feb 19, 2026): 80.6% SWE-bench, 77.1% ARC-AGI-2, 94.3% GPQA Diamond; customtools endpoint
  • - No hooks/lifecycle events (community requested, no response)
  • - No custom subagents or custom agent defs (community requested)
  • - No git worktree/file isolation between parallel agents
+4 more gaps
  • - No background/headless agents (foreground IDE only)
  • - No AGENTS.md support (uses GEMINI.md)
  • - Closed source; code transmitted to Google data centers
  • - Security: Mindgard vuln (Dec 2025), Rehberger 5 vulns (pre-launch)

Known Risks & Mitigations (Feb 2026) 8 claims ยท 85%

OpenCode CVE-2026-22812 ยท CVSS 10.0 โ€” Unauthenticated RCEcriticalconfirmed

Hardcoded CORS * in HTTP server (all versions <v1.0.216) exposed /session/:id/shell , /pty , /file/content endpoints โ€” any website could execute arbitrary commands with full user permissions (SSH keys, cloud creds, browser cookies). Fixed partially v1.0.216, fully v1.1.10 (server disabled by default). No native sandboxing โ€” permission system is "UX feature, not security boundary." Community mitigations: opencode-sandbox (bubblewrap), Docker Desktop 4.50+, Nix jail.nix. Mitigation: Update to v1.1.10+. Use Docker/bubblewrap sandbox. Audit HTTP endpoints if server re-enabled.
Mitigation: Update to v1.1.10+. Use Docker/bubblewrap sandbox. Audit HTTP endpoints if server re-enabled.
Sources: CVE NVD CVE-2026-22812 ยท vendor GitHub Security Advisory

Cursor DuneSlide: two CVSS 9.8 zero-click RCE CVEs (patched pre-3.0)criticalconfirmed

Cato Networks 'DuneSlide' (publicly disclosed ~Jul 1-3, 2026; CVE IDs assigned Jun 5): CVE-2026-50548 + CVE-2026-50549, both CVSS 9.8 โ€” zero-click RCE via prompt injection that escapes Cursor's command-execution sandbox. Payload arrives via an MCP server or a web-search result; one flaw overwrites the sandbox helper, the other abuses symlink resolution.
โ†’ Mitigation: Fix predates disclosure โ€” patched in Cursor 3.0 (Apr 2, 2026); every pre-3.0 version is affected, so update to 3.x. Restrict MCP servers and web-search on untrusted repos.
Sources: ref thehackernews.com ยท blog catonetworks.com ยท CVE nvd.nist.gov

Cursor BG Agents auto-run terminal commandshighobserved

Background mode executes shell commands without per-command approval. Data retained ~a few days on remote VMs.
โ†’ Mitigation: Use interactive mode for sensitive repos. Review BG agent PRs before merging.

Cursor sandbox escape CVE-2026-26268 (patched v2.5)highconfirmed

Sandbox escape via .git config injection allowed arbitrary code execution. Fixed in v2.5 with network controls + domain allowlists.
โ†’ Mitigation: Update to v2.5+. Enable sandbox network controls. Enterprise: enforce org-wide policies.

Antigravity: security vulnerabilities & data residencyhighobserved

Mindgard (Dec 2025): malicious workspace rules can overwrite global mcp_config.json. Johann Rehberger: 5 vulnerabilities (some inherited from Windsurf). Code transmitted to Google data centers โ€” no BAA for regulated industries. Default "Auto" terminal policy runs shell commands without explicit approval.
โ†’ Mitigation: Set terminal policy to "Off" for sensitive repos. Audit .gemini/ rules in cloned repos. Avoid untrusted MCP servers. Evaluate data residency requirements before adopting.
Sources: ref mindgard.ai ยท ref embracethered.com ยท forum discuss.ai.google.dev

