Ecosystem Update - 2026-05-22

TL;DR

• OpenAI Codex CLI 0.133.0 landed on 2026-05-21 with stable Goals, stronger permission-profile plumbing, better plugin discovery, remote-control UX fixes, and extension lifecycle observability; local CLI was upgraded from 0.132.0 to 0.133.0.
• The local harness had stale config keys that the 0.133.0 strict parser rejected; inactive legacy keys were removed and strict config now loads.
• Official hook docs list SessionStart source clear; local startup hooks now cover startup|resume|clear.

Quick Wins

Auto-Implemented

• Upgraded @openai/codex globally with npm install -g @openai/[email protected]; codex --version now reports codex-cli 0.133.0.
• Updated ~/.codex/hooks.json so both SessionStart hooks match startup|resume|clear.
• Cleaned ~/.codex/config.toml of stale strict-parser failures:
• removed [mcp] enabled = true; active MCP servers remain under [mcp_servers.*]
• removed apps._default.default_tools_approval_mode = "auto"
• removed profile-scoped allow_login_shell = false entries that were not accepted in profiles
• removed tools.view_image = true, which 0.133.0 rejects under strict config
• Backups written to ~/.codex/backups/2026-05-22/.

Build Queue

• Extension lifecycle observability intake (mcp/hook) - https://github.com/openai/codex/releases/tag/rust-v0.133.0 - 0.133.0 exposes more lifecycle events for extensions, including subagent start/stop, tool execution, turn metadata, and async approval/turn processing. Map these to the local hook/AgentOps evidence ledger before wiring anything.
• Permission profile inheritance redesign (agent-pattern) - https://developers.openai.com/codex/config-reference#configtoml - Permission profiles now support inheritance and managed requirements, while the old profile-scoped allow_login_shell entries were inactive. Rebuild conservative profiles around supported permission-profile primitives.
• Plugin discovery report adapter (mcp) - https://github.com/openai/codex/releases/tag/rust-v0.133.0 - New marketplace-aware plugin list output and installed-version visibility can improve ecosystem reports without enabling plugin hooks.
• Temporal awareness hook design (hook) - https://github.com/rohitg00/awesome-claude-code-toolkit - claude-time and temporal-core show useful elapsed-time prompting patterns, but they require new hook scripts and should be designed against prompt-telemetry and privacy constraints.
• Cost/session analytics intake (skill) - https://github.com/rohitg00/awesome-claude-code-toolkit - ccusage, cc-cost, tokburn, and agenttrace suggest local-first transcript analytics patterns; adapt only if they read Codex-owned state and avoid raw prompt exfiltration.

Research

• No new directly applicable last-24-hour arXiv paper surfaced from the LLM agent coding query; the arXiv export API rate-limited during the run, so web search was used as fallback.
• Autonomous LLM Agent Worms: Cross-Platform Propagation, Automated Discovery and Temporal Re-Entry Defense - Relevant to omni-mem promotion, scheduled task state, and external-read tainting; reinforces typed memory promotion and capability attenuation after untrusted reads.
• Can Coding Agents Reproduce Findings in Computational Materials Science? - Reinforces evidence-backed closure and reproducibility checks for long-horizon coding agents.
• To What Extent Does Agent-generated Code Require Maintenance? An Empirical Study - Useful watch item for post-build maintainability scoring and refactor gates.

Already Have

Hooks enabled, PreToolUse Bash guard, PostToolUse verification/failure hooks, UserPromptSubmit route classifier, Stop omni-mem save hook, PreCompact omni-mem capture hook, custom read-only explorer/planner/reviewer/validator agents, Python and TypeScript reviewer agents, worker and chad-twin agents, OpenAI developer docs MCP with parallel calls, omni-mem MCP, browser/chrome/computer-use/openai-developers plugins, web_search = "live", high-context tools.web_search location config, conservative/review profiles, goals = true, prevent_idle_sleep = true, skill-audit, skills-janitor, rlm-scan, planning-gate, auto, ecosystem-update, codex-security, security-audit.

Rejected

• Enable plugin_hooks automatically - Stable in 0.133.0 but still requires hook trust review; keep off globally until a plugin-specific trust pass is done.
• Enable native Codex memories automatically - Conflicts with the current omni-mem default and prior rejection policy for native memories.
• Wholesale install Claude toolkits or community plugin bundles - Violates Codex-owned surface rule and imports unreviewed hooks/skills.
• Add tailtest, temporal-core, claude-time, or weft hooks directly - Requires new scripts or new runtime files, which the ecosystem-update hard limits forbid as Quick Wins.
• Remote computer use/Appshots rollout - App-level workflow change that needs explicit trust testing, not a harness quick win.
• Delete rollout files flagged by codex doctor - Potentially destructive state cleanup; keep as a separate maintenance task with explicit retention policy.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, https://github.com/rohitg00/awesome-claude-code-toolkit, https://developers.openai.com/codex/, https://developers.openai.com/codex/hooks, https://developers.openai.com/codex/config-reference, https://developers.openai.com/codex/mcp, https://github.com/openai/codex/releases, https://www.reddit.com/r/CodexAutomation/comments/1tjvkvv/codex_app_26519_codex_cli_01330_appshots_goal/ Tier 2 fetched: yes, via web fallback after arXiv export API rate limiting. Tier 3 fetched: yes. omni-mem note: durable-memory write skipped because no callable omni-mem MCP memory tool was exposed in this session; state file remains source of truth. Run at: 2026-05-22T10:36:47Z.