Ecosystem Update - 2026-06-15
Highlights
- Today produced one safe harness patch: extend existing execpolicy destructive-delete coverage from
rm -rfto equivalentrm -fr,rm -Rf, andrm -fRforms - Community sources are still converging on the setup already present here: concise AGENTS policy, focused skills, read-only reviewers, hook-backed guardrails, rules, MCP, and verification-first closure
- The strongest research signals are not new orchestration layers; they are eval/audit ideas for silent failures, cross-modal skill attacks, scaffold compatibility, and repository-structure aids
Quick Wins (implemented today)
-
Execpolicy recursive-force
rmparity guard hookAdd existingdefault.rulesforbidden-prefix coverage forrm -fr,rm -Rf, andrm -fR; verify withcodex execpolicy check
New Tools, Skills & Patterns
-
Silent-failure regression taxonomy adapterworth building because the current runtime already has hooks and evidence contracts, but could classify swallowed errors more explicitly
-
SkillMutator-style skill audit cases skillhttps://arxiv.org/abs/2606.14154 - Add cross-modal SKILL.md plus script/resource attack fixtures to
codex-skill-audit --strict; worth building because outside skills are already gated, but the current audit should be stress-tested against language/code mismatch attacks -
AgentSpec-style scaffold compatibility matrix agent-patternhttps://arxiv.org/abs/2606.14674 - Document and test which local agent roles compose cleanly across memory, planner, reviewer, validator, and worker flows; keep it as eval data, not a new orchestrator
-
Repository-structure visual aid spikehttps://arxiv.org/abs/2606.14061 - Evaluate whether
rlm-scanshould optionally emit a compact repo graph artifact for large-repo localization; do not add vision-only browsing or image-heavy default context -
Selective external skill-catalog audit skillhttps://github.com/VoltAgent/awesome-agent-skills and https://github.com/grahama1970/agent-skills - Sample specific proven skills such as safety guardrails, edit locks, docs lookup, and test automation, then run
codex-skill-audit --strict; no wholesale install -
Heterogeneous collaboration protocol review agent-pattern
Research Worth Reading
-
When Errors Become Narratives: A Longitudinal Taxonomy of Silent Failures in a Production LLM Agent Runtime- Directly relevant to making autonomous closure failures loud, attributable, and regression-testable
-
SkillMutator: Benchmarking and Defending Language-and-Code Cross-modal Attacks on LLM Agent Skills- Relevant to install-time safety for external skills with both prose instructions and executable assets
-
AgentSpec: Understanding Embodied Agent Scaffolds Through Controlled Composition- Useful for evaluating component compatibility instead of assuming stronger individual agents compose better
-
tap: A File-Based Protocol for Heterogeneous LLM Agent Collaboration- Relevant as a comparison point for durable, file-first cross-agent handoffs, but overlaps existing inbox and memory surfaces
-
LLM Agents Can See Code Repositories- Suggests repo-structure visual summaries can reduce localization cost when used alongside text, not as a replacement
-
Towards Direct Latent-Space Synthesis for Parallel Branches in LLM-Agent Workflows- Interesting for future model/runtime interfaces, but not locally actionable in Codex today
Considered, Not Adopting
Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.
- Wholesale install from awesome skill catalogs - overengineered and unsafe; the catalogs themselves say listed skills are not audited, and local policy requires strict skill audit before trust.
-
Enable native Codex memories globally - conflicts with current
features.memories = falseposture and existing omni-mem workflow. -
Enable plugin hooks globally - conflicts with current
plugin_hooks = falsetrust posture; needs explicit review rather than daily auto-change. - Replace planning with pure auto mode - conflicts with local R3/R4 alignment and planning-gate rules even though some community workflows favor less explicit planning.
- Add new Stop/quality-gate hook from community repos - blocked by skill hard limit because new hook wiring requires an existing, audited local script first.
-
Add dynamic workflow/orchestrator layer - existing
/auto, planning-gate, agents, and skills already cover the recurring need; no proof that a new orchestration engine is necessary. - Adopt HyperTool-style MCP wrapper locally - source is research, not a stable Codex primitive; would add a new tool-execution abstraction without local failure evidence.
-
Edit
AGENTS.mdas a Quick Win - explicitly prohibited by this skill and by local runtime policy.