Cross-platform: rules-file prompt injection (all 8 platforms)highobserved

All platforms load instruction files from workspace (CLAUDE.md, copilot-instructions.md, .cursorrules, .clinerules, AGENTS.md, GEMINI.md, Kiro .kiro/steering/). Malicious repos can include crafted rules that exfiltrate context, override safety behaviors, or inject hidden instructions. IDEsaster research (Dec 2025) demonstrated 24 CVEs across 30+ IDE extensions including configuration manipulation and data leakage via tool-use loops.
โ†’ Mitigation: Audit rules files in cloned repos before opening. Use .gitignore for sensitive files. Enable permission prompts (avoid Yolo/Turbo/Auto-approve modes on untrusted repos). Enterprise: deploy org-level rules via MDM/policy.
Sources: ref ox.security/idesaster ยท blog embracethered.com

Antigravity 2.0 release-quality regressions (community-reported)highobserved

Antigravity 2.0 launched 2026-05-19 with widespread regressions per multiple Google AI Developers Forum threads: removed SSH and extension support, install/update bugs, context loss during migration from 1.x, and reductions in monthly AI credit allotments. The community has published a rollback procedure to 1.23.2 (uninstall 2.0 โ†’ install via the previous-releases page โ†’ disable auto-update). No official Google acknowledgement located at time of writing. Community forum (Jul 2026) shows a fresh cluster: CLI stuck on 'Antigravity Starter Quota', 'Agent execution terminated' crashes across models, and the IDE failing to open.
โ†’ Mitigation: pin to 1.23.2 via the community rollback procedure if SSH/extension support or stable credit allotments are required; budget for a stabilization window before depending on 2.0 in production; monitor discuss.ai.google.dev for official response.

Kiro workspace-trust code-execution CVEs (2026 cluster)highconfirmed

A repeated 2026 pattern where opening or trusting a malicious workspace yields code execution. CVE-2026-5429: XSS in the Agent webview via a crafted color-theme name leading to code execution (CVSS 7.8; fixed 0.8.140, Apr 2026). CVE-2026-4295: improper workspace trust-boundary checks on opening a crafted project directory leading to code execution (fixed 0.8.0). CVE-2026-0830: command injection in the GitLab merge-request helper via an unquoted workspace path leading to code execution with developer privileges (fixed 0.6.18).
โ†’ Mitigation: Keep Kiro updated (recurring fix pattern); never open or trust untrusted workspaces; in enterprise restrict via IAM Identity Center plus MCP/extension allowlists.

Cross-platform: HalluSquatting adversarial package/skill hallucinationhighobserved

arXiv 'Beware of Agentic Botnets' (Jul 8, 2026): a universal transferable adversarial trigger forces coding agents to hallucinate an attacker-chosen package/resource on demand, chained with indirect prompt injection into RCE + botnet spread. Tested across 9 assistants including Cursor, GitHub Copilot, and Cline; hallucinated-resource rates up to 85% (repo clone) / 100% (skill install). An escalation of slopsquatting.
โ†’ Mitigation: Pin and verify dependencies + skills before install; disable auto-install of suggested packages/skills on untrusted repos; enforce lockfiles + provenance checks.
Sources: ref thehackernews.com ยท ref arxiv.org

Copilot Coding Agent costs compoundmediumconfirmed

Coding Agent consumes both GitHub Actions minutes AND premium requests. Complex tasks can burn through quota quickly. Premium multipliers vary by model (Opus 4.6 = highest).
โ†’ Mitigation: Use Auto model selection (10% multiplier discount). Set org budget limits. Reserve Coding Agent for well-defined issues.

Kiro autonomous-agent blast radius (contested)mediumobserved

Dec 2025 reports (Financial Times) described an internal Amazon use of Kiro that deleted and recreated a production environment, taking AWS Cost Explorer offline in one region for ~13 hours. Amazon disputes the AI framing, attributing the incident to a misconfigured, over-permissioned access-control role rather than the model, and calls it a limited single-service event in one of 39 regions. The event is corroborated; AI causation is contested.
โ†’ Mitigation: Require human-approval gates and least-privilege IAM roles for any autonomous or destructive agent actions; the documented root cause was an over-permissioned role, not the model.

