Ecosystem Update - 2026-07-03
TL;DR
- No safe harness Quick Wins cleared the automatic-change gate today; all high-value items need new scripts, explicit policy direction, or deeper eval work.
- Today's strongest signal is action-boundary safety: new DevOps and safety-testing papers argue that completion alone overstates safe autonomy.
- Skill quality is becoming a serious maintenance surface; two new arXiv papers point toward local skill-smell and provenance audits rather than wholesale registry installs.
Quick Wins
| Item | Source | Type | Impact | Effort | Action |
|---|---|---|---|---|---|
| None admitted | Current crawl | hook / skill / agent-pattern | - | - | No automatic harness mutation passed the hard limits. |
Build Queue
- UnderSpecBench action-boundary eval adapter (research) - https://arxiv.org/abs/2607.02294 - Add a small eval pack for ambiguous DevOps-style prompts that proves Codex asks or defers when target, intent, or blast radius is underspecified.
- Vera-style safety-case harness (research) - https://arxiv.org/abs/2607.01793 - Convert the evidence-grounded safety-case pattern into a local AgentOps validation spike: executable initial state, deterministic predicate, and tool-call evidence.
- SKILL.md smell audit extension (skill) - https://arxiv.org/abs/2607.01456 - Extend
codex-skill-audit --strictor add a companion report mode for missing triggers, unclear scope, unsafe scripts, weak verification, and stale operational contracts. - Agent dependency graph / BOM spike (agent-pattern) - https://arxiv.org/abs/2607.01640 - Prototype a read-only map of agents, prompts, tools, MCP servers, memory, and allowed capabilities for local agent repos before adopting a larger governance graph.
- PAIR-Bench-style progressive repair metrics (research) - https://arxiv.org/abs/2607.01360 - Add repair-trajectory evidence to task evals so validation can distinguish partial progress, regression, hint dependence, and final pass/fail.
- cc-thingz selective audit (skill / hook) - https://github.com/alexei-led/cc-thingz - Audit the portable suite for individual ideas such as protected-path checks, skill suggestion, and focused test selection, without enabling plugin hooks or importing the suite wholesale.
- Public Codex skill catalog triage (skill) - https://github.com/composiohq/awesome-codex-skills - Use the catalog as discovery input for skill-audit candidates only; do not install catalog skills until each source passes strict local audit.
Research
- Coding Agents Are Guessing: Measuring Action-Boundary Violations in Underspecified DevOps Instructions - Directly relevant to R5/R4 routing and the rule that destructive or ambiguous operational work must clarify before acting.
- Safety Testing LLM Agents at Scale: From Risk Discovery to Evidence-Grounded Verification - Useful blueprint for executable safety cases and evidence-grounded verifiers over tool traces.
- From Anatomy to Smells: An Empirical Study of SKILL.md in Agent Skills - Supports turning skill quality checks into an automated local audit surface.
- From Registry to Repository: How AI Agent Skills Are Written, Adapted, and Maintained - Reinforces the local-adaptation stance: imported skills need project-specific bindings and maintenance, not one-time copying.
- AgentFlow: Building Agent Dependency Graphs for Static Analysis of Agent Programs - Relevant to Wren/AgentOps/BOM work, but too broad for an automatic runtime change.
- Benchmarking Code Improvement with Progressive, Adaptive, and Interactive Feedback - Good fit for improving task evals beyond binary pass/fail.
Already Have
features.hooks = true, features.plugins = true, plugin_hooks = false by design, approval_policy = "never", sandbox_mode = "danger-full-access", service_tier = "fast", prompt telemetry disabled, OpenAI developer docs MCP, omni-mem MCP, node REPL MCP, Wren MCP, Numerai MCP, project doc fallback limited to AGENTS.md, global hook coverage for PreToolUse, PostToolUse, SessionStart, UserPromptSubmit, Stop, and PreCompact, existing pre_tool_guard.py, edit_verify_async.py, tool_failure_context.py, completion_gate.py, classify_prompt.py, session_startup.py, codex_config_posture.py, and omni-mem compaction/stop hooks, read-only reviewer/explorer/validator agents, scoped Python and TypeScript reviewers, max_depth = 1, max_threads = 3, job_max_runtime_seconds = 1800, installed local skills for security review, security audit, rlm scanning, Playwright, memory adaptation, planning gate, auto/drive/build/govern wrappers, ecosystem update, skill audit, skill installer, skill creator, OpenAI docs, and document/PDF/spreadsheet/presentation/plugin skills, prior queued source-only compatibility rescue from RepoRescue, prior rejected native memories, wholesale skill catalogs, automatic Codex upgrades, unsupported hook wiring, default deeper nesting, worktree isolation, AGENTS policy edits, and plugin-hook quick enables.
Rejected
- Enable
features.plugin_hooks = truefor cc-thingz - rejected as under-development feature enablement plus third-party hook execution; requires explicit audit and rollback notes. - Install cc-thingz wholesale - rejected as external skill/hook bundle import; individual ideas can be audited, but no direct install.
- Install Composio/awesome-codex-skills entries automatically - rejected because public catalog discovery is not trust; outside skills require
codex-skill-audit --strict. - Wire
PermissionRequest,PostCompact,SubagentStart, orSubagentStophooks immediately - rejected because no existing local script was identified with correct event semantics; new hook scripts are Build Queue work, not Quick Wins. - Adopt Boris-style worktree isolation or deeper default nested agents - rejected because current
max_depth = 1and bounded threads are deliberate safety posture; increasing them is not a one-line safety gain. - Edit
AGENTS.mdfor modular imports or new policy language - rejected by the ecosystem-update hard limit and runtime contract; constitutional changes need explicit user direction. - Enable native Codex memories - rejected because omni-mem is the active memory system and native memories remain disabled by current posture.
- Install voice/audio Codex hook packs - rejected as convenience-only and already covered by existing notify hooks.
Auto-Implemented
- None. No config, hook, agent, skill, plugin, policy, or website files were modified.
Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://github.com/shanraisshan/codex-cli-hooks, https://github.com/alexei-led/cc-thingz, https://github.com/composiohq/awesome-codex-skills, https://github.com/openai/codex/discussions/16329, https://developers.openai.com/codex/config-reference, https://developers.openai.com/codex/config-advanced, https://arxiv.org/search/?searchtype=all&query=LLM+agent+coding&order=-announced_date_first, https://arxiv.org/abs/2607.02294, https://arxiv.org/abs/2607.01793, https://arxiv.org/abs/2607.01456, https://arxiv.org/abs/2607.00911, https://arxiv.org/abs/2607.01640, https://arxiv.org/abs/2607.01360 Tier 2 fetched: yes Tier 3 fetched: no - last run was 2026-07-01T06:33:31-04:00, inside the 7-day gate Run at: 2026-07-03T06:31:56-04:00