Ecosystem Update — 2026-05-14

May 14, 2026 · generated by the ecosystem-update Claude Skill

TL;DR

One safe Quick Win was implemented: the existing Bash PreToolUse guard now blocks more catastrophic local deletions, pipe-to-shell installs, and fork bombs without adding a new hook or external binary.
Today's strongest new research signal is SkillOps: skill libraries need maintenance contracts and health checks, not just task-time retrieval.
The current Codex setup already has the high-value primitives from today's scan: hooks, custom agents, omni-mem, strict skill-audit posture, plugin support, and OpenAI docs MCP; broad community imports remain more risk than leverage.

Quick Wins

Item	Source	Type	Impact	Effort	Action
Balanced safety guard gap tightening	https://github.com/CodeAlive-AI/ai-driven-development	hook	2	1	Auto-implemented additional patterns in existing `/Users/chadsimon/.codex/bin/pre_tool_guard.py`; no new hook, script, binary, or service added.

Build Queue

SkillOps-style local skill contract audit (skill) — https://arxiv.org/abs/2605.13716v1 — Extend skill-audit or skills-janitor with a lightweight contract pass for each installed skill: declared purpose, outputs, allowed actions/tools, validation evidence, and known failure modes. This fits the current large skill inventory and should be built as an audit/check, not a new runtime service.
Full AST-backed Bash guard evaluation (hook) — https://github.com/CodeAlive-AI/ai-driven-development — The current regex guard is now stronger, but the external bash-guard idea covers shell AST cases such as heredocs, bash -c, eval, xargs, and SSH. Evaluate by auditing or reimplementing a Codex-owned subset; do not pipe-install the upstream binary.
AGENTS.override.md compatibility decision (Codex-md) — https://github.com/shanraisshan/codex-cli-best-practice — Codex best-practice guidance points to AGENTS.override.md for personal preferences. Current global policy already owns personal runtime posture, so this should stay a deliberate policy decision rather than an automatic config edit.
Skill metadata gotchas pass (skill) — https://github.com/shanraisshan/codex-cli-best-practice and https://arxiv.org/abs/2605.13716v1 — High-use local skills should expose failure-specific gotchas and sharper trigger descriptions. This is valuable but touches skill bodies, so it is outside Quick Win limits.

Research

SkillOps: Managing LLM Agent Skill Libraries as Self-Maintaining Software Ecosystems — Directly relevant to this machine's many local skills; suggests typed skill contracts, ecosystem graph checks, and health dimensions for utility, compatibility, risk, and validation.

Already Have

Codex-owned AGENTS.md contract, model = "gpt-5.5", approval_policy = "never", sandbox_mode = "danger-full-access", prompt telemetry opt-in/off by default, live web search, codex_hooks = true, goals = true, plugin support enabled, OpenAI developer docs MCP with parallel calls, omni-mem MCP and lifecycle hooks, SessionStart startup/resume repo-context preflight with clear skipped, PreToolUse Bash safety guard, PostToolUse verification ledger and failure context hooks, Stop omni-mem save hook, PreCompact omni-mem hook, custom read-only explorer/planner/reviewer/validator agents, Python and TypeScript reviewer agents, scoped worker agent, chad-twin agent, agent depth/thread/runtime caps, Browser/Computer Use/Documents/Spreadsheets/Presentations/Gmail plugins, strict outside-skill audit rule, session-recall, rlm-scan, planning-gate, bug-miner, security-audit, codex-branch, codex-security, skills-janitor, skill-creator, skill-installer, and prior ecosystem state dedupe.

Rejected

Wholesale import of CodeAlive AI-driven-development skills — rejected: overlaps existing skills and requires codex-skill-audit --strict per outside skill before trust.
Pipe-install upstream bash-guard binary — rejected: the source itself advertises a pipe-to-shell install path; installing external hook binaries automatically violates the local trust and supply-chain posture.
Global auto-format hooks — rejected: useful for specific repos, but a global formatter hook needs repo-aware commands or a new script and can create noisy edits.
Enable native Codex memories immediately — rejected: conflicts with the current omni-mem-first policy unless run as an explicit memory pilot with untrusted-content handling.
Adopt full Claude/Codex hook parity locally — rejected: many events in the upstream parity tracker are not exposed locally; keep as a watcher until Codex ships stable event/payload contracts.
Edit AGENTS.md as a Quick Win — rejected by the ecosystem-update hard limit; constitutional policy changes need explicit user direction.

Auto-Implemented

Backed up config.toml, hooks.json, pre_tool_guard.py, and all custom agent TOMLs to /Users/chadsimon/.codex/backups/2026-05-14/.
Updated /Users/chadsimon/.codex/bin/pre_tool_guard.py to block destructive home/current-directory removals, downloaded scripts piped to shell, and classic fork-bomb syntax.
Verified the hook script compiles and smoke-tested benign Bash input plus a blocked curl ... | bash command.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, https://export.arxiv.org/api/query, https://github.com/openai/codex/issues/21639, https://github.com/openai/codex/issues/21753, https://github.com/openai/codex/issues/20985, https://github.com/CodeAlive-AI/ai-driven-development, web search: "Codex new hooks agents skills site:github.com 2026", web search: "arxiv.org LLM agent coding autonomous 2026 site:arxiv.org" Tier 2 fetched: yes Tier 3 fetched: no — previous weekly run was 2026-05-08, inside the 7-day skip window Run at: 2026-05-14T10:30:40Z