Three topics for engineers and practitioners, 30 seconds reading time, one hands-on insight per topic. Weekly at IT professional level — what should land on your bookmark list this week.
1. The Claude Trinity as Workflow — not as Tool Collection
Those treating Claude AI, Claude Cowork, and Claude Code as three separate apps are missing the essential piece. The leverage emerges in choreography: Claude AI thinks the architecture, Claude Code builds the code, Claude Cowork executes operations — with clear handoff prompts between layers.
Hands-on: For your next complex task (refactoring, plugin build, data migration), test this sequence consistently. Start with “let’s think this through” in Claude AI, have it generate a handoff prompt for Claude Code, pass that verbatim onward. Iteration is not the bug — iteration is the method.
→ Editorial: The Claude Trinity
2. MCP — Model Context Protocol as Second Trust Layer
MCP servers are evolving right now from hobby add-on to production infrastructure. Anthropic has opened the protocol, an expanding library of MCP servers integrates cloud providers, databases, ITSM systems, custom tools. Whoever writes an MCP server becomes a permanent trust layer between their colleagues and their tools.
Hands-on: Identify one tool in your daily work whose UI regularly frustrates you (Jira, Confluence, ServiceNow, in-house application). Write a minimal MCP server that makes the five most frequent operations accessible via Claude. Effort: 2–4 hours. Effect: you stop clicking in that UI and talk to Claude instead. Multiplied across every colleague using the server.
3. Auto-Update for Editor Extensions — a Deliberate Trade-off
The Nx Console supply chain attack in May demonstrated it: VS Code auto-update can distribute a compromised extension to thousands of machines within hours. Auto-update is a trade-off between security (rapid patches) and risk (rapid malware distribution).
Hands-on: Three questions for your own machine. First: which VS Code extensions do you have installed that you don’t actively use? Uninstall them. Second: which ones store credentials? Rotate and scope your tokens. Third: which receive auto-updates directly from a source you don’t fully trust? Disable auto-update for those, maintain manually with a 3–5 day delay.
→ KEDB #001 Nx Console Analysis
Lumi IT Professional Digest, Week 22/2026. Pilot format — feedback anytime via the contact page. Research and first draft AI-assisted, editorial approval by Lumi-Systems.io. Disclosure per Article 50 EU AI Act.