{"slug": "codex-now-encrypts-messages-passed-to-subagents", "title": "Codex now encrypts messages passed to subagents", "summary": "A regression in OpenAI's Codex CLI encrypts MultiAgentV2 messages passed to subagents, removing human-readable task text from audit trails and making debugging difficult. The encryption change, merged in PR #26210, stores only encrypted content and leaves the readable content field empty, hindering post-hoc inspection of delegated tasks. Users request preserving a separate non-encrypted audit field alongside encrypted delivery.", "body_md": "-\n[Notifications](/login?return_to=%2Fopenai%2Fcodex)You must be signed in to change notification settings -\n[Fork 14.4k](/login?return_to=%2Fopenai%2Fcodex)\n\n# Regression: encrypted MultiAgentV2 messages remove readable task audit trail #28058\n\n[CLIIssues related to the Codex CLI](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22CLI%22)Issues related to the Codex CLI\n\n[bugSomething isn't working](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22bug%22)Something isn't working\n\n[subagentIssues involving subagents or multi-agent features](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22subagent%22)Issues involving subagents or multi-agent features\n\n## Description\n\n### What version of Codex CLI is running?\n\nUpstream `main`\n\nafter [#26210](https://github.com/openai/codex/pull/26210) (`Encrypt multi-agent v2 message payloads`\n\n, merged 2026-06-05). This appears to affect versions that include that change and enable MultiAgentV2 (post-0.137.0).\n\n### What subscription do you have?\n\nNot subscription-specific.\n\n### Which model were you using?\n\nNot model-specific. This concerns MultiAgentV2 `spawn_agent`\n\n, `send_message`\n\n, and `followup_task`\n\nmessage handling.\n\n### What platform is your computer?\n\nNot platform-specific.\n\n### What terminal emulator and version are you using (if applicable)?\n\nNot terminal-specific.\n\n### Codex doctor report\n\nNot applicable. The regression is visible from the merged code behavior in [#26210](https://github.com/openai/codex/pull/26210) rather than from local environment state.\n\n### What issue are you seeing?\n\n[#26210](https://github.com/openai/codex/pull/26210) makes MultiAgentV2 agent task/message payloads opaque to Codex by marking the model-facing `message`\n\nparameter as encrypted, storing only `InterAgentCommunication.encrypted_content`\n\n, and leaving `InterAgentCommunication.content`\n\nempty.\n\nThe encrypted delivery path is understandable as privacy hardening, but it also removes the human-readable task/message text from local rollout history, trace reduction, and parent-side audit/debug surfaces. That makes it difficult to answer basic questions such as:\n\n- What task did this\n`spawn_agent`\n\ncall give the child agent? - What message was sent to a subagent?\n- Why did a child thread exist when reviewing a rollout after the fact?\n\nThis is different from [#26753](https://github.com/openai/codex/issues/26753), which reports request validation failures for encrypted tool schemas. This issue is about auditability and debuggability after the encrypted schema is accepted.\n\n### What steps can reproduce the bug?\n\n- Use a build containing\n[Encrypt multi-agent v2 message payloads #26210](https://github.com/openai/codex/pull/26210)with MultiAgentV2 enabled. - Have the model call\n`spawn_agent`\n\n,`send_message`\n\n, or`followup_task`\n\n. - Inspect the parent rollout/history/trace for the subagent task.\n- The task/message content is hidden behind ciphertext rather than being available as human-readable audit text.\n\n### What is the expected behavior?\n\nCodex should preserve a human-readable, structured audit copy of the subagent task/message while still allowing encrypted delivery to the recipient model.\n\nA possible shape is to keep the encrypted `message`\n\nfield for model delivery, but add a separate non-encrypted audit field for the readable task text. The audit field should be persisted in rollout/history/trace metadata so users and maintainers can inspect what was delegated without needing to decrypt model-delivery ciphertext.\n\n### Additional information\n\nRelated PR/issues:\n\n- Encryption change:\n[Encrypt multi-agent v2 message payloads #26210](https://github.com/openai/codex/pull/26210) - Related but distinct schema-validation issue:\n[MultiAgentV2 encrypted spawn_agent schema returns 400: model not configured for encrypted tool use #26753](https://github.com/openai/codex/issues/26753)\n\nThe goal is not necessarily to revert encrypted delivery. The concern is that encrypted delivery should not fully remove local human auditability for subagent delegation.\n\n## Metadata\n\n## Metadata\n\n### Assignees\n\n### Labels\n\n[CLIIssues related to the Codex CLI](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22CLI%22)Issues related to the Codex CLI\n\n[bugSomething isn't working](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22bug%22)Something isn't working\n\n[subagentIssues involving subagents or multi-agent features](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22subagent%22)Issues involving subagents or multi-agent features", "url": "https://wpnews.pro/news/codex-now-encrypts-messages-passed-to-subagents", "canonical_source": "https://github.com/openai/codex/issues/28058", "published_at": "2026-07-11 10:06:40+00:00", "updated_at": "2026-07-11 10:35:25.842372+00:00", "lang": "en", "topics": ["ai-tools", "ai-safety", "ai-products"], "entities": ["OpenAI", "Codex CLI", "MultiAgentV2"], "alternates": {"html": "https://wpnews.pro/news/codex-now-encrypts-messages-passed-to-subagents", "markdown": "https://wpnews.pro/news/codex-now-encrypts-messages-passed-to-subagents.md", "text": "https://wpnews.pro/news/codex-now-encrypts-messages-passed-to-subagents.txt", "jsonld": "https://wpnews.pro/news/codex-now-encrypts-messages-passed-to-subagents.jsonld"}}