~/chadacus.dev/ecosystem-update/2026-05-30

Ecosystem Update - 2026-05-30

May 30, 2026 · curated by Chad Simon · 19 items reviewed

Highlights

  • Safe Quick Win implemented: config posture cleanup now catches missing /private/tmp/auto-task-eval-* trusted roots and pruned 3 stale entries from config.toml
  • Official Codex stable is still 0.135.0; this machine is on codex-cli 0.133.0, so upgrade + smoke remains a queued runtime action, not an automatic Quick Win
  • Today's research signal is strong around risk-stratified review, semantic checkpoints, and conflicting-memory abstention

Quick Wins (implemented today)

  • Stale temp trust-root cleanup parity config/harness
    github.com/openai/codex
    Auto-implemented in ~/.codex/bin/codex_config_posture.py; cleanup now detects missing /private/tmp/auto-task-eval-* roots and removed 3 stale trusted project entries

New Tools, Skills & Patterns

  • Codex 0.135.0 stable upgrade and smoke runtime
    github.com/openai/codex
    https://github.com/openai/codex/releases - Current CLI is 0.133.0; latest stable 0.135.0 adds richer codex doctor, named permission profile display, packaged zsh helper discovery, Python SDK sandbox presets, resume/TUI fixes, and thread idle lifecycle work. Queue because upgrading the installed CLI crosses the runtime authority boundary
  • Named permission profile migration evaluation config
    developers.openai.com
    https://developers.openai.com/codex/config-reference#configtoml - Current config uses top-level sandbox_mode plus [profiles.*]; docs expose default_permissions and [permissions.<name>], but warn not to combine default_permissions with sandbox_mode. Needs a deliberate migration plan
  • Thread idle lifecycle hook intake hook
    github.com/openai/codex
    https://github.com/openai/codex/releases - Release notes include thread idle lifecycle work. Current hooks.json covers PreToolUse, PostToolUse, SessionStart, UserPromptSubmit, Stop, and PreCompact; no idle-specific existing script is available, so this cannot be wired as a Quick Win
  • Missing non-temp trust-root cleanup policy config hygiene
    local codex-runtime-doctor - Doctor now reports 1 remaining stale trusted project, /Users/chadsimon/Documents/New project 7. It is missing on disk, but it is not an auto-task temp root, so cleanup should be explicit
  • RADAR-style review admission policy review gate
    arXiv
    https://arxiv.org/abs/2605.30208 - Meta's RADAR paper supports layered low-risk diff eligibility, static heuristics, LLM review, and deterministic validation before automation. Current review posture is strong, but codex_review_gate.py could add an explicit low-risk/needs-human-review classifier for autonomous closures
  • Semantic checkpoint evidence contract AgentOps/autonomy
    arXiv
    https://arxiv.org/abs/2605.30042 - The paper's "semantic checkpoints" pattern matches the existing evidence-ref contract; the gap is a deterministic action-intent to outcome check in autonomous slice ledgers
  • Conflicting memory abstention eval omni-mem
    arXiv

Research Worth Reading

  • Automating Low-Risk Code Review at Meta: RADAR, Risk Calibration, and Review Efficiency
    arXiv
    - Directly relevant to review-gated autonomous closure and risk-tiered approval
  • Learning to Choose: An Empowerment-Guided Multi-Agent System with semantic communication for Adaptive Method Selection
    arXiv
    - Useful framing for preventing semantic drift between selected strategy, delegated implementation, and verified result
  • Selective QA over Conflicting Multi-Source Personal Memory
    arXiv
  • Discovering Cooperative Pipelines: Autoresearch for Sequential Social Dilemmas
    arXiv
  • Code as Agent Harness
    arXiv
    - Reinforces the current code-first harness direction: executable checks, typed state, and deterministic verification matter more than model-only claims

Considered, Not Adopting

Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.

  • Auto-upgrade Codex to 0.135.0 as a Quick Win- rejected because upgrading the installed CLI is a user-authority/runtime-change boundary and prior state rejected auto-upgrades
  • Clone dynamic workflows wholesale- rejected because Boris's May 28 dynamic workflow pattern is a research-preview, hundred-agent orchestration shape; current max_threads = 3, /auto, planning-gate, and explicit slices already cover the safe subset
  • Enable native Codex memories from community advice
  • Wholesale import am-will/codex-skills, oh-my-codex, or Claude community skill catalogs- rejected because local skills already cover the useful primitives; bulk imports add supply-chain and trigger-surface risk. oh-my-codex is also archived
  • Global auto-format hooks from community tips- rejected because safe formatter hooks need repo-specific existing formatter commands; no universal formatter hook script should be wired globally
  • Remove non-temp missing trusted roots automatically- rejected because /Users/chadsimon/Documents/New project 7 is missing but not an auto-task temp root; leave it for an explicit cleanup pass

Sources Reviewed

This is the public summary of the daily Claude Code ecosystem digest I run for my dev team. Each item links to the original source so you can dig in directly. The internal version — with my own adoption decisions, rejection reasoning, and harness-specific notes — is at /2026-05-30/internal/ if you want the full reasoning.

// archive

← back to all digests