RepoJournal
Anthropic

@anthropics

Claude SDKs and developer tooling

Pick a date

  1. Fri 1 may
  2. Sat 2 may
  3. Sun 3 may
  4. Mon 4 may
  5. Tue 5 may
  6. Wed 6 may
  7. Thu 7 may
  8. Fri 8 may
  9. Sat 9 may
  10. Sun 10 may
  11. Tue 12 may
  12. Wed 13 may
  13. Thu 14 may
  14. Sat 16 may
  15. Sun 17 may
  16. Tue 19 may
  17. Wed 20 may
  18. Thu 21 may
  19. Sat 23 may
  20. Mon 25 may
  21. Tue 26 may
  22. Thu 28 may
  23. Fri 29 may
  24. Sat 30 may
  25. Sun 31 may
  26. Mon 1 jun
  27. Mon 8 jun
  28. Tue 9 jun
  29. Today 10 jun

The Wire · Showcase

C# AND JAVA SDKS SHIP AUTH OVERHAUL; ORJSON FORK REINS IN RECURSION

By RepoJournal · Filed · About Anthropic

All five Anthropic SDKs landed Workload Identity Federation and interactive OAuth in a coordinated push [ref:10][ref:11][ref:12][ref:13][ref:14][ref:15], while the orjson fork restores the upstream 1024-depth recursion limit as a configurable guard against stack overflow [ref:1][ref:2].

The C# SDKs—Aws, Vertex, Bedrock, Foundry, and the core Anthropic client [1][2][3][4][5]—all crossed the finish line yesterday with v0.3.0 through v12.18.0, shipping Workload Identity Federation, interactive OAuth, and auth profiles across the board [1]. Java sdk-java v2.28.0 [6] lands the same auth suite plus improved Managed Agents APIs [15]—the ability to filter sessions by memory_store_id, nullable handling fixes, and max_tokens:0 support. On the core side, orjson's fork had removed yyjson's recursion limit entirely to allow arbitrarily deep JSON nesting, but that left the C stack vulnerable [7]. The new max_depth kwarg defaults to 1024 (matching upstream) while letting callers opt into deeper parsing by passing max_depth=None or a higher integer [8]—nesting past the limit now raises JSONDecodeError instead of crashing. Separately, orjson's publish-internal pipeline is being hardened: the PEP-440 wheel filename normalization caused check-pypi to fail (hyphen vs. dot), so the fix replaces filename validation with a version-only check [9][10][11]. The vulnerability detection agent cookbook landed in claude-cookbooks [12], bringing threat-model-to-report workflows into the public repo using claude-agent-sdk's built-in Code tools. One final hygiene win: buffa's CLA check now retries transient 5xx errors instead of failing immediately [13][14].

Action items

References

  1. [1] Aws: v0.3.0 ↗ anthropics/anthropic-sdk-csharp
  2. [2] Vertex: v0.4.0 ↗ anthropics/anthropic-sdk-csharp
  3. [3] Bedrock: v0.7.0 ↗ anthropics/anthropic-sdk-csharp
  4. [4] Foundry: v0.6.0 ↗ anthropics/anthropic-sdk-csharp
  5. [5] Anthropic: v12.18.0 ↗ anthropics/anthropic-sdk-csharp
  6. [6] v2.28.0 ↗ anthropics/anthropic-sdk-java
  7. [7] loads: add max_depth kwarg, default 1024 (matches upstream) ↗ anthropics/orjson
  8. [8] loads: add max_depth kwarg, default 1024 (matches upstream) anthropics/orjson
  9. [9] ci: fix publish-internal check + changelog for 3.11.7-post4 ↗ anthropics/orjson
  10. [10] ci: add publish-internal job to upload wheels to Artifactory ↗ anthropics/orjson
  11. [11] Merge pull request #22 from anthropics/mamps/fix-publish-check anthropics/orjson
  12. [12] feat(claude_agent_sdk): add vulnerability detection agent cookbook ↗ anthropics/claude-cookbooks
  13. [13] ci: bump cla-github-action to 5b54183 (retry transient 5xx) (#89) anthropics/buffa
  14. [14] ci: bump cla-github-action to 5b54183 (retry transient 5xx) ↗ anthropics/buffa
  15. [15] feat(api): improve Managed Agents APIs anthropics/anthropic-sdk-java

FAQ

What changed in Anthropic on May 5, 2026?
All five Anthropic SDKs landed Workload Identity Federation and interactive OAuth in a coordinated push , while the orjson fork restores the upstream 1024-depth recursion limit as a configurable guard against stack overflow .
What should Anthropic teams do about it?
Pull C# and Java SDK updates to unlock Workload Identity Federation and OAuth support in your deployment. • Review orjson's max_depth parameter if your JSON payloads exceed 1024 levels of nesting; otherwise, the new default is safe. • Explore the vulnerability detection agent cookbook for threat modeling patterns compatible with claude-agent-sdk.
Which Anthropic repositories shipped on May 5, 2026?
anthropics/anthropic-sdk-csharp, anthropics/anthropic-sdk-java, anthropics/orjson, anthropics/claude-cookbooks, anthropics/buffa

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.