Codex now encrypts messages passed to subagents A regression in OpenAI's Codex CLI encrypts MultiAgentV2 messages passed to subagents, removing human-readable task text from audit trails and making debugging difficult. The encryption change, merged in PR #26210, stores only encrypted content and leaves the readable content field empty, hindering post-hoc inspection of delegated tasks. Users request preserving a separate non-encrypted audit field alongside encrypted delivery. - Notifications /login?return to=%2Fopenai%2Fcodex You must be signed in to change notification settings - Fork 14.4k /login?return to=%2Fopenai%2Fcodex Regression: encrypted MultiAgentV2 messages remove readable task audit trail 28058 CLIIssues related to the Codex CLI https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22CLI%22 Issues related to the Codex CLI bugSomething isn't working https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22bug%22 Something isn't working subagentIssues involving subagents or multi-agent features https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22subagent%22 Issues involving subagents or multi-agent features Description What version of Codex CLI is running? Upstream main after 26210 https://github.com/openai/codex/pull/26210 Encrypt multi-agent v2 message payloads , merged 2026-06-05 . This appears to affect versions that include that change and enable MultiAgentV2 post-0.137.0 . What subscription do you have? Not subscription-specific. Which model were you using? Not model-specific. This concerns MultiAgentV2 spawn agent , send message , and followup task message handling. What platform is your computer? Not platform-specific. What terminal emulator and version are you using if applicable ? Not terminal-specific. Codex doctor report Not applicable. The regression is visible from the merged code behavior in 26210 https://github.com/openai/codex/pull/26210 rather than from local environment state. What issue are you seeing? 26210 https://github.com/openai/codex/pull/26210 makes MultiAgentV2 agent task/message payloads opaque to Codex by marking the model-facing message parameter as encrypted, storing only InterAgentCommunication.encrypted content , and leaving InterAgentCommunication.content empty. The encrypted delivery path is understandable as privacy hardening, but it also removes the human-readable task/message text from local rollout history, trace reduction, and parent-side audit/debug surfaces. That makes it difficult to answer basic questions such as: - What task did this spawn agent call give the child agent? - What message was sent to a subagent? - Why did a child thread exist when reviewing a rollout after the fact? This is different from 26753 https://github.com/openai/codex/issues/26753 , which reports request validation failures for encrypted tool schemas. This issue is about auditability and debuggability after the encrypted schema is accepted. What steps can reproduce the bug? - Use a build containing Encrypt multi-agent v2 message payloads 26210 https://github.com/openai/codex/pull/26210 with MultiAgentV2 enabled. - Have the model call spawn agent , send message , or followup task . - Inspect the parent rollout/history/trace for the subagent task. - The task/message content is hidden behind ciphertext rather than being available as human-readable audit text. What is the expected behavior? Codex should preserve a human-readable, structured audit copy of the subagent task/message while still allowing encrypted delivery to the recipient model. A possible shape is to keep the encrypted message field for model delivery, but add a separate non-encrypted audit field for the readable task text. The audit field should be persisted in rollout/history/trace metadata so users and maintainers can inspect what was delegated without needing to decrypt model-delivery ciphertext. Additional information Related PR/issues: - Encryption change: Encrypt multi-agent v2 message payloads 26210 https://github.com/openai/codex/pull/26210 - Related but distinct schema-validation issue: MultiAgentV2 encrypted spawn agent schema returns 400: model not configured for encrypted tool use 26753 https://github.com/openai/codex/issues/26753 The goal is not necessarily to revert encrypted delivery. The concern is that encrypted delivery should not fully remove local human auditability for subagent delegation. Metadata Metadata Assignees Labels CLIIssues related to the Codex CLI https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22CLI%22 Issues related to the Codex CLI bugSomething isn't working https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22bug%22 Something isn't working subagentIssues involving subagents or multi-agent features https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22subagent%22 Issues involving subagents or multi-agent features