Copilot custom agent handoffs are IDE-onlylowconfirmed

The model and handoffs properties in .agent.md work in VS Code and IDE agents, but are not yet supported for Coding Agent on GitHub.com.
โ†’ Mitigation: Design agent chains for IDE use. For Coding Agent, use single-purpose custom agents.

Cursor plans don't auto-persistlowobserved

Plans only save when user explicitly clicks "Save to workspace." Saved to .cursor/plans/.
โ†’ Mitigation: Always Save-to-workspace before modifying plans.
Sources: forum forum.cursor.com (user reports)

Claude Code Teams: no resume, last-write-winslowobserved

Agent Teams sessions can't be resumed. Multiple teammates on same file risk overwrites.
โ†’ Mitigation: Assign non-overlapping file scopes. Use subagents (which do resume) for smaller tasks.

Claude Code Web VMs: GitHub-only, research previewlowconfirmed

Cloud execution runs on Anthropic-managed VMs but currently supports GitHub repos only โ€” no GitLab/Bitbucket. Research preview status. Chrome integration requires claude.ai account (not available via Bedrock/Vertex/Foundry).
โ†’ Mitigation: Use GitHub Actions integration for CI/CD. For non-GitHub repos, run locally or via SSH.

Cline subagents are read-onlylowconfirmed

Research subagents cannot write files, use browser, or call MCP tools.
โ†’ Mitigation: Use subagents for research, apply findings in main agent loop.

Project Initialization โ€” Manual Prompt Playbook

Manual init beats /init by ~7 percentage points. Human-curated context files yield ~+4 percentage-point improvement on agent task success vs none; auto-generated files measure ~-3 pp vs none. Frontier LLMs reliably follow ~150-200 instructions; the system prompt alone consumes ~50 of that budget. Keep context files under 300 lines, ideally under 60. Use the universal prompt below; then run it with the per-platform tail line that writes to the right file in the right format.

Universal 3-phase init prompt

You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

For each platform card below, append the platform-specific tail line. The tail tells the agent the exact output path + format quirks.

Claude Code

CLAUDE.md
Project root. 4-level hierarchy: Enterprise managed โ†’ User (~/.claude/CLAUDE.md) โ†’ Project (CLAUDE.md) โ†’ subdirectories. Project-level is more specific and wins on conflicts.
You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

# PHASE 3 TAIL FOR Claude Code
When I confirm, write the curated content to ./CLAUDE.md at the repository root.
Format quirks: Plain Markdown. Use `@<path>` to import other files (the standard way to get AGENTS.md interop until issue #6235 lands). Tooltip: `@AGENTS.md` is the canonical workaround.

GitHub Copilot

.github/copilot-instructions.md
Repo-level instructions. For file-scoped rules also create `.github/instructions/*.instructions.md` with YAML frontmatter `applyTo` glob. Also natively reads AGENTS.md.
You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

# PHASE 3 TAIL FOR GitHub Copilot
When I confirm, write the curated content to ./.github/copilot-instructions.md.
Format quirks: Plain Markdown. For Coding Agent (web/PR) also create `.github/workflows/copilot-setup-steps.yml` declaring runtime + deps + lint/test. That file IS the brownfield runner spec.

Cursor

.cursor/rules/project.mdc
Modern .cursor/rules/*.mdc directory. Legacy .cursorrules at root still read but discouraged.
You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

# PHASE 3 TAIL FOR Cursor
When I confirm, write the curated content to ./.cursor/rules/project.mdc, with YAML frontmatter `---\ndescription: Project context for Cursor agents\nalwaysApply: true\n---` at the top.
Format quirks: MDC = Markdown with YAML frontmatter. Use `alwaysApply: true` for always-on context, OR `globs: ['**/*.ts']` for path-scoped, OR `description: '...'` + omit alwaysApply for Agent Requested mode.

