Ecosystem Update — 2026-05-13

May 13, 2026 · curated by Chad Simon · 18 items reviewed

Highlights

No safe harness Quick Win cleared the automatic-edit bar today; the useful signals all require a new script, a new hook surface, a skill audit, or an explicit memory-policy decision
The strongest near-term queue item is a hook health smoke check: GitHub issue #21639 reports Codex Desktop hook regressions, and this setup depends on PreToolUse, PostToolUse, SessionStart, Stop, and PreCompact

None safe today hook / skill / memory

Daily scan

No automatic harness edit: every candidate needed new scripts, new hooks, external skill trust, policy changes, or upstream support

Codex Desktop hook regression smoke check hook

github.com/openai/codex

Add a small local diagnostic that verifies expected hook execution after Codex Desktop or CLI updates
Hook parity gap tracker hook

github.com/openai/codex

Track upstream hook parity against the local hooks.json contract, especially PostToolUseFailure, subagent lifecycle, config drift, worktree, and post-compaction events. Not a Quick Win because Codex does not expose these hook events locally yet
Repo-scoped experience compiler intake memory

github.com/openai/codex
Community Codex skill catalog audit skill

github.com/ComposioHQ/awesome-codex-skills

Audit individual skills such as gh-fix-ci, pr-review-ci-fix, sentry-triage, datadog-logs, and webapp-testing with codex-skill-audit --strict before considering local installation. Do not wholesale import
Codex release and changelog watcher Codex-md

github.com/shanraisshan/codex-cli-best-practice

Current local CLI is codex-cli 0.130.0; keep the release watcher in the queue rather than auto-upgrading because version changes affect hooks, plugins, app-server behavior, and Desktop compatibility
Native Codex memories pilot plan mcp

github.com/shanraisshan/codex-cli-best-practice

Autonomous LLM Agent Worms: Cross-Platform Propagation, Automated Discovery and Temporal Re-Entry Defense

arXiv

Directly relevant to this runtime's persistent memory, scheduled state, and off-machine connectors; prioritize typed memory promotion, sealed config, and capability attenuation patterns
ASIA: an Autonomous System Identification Agent

arXiv

Useful as a cautionary reference for autonomous experimentation loops: it highlights closed-loop hypothesis/implementation/evaluation, plus risks around test leakage and reproducibility
To What Extent Does Agent-generated Code Require Maintenance? An Empirical Study

arXiv

Reinforces the existing maintenance-score queue item: agent-authored files need explicit later review, not only initial green tests
Can Coding Agents Reproduce Findings in Computational Materials Science?

arXiv

Supports stronger environment reconstruction and evidence capture before claiming task completion, especially for underspecified workflows

Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.

Enable native Codex memories immediately
Wholesale import from Composio or other community skill catalogs — violates the local outside-skill trust rule; individual skills need codex-skill-audit --strict and a concrete recurring use case
Adopt full Claude Code hook parity locally — overfits to unimplemented upstream events; keep as a watcher until Codex exposes stable event and payload contracts
Auto-format hook wiring — requires repo-specific formatters or a new global script, which the ecosystem-update hard limits forbid as an automatic Quick Win
Default to xhigh reasoning or Fast Mode globally — changes cost/latency posture and contradicts the current power-user baseline unless requested for a specific route/profile
Switch to conservative on-request approvals — conflicts with the explicit local runtime posture: approval_policy = "never" and sandbox_mode = "danger-full-access"
Install Deep Agents / LangGraph helper skills — useful only for that external stack; not aligned with the current Codex-owned harness without a concrete project need