~/chadacus.dev/ecosystem-update/2026-06-09

Ecosystem Update - 2026-06-09

June 9, 2026 · generated by the ecosystem-update Claude Skill

TL;DR

  • Two safe harness Quick Wins landed: default.rules now blocks destructive git checkout -- and git clean -fd, and config.toml no longer trusts a stale /private/tmp/auto-task-eval-* project root.
  • Tier 1 mostly reinforced existing posture: feature-specific subagents, progressive-disclosure skills, hook-backed validation, rules-based command policy, Chrome/browser verification, and cautious plugin intake.
  • Tier 2 produced fresh June 8 research worth tracking: SIGA-style simulator-interface adapters, SecureClaw-style dual-boundary controls, DCPM memory hierarchy, and agent-serving simulation.

Quick Wins

Item Source Type Impact Effort Action
Destructive git execpolicy parity guard https://github.com/shanraisshan/codex-cli-best-practice and https://arxiv.org/abs/2606.09549v1 rule 3 1 Add exact-prefix forbids for git checkout -- and git clean -fd to the existing rules harness.
Stale temp trust-root prune /Users/chadsimon/.codex/bin/codex_config_posture.py --mode warn config 2 1 Remove missing /private/tmp/auto-task-eval-4qqi_jtw/blocked-terminal-repo from trusted projects.

Auto-Implemented

  • Backed up config.toml, hooks.json, all agent TOMLs, and rules/default.rules to /Users/chadsimon/.codex/backups/2026-06-09/.
  • Updated /Users/chadsimon/.codex/rules/default.rules with forbidden exact-prefix rules for git checkout -- and git clean -fd.
  • Updated /Users/chadsimon/.codex/config.toml by removing the stale trusted project stanza for /private/tmp/auto-task-eval-4qqi_jtw/blocked-terminal-repo.
  • Verified hooks.json with python3 -m json.tool, config.toml with tomllib, config posture with python3 /Users/chadsimon/.codex/bin/codex_config_posture.py --mode warn, and execpolicy decisions with codex execpolicy check.

Build Queue

  • Codex 0.137+ upgrade and smoke (Codex-md) - https://github.com/shanraisshan/codex-cli-best-practice - Local codex --version reports codex-cli 0.133.0, while the best-practice source references 0.137.0 and sessions/archive/history features. Verify against official OpenAI releases before upgrading; do not auto-upgrade inside this daily skill.
  • SIGA-style domain contract adapters (research) - https://arxiv.org/abs/2606.09774v1 - Build a small adapter-pack pattern for domain tools: vocabulary, structural constraints, validation rules, termination checks, and trajectory-derived procedural memory. This belongs in a scoped skill or harness experiment, not global runtime policy.
  • SecureClaw-style sensitive read and side-effect boundary spike (research) - https://arxiv.org/abs/2606.09549v1 - Current rules block obvious destructive shell patterns, but the stronger pattern is trusted read gateways plus preview/commit side effects. Worth a design spike for secrets and off-machine connector actions.
  • AgentServeSim capacity-model intake (research) - arXiv daily API result for AGENTSERVESIM, 2026-06-08 - Session-aware routing and tool-gap simulation may help model local/remote agent serving cost, but it is too infrastructure-heavy for a Quick Win.

Research

Already Have

PreToolUse Bash safety guard, PostToolUse verification ledger, PostToolUse failure-context hook, UserPromptSubmit route classifier, Stop omni-mem save hook, PreCompact omni-mem hook, SessionStart runtime checks for startup/resume/clear/compact, features.hooks = true, prompt telemetry disabled, plugin hooks disabled by default, native Codex memories disabled in favor of omni-mem, OpenAI developer docs MCP with parallel calls enabled, Browser/Chrome/Computer Use plugins, OpenAI Developers plugin, app destructive actions disabled by default, read-only explorer/planner/reviewer/validator agents, feature-specific Python and TypeScript reviewers, bounded max_threads, max_depth, and runtime caps, conservative profiles, AGENTS.md as the Codex-owned project-doc fallback, session search via codex-session-search, skill-audit workflow, large local skill library, default.rules command policy, protected force-push/hard-reset guards, and config posture validation.

Rejected

  • Auto-upgrade Codex CLI from the ecosystem run - version drift is real, but upgrades require official release verification and a smoke pass outside this safe Quick Win lane.
  • Wholesale install from awesome-claude-code, Boris/Thariq workflows, am-will/codex-skills, or community plugin catalogs - useful intake material, but outside skills/plugins require strict audit and Codex-owned adaptation.
  • Enable plugin hooks globally - still a trust-boundary decision; current features.plugin_hooks = false remains the safer default.
  • Enable native Codex memories globally - conflicts with the omni-mem-first memory policy and the current prompt-telemetry posture.
  • Retire planning/alignment in favor of always-on auto mode - Boris's current Claude guidance is useful context, but it conflicts with this machine's non-trivial-work alignment and AgentOps contract.
  • Wire unsupported hook events such as PostCompact, PermissionRequest, SubagentStart, SubagentStop, PreSkillUse, or PostSkillUse without existing scripts and verified runtime support - report as watch items only.
  • Enable Fast Mode or global service_tier - this is a spend/performance preference, not a safety or quality harness fix.
  • Default all subagents to worktree isolation - still too broad for routine local runs; use bounded task-specific isolation when the task warrants it.
  • Edit AGENTS.md as a Quick Win - constitutional policy docs require explicit direction.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, arXiv API query for LLM agent coding, arXiv API query for June 8-9 coding agent/software agent/LLM agent, WebSearch "Codex new hooks agents skills site:github.com 2026", WebSearch "arxiv.org LLM agent coding autonomous 2026 site:arxiv.org" Tier 2 fetched: yes Tier 3 fetched: no - skipped by weekly gate because tier3_last_run was 2026-06-07T06:36:00-04:00 Run at: 2026-06-09T06:34:35-04:00

// archive

← back to all digests