Cline

.clinerules
File at root, OR directory of *.md files at root (both work; directory enables progressive disclosure). Cline also reads cross-vendor files: .cursor/rules/, .windsurf/rules/, AGENTS.md, CLAUDE.md.
You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

# PHASE 3 TAIL FOR Cline
When I confirm, write the curated content to ./.clinerules at the repository root.
Format quirks: Plain Markdown. Optional YAML frontmatter with `paths:` field for glob scoping. The tail below writes a single .clinerules file (most common starting point). For larger projects, prefer .clinerules/ as a directory of *.md files โ€” Cline reads all of them and you get progressive disclosure (split building/testing/conventions into separate files). If you also want Memory Bank methodology, create the 6 canonical files in `memory-bank/` (projectbrief.md, productContext.md, activeContext.md, systemPatterns.md, techContext.md, progress.md).

OpenAI Codex

AGENTS.md
Walked hierarchically: ~/.codex/AGENTS.md โ†’ git root AGENTS.md โ†’ subdirectory AGENTS.md. The nearest file to the working code wins. For Codex Cloud also configure your setup script in the cloud environment (runs with internet pre-sandbox).
You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

# PHASE 3 TAIL FOR OpenAI Codex
When I confirm, write the curated content to ./AGENTS.md at the repository root.
Format quirks: Plain Markdown for AGENTS.md. Command policies (sandbox/approval) live separately in `.codex/rules/` using Starlark DSL. Don't put policy in AGENTS.md โ€” it won't be enforced.

OpenCode

AGENTS.md
Multi-source precedence: project AGENTS.md โ†’ global ~/.config/opencode/AGENTS.md โ†’ opencode.json custom path โ†’ CLAUDE.md fallback (disable with OPENCODE_DISABLE_CLAUDE_MD=1). Hierarchical: nearest file to the code wins.
You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

# PHASE 3 TAIL FOR OpenCode
When I confirm, write the curated content to ./AGENTS.md at the repository root.
Format quirks: Plain Markdown for AGENTS.md. Configuration (custom paths, hooks, model config) goes in opencode.json (JSONC). Hooks are TypeScript plugins.

Antigravity 2.0

GEMINI.md
3-level hierarchy: Global ~/.gemini/GEMINI.md โ†’ Workspace GEMINI.md โ†’ subdirectories. Antigravity also reads AGENTS.md since v1.20.3 (Mar 2026), but GEMINI.md wins on conflict. Antigravity 2.0 (2026-05-19) supports multi-folder project context โ€” one GEMINI.md can govern several roots.
You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

# PHASE 3 TAIL FOR Antigravity 2.0
When I confirm, write the curated content to ./GEMINI.md at the repository root.
Format quirks: Plain Markdown for GEMINI.md. Workflows use YAML frontmatter with `description`. Knowledge Subagent will asynchronously distill conversation history into Knowledge Items on top of whatever you put in GEMINI.md.

Kiro

AGENTS.md
Kiro's native instruction system is steering files in .kiro/steering/ (foundation trio product.md / tech.md / structure.md, bootstrapped via the Steering panel's 'Generate Steering Docs'). Kiro also reads AGENTS.md at the workspace root automatically, so the universal prompt below targets AGENTS.md for portability; split the content into .kiro/steering/*.md to use Kiro's 4 inclusion modes (always / fileMatch / manual / auto).
You are bootstrapping a context file for AI coding agents. Do NOT auto-write it. Do this in three phases.

