Ecosystem Update - 2026-06-15
TL;DR
- Today produced one safe harness patch: extend existing execpolicy destructive-delete coverage from
rm -rfto equivalentrm -fr,rm -Rf, andrm -fRforms. - Community sources are still converging on the setup already present here: concise AGENTS policy, focused skills, read-only reviewers, hook-backed guardrails, rules, MCP, and verification-first closure.
- The strongest research signals are not new orchestration layers; they are eval/audit ideas for silent failures, cross-modal skill attacks, scaffold compatibility, and repository-structure aids.
Quick Wins
| Item | Source | Type | Impact | Effort | Action |
|---|---|---|---|---|---|
Execpolicy recursive-force rm parity guard |
https://github.com/shanraisshan/codex-cli-best-practice | hook | 3 | 1 | Add existing default.rules forbidden-prefix coverage for rm -fr, rm -Rf, and rm -fR; verify with codex execpolicy check. |
Auto-Implemented
- Backed up
config.toml,hooks.json, agent TOMLs, andrules/default.rulesto/Users/chadsimon/.codex/backups/2026-06-15/. - Updated
/Users/chadsimon/.codex/rules/default.ruleswith forbidden prefix rules forrm -fr,rm -Rf, andrm -fR. - Verification passed:
codex execpolicy check -r /Users/chadsimon/.codex/rules/default.rules --pretty rm -fr build->forbiddencodex execpolicy check -r /Users/chadsimon/.codex/rules/default.rules --pretty rm -Rf build->forbiddencodex execpolicy check -r /Users/chadsimon/.codex/rules/default.rules --pretty rm -fR build->forbiddencodex execpolicy check -r /Users/chadsimon/.codex/rules/default.rules --pretty rm -r build-> no match
Build Queue
- Silent-failure regression taxonomy adapter (research) - https://arxiv.org/abs/2606.14589 - Turn the fail-plausible/silent-failure taxonomy into a small audit checklist for
auto_runtime.pyclosure evidence and post-run reports; worth building because the current runtime already has hooks and evidence contracts, but could classify swallowed errors more explicitly. - SkillMutator-style skill audit cases (skill) - https://arxiv.org/abs/2606.14154 - Add cross-modal SKILL.md plus script/resource attack fixtures to
codex-skill-audit --strict; worth building because outside skills are already gated, but the current audit should be stress-tested against language/code mismatch attacks. - AgentSpec-style scaffold compatibility matrix (agent-pattern) - https://arxiv.org/abs/2606.14674 - Document and test which local agent roles compose cleanly across memory, planner, reviewer, validator, and worker flows; keep it as eval data, not a new orchestrator.
- Repository-structure visual aid spike (research) - https://arxiv.org/abs/2606.14061 - Evaluate whether
rlm-scanshould optionally emit a compact repo graph artifact for large-repo localization; do not add vision-only browsing or image-heavy default context. - Selective external skill-catalog audit (skill) - https://github.com/VoltAgent/awesome-agent-skills and https://github.com/grahama1970/agent-skills - Sample specific proven skills such as safety guardrails, edit locks, docs lookup, and test automation, then run
codex-skill-audit --strict; no wholesale install. - Heterogeneous collaboration protocol review (agent-pattern) - https://arxiv.org/abs/2606.14445 - Compare tap's file-first collaboration and worktree isolation with the existing inbox/openclaw/omni-mem flow before adopting any local bridge.
Research
- When Errors Become Narratives: A Longitudinal Taxonomy of Silent Failures in a Production LLM Agent Runtime - Directly relevant to making autonomous closure failures loud, attributable, and regression-testable.
- SkillMutator: Benchmarking and Defending Language-and-Code Cross-modal Attacks on LLM Agent Skills - Relevant to install-time safety for external skills with both prose instructions and executable assets.
- AgentSpec: Understanding Embodied Agent Scaffolds Through Controlled Composition - Useful for evaluating component compatibility instead of assuming stronger individual agents compose better.
- tap: A File-Based Protocol for Heterogeneous LLM Agent Collaboration - Relevant as a comparison point for durable, file-first cross-agent handoffs, but overlaps existing inbox and memory surfaces.
- LLM Agents Can See Code Repositories - Suggests repo-structure visual summaries can reduce localization cost when used alongside text, not as a replacement.
- Towards Direct Latent-Space Synthesis for Parallel Branches in LLM-Agent Workflows - Interesting for future model/runtime interfaces, but not locally actionable in Codex today.
Already Have
Concise AGENTS runtime contract, model = "gpt-5.5", high reasoning default, review_model, trusted project config, [features].hooks = true, prompt telemetry off, conservative profiles, allow_login_shell = false in conservative profiles, OpenAI developer docs MCP, omni-mem MCP, plugin support, Browser/Chrome/Computer Use/PDF/Documents/Spreadsheets/Presentations/Gmail/OpenAI Developers plugins, PreToolUse Bash guard, PostToolUse edit verification and failure context, SessionStart repo/runtime/config preflight, UserPromptSubmit route classifier, Stop and PreCompact omni-mem hooks, read-only explorer/planner/reviewer/validator agents, language-specific reviewers, worker and chad-twin agents, max agent depth/thread limits, .codex/rules/default.rules, codex execpolicy check-tested destructive git/rm guards, codex-skill-audit --strict, session recall, auto runtime preflight/contract-check, go, what-would-chad-do, memory adaptation/consolidation skills, RLM scan, security/refactor/audit skills, and local report/state tracking for ecosystem updates.
Rejected
- Wholesale install from awesome skill catalogs - overengineered and unsafe; the catalogs themselves say listed skills are not audited, and local policy requires strict skill audit before trust.
- Enable native Codex memories globally - conflicts with current
features.memories = falseposture and existing omni-mem workflow. - Enable plugin hooks globally - conflicts with current
plugin_hooks = falsetrust posture; needs explicit review rather than daily auto-change. - Replace planning with pure auto mode - conflicts with local R3/R4 alignment and planning-gate rules even though some community workflows favor less explicit planning.
- Add new Stop/quality-gate hook from community repos - blocked by skill hard limit because new hook wiring requires an existing, audited local script first.
- Add dynamic workflow/orchestrator layer - existing
/auto, planning-gate, agents, and skills already cover the recurring need; no proof that a new orchestration engine is necessary. - Adopt HyperTool-style MCP wrapper locally - source is research, not a stable Codex primitive; would add a new tool-execution abstraction without local failure evidence.
- Edit
AGENTS.mdas a Quick Win - explicitly prohibited by this skill and by local runtime policy.
Sources checked: https://github.com/hesreallyhim/awesome-claude-code; https://howborisusesclaudecode.com/; https://github.com/shanraisshan/codex-cli-best-practice; https://github.com/grahama1970/agent-skills; https://github.com/VoltAgent/awesome-agent-skills; https://github.com/openai/codex/discussions/16329; https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first; https://export.arxiv.org/api/query?search_query=all:%22LLM%20agent%22%20AND%20all:coding&start=0&max_results=10&sortBy=submittedDate&sortOrder=descending Tier 2 fetched: yes Tier 3 fetched: no - last weekly fetch was 2026-06-13, inside the 7-day gate Run at: 2026-06-15T06:32:54-04:00