~/chadacus.dev/ecosystem-update/2026-06-06

Ecosystem Update - 2026-06-06

June 6, 2026 · generated by the ecosystem-update Claude Skill

TL;DR

  • No safe automatic harness Quick Win was found today; current candidate hook gaps need new or adapted scripts before wiring.
  • Official Codex docs now list PermissionRequest, PostCompact, SubagentStart, and SubagentStop as supported hook events, while the local harness currently covers PreToolUse, PostToolUse, SessionStart, UserPromptSubmit, Stop, and PreCompact.
  • Weekly community signal is still strongest around hook catalogs, guarded first-attempt investigation, skill gotchas, and orchestration queues; the local setup already has most primitives, so the remaining work should be measured adapters rather than wholesale imports.

Quick Wins

Item Source Type Impact Effort Action
None Daily + weekly crawl - - - No candidate passed the alignment and existing-script safety gates

Auto-Implemented

  • None. Report/state updates only; no harness config, hook, agent, or skill files were changed.

Build Queue

  • Official PostCompact hook design (hook) - https://developers.openai.com/codex/hooks#matcher-patterns - Codex now documents PostCompact with manual|auto matchers and shared output fields. Add only after defining a Codex-owned script that has a real post-compaction job; do not wire placeholder echoes.
  • PermissionRequest approval bridge review (hook) - https://developers.openai.com/codex/hooks - PermissionRequest can make allow/deny decisions before approval prompts. This belongs in a deliberate conservative-profile review because the active default is approval_policy = "never".
  • Subagent lifecycle hook support review (hook) - https://developers.openai.com/codex/hooks#matcher-patterns - SubagentStart and SubagentStop are now in the official matcher matrix. Evaluate whether AgentOps needs a lifecycle ledger hook before adding another global hook.
  • Managed hook directory trust review (hook) - https://developers.openai.com/codex/config-reference#configtoml - Official config now documents managed hook directories and warns that non-managed command hooks require review/trust. Current scripts are direct absolute paths; assess whether managed hooks reduce trust friction without adding a migration burden.
  • SPOQ wave-dispatch eval adapter (research) - https://arxiv.org/abs/2606.03115v1 - Specialist Orchestrated Queuing maps closely to /auto and planning-gate: dependency waves, dual validation gates, and human-as-agent checkpoints are worth testing against existing routing before changing dispatch policy.

Research

Already Have

PreToolUse Bash safety guard, PostToolUse verification ledger, PostToolUse failure-context hook, UserPromptSubmit route classifier, Stop omni-mem save hook, PreCompact omni-mem hook, SessionStart startup/resume/clear/compact runtime checks, protected main/master push guard, read-only explorer/planner/reviewer/validator agents, TypeScript and Python reviewer agents, workspace-write worker agent, max_threads = 3, conservative and conservative-auto-review profiles, OpenAI developer docs MCP with parallel calls enabled, browser/chrome/computer-use/openai-developers plugins, plugin marketplaces, progressive-disclosure skill library, skill audit workflow, session search, omni-mem primary memory workflow, prompt telemetry disabled, AGENTS.override.md discovery support, AGENTS.md byte budget configuration, #:schema header on config.toml, no stale trusted project roots.

Rejected

  • Auto-wire PostCompact, PermissionRequest, SubagentStart, or SubagentStop today - official support exists, but no existing target script was proven for those events; the ecosystem-update Quick Win rules forbid hook wiring that requires new scripts.
  • Add apply_patch|Edit|Write matchers to existing edit_verify_async.py hook - the script exits unless tool_name == "Bash", so edit matcher wiring would only create apparent coverage.
  • Auto-upgrade Codex CLI to stable 0.137.0 or pre-release 0.138.0-alpha.5 - the local PATH CLI is 0.133.0 and the packaged app CLI is 0.135.0-alpha.1, but CLI upgrades remain explicit upgrade/smoke tasks, not daily automatic mutations.
  • Enable native Codex memories globally - conflicts with the current omni-mem-first policy and prompt-telemetry posture.
  • Enable plugin hooks globally - current trust boundary remains unresolved; config correctly keeps plugin_hooks = false.
  • Wholesale install am-will/codex-skills, awesome-claude-code-toolkit, oh-my-skills, GateGuard, or cc-safe-setup - external skills and hook bundles require strict audit and Codex-owned adaptation before trust.
  • Edit ~/.codex/AGENTS.md, ~/AGENTS.md, or introduce policy-file modularization as a Quick Win - constitutional policy docs are explicitly out of Quick Win scope.
  • Add global auto-format or auto-test edit hooks - broad PostToolUse edit automation can mutate unrelated user work and needs project-level opt-in plus dedicated scripts.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://github.com/rohitg00/awesome-claude-code-toolkit, https://github.com/openai/codex/releases, https://developers.openai.com/codex/hooks, https://developers.openai.com/codex/config-reference, https://developers.openai.com/codex/guides/agents-md, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, arXiv API submittedDate scan, WebSearch "Codex new hooks agents skills site:github.com 2026", WebSearch "arxiv.org LLM agent coding autonomous 2026 site:arxiv.org" Tier 2 fetched: yes Tier 3 fetched: yes Run at: 2026-06-06T06:32:33-04:00

// archive

← back to all digests