# PHASE 1 โ€” SCAN (read-only, no edits)

1. List top-level structure: run `ls -la` then `find . -maxdepth 3 -type d -not -path '*/.*' | sort`.
2. Detect stack: read whichever of these exist โ€” package.json, pyproject.toml, requirements.txt, Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, deno.json, *.csproj.
3. Read existing docs: README*, CONTRIBUTING*, ARCHITECTURE*, docs/index*, .editorconfig.
4. Detect vendor instruction files and per-vendor config already present: CLAUDE.md, AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurf/rules/*.md, .clinerules (or .clinerules/ directory), opencode.json.
5. Identify the most-edited files: `git log --since='90 days ago' --pretty=format: --name-only | sort | uniq -c | sort -rn | head -25`.
6. Run `--help` (or read help docs) for any non-obvious tool you find in scripts/Makefile (e.g. `make help`, `bun run`, custom CLI). Do NOT execute build/test commands.

# PHASE 2 โ€” DRAFT (write a draft, NOT the final file)

Produce a draft with EXACTLY these sections, in this order. Keep total under 300 lines; target 60.

**WHAT** โ€” Stack, languages, frameworks, package manager, runtime versions. One line per item. Only versions you actually verified.

**WHY** โ€” Two sentences: what this project is for, and the one non-obvious thing about how it is shaped (monorepo? plugin host? CLI + lib? data pipeline?).

**HOW** โ€” Bullet list of exact commands. Install, lint, typecheck, test (unit + integration if separate), build, run dev. Use the actual package manager (bun vs pnpm vs npm vs uv vs poetry vs cargo), not a generic placeholder.

**NON-OBVIOUS** โ€” Anything an experienced engineer would not guess from reading the code: required env vars and where to get them, services that must run locally, secrets handling, custom DSLs, generated code that should never be edited by hand, code paths that look dead but are entry points.

**BOUNDARIES** โ€” Three tiers in this exact format:
  - โœ… Always OK to modify: <paths/patterns>
  - โš ๏ธ Ask first: <paths/patterns>
  - ๐Ÿšซ Never touch: <paths/patterns>

**KEY FILES** โ€” Pointers (not copies) to deeper docs and the few files that define the architecture. Use relative paths.

Write the draft to a temp path so I can review before it replaces the live file: print it to stdout AND save to `./.init-draft.md`.

# PHASE 3 โ€” CURATE (I do this, you wait)

Stop after Phase 2. Do not write to <<OUTPUT_FILE>>. Wait for me to review the draft, strip anything a linter or formatter already enforces, replace any inline code snippets with pointers to source files, and only then I will copy the curated content into <<OUTPUT_FILE>>.

# PHASE 3 TAIL FOR Kiro
When I confirm, write the curated content to ./AGENTS.md at the repository root (or split into ./.kiro/steering/product.md, tech.md, structure.md for Kiro-native steering).
Format quirks: Plain Markdown. Steering files support 4 inclusion modes; foundation files are always loaded. Skills live in .kiro/skills/<name>/SKILL.md (open Agent Skills standard). MCP servers configured in .kiro/settings/mcp.json. No .kiroignore is documented.

Pitfalls โ€” what NOT to put in the file

Don't let the agent auto-write the file

/init-style commands write directly. The evaluation paper measures auto-generated files at ~โˆ’3 pp vs no file, and human-curated at ~+4 pp. The 7 pp gap comes from the agent dumping every command it finds; models then start ignoring the bloated file. Phase 3 above keeps you in the loop.

Don't put style rules in the context file

Naming, indentation, formatting โ€” those belong in linters/formatters. Putting them in CLAUDE.md / AGENTS.md wastes the ~150-instruction budget and the model often disobeys them anyway. ESLint/Prettier/ruff don't negotiate.

Don't be task-specific

Everything in the file should apply to every session. Task-specific guidance belongs in the prompt you write per task, not in a globally-loaded file.

Prefer pointers to copies

If you need to explain the test layout in depth, write `./agent_docs/testing.md` and reference it. Embedded code snippets in the root context file rot fast and lie to the agent.

