The Wire · Showcase
MACOS PYTHON 3.9 BUG SILENCES SECURITY REVIEWER - AGENT SDK HOSTING COOKBOOK SHIPS
By RepoJournal · Filed · About Anthropic
The security-guidance plugin's agentic commit reviewer has been silently failing on macOS systems with Apple's default Python 3.9, even when Python 3.10+ is installed.
A three-layer bug in claude-plugins-official [2] caused the LLM-powered commit reviewer to never run on affected macOS machines. The issue: `sg-python.sh` only checked major version numbers, always preferring Apple's 3.9 over newer Homebrew installs, while `claude_agent_sdk` requires Python 3.10+. The fix merged overnight [1] and patches the version detection logic. In parallel, the same repo shipped per-entry verdict comments for plugin scans [3], allowing downstream dashboards and label automation to read verdicts directly from PRs instead of scraping logs. The team also added Apache 2.0 licensing at the repo root for consistency [4]. Over in claude-cookbooks, the Agent SDK hosting cookbook just dropped [6], walking teams through deployment across Docker Compose, Modal, and Kubernetes using identical container images and HTTP interfaces. On the legal tools side, two critical fixes landed: a handoff request extractor that was truncating nested JSON payloads at the first closing brace [7], and a Linux compatibility fix for the deployment script where mktemp templates needed three X's instead of two [8]. The healthcare desk documented the ICD-10 Codes MCP connector in the main README [5], closing a gap where users couldn't discover it from top-level docs.
Action items
- → If you use claude-plugins-official on macOS, pull the Python 3.9 fix immediately anthropics/claude-plugins-official [immediate]
- → Review the new Agent SDK hosting cookbook for deployment patterns before your next rollout anthropics/claude-cookbooks [plan]
- → If running claude-for-legal on Linux, upgrade to the mktemp fix anthropics/claude-for-legal [immediate]
References
- [1] Merge pull request #2073 from anthropics/fix-2071-macos-python-39 anthropics/claude-plugins-official
- [2] security-guidance: enable LLM review on default macOS Python 3.9 (#2071) ↗ anthropics/claude-plugins-official
- [3] feat(scan): emit per-entry sticky verdict comments ↗ anthropics/claude-plugins-official
- [4] Add Apache 2.0 LICENSE to repo root ↗ anthropics/claude-plugins-official
- [5] Add ICD-10 Codes MCP to README documentation ↗ anthropics/healthcare
- [6] Agent SDK cookbook 07: Hosting your agent (Docker / Modal / Kubernetes) ↗ anthropics/claude-cookbooks
- [7] Fix handoff_request extractor truncating nested payloads at the first `}` ↗ anthropics/claude-for-legal
- [8] Fix mktemp template so deploy-managed-agent.sh runs on Linux ↗ anthropics/claude-for-legal
FAQ
- What changed in Anthropic on May 29, 2026?
- The security-guidance plugin's agentic commit reviewer has been silently failing on macOS systems with Apple's default Python 3.9, even when Python 3.10+ is installed.
- What should Anthropic teams do about it?
- If you use claude-plugins-official on macOS, pull the Python 3.9 fix immediately • Review the new Agent SDK hosting cookbook for deployment patterns before your next rollout • If running claude-for-legal on Linux, upgrade to the mktemp fix
- Which Anthropic repositories shipped on May 29, 2026?
- anthropics/claude-plugins-official, anthropics/healthcare, anthropics/claude-cookbooks, anthropics/claude-for-legal