Ecosystem Update - 2026-05-31

May 31, 2026 · generated by the ecosystem-update Claude Skill

TL;DR

Safe Quick Win implemented: wired the existing quiet session_startup.py readiness check into SessionStart for startup/resume/clear/compact.
Tier 1 community sources were stale today; the useful workflow patterns are already covered locally or require repo-specific scripts.
Official Codex remains at stable 0.135.0 while this machine reports codex-cli 0.133.0; main-branch commits show thread archive, multi-agent assignment, and request-input work to watch after a stable release.

Quick Wins

Item	Source	Type	Impact	Effort	Action
SessionStart runtime validation hook wiring	https://developers.openai.com/codex/hooks and existing `/Users/chadsimon/.codex/bin/session_startup.py`	hook	2	1	Add existing `session_startup.py` to `hooks.json` with `startup\|resume\|clear\|compact`, `statusMessage`, and a 5 second timeout

Build Queue

Codex 0.135.0 stable upgrade and smoke (runtime) - https://github.com/openai/codex/releases/tag/rust-v0.135.0 - Current CLI is still 0.133.0; 0.135.0 adds richer codex doctor, named permission profile display, packaged zsh helper discovery, SDK sandbox presets, and TUI fixes. Queue because upgrading the installed CLI is a runtime authority boundary.
Thread archive CLI command intake (Codex-md) - https://github.com/openai/codex/commit/3e7baa00e43419967d90d6ad9cef40f58d5ac89f - Main now has thread archive CLI command work. Compare it to codex-session-search and the native conversation-history migration decision once it lands in a stable release.
PermissionRequest policy hook design (hook) - https://developers.openai.com/codex/hooks - Codex now documents PermissionRequest; current harness blocks dangerous direct Bash via PreToolUse, but has no approval-request policy script. Build only after defining what approval prompts should be allowed, denied, or delegated.
Subagent lifecycle ledger hooks (hook) - https://developers.openai.com/codex/hooks - Official docs support SubagentStart and SubagentStop; current setup has read-only reviewers and bounded workers but no subagent lifecycle evidence hook. Needs a small existing script first, so it is not a Quick Win.
Plugin-bundled hook trust review follow-up (plugin/hook) - https://developers.openai.com/codex/hooks - Docs now say enabled plugins can bundle lifecycle hooks using the normal trust flow. Current config intentionally has plugin_hooks = false; review this only after a Codex upgrade because blindly enabling plugin hooks changes the trust surface.
SpecBench spec-level reasoning eval adapter (research) - https://arxiv.org/abs/2605.30314 - SpecBench targets incomplete or flawed design proposals before implementation. It maps directly to alignment-grill, planning-gate, and AgentOps acceptance criteria.
LACUNA typed action admission spike (research) - https://arxiv.org/abs/2605.28617 - Typed, all-or-nothing agent actions are relevant to auto_runtime.py slice admission and idempotency evidence, but implementing the model wholesale would be too heavy.
Cross-trajectory memory eval (research) - https://arxiv.org/abs/2605.28224 - The paper separates memory abstraction from inference strategy. This is a good eval for omni-mem context builders and /auto retries, not a new memory engine.

Research

SpecBench: Evaluating Specification-Level Reasoning for Software Engineering LLM Agents - Directly relevant to catching PRD/spec gaps before broad implementation.
Locally Coherent, Globally Incoherent: Bounding Compositional Incoherence in Multi-Component LLM Agents - Useful framing for checking whether multiple reviewers or workers produce locally plausible but globally inconsistent conclusions.
LACUNA: Safe Agents as Recursive Program Holes - Relevant to typed action admission, tool/data bounds, and retry-on-diagnostics loops.
When Does Memory Help Multi-Trajectory Inference for Tool-Use LLM Agents? - Supports testing memory promotion/retrieval by strategy instead of assuming all memory helps all retries.
Plant, Persist, Trigger: Sleeper Attack on Large Language Model Agents - Reinforces keeping untrusted source ingestion, memory writes, and reusable skills behind strict admission.
OR-Space: A Full-Lifecycle Workspace Benchmark for Industrial Optimization Agents - Good model for workspace-level evals with persistent files, revisions, and grounded explanations.

Already Have

Power-user posture, prompt telemetry off, live web search, hooks enabled, UserPromptSubmit route classification, PreToolUse Bash guard, PostToolUse verification ledger, PostToolUse failure context, SessionStart RLM preload, SessionStart config posture check, SessionStart runtime readiness check, Stop omni-mem save hook, PreCompact omni-mem hook, OpenAI developer docs MCP, omni-mem MCP, Browser/Chrome/Computer Use plugins, read-only planner/reviewer/validator/explorer agents, Python and TypeScript reviewers, workspace-write worker, conservative profiles, planning-gate, /auto, what-would-chad-do, codex-runtime-doctor, config posture checker, session transcript search, skill audit, and a broad local skill library.

Rejected

Auto-upgrade Codex to 0.135.0 - rejected as a Quick Win because upgrading the installed CLI crosses the runtime authority boundary.
Enable plugin hooks or remove plugin_hooks = false automatically - rejected because current policy intentionally keeps plugin hooks disabled, and enabling them changes hook trust behavior.
Wire PermissionRequest, SubagentStart, or SubagentStop without existing scripts - rejected by the Quick Win hard limit; these need purpose-built scripts first.
Enable native Codex memories from community advice - rejected because omni-mem is the active memory system and memory/privacy posture is deliberate.
Enable experimental_request_user_input from main-branch work - rejected because AGENTS.md forbids enabling under-development features globally.
Wholesale import community skill or plugin catalogs - rejected because outside skills require strict audit and the local skill set already covers the recurring workflows.
Global auto-format hooks - rejected because safe formatter hooks need repo-specific commands and existing scripts.

Auto-Implemented

Backups written under /Users/chadsimon/.codex/backups/2026-05-31/ for config.toml, hooks.json, and current agent TOML files.
Added python3 /Users/chadsimon/.codex/bin/session_startup.py to SessionStart in /Users/chadsimon/.codex/hooks.json with matcher startup|resume|clear|compact, status message Checking runtime readiness, and timeout 5.
Verification passed: python3 -m json.tool /Users/chadsimon/.codex/hooks.json.
Verification passed: python3 -m py_compile /Users/chadsimon/.codex/bin/session_startup.py.
Verification passed: python3 /Users/chadsimon/.codex/bin/session_startup.py with a synthetic healthy startup payload exited 0 with no output.
Verification passed: python3 /Users/chadsimon/.codex/bin/codex_config_posture.py --mode check returned ok: true.
Updated and validated /Users/chadsimon/.codex/state/ecosystem-update-last-run.json; items_seen_count is now 347.
Saved the Quick Win summary to omni-mem as durable memory 09d88143-337f-41f1-b035-90a7bb1549c0.
Sent the desktop completion notification with notify_done.sh.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://github.com/openai/codex/releases, https://developers.openai.com/codex/hooks, https://developers.openai.com/codex/config-reference, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, https://github.com/rohitg00/awesome-claude-code-toolkit, web search supplement for Codex hooks/agents/skills. Tier 2 fetched: yes, because the user requested today's crawl. Tier 3 fetched: partial; official Codex docs/releases were checked, weekly community toolkit crawl was skipped because the state file shows Tier 3 ran on 2026-05-30. Run at: 2026-05-31T10:34:16Z.