Research Pending

Sections scheduled but not yet sourced

These topics belong in the report but currently lack provenance. They are listed here so readers know what is missing rather than guessing. Source Scout will populate them as data becomes available; until then, no fabricated values appear in the matrices.
Performance benchmarks SWE-bench Verified, Terminal-bench, and Aider Polyglot scores per platform โ€” including model version and date of run. Needs: Public leaderboard URL + model version + run date per platform
Telemetry & privacy defaults What leaves the user's machine by default. Training-on-data opt-out vs opt-in. Retention window. Citation: official privacy/trust page per vendor. Needs: Privacy/trust page URL + verified statement on default behavior
Compliance certifications SOC 2 Type II, ISO 27001, HIPAA BAA availability, FedRAMP authorization, GDPR/EU residency options. Only Copilot's FedRAMP status is currently in the report. Needs: Trust portal URL + attestation date per cert per platform
MCP server / integration breadth Count of MCP servers in each platform's marketplace or registry (or note 'BYO, no marketplace'). One number is cited for Cline today โ€” needs parity for the other seven platforms. Needs: Marketplace URL + count-as-of date per platform
Model coverage matrix Which model families each platform supports today: Claude 4.x, GPT-5.x, Gemini, local via Ollama/vLLM, Mistral, DeepSeek. Scattered across cards now; needs a single matrix. Needs: Vendor docs URL confirming each model family per platform
IDE / OS / language support Matrix of supported IDEs (VS Code, JetBrains, Neovim, web, CLI) ร— OS (macOS, Linux, Windows). Implied today but never tabulated. Needs: Vendor system-requirements page per platform
Public roadmap Announced-but-not-shipped features per platform, separate from 'What's New'. Currently invisible. Needs: Public roadmap or quarterly note URL per platform
Failure modes Where each agent typically breaks in practice: context-window exhaustion, long-session degradation, cross-file refactor accuracy, tool-call loops. Operational, not marketing. Needs: Mix of public incident reports, vendor docs on limits, and user-community sentiment
Migration & lock-in Cost of switching: do SKILL.md, agent definitions, hooks, and instruction files port across? Where do they not? Needs: Cross-vendor compatibility statements and format specs
New entrant: Grok Build (xAI / SpaceXAI) xAI's Grok Build coding agent + Grok 4.5 (Jul 8, 2026; $2/$6, trained alongside Cursor, offered in Cursor on all plans). Candidate 9th platform. Needs: Official Grok Build docs URL + feature/pricing/model coverage to run the add-a-platform checklist.
New entrant: JetBrains Junie JetBrains Junie coding agent went GA (June 2026), re-architected on ACP. Candidate platform, esp. for the JetBrains ecosystem. Needs: Junie GA feature set + pricing + model coverage.
ACP (Agent Client Protocol) as a cross-vendor standard Zed-created, JetBrains-co-maintained 'LSP for coding agents'; MS Intelligent Terminal 0.1 (Jun 2) shipped a native ACP pane; Junie GA rebuilt on ACP. Cross-platform interop dimension the matrix does not yet capture. Needs: Per-platform ACP support status (client/server) with source URLs.
MCP 2026-07-28 spec revision Biggest MCP revision since launch (RC locked May 21): stateless HTTP core, MCP Apps (server-rendered UI), Tasks (long-running), mandatory OAuth 2.1, new routing headers. SC Media flags new client-state-hijack risks. Needs: Per-platform MCP spec-version adoption once the spec finalizes (2026-07-28).

