Top stories
Codex encrypts sub-agent prompts and removes the local audit trail
- Category: Agentic coding
- Status: developing
- Sources: Codex issue 28058, Codex PR 26210, HN 48905028
- Summary: OpenAI's Codex CLI now encrypts the model-facing message payloads exchanged between agents in its MultiAgentV2 mode. A merged change (PR #26210, 2026-06-05) marks the
spawn_agent,send_message, andfollowup_taskmessage text as encrypted, storing onlyencrypted_contentand leaving the localcontentfield empty. A regression report (issue #28058, opened 2026-06-13) states this removes the human-readable subagent task and message text from local rollout history and parent-side audit and debug surfaces, so a user can no longer see what task a subagent was given. The change reached stable users in Codex 0.144.4, published 2026-07-14. - Comments: HN commenters read the change as an effort to frustrate proxying user requests to train competitor models, with one reporting that resale accounts stopped working, and several object that an open-source CLI now hides its own subagent prompts from the person running it.
- Why it matters: Codex users lose visibility into their own subagent orchestration, and the change extends the coding-agent anti-distillation and telemetry pattern seen with Claude Code request-marking and the Grok Build CLI.