~/chadacus.dev/ecosystem-update/2026-07-03

Ecosystem Update - 2026-07-03

July 3, 2026 · curated by Chad Simon · 22 items reviewed

Highlights

  • No safe harness Quick Wins cleared the automatic-change gate today; all high-value items need new scripts, explicit policy direction, or deeper eval work
  • Today's strongest signal is action-boundary safety: new DevOps and safety-testing papers argue that completion alone overstates safe autonomy
  • Skill quality is becoming a serious maintenance surface; two new arXiv papers point toward local skill-smell and provenance audits rather than wholesale registry installs

Quick Wins (implemented today)

  • None admitted hook / skill / agent-pattern
    Current crawl
    No automatic harness mutation passed the hard limits

New Tools, Skills & Patterns

  • UnderSpecBench action-boundary eval adapter
    https://arxiv.org/abs/2607.02294 - Add a small eval pack for ambiguous DevOps-style prompts that proves Codex asks or defers when target, intent, or blast radius is underspecified
  • Vera-style safety-case harness
    https://arxiv.org/abs/2607.01793 - Convert the evidence-grounded safety-case pattern into a local AgentOps validation spike: executable initial state, deterministic predicate, and tool-call evidence
  • SKILL.md smell audit extension skill
    https://arxiv.org/abs/2607.01456 - Extend codex-skill-audit --strict or add a companion report mode for missing triggers, unclear scope, unsafe scripts, weak verification, and stale operational contracts
  • Agent dependency graph / BOM spike agent-pattern
    https://arxiv.org/abs/2607.01640 - Prototype a read-only map of agents, prompts, tools, MCP servers, memory, and allowed capabilities for local agent repos before adopting a larger governance graph
  • PAIR-Bench-style progressive repair metrics
    https://arxiv.org/abs/2607.01360 - Add repair-trajectory evidence to task evals so validation can distinguish partial progress, regression, hint dependence, and final pass/fail
  • cc-thingz selective audit skill / hook
    https://github.com/alexei-led/cc-thingz - Audit the portable suite for individual ideas such as protected-path checks, skill suggestion, and focused test selection, without enabling plugin hooks or importing the suite wholesale
  • Public Codex skill catalog triage skill
    https://github.com/composiohq/awesome-codex-skills - Use the catalog as discovery input for skill-audit candidates only; do not install catalog skills until each source passes strict local audit

Research Worth Reading

  • Coding Agents Are Guessing: Measuring Action-Boundary Violations in Underspecified DevOps Instructions
    - Directly relevant to R5/R4 routing and the rule that destructive or ambiguous operational work must clarify before acting
  • Safety Testing LLM Agents at Scale: From Risk Discovery to Evidence-Grounded Verification
    - Useful blueprint for executable safety cases and evidence-grounded verifiers over tool traces
  • From Anatomy to Smells: An Empirical Study of SKILL.md in Agent Skills
    - Supports turning skill quality checks into an automated local audit surface
  • From Registry to Repository: How AI Agent Skills Are Written, Adapted, and Maintained
    - Reinforces the local-adaptation stance: imported skills need project-specific bindings and maintenance, not one-time copying
  • AgentFlow: Building Agent Dependency Graphs for Static Analysis of Agent Programs
    - Relevant to Wren/AgentOps/BOM work, but too broad for an automatic runtime change
  • Benchmarking Code Improvement with Progressive, Adaptive, and Interactive Feedback
    - Good fit for improving task evals beyond binary pass/fail

Considered, Not Adopting

Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.

  • Enable features.plugin_hooks = true for cc-thingz- rejected as under-development feature enablement plus third-party hook execution; requires explicit audit and rollback notes
  • Install cc-thingz wholesale- rejected as external skill/hook bundle import; individual ideas can be audited, but no direct install
  • Install Composio/awesome-codex-skills entries automatically- rejected because public catalog discovery is not trust; outside skills require codex-skill-audit --strict
  • Wire PermissionRequest, PostCompact, SubagentStart, or SubagentStop hooks immediately- rejected because no existing local script was identified with correct event semantics; new hook scripts are Build Queue work, not Quick Wins
  • Adopt Boris-style worktree isolation or deeper default nested agents- rejected because current max_depth = 1 and bounded threads are deliberate safety posture; increasing them is not a one-line safety gain
  • Edit AGENTS.md for modular imports or new policy language- rejected by the ecosystem-update hard limit and runtime contract; constitutional changes need explicit user direction
  • Enable native Codex memories
  • Install voice/audio Codex hook packs- rejected as convenience-only and already covered by existing notify hooks

Sources Reviewed

// archive

← back to all digests