What's New (vendor changelogs โ€” not the report's last-updated date; that is at the top of the page)

Cycle delta

8platforms with updates
26applied
18under review / new
11deferred
4security-related
2pricing-related

Antigravity

vendor: 2026-03-25["How is Gemini changing Maps?", "What is \"vibe design?\"", "How can I learn nenew
vendor: 2026-04-09Try notebooks in Gemini to easily keep track of projectsnew
vendor: 2026-05-19Antigravity 2.0 desktop app launches at Google I/O 2026applied
vendor: 2026-05-19Antigravity CLI launches as new product surfaceapplied
vendor: 2026-05-19Antigravity SDK launches with programmatic agent accessapplied
vendor: 2026-05-19Antigravity integrates with Gemini Enterprise Agent Platformapplied
vendor: 2026-05-19Gemini 3.5 Flash is now the primary model in Antigravity 2.0applied
vendor: 2026-05-19Google AI Ultra $100/mo plan introduced for Antigravityapplied
vendor: 2026-05-19Antigravity 2.0 release-quality concerns: community rollback to 1.23.2applied
vendor: 2026-03-05Antigravity 1.20.3 adds AGENTS.md support, retires command_support, defaults autdeferred
vendor: 2026-06-22IDE, CLI and Antigravity 2.0, all three facing high response timesdeferred
vendor: 2026-06-29- Google Developers Blogdeferred
vendor: 2026-07-14267 lines (226 loc) ยท 34.2 KBapplied
vendor: 2026-07-142026-07-13T23:07:37Zdeferred
vendor: 2026-07-14Cloud Homepagedeferred
vendor: 2026-07-14Antigravity CLI Stuck on "Antigravity Starter Quota"applied

OpenAI Codex

vendor: 2026-03-15Clarify Codex agent-definition wording so AGENTS.md is not mistaken for an agentapplied
vendor: 2026-03-180.116.0-alpha.6deferred
vendor: 2026-03-18Docs, videos, and demo apps for building with OpenAIdeferred
vendor: 2026-03-19tagorr, breakcraft, yougrandpa, and potapenko reacted with rocket emojideferred
vendor: 2026-03-250.117.0-alpha.17new
vendor: 2026-03-25Notebook examples for building with OpenAI modelsnew
vendor: 2026-04-09Security and qualitynew
vendor: 2026-04-09Guides, concepts, and product docs for Codexnew
vendor: 2026-06-29Release notes from codexdeferred
vendor: 2026-06-29Workspace Agentsdeferred
vendor: 2026-07-142026-07-14T07:11:23Zdeferred
vendor: 2026-07-14Example workflows and tasks teams can take on with ChatGPT or Codexapplied

GitHub Copilot

vendor: 2026-03-15Clarify Copilot handoff scope across IDE and GitHub.com surfacesapplied
vendor: 2026-03-18Improvementapplied
vendor: 2026-03-25Improvementnew
vendor: 2026-04-09Copilot-reviewed pull request merge metrics now in the usage metrics APInew
vendor: 2026-06-29https://github.blog/changelog/label/copilot/applied
vendor: 2026-07-14Tue, 14 Jul 2026 13:02:40 +0000applied

Claude Code

vendor: 2026-03-15Operational example: review stale voice-input rollout wording before future releunder review
vendor: 2026-03-18March 17, 2026applied
vendor: 2026-03-25Use Claude Codenew
vendor: 2026-04-09Explore the .claude directorynew
vendor: 2026-06-29Claude Code changelog - Claude Code Docsapplied
vendor: 2026-07-14Chrome extensionapplied

Cursor

vendor: 2026-03-25Mar 19, 2026new
vendor: 2026-04-09Apr 8, 2026new
vendor: 2026-06-29What's New in Cursor โ€” Latest Updates & Release Notesapplied
vendor: 2026-07-14Automationsapplied

Cline

vendor: 2026-03-2520 Mar 23:27new
vendor: 2026-04-09Security and qualitynew
vendor: 2026-06-29GitHub Copilot appapplied
vendor: 2026-07-14Release listapplied

OpenCode

vendor: 2026-04-09Security and qualitynew
vendor: 2026-06-29Release notes from opencodeapplied
vendor: 2026-07-142026-07-13T21:09:41Zapplied

