cd /news/ai-tools/codex-now-encrypts-messages-passed-t… · home topics ai-tools article
[ARTICLE · art-55397] src=github.com ↗ pub= topic=ai-tools verified=true sentiment=↓ negative

Codex now encrypts messages passed to subagents

A regression in OpenAI's Codex CLI encrypts MultiAgentV2 messages passed to subagents, removing human-readable task text from audit trails and making debugging difficult. The encryption change, merged in PR #26210, stores only encrypted content and leaves the readable content field empty, hindering post-hoc inspection of delegated tasks. Users request preserving a separate non-encrypted audit field alongside encrypted delivery.

read3 min views5 publishedJul 11, 2026
Codex now encrypts messages passed to subagents
Image: source
[Notifications](/login?return_to=%2Fopenai%2Fcodex)You must be signed in to change notification settings -
[Fork 14.4k](/login?return_to=%2Fopenai%2Fcodex)

CLIIssues related to the Codex CLIIssues related to the Codex CLI

bugSomething isn't workingSomething isn't working

subagentIssues involving subagents or multi-agent featuresIssues involving subagents or multi-agent features

Description #

What version of Codex CLI is running?

Upstream main

after [#26210](https://github.com/openai/codex/pull/26210) (`Encrypt multi-agent v2 message payloads`

, merged 2026-06-05). This appears to affect versions that include that change and enable MultiAgentV2 (post-0.137.0).

What subscription do you have?

Not subscription-specific.

Which model were you using?

Not model-specific. This concerns MultiAgentV2 spawn_agent

, send_message

, and followup_task

message handling.

What platform is your computer?

Not platform-specific.

What terminal emulator and version are you using (if applicable)?

Not terminal-specific.

Codex doctor report

Not applicable. The regression is visible from the merged code behavior in #26210 rather than from local environment state.

What issue are you seeing?

#26210 makes MultiAgentV2 agent task/message payloads opaque to Codex by marking the model-facing message

parameter as encrypted, storing only InterAgentCommunication.encrypted_content

, and leaving InterAgentCommunication.content

empty.

The encrypted delivery path is understandable as privacy hardening, but it also removes the human-readable task/message text from local rollout history, trace reduction, and parent-side audit/debug surfaces. That makes it difficult to answer basic questions such as:

  • What task did this spawn_agent

call give the child agent? - What message was sent to a subagent?

  • Why did a child thread exist when reviewing a rollout after the fact?

This is different from #26753, which reports request validation failures for encrypted tool schemas. This issue is about auditability and debuggability after the encrypted schema is accepted.

What steps can reproduce the bug?

,send_message

, orfollowup_task

. - Inspect the parent rollout/history/trace for the subagent task.

  • The task/message content is hidden behind ciphertext rather than being available as human-readable audit text.

What is the expected behavior?

Codex should preserve a human-readable, structured audit copy of the subagent task/message while still allowing encrypted delivery to the recipient model.

A possible shape is to keep the encrypted message

field for model delivery, but add a separate non-encrypted audit field for the readable task text. The audit field should be persisted in rollout/history/trace metadata so users and maintainers can inspect what was delegated without needing to decrypt model-delivery ciphertext.

Additional information

Related PR/issues:

- Encryption change:
[Encrypt multi-agent v2 message payloads #26210](https://github.com/openai/codex/pull/26210) - Related but distinct schema-validation issue:

MultiAgentV2 encrypted spawn_agent schema returns 400: model not configured for encrypted tool use #26753

The goal is not necessarily to revert encrypted delivery. The concern is that encrypted delivery should not fully remove local human auditability for subagent delegation.

Metadata #

Metadata #

Assignees

Labels

CLIIssues related to the Codex CLIIssues related to the Codex CLI

bugSomething isn't workingSomething isn't working

subagentIssues involving subagents or multi-agent featuresIssues involving subagents or multi-agent features

── more in #ai-tools 4 stories · sorted by recency
── more on @openai 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/codex-now-encrypts-m…] indexed:0 read:3min 2026-07-11 ·