🧭 Claude Managed Agents Gain Private Network Access — MCP Tunnels and Self-Hosted Sandboxes Arrive

Anthropic has added two major security and privacy features to Claude Managed Agents: MCP Tunnels, which let agents reach MCP servers inside a private network without exposing them to the public internet, and Self-Hosted Sandboxes, which keep sensitive files and code execution on the customer's own infrastructure while Anthropic's orchestration layer handles scheduling and coordination. Together, these address the two most common blockers for enterprises evaluating Managed Agents for sensitive workloads: network isolation and data residency.

MCP Tunnels — how they work

MCP Tunnels establish a secure outbound connection from the customer's internal network to the Managed Agents service. No inbound firewall rules are required, and no internal server is exposed to the internet. The agent can then call internal MCP tools — databases, private APIs, knowledge bases, ticketing systems — exactly as it would call a public MCP server, with end-to-end traffic encryption throughout.

• Lightweight gateway — a small daemon deployed inside the private network handles the single outbound tunnel connection
• No public exposure — the internal MCP server is never addressable from outside the network
• Status: limited research preview; access requests required

Self-Hosted Sandboxes — the split architecture

The Managed Agents orchestration loop (scheduling, reasoning, agent lifecycle) continues to run on Anthropic's infrastructure. But tool execution — running code, reading and writing files, calling APIs — happens inside a sandbox configured in the customer's own environment. Supported sandbox providers at launch include Cloudflare, Daytona, Modal, and Vercel. This means that source code, proprietary data, and credentials processed by an agent never leave the customer's own cloud account, even when the orchestration is managed by Anthropic.

🧭 Claude Code v2.1.147 + v2.1.148: /code-review Replaces /simplify, Pinned Sessions Stay Alive

Two Claude Code releases landed on May 21–22 with developer-workflow improvements and a quick regression fix. The headline change: /simplify is now /code-review, with an optional effort-level argument. The command does the same thing — reads changed code and identifies improvements — but the new name more accurately describes the intent and adds granularity over how thorough the review should be.

What changed in v2.1.147

• /code-review [level] — replaces /simplify. Levels: /code-review low, /code-review medium (default), /code-review high. Higher effort means more thorough analysis at higher token cost.
• Pinned background sessions (Ctrl+T) survive idle — previously, pinned sessions in claude agents would die if the agent went idle; they now stay alive and are restarted in-place when Claude Code auto-updates.
• Auto-updater retry logic — the updater now retries on transient failures instead of failing silently.
• Diff rendering performance — large file edits render significantly faster in the diff view.
• PowerShell fixes on Windows — tool failures with winget and Microsoft Store installations are resolved.
• MCP pagination fix — paginating MCP servers no longer drops resources and templates.
• Windows Terminal strobing fix — full-screen strobing in background sessions is gone.

What changed in v2.1.148 (May 22)

v2.1.148 is a hotfix: the Bash tool was returning exit code 127 (command not found) on every invocation for some users — a regression introduced in v2.1.147. This is patched. If you saw hooks or scripts inexplicably failing after the v2.1.147 update, upgrading to v2.1.148 should resolve it.

🧭 Anthropic Hosts Live Webinar on Using Claude Code to Modernise State and Local Government Software

Anthropic held a live, demo-first webinar on May 22 — "Claude Code and Public Service: Modernising How State and Local Governments Build Software" — targeted at SLED (State, Local, Education) IT teams responsible for aging, hard-to-maintain government systems. The session demonstrated how Claude Code can compress delivery timelines for constituent-facing services from quarters to days, addressing the specific pain of legacy codebases where the original authors have often retired.

The use-case landscape for government IT

Government software portfolios are uniquely challenging: COBOL-backed benefits eligibility systems, aging .NET permitting platforms, DMV and tax systems written in languages few practitioners know today. Staffing these with experienced maintainers is expensive and increasingly impossible. The webinar showed how Claude Code's agentic capabilities — reading and understanding legacy code at scale, writing tests, proposing modernisation paths — map directly to this problem:

• Legacy system comprehension — Claude Code can read COBOL, understand what a function does in context, and explain it to a modern developer who has never seen COBOL
• New constituent-facing services — online permit applications, status portals, and eligibility calculators can be scaffolded on top of existing back-end data without a full rewrite
• Accelerated delivery — demos showed services shipping in days that previously required quarter-long procurement and development cycles

Why this matters beyond government

The techniques demonstrated — using Claude Code as an "interpreter" layer between legacy systems and modern development teams — apply broadly. Any organisation running inherited codebases in languages with shrinking talent pools (COBOL, Perl, legacy VB.NET, classic ASP) faces the same constraints. The government sector is simply the most visible case because procurement rules prevent quick migrations. A recording is being distributed within 48 hours of the live session.