Ecosystem Update - 2026-05-16

TL;DR

• One safe harness Quick Win was implemented: pruned 134 nonexistent temp worktree trust entries from ~/.codex/config.toml; codex-runtime-doctor now reports errors=0 warnings=0.
• Current stable Codex is still 0.130.0; 0.131.0-alpha.22 is available only on the alpha channel, so no CLI upgrade was applied.
• Today’s strongest research signal is supply-chain and least-privilege pressure around agent skills, hooks, and tool authorization; the local posture already has codex-skill-audit, audited skills, omni-mem hooks, and a Bash guard, but prompt and permission hook expansion needs explicit design.

Quick Wins

Auto-Implemented

• Backed up config.toml, hooks.json, and all current agent TOMLs under /Users/chadsimon/.codex/backups/2026-05-16/.
• Removed 134 stale temp project trust entries from /Users/chadsimon/.codex/config.toml.
• Verified config.toml parses with tomllib, hooks.json parses with json, codex features list still shows hooks, plugins, multi_agent, shell_snapshot, tool_search, and unified_exec effectively available, and python3 ~/.codex/bin/codex-runtime-doctor exits cleanly with errors=0 warnings=0.

Build Queue

• Runtime doctor stale-project autofix (Codex-md) - OpenAI config reference, Claude toolkit config-health pattern - Add a bounded codex-runtime-doctor --fix-stale-projects or companion subcommand that previews and removes nonexistent temp project trust entries, with backups and TOML validation.
• UserPromptSubmit secret-scan design (hook) - OpenAI hooks guide - Codex supports UserPromptSubmit, but prompt text is sensitive and global prompt telemetry is opt-in; design a no-log, block-only local scanner before wiring any hook.
• PermissionRequest profile evaluation (hook) - OpenAI hooks guide, OpenAI config reference - Useful for conservative/review profiles, but the current power-user default is approval_policy = "never", so this needs profile-specific testing rather than global wiring.
• MCP/skill registry audit intake (mcp/skill) - rohitg00 toolkit ecosystem entries, awesome-claude-code - Sources such as TokRepo, Clarvia, and Not Human Search may improve discovery, but should feed an audit/intake report, not automatic MCP installation.
• SWE-Cycle eval adapter (research) - SWE-Cycle - Add a task-eval scenario that covers issue intake, environment setup, edit, verification, and closeout, matching the existing autonomy harness rather than only final patch success.

Research

• Do Coding Agents Understand Least-Privilege Authorization? - Directly relevant to permission profiles, subagent sandboxing, and default authority boundaries.
• Exploiting LLM Agent Supply Chains via Payload-less Skills - Reinforces strict outside-skill audit and argues against wholesale skill/plugin imports.
• WARD: Adversarially Robust Defense of Web Agents Against Prompt Injections - Relevant to Browser/Computer Use sessions and any web-exposed MCP workflow.
• Is Grep All You Need? How Agent Harnesses Reshape Agentic Search - Supports the existing rg-first posture and suggests benchmarking how tool output presentation affects retrieval quality.
• GroupMemBench and EvolveMem - Useful for future omni-mem evaluation; no immediate switch because omni-mem is already the canonical memory system here.
• Latency-Quality Routing for Functionally Equivalent Tools in LLM Agents - Candidate pattern for future MCP/tool-provider routing, likely via autoconfig rather than a new router.

Already Have

gpt-5.5 power-user default, approval_policy = "never", sandbox_mode = "danger-full-access", prompt telemetry off, live web search, schema-linked config.toml, canonical features.hooks = true, plugin support, goals support, OpenAI developer docs MCP with parallel calls, omni-mem MCP, Stitch MCP, Browser/Computer Use/Documents/Spreadsheets/Presentations/Gmail plugins, Bash PreToolUse safety guard, Bash PostToolUse verification ledger, Bash failure-context hook, SessionStart startup/resume repo-context preflight with /clear intentionally skipped, Stop omni-mem save hook, PreCompact omni-mem hook, read-only explorer/planner/reviewer/python-reviewer/typescript-reviewer/validator agents, scoped worker and chad-twin agents, bounded agent depth/thread/runtime caps, codex-skill-audit --strict, session-recall, rlm-scan, planning-gate, auto, drive, go, codex-security, security-audit, codex-runtime-doctor, what-would-chad-do, and current stable codex-cli 0.130.0.

Rejected

• Upgrade to 0.131.0-alpha.22 - rejected as an automatic Quick Win because npm latest remains 0.130.0; alpha release watch stays in the queue.
• Enable features.plugin_hooks blindly - rejected because plugin-bundled hooks are opt-in and require trust review before execution.
• Add Claude PostCompact hook parity - rejected for automatic implementation because Codex currently has PreCompact locally; no supported Codex PostCompact event is present in the official hooks guide.
• Wholesale import from Claude toolkits or skill catalogs - rejected because Codex-owned surfaces must not depend on Claude-owned layouts or unaudited outside skills.
• Enable prevent_idle_sleep - rejected as a Quick Win because it is experimental and can affect machine power behavior.
• Prompt logging through UserPromptSubmit - rejected because global prompt telemetry is opt-in and the local policy forbids logging user prompts by default.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://github.com/rohitg00/awesome-claude-code-toolkit, https://developers.openai.com/codex/, https://developers.openai.com/codex/config-reference, https://developers.openai.com/codex/hooks, https://developers.openai.com/codex/mcp, https://developers.openai.com/codex/concepts/customization, https://github.com/openai/codex/releases, https://www.npmjs.com/package/@openai/codex, https://export.arxiv.org/api/query Tier 2 fetched: yes Tier 3 fetched: yes Run at: 2026-05-16T10:36:23Z