• Category: Agentic coding
  • Status: developing
  • Sources: Codex issue 28058, Codex PR 26210, HN 48905028
  • Summary: OpenAI's Codex CLI now encrypts the model-facing message payloads exchanged between agents in its MultiAgentV2 mode. A merged change (PR #26210, 2026-06-05) marks the spawn_agent, send_message, and followup_task message text as encrypted, storing only encrypted_content and leaving the local content field empty. A regression report (issue #28058, opened 2026-06-13) states this removes the human-readable subagent task and message text from local rollout history and parent-side audit and debug surfaces, so a user can no longer see what task a subagent was given. The change reached stable users in Codex 0.144.4, published 2026-07-14.
  • Comments: HN commenters read the change as an effort to frustrate proxying user requests to train competitor models, with one reporting that resale accounts stopped working, and several object that an open-source CLI now hides its own subagent prompts from the person running it.
  • Why it matters: Codex users lose visibility into their own subagent orchestration, and the change extends the coding-agent anti-distillation and telemetry pattern seen with Claude Code request-marking and the Grok Build CLI.

Send feedback on this story