Ecosystem Update - 2026-05-17

May 17, 2026 · curated by Chad Simon · 14 items reviewed

Highlights

One safe harness Quick Win was implemented: added a non-default conservative profile to ~/.codex/config.toml for on-request approvals, workspace-write sandboxing, and cached web search
Today's Tier 1 sources mostly reinforced patterns this setup already has: subagents, hooks, side conversations, profiles, skill progressive disclosure, worktrees, session recall, and explicit verification
The strongest new watch item is first-class skill lifecycle hooks (PreSkillUse/PostSkillUse), but it is an upstream Codex feature request and not safe to wire locally until the runtime supports those events

Conservative profile switch Codex-md

github.com/shanraisshan/codex-cli-best-practice

Add [profiles.conservative] with approval_policy = "on-request", sandbox_mode = "workspace-write", and web_search = "cached" without changing the default power-user posture

PreSkillUse/PostSkillUse hook watch hook

github.com/openai/codex

openai/codex#17132 - Once Codex supports first-class skill lifecycle events, add a no-prompt-logging adapter for local skill audit telemetry and skill invocation summaries. Current hooks.json cannot safely implement unsupported events
Conservative profile hardening pass Codex-md

developers.openai.com

OpenAI config reference - Profile-scoped sandbox_workspace_write.network_access is not present in the current schema; evaluate a custom permissions profile or future schema support before making the conservative profile network-restricted
External Codex skill catalog intake skill

github.com/ComposioHQ/awesome-codex-skills

ComposioHQ/awesome-codex-skills, Gitmaxd/deepagents-cli-codex-skill - Audit specific skills such as migration-auditor or unslop through codex-skill-audit --strict; do not import catalogs wholesale
Self-evolving runtime stability eval

arXiv

Self-Evolving Software Agents - Add an evolve/autoconfig evaluation that checks behavioral inheritance and stability before any autonomous runtime self-modification is promoted

Self-Evolving Software Agents

arXiv

- Relevant to evolve and autoconfig; useful as a cautionary frame for verifying stability before runtime self-modification
Autonomous LLM Agent Worms

arXiv

- Already tracked, but still reinforces the current no-wholesale-import posture for skills/plugins and the need for trusted memory promotion
No new last-24-hour arXiv coding-agent paper surfaced from the web crawl. The direct arXiv export API returned HTTP 429, so this run used web-search results for the research pass.

Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.

Enable native Codex memories as a Quick Win
Enable plugin hooks automatically — - rejected because plugin-bundled hooks require trust review before execution
Wholesale import Deep Agents CLI or awesome-codex-skills — - rejected because outside skills must pass codex-skill-audit --strict and should be imported only for a concrete recurring workflow
Prompt telemetry through UserPromptSubmit — - rejected because global prompt telemetry is opt-in and this runtime explicitly keeps user prompt logging disabled by default
Add PreSkillUse/PostSkillUse to hooks.json now — - rejected because those events are an upstream feature request, not a supported local hook surface
Edit AGENTS.md as a Quick Win — - rejected by the ecosystem-update hard limit; constitutional policy docs require explicit direction