Ecosystem Update - 2026-05-16

May 16, 2026 · curated by Chad Simon · 18 items reviewed

Highlights

One safe harness Quick Win was implemented: pruned 134 nonexistent temp worktree trust entries from ~/.codex/config.toml; codex-runtime-doctor now reports errors=0 warnings=0
Current stable Codex is still 0.130.0; 0.131.0-alpha.22 is available only on the alpha channel, so no CLI upgrade was applied
Today’s strongest research signal is supply-chain and least-privilege pressure around agent skills, hooks, and tool authorization

Stale temp trusted project prune Codex-md

developers.openai.com

Remove nonexistent /private/.../T temp worktree entries from ~/.codex/config.toml while preserving real trusted project roots

Runtime doctor stale-project autofix Codex-md

developers.openai.com

OpenAI config reference, Claude toolkit config-health pattern - Add a bounded codex-runtime-doctor --fix-stale-projects or companion subcommand that previews and removes nonexistent temp project trust entries, with backups and TOML validation
UserPromptSubmit secret-scan design hook

developers.openai.com

OpenAI hooks guide - Codex supports UserPromptSubmit, but prompt text is sensitive and global prompt telemetry is opt-in; design a no-log, block-only local scanner before wiring any hook
PermissionRequest profile evaluation hook

developers.openai.com

OpenAI hooks guide, OpenAI config reference - Useful for conservative/review profiles, but the current power-user default is approval_policy = "never", so this needs profile-specific testing rather than global wiring
MCP/skill registry audit intake mcp/skill

github.com/rohitg00/awesome-claude-code-toolkit

rohitg00 toolkit ecosystem entries, awesome-claude-code - Sources such as TokRepo, Clarvia, and Not Human Search may improve discovery, but should feed an audit/intake report, not automatic MCP installation
SWE-Cycle eval adapter

arXiv

SWE-Cycle - Add a task-eval scenario that covers issue intake, environment setup, edit, verification, and closeout, matching the existing autonomy harness rather than only final patch success

Do Coding Agents Understand Least-Privilege Authorization?

arXiv

- Directly relevant to permission profiles, subagent sandboxing, and default authority boundaries
Exploiting LLM Agent Supply Chains via Payload-less Skills

arXiv

- Reinforces strict outside-skill audit and argues against wholesale skill/plugin imports
WARD: Adversarially Robust Defense of Web Agents Against Prompt Injections

arXiv

- Relevant to Browser/Computer Use sessions and any web-exposed MCP workflow
Is Grep All You Need? How Agent Harnesses Reshape Agentic Search

arXiv

- Supports the existing rg-first posture and suggests benchmarking how tool output presentation affects retrieval quality
GroupMemBench

arXiv
Latency-Quality Routing for Functionally Equivalent Tools in LLM Agents

arXiv

- Candidate pattern for future MCP/tool-provider routing, likely via autoconfig rather than a new router

Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.

Upgrade to 0.131.0-alpha.22 — - rejected as an automatic Quick Win because npm latest remains 0.130.0; alpha release watch stays in the queue
Enable features.plugin_hooks blindly — - rejected because plugin-bundled hooks are opt-in and require trust review before execution
Add Claude PostCompact hook parity — - rejected for automatic implementation because Codex currently has PreCompact locally; no supported Codex PostCompact event is present in the official hooks guide
Wholesale import from Claude toolkits or skill catalogs — - rejected because Codex-owned surfaces must not depend on Claude-owned layouts or unaudited outside skills
Enable prevent_idle_sleep — - rejected as a Quick Win because it is experimental and can affect machine power behavior
Prompt logging through UserPromptSubmit — - rejected because global prompt telemetry is opt-in and the local policy forbids logging user prompts by default