Codex CLI encrypts sub-agent prompts, breaking audit trail

Original: Codex starts encrypting sub-agent prompts

Why This Matters

Transparency in multi-agent AI task execution is critical for developer trust and safe deployment of agentic systems.

OpenAI's Codex CLI began encrypting MultiAgentV2 sub-agent message payloads after PR #26210 (merged June 5, 2026), removing human-readable task descriptions from logs and breaking the audit trail for spawn_agent, send_message, and followup_task calls in versions post-0.137.0.

A regression bug (Issue #28058) was filed against OpenAI's open-source Codex CLI on June 13, 2026. The problem stems from PR #26210, titled 'Encrypt multi-agent v2 message payloads,' which was merged on June 5, 2026. After that change, versions post-0.137.0 that enable the MultiAgentV2 mode now encrypt the payload contents of three key message types: spawn_agent, send_message, and followup_task. While encryption may serve a security purpose, the side effect is that human-readable task descriptions are no longer visible in CLI output or logs. This eliminates the audit trail that developers and operators relied on to verify what instructions were being passed to sub-agents. The issue is labeled as a bug, a CLI issue, and a subagent issue, and is described as not specific to any subscription tier, model, platform, or terminal emulator — meaning it affects all users running the affected versions with MultiAgentV2 enabled.

Source

github.com — Read original →