[Notifications](/login?return_to=%2Fopenai%2Fcodex)You must be signed in to change notification settings -
[Fork 14.4k](/login?return_to=%2Fopenai%2Fcodex)
CLIIssues related to the Codex CLIIssues related to the Codex CLI
bugSomething isn't workingSomething isn't working
subagentIssues involving subagents or multi-agent featuresIssues involving subagents or multi-agent features
Description #
What version of Codex CLI is running?
Upstream main
after [#26210](https://github.com/openai/codex/pull/26210) (`Encrypt multi-agent v2 message payloads`
, merged 2026-06-05). This appears to affect versions that include that change and enable MultiAgentV2 (post-0.137.0).
What subscription do you have?
Not subscription-specific.
Which model were you using?
Not model-specific. This concerns MultiAgentV2 spawn_agent
, send_message
, and followup_task
message handling.
What platform is your computer?
Not platform-specific.
What terminal emulator and version are you using (if applicable)?
Not terminal-specific.
Codex doctor report
Not applicable. The regression is visible from the merged code behavior in #26210 rather than from local environment state.
What issue are you seeing?
#26210 makes MultiAgentV2 agent task/message payloads opaque to Codex by marking the model-facing message
parameter as encrypted, storing only InterAgentCommunication.encrypted_content
, and leaving InterAgentCommunication.content
empty.
The encrypted delivery path is understandable as privacy hardening, but it also removes the human-readable task/message text from local rollout history, trace reduction, and parent-side audit/debug surfaces. That makes it difficult to answer basic questions such as:
- What task did this
spawn_agent
call give the child agent? - What message was sent to a subagent?
- Why did a child thread exist when reviewing a rollout after the fact?
This is different from #26753, which reports request validation failures for encrypted tool schemas. This issue is about auditability and debuggability after the encrypted schema is accepted.
What steps can reproduce the bug?
- Use a build containing
Encrypt multi-agent v2 message payloads #26210with MultiAgentV2 enabled. - Have the model call
spawn_agent
,send_message
, orfollowup_task
. - Inspect the parent rollout/history/trace for the subagent task.
- The task/message content is hidden behind ciphertext rather than being available as human-readable audit text.
What is the expected behavior?
Codex should preserve a human-readable, structured audit copy of the subagent task/message while still allowing encrypted delivery to the recipient model.
A possible shape is to keep the encrypted message
field for model delivery, but add a separate non-encrypted audit field for the readable task text. The audit field should be persisted in rollout/history/trace metadata so users and maintainers can inspect what was delegated without needing to decrypt model-delivery ciphertext.
Additional information
Related PR/issues:
- Encryption change:
[Encrypt multi-agent v2 message payloads #26210](https://github.com/openai/codex/pull/26210) - Related but distinct schema-validation issue:
The goal is not necessarily to revert encrypted delivery. The concern is that encrypted delivery should not fully remove local human auditability for subagent delegation.
Metadata #
Metadata #
Assignees
Labels
CLIIssues related to the Codex CLIIssues related to the Codex CLI
bugSomething isn't workingSomething isn't working
subagentIssues involving subagents or multi-agent featuresIssues involving subagents or multi-agent features