Ecosystem Update - 2026-05-28
Highlights
- One safe Quick Win was implemented: restored
allow_login_shell = falsein the opt-in conservative profiles after the setting had drifted out of~/.codex/config.toml - Official Codex
rust-v0.134.0is available while local CLI is0.133.0; the release adds local conversation-history search, profile migration guidance, read-only MCP concurrency, and richer hook context - Today's source crawl reinforces the current posture: keep native memories disabled until explicitly piloted, avoid wholesale community plugin imports, and evolve hooks only from stable Codex payloads
Quick Wins (implemented today)
-
Restore conservative login-shell hardening Codex-mdAdd
allow_login_shell = falseback to[profiles.conservative]and[profiles.conservative-auto-review]
New Tools, Skills & Patterns
-
Stable Codex 0.134.0 upgrade and smoke Codex-mdhttps://github.com/openai/codex/releases/tag/rust-v0.134.0 - Local Doctor reports
0.134.0 available; upgrade should be a focused runtime change with post-upgrade hooks, MCP, plugin, and doctor smoke checks -
Native conversation-history search migration decision Codex-mdhttps://github.com/openai/codex/releases/tag/rust-v0.134.0 - Codex now has official local conversation-history search; evaluate whether
python3 ~/.codex/bin/codex-session-searchshould remain canonical, become a wrapper, or be kept for JSON/transcript-specific recall -
Hook subagent identity intake hookhttps://github.com/openai/codex/releases/tag/rust-v0.134.0 - New hook inputs include subagent identity. Add a tiny fixture/test pass before using it for per-subagent verification ledgers or failure context
-
Memory root boundary audit mcphttps://github.com/openai/codex/commit/d5ec93f - Upstream moved native memories root setup out of core config. audit only if a native-memory pilot is reopened
-
Auto-review profile value normalization Codex-mdhttps://developers.openai.com/codex/config-reference - Docs list
approvals_reviewer = "auto_review"; localconservative-auto-reviewstill uses the legacyguardian_subagentalias. Normalize later with a compatibility check, not as a drive-by edit -
CTF architecture eval adapterhttps://arxiv.org/abs/2605.21497 - The paper shows structured specialist roles can improve consistency/cost in security tasks; map it to
codex-securityandsecurity-auditevals before adding new agents
Research Worth Reading
-
Autonomous LLM Agents & CTFs: A Second Look- Directly relevant to security-agent evaluation because it compares general-purpose agents with engineered specialist architectures across 30 web CTF tasks
Considered, Not Adopting
Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.
- Auto-upgrade Codex to 0.134.0 as a Quick Win — - rejected: upgrading the active runtime is a larger state change than a harness hardening edit and needs a focused smoke window
- Enable native Codex memories
-
Enable
plugin_hooksglobally — - rejected: hook contribution from plugins is still a trust boundary and remains intentionally off - Wholesale import from Awesome Claude Code, Claude Code Toolkit, or Codex community skill catalogs — - rejected: outside skills/plugins require strict audit and the local library already covers the recurring workflows
-
Global auto-format
PostToolUsehook — - rejected: formatting is repo-specific and should not be enforced globally from a community pattern - Install agent/session manager stacks such as ORCH, ccmanager, obey, Bouncer, or pro-workflow — - rejected: current AgentOps, hooks, runtime doctor, and reviewer agents cover the recurring local needs without adding another orchestration layer
- Turn Codex Python SDK beta commits into local runtime work — - rejected: today's upstream Python SDK commits are release-packaging/documentation changes, not local harness gaps