The Copilot SDK gives you the same agent runtime that powers Copilot CLI — as a programmable library. You define agent behavior and tools, and Copilot handles planning, tool invocation, file edits, and the entire orchestration loop. No need to build your own agent framework.

Usage-based billing went live on June 1. Two days in, most developers have zero visibility into what's actually burning their premium requests. Chronicle just shipped a new cost-focused command — /chronicle:cost-tips — that surfaces exactly that. Think of it as the spending companion to the workflow-quality /chronicle:tips command we covered in April. It builds on the same session insights infrastructure in VS Code but points the lens squarely at your wallet. This post is commentary on why it matters right now.

GitHub shipped native code coverage in Pull Requests as a public preview. You get line-level annotations in the diff view, coverage deltas in the conversation tab, and enforcement via repository rulesets — all without installing Codecov, Coveralls, or any external app. No tokens, no OAuth grants, no third-party data access.

This continues a familiar pattern: GitHub absorbing common CI/CD tooling into the platform itself. Dependabot replaced Greenkeeper. Code scanning absorbed LGTM. Secret scanning eliminated dedicated tools. Now coverage display and gating joins the list.

Full details in the GitHub Changelog announcement.

Google I/O 2026 just wrapped, and Chrome's web platform announcements deserve a dedicated look. While the keynote predictably led with Gemini and Android, the Chrome team quietly shipped — or signaled — some of the most consequential changes to browser capabilities we've seen in years. If you build for the web, this was a big one.

Three themes dominated: AI built directly into the browser platform, new rendering capabilities that eliminate entire categories of workarounds, and developer tooling that acknowledges the reality of AI agents writing and testing code. None of these are incremental CSS features or minor API additions. They represent Chrome's bet on what web development looks like in 2027 and beyond.

What follows is a breakdown of the five announcements that matter most, with practical guidance on what to try now versus what to watch.

The State of Web Dev AI 2026 survey results have been published. This is the newest addition to the "State of" survey family by Devographics — the team behind State of JS, State of CSS, and State of HTML — now focused specifically on how developers use AI in their web development workflows.

npm CLI 11, released in February 2026, ships a new config option called min-release-age. It refuses to resolve any package version published less than a configured number of days ago. The idea is simple: give the community time to detect compromised releases before they land in your node_modules. Previously this was only available via pnpm's minimumReleaseAge — now npm has it natively.

TanStack packages — @tanstack/query, @tanstack/router, @tanstack/table — collectively pull tens of millions of weekly downloads. They sit deep in dependency trees across a huge number of production apps. In early 2026, an attacker obtained an npm publish token from TanStack's CI pipeline and used it to push malicious versions of several packages. Obfuscated postinstall hooks phoned home to attacker infrastructure. The window was short — hours — but hours is a lot of npm install runs.

This isn't a new pattern. The same playbook worked against lottie-player in 2025 and ua-parser-js in 2021. What changes each time is the name on the package and the number of people scrambling. This post walks through what happened, why the pattern keeps repeating, and what you can do about it today.

Gergely's post on the LLM Wiki pattern hit close to home. I've been doing something adjacent for a while — personal knowledge management with Obsidian and local LLMs — and I immediately wanted to try the pattern on my own vault. Here's what I ran into, what worked, and what didn't.

In January 2020, esbuild 0.1 dropped and gave the JavaScript ecosystem its first taste of what esbuild's own FAQ described as 10–100× faster tooling. The shock was real, but the lasting shift wasn't actually Go. By 2021 the new tools coming out — SWC, Turbopack, Rspack, Biome, oxc, Rolldown, Lightning CSS, plus runtimes like Deno and desktop shells like Tauri — were almost uniformly Rust. Six years later, on a modern frontend project, a non-trivial fraction of what lands in node_modules after npm install is a Rust binary in a thin JavaScript wrapper. This post is a curiosity tour of that landscape: who built what, in what order, and how the Rust pieces actually get into the install. It is not a recommendation post; there is no switch-to-X conclusion at the end.

VS Code 1.118 shipped an experimental feature called Chronicle on April 29, 2026, and it solves a problem most of us have been working around for months: your Copilot Chat history is now a queryable artifact, not a scroll-to-find afterthought. If you've ever prepped for a standup by scrolling through yesterday's agent sessions, or tried to remember what you did across three branches last Thursday, Chronicle targets exactly that pain. The full details are in the VS Code 1.118 release notes — this post is commentary on why it matters, not a restatement of the feature spec.