Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

To see all available qualifiers, see our documentation.

documentation

Sign in

Sign up

[Reload]()

[Reload]()

[Reload]()

Uh oh!

There was an error while loading. Please reload this page.

[Please reload this page]()

openai

codex

Notifications

You must be signed in to change notification settings

Notifications

Fork

14.6k

[Fork

14.6k](/login?return_to=%2Fopenai%2Fcodex)

Star

97.9k

[Star

97.9k](/login?return_to=%2Fopenai%2Fcodex)

Regression: encrypted MultiAgentV2 messages remove readable task audit trail #28058

Regression: encrypted MultiAgentV2 messages remove readable task audit trail

CLIIssues related to the Codex CLI

bugSomething isn't working

subagentIssues involving subagents or multi-agent features

Description

@ignatremizov

ignatremizov

on Jun 13, 2026

What version of Codex CLI is running?

Upstream main after #26210 (Encrypt multi-agent v2 message payloads, merged 2026-06-05). This appears to affect versions that include that change and enable MultiAgentV2 (post-0.137.0).

#26210

What subscription do you have?

Not subscription-specific.

Which model were you using?

Not model-specific. This concerns MultiAgentV2 spawn_agent, send_message, and followup_task message handling.

What platform is your computer?

Not platform-specific.

What terminal emulator and version are you using (if applicable)?

Not terminal-specific.

Codex doctor report

Not applicable. The regression is visible from the merged code behavior in #26210 rather than from local environment state.

#26210

What issue are you seeing?

#26210 makes MultiAgentV2 agent task/message payloads opaque to Codex by marking the model-facing message parameter as encrypted, storing only InterAgentCommunication.encrypted_content, and leaving InterAgentCommunication.content empty.

#26210

The encrypted delivery path is understandable as privacy hardening, but it also removes the human-readable task/message text from local rollout history, trace reduction, and parent-side audit/debug surfaces. That makes it difficult to answer basic questions such as:

What task did this spawn_agent call give the child agent?

What message was sent to a subagent?

Why did a child thread exist when reviewing a rollout after the fact?

This is different from #26753, which reports request validation failures for encrypted tool schemas. This issue is about auditability and debuggability after the encrypted schema is accepted.

#26753

What steps can reproduce the bug?

Use a build containing Encrypt multi-agent v2 message payloads #26210 with MultiAgentV2 enabled.

Encrypt multi-agent v2 message payloads #26210

Have the model call spawn_agent, send_message, or followup_task.

Inspect the parent rollout/history/trace for the subagent task.

The task/message content is hidden behind ciphertext rather than being available as human-readable audit text.

What is the expected behavior?

Codex should preserve a human-readable, structured audit copy of the subagent task/message while still allowing encrypted delivery to the recipient model.

A possible shape is to keep the encrypted message field for model delivery, but add a separate non-encrypted audit field for the readable task text. The audit field should be persisted in rollout/history/trace metadata so users and maintainers can inspect what was delegated without needing to decrypt model-delivery ciphertext.

Additional information

Related PR/issues:

Encryption change: Encrypt multi-agent v2 message payloads #26210

Encrypt multi-agent v2 message payloads #26210

Related but distinct schema-validation issue: MultiAgentV2 encrypted spawn_agent schema returns 400: model not configured for encrypted tool use #26753

MultiAgentV2 encrypted spawn_agent schema returns 400: model not configured for encrypted tool use #26753

The goal is not necessarily to revert encrypted delivery. The concern is that encrypted delivery should not fully remove local human auditability for subagent delegation.

Metadata

Metadata

Assignees

Labels

CLIIssues related to the Codex CLI

bugSomething isn't working

subagentIssues involving subagents or multi-agent features

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

Open in GitHub Copilot app