Ecosystem Update - 2026-06-06
TL;DR
- No safe automatic harness Quick Win was found today; current candidate hook gaps need new or adapted scripts before wiring.
- Official Codex docs now list
PermissionRequest,PostCompact,SubagentStart, andSubagentStopas supported hook events, while the local harness currently coversPreToolUse,PostToolUse,SessionStart,UserPromptSubmit,Stop, andPreCompact. - Weekly community signal is still strongest around hook catalogs, guarded first-attempt investigation, skill gotchas, and orchestration queues; the local setup already has most primitives, so the remaining work should be measured adapters rather than wholesale imports.
Quick Wins
| Item | Source | Type | Impact | Effort | Action |
|---|---|---|---|---|---|
| None | Daily + weekly crawl | - | - | - | No candidate passed the alignment and existing-script safety gates |
Auto-Implemented
- None. Report/state updates only; no harness config, hook, agent, or skill files were changed.
Build Queue
- Official PostCompact hook design (hook) - https://developers.openai.com/codex/hooks#matcher-patterns - Codex now documents
PostCompactwithmanual|automatchers and shared output fields. Add only after defining a Codex-owned script that has a real post-compaction job; do not wire placeholder echoes. - PermissionRequest approval bridge review (hook) - https://developers.openai.com/codex/hooks -
PermissionRequestcan make allow/deny decisions before approval prompts. This belongs in a deliberate conservative-profile review because the active default isapproval_policy = "never". - Subagent lifecycle hook support review (hook) - https://developers.openai.com/codex/hooks#matcher-patterns -
SubagentStartandSubagentStopare now in the official matcher matrix. Evaluate whether AgentOps needs a lifecycle ledger hook before adding another global hook. - Managed hook directory trust review (hook) - https://developers.openai.com/codex/config-reference#configtoml - Official config now documents managed hook directories and warns that non-managed command hooks require review/trust. Current scripts are direct absolute paths; assess whether managed hooks reduce trust friction without adding a migration burden.
- SPOQ wave-dispatch eval adapter (research) - https://arxiv.org/abs/2606.03115v1 - Specialist Orchestrated Queuing maps closely to
/autoand planning-gate: dependency waves, dual validation gates, and human-as-agent checkpoints are worth testing against existing routing before changing dispatch policy.
Research
- SPOQ: Specialist Orchestrated Queuing for Multi-Agent Software Engineering - Directly relevant to multi-agent task graphs, validation gates, and bounded parallelism in the current Codex AgentOps projection.
- Agentic Monte Carlo: Simulating Reinforcement Learning for Black-Box Agents - Useful for router-frontier and eval-harness thinking: test-time trajectory sampling may improve black-box agent policy without model training.
- RAT: RunAnyThing via Fully Automated Environment Configuration - Updated June 4; relevant to runtime-doctor and repository setup verification, but too broad for an automatic daily harness change.
- Human-AI Collaboration and the Transformation of Software Engineering Work - High-level but reinforces the local bias toward intent specification, verification, governance, and accountable oversight over raw code volume.
Already Have
PreToolUse Bash safety guard, PostToolUse verification ledger, PostToolUse failure-context hook, UserPromptSubmit route classifier, Stop omni-mem save hook, PreCompact omni-mem hook, SessionStart startup/resume/clear/compact runtime checks, protected main/master push guard, read-only explorer/planner/reviewer/validator agents, TypeScript and Python reviewer agents, workspace-write worker agent, max_threads = 3, conservative and conservative-auto-review profiles, OpenAI developer docs MCP with parallel calls enabled, browser/chrome/computer-use/openai-developers plugins, plugin marketplaces, progressive-disclosure skill library, skill audit workflow, session search, omni-mem primary memory workflow, prompt telemetry disabled, AGENTS.override.md discovery support, AGENTS.md byte budget configuration, #:schema header on config.toml, no stale trusted project roots.
Rejected
- Auto-wire
PostCompact,PermissionRequest,SubagentStart, orSubagentStoptoday - official support exists, but no existing target script was proven for those events; the ecosystem-update Quick Win rules forbid hook wiring that requires new scripts. - Add
apply_patch|Edit|Writematchers to existingedit_verify_async.pyhook - the script exits unlesstool_name == "Bash", so edit matcher wiring would only create apparent coverage. - Auto-upgrade Codex CLI to stable
0.137.0or pre-release0.138.0-alpha.5- the local PATH CLI is0.133.0and the packaged app CLI is0.135.0-alpha.1, but CLI upgrades remain explicit upgrade/smoke tasks, not daily automatic mutations. - Enable native Codex memories globally - conflicts with the current omni-mem-first policy and prompt-telemetry posture.
- Enable plugin hooks globally - current trust boundary remains unresolved; config correctly keeps
plugin_hooks = false. - Wholesale install am-will/codex-skills, awesome-claude-code-toolkit, oh-my-skills, GateGuard, or cc-safe-setup - external skills and hook bundles require strict audit and Codex-owned adaptation before trust.
- Edit
~/.codex/AGENTS.md,~/AGENTS.md, or introduce policy-file modularization as a Quick Win - constitutional policy docs are explicitly out of Quick Win scope. - Add global auto-format or auto-test edit hooks - broad PostToolUse edit automation can mutate unrelated user work and needs project-level opt-in plus dedicated scripts.
Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://github.com/rohitg00/awesome-claude-code-toolkit, https://github.com/openai/codex/releases, https://developers.openai.com/codex/hooks, https://developers.openai.com/codex/config-reference, https://developers.openai.com/codex/guides/agents-md, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, arXiv API submittedDate scan, WebSearch "Codex new hooks agents skills site:github.com 2026", WebSearch "arxiv.org LLM agent coding autonomous 2026 site:arxiv.org" Tier 2 fetched: yes Tier 3 fetched: yes Run at: 2026-06-06T06:32:33-04:00