Ecosystem Update - 2026-07-03
Highlights
- No safe harness Quick Wins cleared the automatic-change gate today; all high-value items need new scripts, explicit policy direction, or deeper eval work
- Today's strongest signal is action-boundary safety: new DevOps and safety-testing papers argue that completion alone overstates safe autonomy
- Skill quality is becoming a serious maintenance surface; two new arXiv papers point toward local skill-smell and provenance audits rather than wholesale registry installs
Quick Wins (implemented today)
-
None admitted hook / skill / agent-patternNo automatic harness mutation passed the hard limits
New Tools, Skills & Patterns
-
UnderSpecBench action-boundary eval adapterhttps://arxiv.org/abs/2607.02294 - Add a small eval pack for ambiguous DevOps-style prompts that proves Codex asks or defers when target, intent, or blast radius is underspecified
-
Vera-style safety-case harnesshttps://arxiv.org/abs/2607.01793 - Convert the evidence-grounded safety-case pattern into a local AgentOps validation spike: executable initial state, deterministic predicate, and tool-call evidence
-
SKILL.md smell audit extension skillhttps://arxiv.org/abs/2607.01456 - Extend
codex-skill-audit --strictor add a companion report mode for missing triggers, unclear scope, unsafe scripts, weak verification, and stale operational contracts -
Agent dependency graph / BOM spike agent-patternhttps://arxiv.org/abs/2607.01640 - Prototype a read-only map of agents, prompts, tools, MCP servers, memory, and allowed capabilities for local agent repos before adopting a larger governance graph
-
PAIR-Bench-style progressive repair metricshttps://arxiv.org/abs/2607.01360 - Add repair-trajectory evidence to task evals so validation can distinguish partial progress, regression, hint dependence, and final pass/fail
-
cc-thingz selective audit skill / hookhttps://github.com/alexei-led/cc-thingz - Audit the portable suite for individual ideas such as protected-path checks, skill suggestion, and focused test selection, without enabling plugin hooks or importing the suite wholesale
-
Public Codex skill catalog triage skillhttps://github.com/composiohq/awesome-codex-skills - Use the catalog as discovery input for skill-audit candidates only; do not install catalog skills until each source passes strict local audit
Research Worth Reading
-
Coding Agents Are Guessing: Measuring Action-Boundary Violations in Underspecified DevOps Instructions- Directly relevant to R5/R4 routing and the rule that destructive or ambiguous operational work must clarify before acting
-
Safety Testing LLM Agents at Scale: From Risk Discovery to Evidence-Grounded Verification- Useful blueprint for executable safety cases and evidence-grounded verifiers over tool traces
-
From Anatomy to Smells: An Empirical Study of SKILL.md in Agent Skills- Supports turning skill quality checks into an automated local audit surface
-
From Registry to Repository: How AI Agent Skills Are Written, Adapted, and Maintained- Reinforces the local-adaptation stance: imported skills need project-specific bindings and maintenance, not one-time copying
-
AgentFlow: Building Agent Dependency Graphs for Static Analysis of Agent Programs- Relevant to Wren/AgentOps/BOM work, but too broad for an automatic runtime change
-
Benchmarking Code Improvement with Progressive, Adaptive, and Interactive Feedback- Good fit for improving task evals beyond binary pass/fail
Considered, Not Adopting
Items reviewed and explicitly declined this cycle, with the reason. Curation discipline matters more than coverage.
-
Enable
features.plugin_hooks = truefor cc-thingz — - rejected as under-development feature enablement plus third-party hook execution; requires explicit audit and rollback notes - Install cc-thingz wholesale — - rejected as external skill/hook bundle import; individual ideas can be audited, but no direct install
-
Install Composio/awesome-codex-skills entries automatically — - rejected because public catalog discovery is not trust; outside skills require
codex-skill-audit --strict -
Wire
PermissionRequest,PostCompact,SubagentStart, orSubagentStophooks immediately — - rejected because no existing local script was identified with correct event semantics; new hook scripts are Build Queue work, not Quick Wins -
Adopt Boris-style worktree isolation or deeper default nested agents — - rejected because current
max_depth = 1and bounded threads are deliberate safety posture; increasing them is not a one-line safety gain -
Edit
AGENTS.mdfor modular imports or new policy language — - rejected by the ecosystem-update hard limit and runtime contract; constitutional changes need explicit user direction - Enable native Codex memories
- Install voice/audio Codex hook packs — - rejected as convenience-only and already covered by existing notify hooks