Ecosystem Update - 2026-07-02
TL;DR
- No safe Quick Wins were auto-applied today; the new signal is useful but needs scoped design work rather than blind harness edits.
- Today's strongest research signal is skill supply-chain risk: public skills increasingly need dependency/provenance manifests, lockfile-like records, and audit commands.
- Runtime-grounded verification keeps showing up: compatibility rescue, bug reproduction diagnosis, and benchmark reliability all point toward better evidence capture in the local harness.
Quick Wins
| Item | Source | Type | Impact | Effort | Action |
|---|---|---|---|---|---|
| None admitted | Current scoring pass | - | - | - | No automatic harness mutation passed the anti-overengineering and safety gates |
Auto-Implemented
- None. Backups were created under
~/.codex/backups/2026-07-02/; no config, hook, agent, skill, or policy file was changed.
Build Queue
- Skill dependency manifest and audit spike (skill) - Skills Are Not Islands - Add a local design for typed skill dependency/provenance metadata and a
codex-skill-auditextension that can warn about hidden package, service, MCP, or recursive skill dependencies before outside skills are trusted. - Source-only compatibility rescue mode (agent-pattern) - RepoRescue - Add an opt-in harness/eval mode for compatibility-rescue tasks that records source-only repair evidence and can block test-file edits when the task contract requires it.
- Runtime-diagnosis bug repair adapter (skill) - SWE-Doctor - Extend
bug-minerorfix-issuewith multi-faceted bug reproduction records that separate observed failures, diagnosis, localization, and patch guidance. - Benchmark reliability scoring for agent evals (research) - Are Performance-Optimization Benchmarks Reliably Measuring Coding Agents? - Add an eval-harness note or check that scores task instability and reference-patch replay reliability before using benchmark results as promotion evidence.
- Instruction-conflict and progress-report taxonomy (research) - Adversarial Pragmatics for AI Safety Evaluation - Map instruction conflict, embedded commands, policy ambiguity, scaffold failures, and false progress claims into existing completion/advisor evidence.
- Memory sycophancy and scope tests (research) - MemSyco-Bench - Add future omni-mem eval cases for stale memory, scoped preference conflicts, and memory-vs-objective-evidence abstention.
Research
- AutoMem: Automated Learning of Memory as a Cognitive Skill - Treats memory management as an independently improvable agent skill; relevant to omni-mem lifecycle and memory-context selection, but too large for a Quick Win.
- RepoRescue: An Empirical Study of LLM Agents on Whole-Repository Compatibility Rescue - Useful for designing source-only repair contracts and practical validation beyond passing legacy suites.
- Are Performance-Optimization Benchmarks Reliably Measuring Coding Agents? - Warns that aggregate benchmark scores can hide replay instability and scoring-rule artifacts.
- Skills Are Not Islands: Measuring Dependency and Risk in Agent Skill Supply Chains - Directly applicable to the local outside-skill audit and trust workflow.
- Cheap Code, Costly Judgment: A Case Study on Governable Agentic Software Engineering - Reinforces the local AgentOps emphasis on inspectable evidence, review pressure, and maintainable generated changes.
- SWE-Doctor: Guiding Software Engineering Agents with Runtime Diagnosis from Multi-Faceted Bug Reproduction Tests - Strong candidate pattern for bug-miner/fix-issue once adapted to local logs and test runners.
Already Have
Canonical features.hooks = true, schema-linked config.toml, live web search, update checks on startup, AGENTS.md fallback only, prompt telemetry off, app destructive actions disabled, PreToolUse/PostToolUse/UserPromptSubmit/SessionStart/Stop/PreCompact hooks, hook statusMessage and timeout fields, prompt route classification, completion evidence gate, omni-mem Stop/PreCompact hooks, OpenAI docs MCP, node_repl MCP, Wren MCP, plugin/app support, read-only explorer/planner/reviewer/validator agents, language-specific reviewers, bounded worker agent, conservative profiles, review profile, planning-gate, auto runtime, bug-miner, fix-issue, security-audit, skill-audit, codex-branch, codex-security, session-recall, memory-adaptation, iterative-retrieval, autoconfig, build-backlog, skills-janitor, OpenAI docs skill, browser/chrome/computer-use plugins, and existing destructive command guards for rm -rf and forced git clean variants.
Rejected
- Auto-enable native Codex memories - conflicts with the current omni-mem default and explicit
features.memories = falseposture; needs an explicit migration/pilot, not a daily Quick Win. - Switch back to deprecated
features.codex_hooks- community best-practice text still mentionscodex_hooks, but official docs markfeatures.hooksas canonical and the local config already uses it. - Auto-import public skill catalogs - fails the skill supply-chain risk gate; outside skills require
codex-skill-audit --strictand explicit selection. - Add dynamic workflow or nested-agent runtime layers from Claude patterns - conflicts with anti-overengineering unless tied to a recurring local failure and implemented in Codex-owned surfaces.
- Default all agents to deeper nesting or worktree isolation - prior runs already rejected this; current
max_depth = 1and bounded roles are intentional. - Skip all SessionStart hooks on
/clear- the current heavy context hook already excludesclear; remaining clear hooks are lightweight readiness/posture checks, so this is low-impact and not worth a mutation. - Global test-edit blocking - useful for compatibility-rescue evals, but harmful as a blanket rule because normal TDD requires adding or updating tests.
- Automatic Codex CLI upgrade - update checks are already enabled; changing binaries remains outside the safe Quick Win boundary.
Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, https://export.arxiv.org/api/query, GitHub search supplement for Codex hooks/agents/skills, OpenAI Codex config reference via developers.openai.com. Tier 2 fetched: yes. Tier 3 fetched: no; last weekly crawl was 2026-07-01T06:33:31-04:00, within the 7-day gate. Run at: 2026-07-02T06:31:55-04:00.