~/chadacus.dev/ecosystem-update/2026-06-15

Ecosystem Update - 2026-06-15

June 15, 2026 · curated by Chad Simon · 21 items reviewed

Highlights

  • Today produced one safe harness patch: extend existing execpolicy destructive-delete coverage from rm -rf to equivalent rm -fr, rm -Rf, and rm -fR forms
  • Community sources are still converging on the setup already present here: concise AGENTS policy, focused skills, read-only reviewers, hook-backed guardrails, rules, MCP, and verification-first closure
  • The strongest research signals are not new orchestration layers; they are eval/audit ideas for silent failures, cross-modal skill attacks, scaffold compatibility, and repository-structure aids

Quick Wins (implemented today)

New Tools, Skills & Patterns

  • Silent-failure regression taxonomy adapter
    worth building because the current runtime already has hooks and evidence contracts, but could classify swallowed errors more explicitly
  • SkillMutator-style skill audit cases skill
    https://arxiv.org/abs/2606.14154 - Add cross-modal SKILL.md plus script/resource attack fixtures to codex-skill-audit --strict; worth building because outside skills are already gated, but the current audit should be stress-tested against language/code mismatch attacks
  • AgentSpec-style scaffold compatibility matrix agent-pattern
    https://arxiv.org/abs/2606.14674 - Document and test which local agent roles compose cleanly across memory, planner, reviewer, validator, and worker flows; keep it as eval data, not a new orchestrator
  • Repository-structure visual aid spike
    https://arxiv.org/abs/2606.14061 - Evaluate whether rlm-scan should optionally emit a compact repo graph artifact for large-repo localization; do not add vision-only browsing or image-heavy default context
  • Selective external skill-catalog audit skill
    https://github.com/VoltAgent/awesome-agent-skills and https://github.com/grahama1970/agent-skills - Sample specific proven skills such as safety guardrails, edit locks, docs lookup, and test automation, then run codex-skill-audit --strict; no wholesale install
  • Heterogeneous collaboration protocol review agent-pattern

Research Worth Reading

  • When Errors Become Narratives: A Longitudinal Taxonomy of Silent Failures in a Production LLM Agent Runtime
    - Directly relevant to making autonomous closure failures loud, attributable, and regression-testable
  • SkillMutator: Benchmarking and Defending Language-and-Code Cross-modal Attacks on LLM Agent Skills
    - Relevant to install-time safety for external skills with both prose instructions and executable assets
  • AgentSpec: Understanding Embodied Agent Scaffolds Through Controlled Composition
    - Useful for evaluating component compatibility instead of assuming stronger individual agents compose better
  • tap: A File-Based Protocol for Heterogeneous LLM Agent Collaboration
    - Relevant as a comparison point for durable, file-first cross-agent handoffs, but overlaps existing inbox and memory surfaces
  • LLM Agents Can See Code Repositories
    - Suggests repo-structure visual summaries can reduce localization cost when used alongside text, not as a replacement
  • Towards Direct Latent-Space Synthesis for Parallel Branches in LLM-Agent Workflows
    - Interesting for future model/runtime interfaces, but not locally actionable in Codex today

Considered, Not Adopting

Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.

  • Wholesale install from awesome skill catalogs - overengineered and unsafe; the catalogs themselves say listed skills are not audited, and local policy requires strict skill audit before trust.
  • Enable native Codex memories globally - conflicts with current features.memories = false posture and existing omni-mem workflow.
  • Enable plugin hooks globally - conflicts with current plugin_hooks = false trust posture; needs explicit review rather than daily auto-change.
  • Replace planning with pure auto mode - conflicts with local R3/R4 alignment and planning-gate rules even though some community workflows favor less explicit planning.
  • Add new Stop/quality-gate hook from community repos - blocked by skill hard limit because new hook wiring requires an existing, audited local script first.
  • Add dynamic workflow/orchestrator layer - existing /auto, planning-gate, agents, and skills already cover the recurring need; no proof that a new orchestration engine is necessary.
  • Adopt HyperTool-style MCP wrapper locally - source is research, not a stable Codex primitive; would add a new tool-execution abstraction without local failure evidence.
  • Edit AGENTS.md as a Quick Win - explicitly prohibited by this skill and by local runtime policy.

Sources Reviewed

// archive

← back to all digests