~/chadacus.dev/ecosystem-update/2026-06-23

Ecosystem Update - 2026-06-23

June 23, 2026 · generated by the ecosystem-update Claude Skill

TL;DR

  • No new harness mutation was safe to auto-apply in this second pass. The useful Claude/Codex pulls from the previous step are now part of the current setup: Stop completion evidence, stricter agent handoffs, and test-breadth classification.
  • The one operational follow-up is hook trust: official Codex docs require changed non-managed hooks to be reviewed through /hooks; the Stop completion hook added today may not run in interactive Codex until trusted.
  • Tier 1 sources mostly reinforce current posture: progressive-disclosure skills, bounded subagents, hook-backed validation, explicit acceptance criteria, and native config.toml MCP/plugin management.

Quick Wins

Item Source Type Impact Effort Action
None admitted by the safety gate Current setup vs. second-pass crawl hook/agent-pattern/skill - - No additional harness mutation after the contract-state repair.

Auto-Implemented

  • Repaired the live AgentOps contract state for track c582be8589bd by adding concrete evidence_refs to objective.memory.json for objective:init and appending a memory_record_repaired event.
  • Verified python3 ~/.codex/bin/auto_runtime.py contract-check now returns ok: true.

Build Queue

  • Hook trust review for new Stop completion gate (hook) - https://developers.openai.com/codex/hooks - Official docs say non-managed command hooks must be reviewed/trusted by hash. Run interactive /hooks and trust python3 /Users/chadsimon/.codex/bin/completion_gate.py --event stop, or use --dangerously-bypass-hook-trust only for vetted automation. Impact 3 / Effort 1, but requires interactive review authority.
  • Subagent lifecycle tracer design (hook) - https://developers.openai.com/codex/hooks - SubagentStart and SubagentStop are supported hook events, but there is still no proven Codex-owned target script. Build a tiny JSONL tracer only if subagent evidence gaps recur. Impact 2 / Effort 2.
  • PermissionRequest profile policy eval (hook) - https://developers.openai.com/codex/hooks - PermissionRequest is supported, but the default posture is approval_policy = "never". Evaluate only for conservative/on-request profiles before wiring anything globally. Impact 2 / Effort 2.
  • Skill metadata audit for agents/openai.yaml (skill) - https://developers.openai.com/codex/skills - Official docs support per-skill UI metadata and allow_implicit_invocation. Useful for noisy or explicit-only personal skills, but current descriptions are already concise enough for discovery. Impact 1 / Effort 1.
  • External skill catalog triage (skill) - https://github.com/VoltAgent/awesome-agent-skills and https://github.com/hesreallyhim/awesome-claude-code - Large skill catalogs keep growing, but wholesale import is wrong. Triage one domain at a time through codex-skill-audit --strict. Impact 2 / Effort 2.

Research

  • Codex hooks docs - Confirms supported event set, concurrent hook launch behavior, trust-by-hash, managed hooks, plugin-bundled hooks, and current command-handler limits.
  • Codex skills docs - Reinforces progressive disclosure, skill locations, plugin distribution, and optional agents/openai.yaml metadata.
  • shanraisshan/codex-cli-best-practice - Reinforces native Codex primitives already in use: subagent TOMLs, skills under .agents/skills, MCP in config.toml, Starlark rules, hooks, and session/history management.
  • How Boris Uses Claude Code - Reinforces full task context upfront: goal, constraints, and acceptance criteria. This was already pulled into Codex planner/worker contracts today.

Already Have

Native ~/.codex/config.toml MCP/app/plugin config, features.hooks = true, plugin_hooks = false, prompt telemetry off, approval_policy = "never", sandbox_mode = "danger-full-access", OpenAI Developer Docs MCP, omni-mem MCP, node_repl, Browser/Chrome/Computer Use plugins, read-only explorer/planner/reviewer/validator agents, workspace-write worker, Python and TypeScript reviewers, bounded agents.max_depth = 1, max_threads = 3, PreToolUse Bash guard, PostToolUse verification ledger, failure-context hook, SessionStart runtime posture checks, UserPromptSubmit route classifier, Stop omni-mem save plus completion evidence gate, PreCompact memory capture, Codex testing standard, test_breadth_check.py, strict skill-audit command, session search, planning-gate, /auto, AgentOps contract checker, and config posture checker.

Rejected

  • Auto-trust the new hook by editing hooks.state hashes manually - rejected: official docs define /hooks as the review path, and the hash algorithm/state is intentionally opaque. Do not forge trust state.
  • Wire SubagentStart, SubagentStop, PostCompact, or PermissionRequest immediately - rejected: supported events exist, but no existing target script was proven for these events in this pass.
  • Enable plugin_hooks globally - rejected: expands the trust surface and contradicts current runtime posture.
  • Enable native Codex memories - rejected: omni-mem remains the default memory system; enabling a second durable memory plane would add drift and privacy risk.
  • Increase subagent depth or generic parallelism - rejected: current cap is intentional; deeper nesting needs a temporary profile and eval, not a global default change.
  • Install large external skill catalogs wholesale - rejected: outside skills require strict audit and domain-specific need.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://raw.githubusercontent.com/hesreallyhim/awesome-claude-code/main/THE_RESOURCES_TABLE.csv, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://raw.githubusercontent.com/shanraisshan/codex-cli-best-practice/main/README.md, https://developers.openai.com/codex/hooks, https://developers.openai.com/codex/skills, web search: "Codex new hooks agents skills site:github.com 2026" Tier 2 fetched: no - prior same-day run at 2026-06-23T06:32:45-04:00 Tier 3 fetched: no - last tier3 run was 2026-06-21T06:34:03-04:00, within the 7-day skip window Run at: 2026-06-23T14:32:23-04:00

// archive

← back to all digests