Navigation Menu
Search code, repositories, users, issues, pull requests...
Provide feedback
We read every piece of feedback, and take your input very seriously.
Saved searches
Use saved searches to filter your results more quickly
To see all available qualifiers, see our documentation.
[Reload]()
[Reload]()
[Reload]()
Uh oh!
There was an error while loading. Please reload this page.
[Please reload this page]()
Notifications
You must be signed in to change notification settings
Fork
14.6k
[Fork
14.6k](/login?return_to=%2Fopenai%2Fcodex)
Star
97.9k
[Star
97.9k](/login?return_to=%2Fopenai%2Fcodex)
Regression: encrypted MultiAgentV2 messages remove readable task audit trail #28058
Regression: encrypted MultiAgentV2 messages remove readable task audit trail
CLIIssues related to the Codex CLI
subagentIssues involving subagents or multi-agent features
Description

What version of Codex CLI is running?
Upstream main after #26210 (Encrypt multi-agent v2 message payloads, merged 2026-06-05). This appears to affect versions that include that change and enable MultiAgentV2 (post-0.137.0).
What subscription do you have?
Not subscription-specific.
Which model were you using?
Not model-specific. This concerns MultiAgentV2 spawn_agent, send_message, and followup_task message handling.
What platform is your computer?
Not platform-specific.
What terminal emulator and version are you using (if applicable)?
Not terminal-specific.
Codex doctor report
Not applicable. The regression is visible from the merged code behavior in #26210 rather than from local environment state.
What issue are you seeing?
#26210 makes MultiAgentV2 agent task/message payloads opaque to Codex by marking the model-facing message parameter as encrypted, storing only InterAgentCommunication.encrypted_content, and leaving InterAgentCommunication.content empty.
The encrypted delivery path is understandable as privacy hardening, but it also removes the human-readable task/message text from local rollout history, trace reduction, and parent-side audit/debug surfaces. That makes it difficult to answer basic questions such as:
What task did this spawn_agent call give the child agent?
What message was sent to a subagent?
Why did a child thread exist when reviewing a rollout after the fact?
This is different from #26753, which reports request validation failures for encrypted tool schemas. This issue is about auditability and debuggability after the encrypted schema is accepted.
What steps can reproduce the bug?
Use a build containing Encrypt multi-agent v2 message payloads #26210 with MultiAgentV2 enabled.
Encrypt multi-agent v2 message payloads #26210
Have the model call spawn_agent, send_message, or followup_task.
Inspect the parent rollout/history/trace for the subagent task.
The task/message content is hidden behind ciphertext rather than being available as human-readable audit text.
What is the expected behavior?
Codex should preserve a human-readable, structured audit copy of the subagent task/message while still allowing encrypted delivery to the recipient model.
A possible shape is to keep the encrypted message field for model delivery, but add a separate non-encrypted audit field for the readable task text. The audit field should be persisted in rollout/history/trace metadata so users and maintainers can inspect what was delegated without needing to decrypt model-delivery ciphertext.
Additional information
Related PR/issues:
Encryption change: Encrypt multi-agent v2 message payloads #26210
Encrypt multi-agent v2 message payloads #26210
Related but distinct schema-validation issue: MultiAgentV2 encrypted spawn_agent schema returns 400: model not configured for encrypted tool use #26753
The goal is not necessarily to revert encrypted delivery. The concern is that encrypted delivery should not fully remove local human auditability for subagent delegation.
Metadata
Metadata
Assignees
Labels
CLIIssues related to the Codex CLI
subagentIssues involving subagents or multi-agent features
Type
Fields
Projects
Milestone
Relationships
Development
Issue actions
Open in GitHub Copilot app
