INDUSTRY · JULY 14, 2026 · 5 MIN READ
Codex Encrypted Sub-Agent Prompts: Reviewing Code Blind
OpenAI Codex's MultiAgent V2 hides sub-agent metadata by default, stripping the reasoning trail from CI logs and leaving code review without a why.
Codex Encrypted Sub-Agent Prompts: Reviewing Code Blind
Two things happened in the Codex repository this week. GPT-5.6 Sol began activating MultiAgent V2 through its own model metadata, silently enabling hide_spawn_agent_metadata = true and removing subagent routing fields from the model-visible schema. At the same time, reasoning summaries for GPT-5.6 started returning empty HTML comment placeholders instead of content. Together, they point toward a direction: the reasoning trail is moving out of reach, and the diff is what remains.
What hide_spawn_agent_metadata Actually Does#
The setting's name implies cosmetic redaction. The behavior is not cosmetic. When hide_spawn_agent_metadata is true, four fields disappear from the model-visible spawn_agent schema: agent_type, model, reasoning_effort, and service_tier. GitHub issue #31814, filed July 9, 2026 and carrying 145 upvotes as of July 14, documents the consequence: subagents inherit the parent Sol configuration rather than receiving explicitly routed models. An orchestration setup designed to use lightweight Terra or Luna subagents for specific subtasks collapses into a uniform Sol fleet.
The default was false until PR #26114 flipped it to true for MAv2 CBv9. The commit message provided no elaboration. GPT-5.6 Sol selects MultiAgent V2 through multi_agent_version = "v2" in model metadata, independently of the features.multi_agent_v2 feature toggle. Teams cannot avoid the behavior by omitting the feature block from their project TOML.
The Reasoning Summary Collapse#
Concurrent with the subagent metadata change, reasoning summaries stopped arriving. Issue #31664, filed July 8, documents what appeared in their place: literal <!-- --> HTML comment placeholders in the TUI, in codex exec --json output, and in persisted session JSONL files. One contributor audited 3,467 session files and found 194 containing the placeholder, spanning gpt-5.6-sol, gpt-5.6-terra, gpt-5.5, and gpt-5.4-mini across CLI versions 0.143.0 and 0.144.1. The placeholder was present in the raw SSE stream before any client rendering, which locates the change server-side.
OpenAI engineer charliemarsh-oai closed the issue July 13, stating the empty placeholders were unintentional and a server-side fix had shipped. Users reporting on July 14 say detailed summaries remain absent. One commenter's conclusion: "So this confirms it was a 'feature', not a bug. No more detailed reasoning summaries for GPT 5.6."
Whether the removal is permanent policy or an incomplete fix is not yet clear. What is clear is that the reasoning content that informed prompt tuning, failure retrospectives, and harness debugging is no longer reliably available.
A Pattern, Not an Accident#
Neither change is isolated. Anthropic's Claude Code encrypted thinking blocks earlier this year, with developer Patrick McCanna finding that the "thinking blocks" in on-disk session logs contained an encrypted signature, not readable text. joeltd.com documented this in detail, noting that what renders on screen via the extended thinking view is a post-hoc summary, not a transcript of reasoning that occurred.
The direction across both vendors is consistent. The summary is a product decision. The raw reasoning is infrastructure. Developers get the former when the vendor chooses to provide it, and nothing otherwise.
What This Means for Code Review#
A review process that relied on reasoning summaries to understand why an agent made a change now has nothing upstream of the diff. This is not a hypothetical degradation: one contributor on issue #31664 stated directly that without thinking blocks, "the feedback loops needed to have the model self-assess its failure point, or have external models perform a retrospective analysis of the GPT session data" break.
SOC2 and ISO 27001 auditors ask what an agent did and why. "The vendor encrypted it" is not a compliant answer. The audit trail question was always going to arrive; the metadata removal accelerates it.
This is where independent code review becomes a structural requirement rather than a preference. Hyrax reads the diff itself, across six domains covering security, code quality, reliability, API and data, ops, and UX. It runs 13 verification steps and submits the PR. The intent reconstruction happens at the code level, not the reasoning-summary level. That distinction mattered less when reasoning was visible. It matters considerably more now that visibility is subject to server-side decisions by tool vendors.
The Workaround Situation#
A developer community thread from July 11, 2026 documents a workaround: encode role selection in task_name, inject trusted role and model metadata through a PreToolUse hook before the local spawn handler creates the child, and verify the resulting child rollout through a checklist rather than trusting hook output. The pattern is operational but fragile. The post notes it must be validated against each specific Codex build and that multi_agent_v2 is "evolving." That is a polite way of saying the workaround may stop working without notice.
Setting hide_spawn_agent_metadata = false restores routing fields in some configurations, but GPT-5.6 Sol activates MultiAgent V2 through model metadata, not the feature toggle, which limits how far that setting goes.
The Review Layer That Remains#
Reasoning opacity is a vendor decision. The diff is not. Every line of code that an agent writes, regardless of whether its reasoning was logged, summarized, or encrypted, eventually becomes a change in a file. That change can be read for security issues, for logic errors, for reliability gaps, for the kind of structural problems that a post-hoc summary was never going to catch anyway.
The practical implication of this week's Codex changes is that teams cannot count on upstream transparency to substitute for downstream review. The reasoning trail is moving behind a wall. The code is still there.
Hyrax is live at hyrax.dev.