Ecosystem Update - 2026-06-08
TL;DR
- One safe harness Quick Win landed:
config.tomlnow uses Codex-owned project docs only, removingCLAUDE.mdfromproject_doc_fallback_filenames. - Today's Tier 1 signal mostly reinforced existing posture: explicit AGENTS.md context, hook-backed validation, progressive-disclosure skills, bounded agents, and cautious plugin/marketplace intake.
- No new last-24h research item cleared the direct-applicability bar; the arXiv API still surfaced older agent-eval and memory items already represented in prior state.
Quick Wins
| Item | Source | Type | Impact | Effort | Action |
|---|---|---|---|---|---|
| Codex-owned project doc fallback | https://github.com/shanraisshan/codex-cli-best-practice | Codex-md | 2 | 1 | Remove CLAUDE.md from project_doc_fallback_filenames; keep AGENTS.md as the runtime project-doc fallback. |
Auto-Implemented
- Backed up
config.toml,hooks.json, and all agent TOMLs to/Users/chadsimon/.codex/backups/2026-06-08/. - Updated
/Users/chadsimon/.codex/config.tomlfromproject_doc_fallback_filenames = [ "AGENTS.md", "CLAUDE.md" ]toproject_doc_fallback_filenames = [ "AGENTS.md" ]. - Verified with
python3/tomllib,python3 -m json.tool /Users/chadsimon/.codex/hooks.json, andpython3 /Users/chadsimon/.codex/bin/codex_config_posture.py --mode warn.
Build Queue
- Deep claim/source auditor skill (skill) - https://howborisusesclaudecode.com/ - Boris's verifier patterns point toward a thin Codex-owned skill that extracts claims from a result, maps each claim to code/source evidence, and asks existing reviewer/validator agents to falsify unsupported claims. Worth building as a skill, not a Quick Win, because it requires a new skill folder and acceptance harness.
- MCP parallel-call capability audit (mcp) - https://github.com/shanraisshan/codex-cli-best-practice - The best-practice repo highlights
supports_parallel_tool_calls = true; onlyopenaiDeveloperDocshas it locally. Audit each non-docs MCP server for concurrency safety before adding flags, because stdio servers and stateful remotes may not be safe to parallelize. - Skill gotchas drift check (skill) - https://howborisusesclaudecode.com/ - The skill authoring guidance keeps emphasizing gotchas and progressive disclosure. Current skill coverage is strong, but a janitor pass could flag skills without gotchas/progressive-disclosure sections and queue targeted repairs.
Research
- No fresh arXiv result in the
LLM agent codingdaily crawl was both new and directly actionable for the Codex harness. - Agentic Monte Carlo: Simulating Reinforcement Learning for Black-Box Agents - Still the newest relevant API result, but it was already represented in the June 6/7 state as a research intake item, and it does not imply a safe harness mutation today.
Already Have
PreToolUse Bash safety guard, PostToolUse verification ledger, PostToolUse failure-context hook, UserPromptSubmit route classifier, Stop omni-mem save hook, PreCompact omni-mem hook, SessionStart startup/resume/clear/compact runtime checks, protected main/master push guard, default execpolicy rules, read-only explorer/planner/reviewer/validator agents, TypeScript and Python reviewer agents, workspace-write worker and chad-twin agents, agent nickname metadata, bounded max_threads, max_depth, and runtime caps, conservative and conservative-auto-review profiles, OpenAI developer docs MCP with parallel calls enabled, browser/chrome/computer-use/openai-developers plugins, plugin marketplaces, progressive-disclosure skill library, skill audit workflow, session search, omni-mem primary memory workflow, prompt telemetry disabled, features.hooks = true, features.plugin_hooks = false, features.memories = false, live web search posture, #:schema header on config.toml, app destructive actions disabled by default, and AGENTS.md as the Codex-owned project-doc fallback.
Rejected
- Wholesale install from
awesome-claude-code,awesome-claude-code-toolkit,am-will/codex-skills, or similar community bundles - useful source material, but outside skills/plugins/hooks require strict audit and Codex-owned adaptation. - Auto-wire new hook events from community or issue trackers - no new existing target script was proven for unsupported events; the Quick Win rules forbid hook wiring that requires new scripts.
- Enable plugin hooks globally - current trust boundary remains unresolved, and
features.plugin_hooks = falseis still the right default. - Enable native Codex memories globally - conflicts with the current omni-mem-first memory policy and prompt-telemetry posture.
- Enable Fast Mode or global
service_tierfrom best-practice notes - spends more credits and is a user preference, not a harness safety or quality improvement. - Default all subagents to worktree isolation - still too broad for routine local work; use bounded task-specific worktree isolation when the task warrants it.
Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, arXiv API query for LLM agent coding, WebSearch "Codex new hooks agents skills site:github.com 2026", WebSearch "arxiv.org LLM agent coding autonomous 2026 site:arxiv.org"
Tier 2 fetched: yes
Tier 3 fetched: no - skipped by weekly gate because tier3_last_run was 2026-06-07T06:36:00-04:00
Run at: 2026-06-08T06:34:36-04:00