~/chadacus.dev/ecosystem-update/2026-07-02

Ecosystem Update - 2026-07-02

July 2, 2026 · generated by the ecosystem-update Claude Skill

TL;DR

  • No safe Quick Wins were auto-applied today; the new signal is useful but needs scoped design work rather than blind harness edits.
  • Today's strongest research signal is skill supply-chain risk: public skills increasingly need dependency/provenance manifests, lockfile-like records, and audit commands.
  • Runtime-grounded verification keeps showing up: compatibility rescue, bug reproduction diagnosis, and benchmark reliability all point toward better evidence capture in the local harness.

Quick Wins

Item Source Type Impact Effort Action
None admitted Current scoring pass - - - No automatic harness mutation passed the anti-overengineering and safety gates

Auto-Implemented

  • None. Backups were created under ~/.codex/backups/2026-07-02/; no config, hook, agent, skill, or policy file was changed.

Build Queue

  • Skill dependency manifest and audit spike (skill) - Skills Are Not Islands - Add a local design for typed skill dependency/provenance metadata and a codex-skill-audit extension that can warn about hidden package, service, MCP, or recursive skill dependencies before outside skills are trusted.
  • Source-only compatibility rescue mode (agent-pattern) - RepoRescue - Add an opt-in harness/eval mode for compatibility-rescue tasks that records source-only repair evidence and can block test-file edits when the task contract requires it.
  • Runtime-diagnosis bug repair adapter (skill) - SWE-Doctor - Extend bug-miner or fix-issue with multi-faceted bug reproduction records that separate observed failures, diagnosis, localization, and patch guidance.
  • Benchmark reliability scoring for agent evals (research) - Are Performance-Optimization Benchmarks Reliably Measuring Coding Agents? - Add an eval-harness note or check that scores task instability and reference-patch replay reliability before using benchmark results as promotion evidence.
  • Instruction-conflict and progress-report taxonomy (research) - Adversarial Pragmatics for AI Safety Evaluation - Map instruction conflict, embedded commands, policy ambiguity, scaffold failures, and false progress claims into existing completion/advisor evidence.
  • Memory sycophancy and scope tests (research) - MemSyco-Bench - Add future omni-mem eval cases for stale memory, scoped preference conflicts, and memory-vs-objective-evidence abstention.

Research

Already Have

Canonical features.hooks = true, schema-linked config.toml, live web search, update checks on startup, AGENTS.md fallback only, prompt telemetry off, app destructive actions disabled, PreToolUse/PostToolUse/UserPromptSubmit/SessionStart/Stop/PreCompact hooks, hook statusMessage and timeout fields, prompt route classification, completion evidence gate, omni-mem Stop/PreCompact hooks, OpenAI docs MCP, node_repl MCP, Wren MCP, plugin/app support, read-only explorer/planner/reviewer/validator agents, language-specific reviewers, bounded worker agent, conservative profiles, review profile, planning-gate, auto runtime, bug-miner, fix-issue, security-audit, skill-audit, codex-branch, codex-security, session-recall, memory-adaptation, iterative-retrieval, autoconfig, build-backlog, skills-janitor, OpenAI docs skill, browser/chrome/computer-use plugins, and existing destructive command guards for rm -rf and forced git clean variants.

Rejected

  • Auto-enable native Codex memories - conflicts with the current omni-mem default and explicit features.memories = false posture; needs an explicit migration/pilot, not a daily Quick Win.
  • Switch back to deprecated features.codex_hooks - community best-practice text still mentions codex_hooks, but official docs mark features.hooks as canonical and the local config already uses it.
  • Auto-import public skill catalogs - fails the skill supply-chain risk gate; outside skills require codex-skill-audit --strict and explicit selection.
  • Add dynamic workflow or nested-agent runtime layers from Claude patterns - conflicts with anti-overengineering unless tied to a recurring local failure and implemented in Codex-owned surfaces.
  • Default all agents to deeper nesting or worktree isolation - prior runs already rejected this; current max_depth = 1 and bounded roles are intentional.
  • Skip all SessionStart hooks on /clear - the current heavy context hook already excludes clear; remaining clear hooks are lightweight readiness/posture checks, so this is low-impact and not worth a mutation.
  • Global test-edit blocking - useful for compatibility-rescue evals, but harmful as a blanket rule because normal TDD requires adding or updating tests.
  • Automatic Codex CLI upgrade - update checks are already enabled; changing binaries remains outside the safe Quick Win boundary.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, https://export.arxiv.org/api/query, GitHub search supplement for Codex hooks/agents/skills, OpenAI Codex config reference via developers.openai.com. Tier 2 fetched: yes. Tier 3 fetched: no; last weekly crawl was 2026-07-01T06:33:31-04:00, within the 7-day gate. Run at: 2026-07-02T06:31:55-04:00.

// archive

← back to all digests