Kiro

vendor: 2026-07-142026-07-14T04:29:29.219Zapplied

Glossary

Agent
An LLM-driven loop that can call tools, edit files, and run commands on the user's behalf. The catch-all label every vendor uses; specifics differ wildly.
compare: subagent, skill
Subagent
An agent spawned by another agent with a narrower scope or different model. Claude Code's named markdown definitions are the reference implementation; Copilot calls these "handoffs", Cursor calls them "/multitask".
see also: Agent Teams, peer-to-peer messaging
Skill (SKILL.md)
A reusable, file-based capability following the SKILL.md open standard: triggers, instructions, optional code. Originated in Claude Code; partial support spreading to other platforms.
see also: instruction file
Hook
A user-defined script or rule triggered at lifecycle points (pre-tool, post-tool, on-commit, on-stop). Lets you enforce policy, run validators, or shape behavior deterministically.
compare: lifecycle event, policy
MCP (Model Context Protocol)
Anthropic-originated open standard for connecting LLMs to external tools, data sources, and APIs over a uniform interface. Adopted by most platforms with varying server registries.
see also: tool, integration
Lens
A filter view in this report (Security / Cost / Open Source) that dims content not relevant to that concern. Not a vendor feature.
report-internal term
Executive vs Deep view
Report view modes. Executive shows decision-critical sections only; Deep exposes the full matrix, agent catalogs, and configuration tables.
report-internal term
Instruction file
The per-project memory file an agent reads on startup (CLAUDE.md, .cursorrules, .github/copilot-instructions.md, AGENTS.md). Hierarchy and merge semantics vary.
see also: project memory
Auto-delegation
When the primary agent autonomously routes a subtask to a different model, agent, or tool without asking the user. Carries cost and security implications.
see also: permission mode
Permission mode
Sandbox / approval policy controlling which tools the agent can run unattended. Names vary: "plan", "acceptEdits", "dontAsk", "bypassPermissions" in Claude Code; "yolo", "safe", "auto" elsewhere.
see also: hook
BYOK
Bring Your Own Key. The platform runs against a model provider account that you pay directly, instead of bundling inference into a subscription.
see also: pricing model
Confidence (this report)
A 0.0-1.0 score on each tracked claim reflecting source authority, source count, and recency. Surfaced as colored dots and per-section averages.
see also: claim, last verified
Severity (risks)
Categorical impact rating: critical (CVSS 9-10 / RCE / unauthenticated), high (CVE / exfiltration / prompt injection), medium (cost or operational), low. Explicit field per item, with a text-pattern fallback.
see also: prevalence
Prevalence (risks)
How widely the risk is documented: confirmed (CVE/incident with public PoC), observed (multiple reports, no formal disclosure), theoretical (plausible by design, no public report).
see also: severity
Two-layer architecture
This report separates product capability (feature matrix, subagents, config) from market evidence (enterprise adoption cases). Enterprise cases are signals, not normalized feature scores.
report-internal term

Methodology

Data Sources

14 platform changelogs and release pages monitored. Sources fetched daily via automated pipeline. Snapshots stored and diffed for change detection.

Scoring

Dimension scores computed from registry data: โœ… = 1.0, โš ๏ธ = 0.5, โŒ = 0.0, averaged across all rows in each section. Overall = mean of 5 dimensions (Features, Customization, Skills, Onboarding, Execution).

Confidence

63 claims tracked with confidence scores (0.0โ€“1.0). Confidence based on: number of independent sources, source authority (official docs > community reports), and recency of verification.

Update Cycle

Daily: automated source fetch. Weekly: change candidate review. Per-release: human adjudication โ†’ patch context โ†’ adversarial review โ†’ patch application. Every change requires human approval.

Limitations

Single-author perspective. English-only sources. No user surveys or telemetry. Snapshot-based (not real-time). Pricing may be outdated within days. Beta/preview features may change without notice. Security disclosures may have embargoed details.