Codex starts encrypting sub-agent prompts

422 points · 249 comments on HN · read original →

Points and comments are a snapshot, not live.

OpenAI's Codex encrypts sub-agent prompts, removing readable audit trails.

A recent Codex CLI change encrypts multi-agent V2 message payloads, hiding task/message text from local rollout history, trace reduction, and audit/debug surfaces. The interactive structured communication log records ciphertext when `content` is empty. A proposed fix adds a non-encrypted plaintext companion field (`task_message`) to each V2 communication tool while keeping encrypted delivery to the recipient model. A prototype snapshot implements this dual-content contract for `spawn_agent`. The remaining work applies it to `send_message` and `followup_task`.

What commenters are saying

Commenters split on the motivation: some see it as frustrating proxy resellers and data collection, while others criticize it for breaking user debuggability. One commenter notes it likely targets Chinese black market resellers who pool subscriptions and sell data. Several highlight that the encryption only affects inter-agent messages, not all session data. A few express concern that if OpenAI charges extra for custom harnesses like Anthropic and Google do, they will switch to alternatives.