Ecosystem Update - 2026-07-02
Highlights
- No safe Quick Wins were auto-applied today; the new signal is useful but needs scoped design work rather than blind harness edits
- Today's strongest research signal is skill supply-chain risk: public skills increasingly need dependency/provenance manifests, lockfile-like records, and audit commands
- Runtime-grounded verification keeps showing up: compatibility rescue, bug reproduction diagnosis, and benchmark reliability all point toward better evidence capture in the local harness
Quick Wins (implemented today)
-
None admitted -No automatic harness mutation passed the anti-overengineering and safety gates
New Tools, Skills & Patterns
-
Skill dependency manifest and audit spike skillSkills Are Not Islands - Add a local design for typed skill dependency/provenance metadata and a
codex-skill-auditextension that can warn about hidden package, service, MCP, or recursive skill dependencies before outside skills are trusted -
Source-only compatibility rescue mode agent-patternRepoRescue - Add an opt-in harness/eval mode for compatibility-rescue tasks that records source-only repair evidence and can block test-file edits when the task contract requires it
-
Runtime-diagnosis bug repair adapter skillSWE-Doctor - Extend
bug-minerorfix-issuewith multi-faceted bug reproduction records that separate observed failures, diagnosis, localization, and patch guidance -
Benchmark reliability scoring for agent evalsAre Performance-Optimization Benchmarks Reliably Measuring Coding Agents? - Add an eval-harness note or check that scores task instability and reference-patch replay reliability before using benchmark results as promotion evidence
-
Instruction-conflict and progress-report taxonomyAdversarial Pragmatics for AI Safety Evaluation - Map instruction conflict, embedded commands, policy ambiguity, scaffold failures, and false progress claims into existing completion/advisor evidence
-
Memory sycophancy and scope tests
Research Worth Reading
-
AutoMem: Automated Learning of Memory as a Cognitive Skill- Treats memory management as an independently improvable agent skill
-
RepoRescue: An Empirical Study of LLM Agents on Whole-Repository Compatibility Rescue- Useful for designing source-only repair contracts and practical validation beyond passing legacy suites
-
Are Performance-Optimization Benchmarks Reliably Measuring Coding Agents?- Warns that aggregate benchmark scores can hide replay instability and scoring-rule artifacts
-
Skills Are Not Islands: Measuring Dependency and Risk in Agent Skill Supply Chains- Directly applicable to the local outside-skill audit and trust workflow
-
Cheap Code, Costly Judgment: A Case Study on Governable Agentic Software Engineering- Reinforces the local AgentOps emphasis on inspectable evidence, review pressure, and maintainable generated changes
-
SWE-Doctor: Guiding Software Engineering Agents with Runtime Diagnosis from Multi-Faceted Bug Reproduction Tests- Strong candidate pattern for bug-miner/fix-issue once adapted to local logs and test runners
Considered, Not Adopting
Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.
- Auto-enable native Codex memories — needs an explicit migration/pilot, not a daily Quick Win
-
Switch back to deprecated
features.codex_hooks— - community best-practice text still mentionscodex_hooks, but official docs markfeatures.hooksas canonical and the local config already uses it -
Auto-import public skill catalogs — - fails the skill supply-chain risk gate; outside skills require
codex-skill-audit --strictand explicit selection - Add dynamic workflow or nested-agent runtime layers from Claude patterns — - conflicts with anti-overengineering unless tied to a recurring local failure and implemented in Codex-owned surfaces
-
Default all agents to deeper nesting or worktree isolation — - prior runs already rejected this; current
max_depth = 1and bounded roles are intentional -
Skip all SessionStart hooks on
/clear— - the current heavy context hook already excludesclear; remaining clear hooks are lightweight readiness/posture checks, so this is low-impact and not worth a mutation - Global test-edit blocking — - useful for compatibility-rescue evals, but harmful as a blanket rule because normal TDD requires adding or updating tests
- Automatic Codex CLI upgrade — - update checks are already enabled; changing binaries remains outside the safe Quick Win boundary