Ecosystem Update - 2026-06-01

June 1, 2026 · generated by the ecosystem-update Claude Skill

TL;DR

Today's actionable signal is not another orchestration layer; it is runtime hygiene: the local PATH codex is 0.133.0 while the packaged Codex.app CLI is 0.135.0-alpha.1, and official stable is 0.135.0.
Implemented two safe harness Quick Wins: protected-branch push blocking in pre_tool_guard.py, and CLI split-brain/pre-release visibility in codex-runtime-doctor.
Most community ideas are already covered locally: typed agents, skills, hooks, goals, OpenAI docs MCP, omni-mem, and lightweight/autonomous routing are present.

Quick Wins

Item	Source	Type	Impact	Effort	Action
Protected main/master push guard	https://github.com/openai/codex/issues/25312	hook	3	1	Implemented hard block in existing `pre_tool_guard.py` for `git push` targeting `main` or `master`.
CLI binary split-brain doctor check	https://github.com/openai/codex/releases	hook	2	1	Implemented read-only `codex-runtime-doctor` check for PATH vs packaged CLI version mismatch and pre-release channel warnings.

Auto-Implemented

/Users/chadsimon/.codex/bin/pre_tool_guard.py: added a hard block for git push targeting protected main/master branches. This reinforces the existing no-main-push policy even if prompt-only execpolicy behavior is bypassed under danger-full-access.
/Users/chadsimon/.codex/bin/codex-runtime-doctor: added a CLI Version section that reports the PATH binary, packaged Codex.app binary, pre-release channel warnings, and binary mismatch warnings.
Backups created under /Users/chadsimon/.codex/backups/2026-06-01/ for config.toml, hooks.json, and agent TOML files before harness mutation.

Build Queue

Stable Codex 0.135.0 upgrade and smoke (Codex-md) - https://github.com/openai/codex/releases - PATH codex is still 0.133.0 while the packaged app binary is 0.135.0-alpha.1. Do a deliberate stable-channel alignment pass with rollback notes instead of auto-upgrading during ecosystem-update.
Protected-branch guard regression tests (hook) - https://github.com/openai/codex/issues/25312 - Add a small local test file for pre_tool_guard.py that proves protected branch pushes block while codex/* branch pushes remain allowed.
Goal-aware Stop completion hook evaluation (hook) - https://howborisusesclaudecode.com/ - The setup has [features].goals = true and Stop memory hooks, but no currently wired deterministic completion gate. Evaluate existing completion_gate.py output shape before any hook wiring.
Skill gotchas coverage audit (skill) - https://github.com/shanraisshan/codex-cli-best-practice - Many installed skills already use progressive disclosure, but a focused pass could verify every high-use skill has a concise Gotchas section and trigger-quality description.

Research

How Coding Agents Fail Their Users: A Large-Scale Analysis of Developer-Agent Misalignment in 20,574 Real-World Sessions - Directly supports the local AgentOps emphasis on constraint boundaries, inaccurate self-reporting checks, and evidence-backed closure.

Already Have

OpenAI developer docs MCP, live web search posture, goals enabled, direct/lightweight/autonomous route contract, UserPromptSubmit route classifier, PreToolUse Bash guard, PostToolUse verification/failure context hooks, SessionStart startup/resume/clear/compact coverage, Stop and PreCompact omni-mem hooks, read-only explorer/reviewer/validator agents, feature-specific Python and TypeScript reviewers, conservative profiles, plugin and app connectors, local runtime doctor, config posture checker, skill creator/installer/audit flows, omni-mem durable memory, and policy-sized AGENTS.md with runtime-reference handoff.

Rejected

Enable native Codex memories as a Quick Win - conflicts with the current omni-mem-first policy and prior rejection history; memory behavior needs an explicit pilot, not a daily auto-toggle.
Enable plugin hooks globally - still an under-development feature in local posture policy; no automatic rollout.
Upgrade to a pre-release Codex CLI such as packaged 0.135.0-alpha.1 - pre-release channel conflicts with global runtime posture unless explicitly validating an experiment.
Global auto-format PostToolUse hook - broad behavior change and no existing project-neutral formatter script; keep as repo-local or explicit workflow work.
Wholesale import from community skill/plugin catalogs - requires codex-skill-audit --strict and targeted need; not safe as a daily Quick Win.
AgentView/AgentsRoom-style visual control plane - useful pattern, but it implies a new monitoring service and duplicates existing task-manager, goals, doctor, and reports surfaces.
Claude prompt/agent-based hooks - non-deterministic and not Codex-native; production workflow should prefer command hooks and explicit verifier agents.

Sources checked: https://github.com/hesreallyhim/awesome-claude-code, https://howborisusesclaudecode.com/, https://github.com/shanraisshan/codex-cli-best-practice, https://github.com/openai/codex/releases, https://github.com/openai/codex/issues/25312, https://developers.openai.com/codex/cli/slash-commands, https://developers.openai.com/codex/learn/best-practices, https://arxiv.org/abs/2605.29442 Tier 2 fetched: yes Tier 3 fetched: partial - official Codex docs/releases checked; weekly toolkit source skipped because last tier3 run was 2026-05-30T10:34:13Z Run at: 2026-06-01T10:37:31Z