Ecosystem Update - 2026-05-28

May 28, 2026 · generated by the ecosystem-update Claude Skill

TL;DR

One safe Quick Win was implemented: restored allow_login_shell = false in the opt-in conservative profiles after the setting had drifted out of ~/.codex/config.toml.
Official Codex rust-v0.134.0 is available while local CLI is 0.133.0; the release adds local conversation-history search, profile migration guidance, read-only MCP concurrency, and richer hook context.
Today's source crawl reinforces the current posture: keep native memories disabled until explicitly piloted, avoid wholesale community plugin imports, and evolve hooks only from stable Codex payloads.

Quick Wins

Item	Source	Type	Impact	Effort	Action
Restore conservative login-shell hardening	https://developers.openai.com/codex/config-reference and prior local ecosystem state	Codex-md	2	1	Add `allow_login_shell = false` back to `[profiles.conservative]` and `[profiles.conservative-auto-review]`.

Auto-Implemented

Backed up config.toml, hooks.json, and current agent TOML files under /Users/chadsimon/.codex/backups/2026-05-28/.
Updated /Users/chadsimon/.codex/config.toml so both opt-in conservative profiles disable login-shell semantics.
Verified config.toml with Python tomllib.
Verified hooks.json with python3 -m json.tool /Users/chadsimon/.codex/hooks.json.
Verified posture with python3 /Users/chadsimon/.codex/bin/codex_config_posture.py --mode warn; it reported Codex config posture ok.
Ran python3 /Users/chadsimon/.codex/bin/codex-runtime-doctor --summary --ascii; result was errors=0 warnings=1, with the only warning being 4 stale/temp trusted project entries.
Ran TERM=xterm-256color codex --strict-config doctor --summary --ascii; result was 13 ok | 1 idle | 3 notes | 0 warn | 0 fail ok.
A plain codex --strict-config doctor --summary --ascii was also attempted and failed only because this noninteractive shell exposes TERM=dumb.

Build Queue

Stable Codex 0.134.0 upgrade and smoke (Codex-md) - https://github.com/openai/codex/releases/tag/rust-v0.134.0 - Local Doctor reports 0.134.0 available; upgrade should be a focused runtime change with post-upgrade hooks, MCP, plugin, and doctor smoke checks.
Native conversation-history search migration decision (Codex-md) - https://github.com/openai/codex/releases/tag/rust-v0.134.0 - Codex now has official local conversation-history search; evaluate whether python3 ~/.codex/bin/codex-session-search should remain canonical, become a wrapper, or be kept for JSON/transcript-specific recall.
Hook subagent identity intake (hook) - https://github.com/openai/codex/releases/tag/rust-v0.134.0 - New hook inputs include subagent identity. Add a tiny fixture/test pass before using it for per-subagent verification ledgers or failure context.
Memory root boundary audit (mcp) - https://github.com/openai/codex/commit/d5ec93f - Upstream moved native memories root setup out of core config. Current setup keeps features.memories = false and uses omni-mem; audit only if a native-memory pilot is reopened.
Auto-review profile value normalization (Codex-md) - https://developers.openai.com/codex/config-reference - Docs list approvals_reviewer = "auto_review"; local conservative-auto-review still uses the legacy guardian_subagent alias. Normalize later with a compatibility check, not as a drive-by edit.
CTF architecture eval adapter (research) - https://arxiv.org/abs/2605.21497 - The paper shows structured specialist roles can improve consistency/cost in security tasks; map it to codex-security and security-audit evals before adding new agents.

Research

Autonomous LLM Agents & CTFs: A Second Look - Directly relevant to security-agent evaluation because it compares general-purpose agents with engineered specialist architectures across 30 web CTF tasks.

Already Have

Power-user default model/profile posture, prompt telemetry off, live web search, official config schema header, native hooks enabled, UserPromptSubmit route classification, Bash PreToolUse safety guard, Bash PostToolUse verification and failure-context hooks, SessionStart cached repo context and config-posture checks, Stop and PreCompact omni-mem hooks, OpenAI developer docs MCP, omni-mem MCP, Browser/Chrome/Computer Use/Documents/Spreadsheets/Presentations/Gmail/OpenAI Developers plugins, read-only explorer/planner/reviewer/python-reviewer/typescript-reviewer/validator agents, scoped workspace-write worker and chad-twin agents, bounded agent depth/thread/runtime caps, conservative/review profiles, conservative login-shell hardening restored, destructive app tools disabled globally, pokegen disabled through [[skills.config]], session recall, skill audit, planning-gate, /auto, build/drive/go/govern wrappers, security-audit, codex-security, runtime doctor, what-would-chad-do, daily ecosystem state tracking, prior self-evolving-agent and agent-worm research intake, prior hook parity watch items, and prior community skill-catalog audit items.

Rejected

Auto-upgrade Codex to 0.134.0 as a Quick Win - rejected: upgrading the active runtime is a larger state change than a harness hardening edit and needs a focused smoke window.
Enable native Codex memories - rejected: current memory authority is omni-mem, and today's upstream memory-root boundary change is a reason to keep native memory pilots explicit.
Enable plugin_hooks globally - rejected: hook contribution from plugins is still a trust boundary and remains intentionally off.
Wholesale import from Awesome Claude Code, Claude Code Toolkit, or Codex community skill catalogs - rejected: outside skills/plugins require strict audit and the local library already covers the recurring workflows.
Global auto-format PostToolUse hook - rejected: formatting is repo-specific and should not be enforced globally from a community pattern.
Install agent/session manager stacks such as ORCH, ccmanager, obey, Bouncer, or pro-workflow - rejected: current AgentOps, hooks, runtime doctor, and reviewer agents cover the recurring local needs without adding another orchestration layer.
Turn Codex Python SDK beta commits into local runtime work - rejected: today's upstream Python SDK commits are release-packaging/documentation changes, not local harness gaps.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://github.com/rohitg00/awesome-claude-code-toolkit, https://developers.openai.com/codex/config-reference, https://developers.openai.com/codex/cli/slash-commands#built-in-slash-commands, https://github.com/openai/codex/releases, https://github.com/openai/codex/commit/d5ec93f, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, https://arxiv.org/abs/2605.21497, https://arxiv.org/abs/2604.27264, https://arxiv.org/abs/2605.02812, web search: "Codex new hooks agents skills site:github.com 2026", web search: "arxiv.org LLM agent coding autonomous 2026 site:arxiv.org" Tier 2 fetched: yes Tier 3 fetched: yes Run at: 2026-05-28T10:35:04Z