全部文章0

Hacker Newsembedding-shape··访问 1

Codex starts encrypting sub-agent prompts

原网页

Article URL: https://github.com/openai/codex/issues/28058

Comments URL: https://news.ycombinator.com/item?id=48905028

Points: 337

# Comments: 211

Hacker News 讨论

337 points · 211 comments · 查看原帖

  1. jeanlucas

    I was wondering why my local tool to inspect coding agent sessions stopped working in some cases. This is a really interesting engineering decision, I wonder how many people will want an encrypted external piece of instructions running on their machine.

  2. niam

    This title is easy to misinterpret. If I understand correctly: Codex now encrypts sub-agent prompts and hides those prompts from the user. edit: originally was "Codex starts encrypting prompts, uses cyphertext for inference instead"

  3. bob1029

    I've been sticking with the chat completion endpoint because of this same behavior. OAI has been subtly pushing users away from chat completion and toward the endpoints that are possible to obfuscate (responses API). With chat completion, the reasoning process is entirely under your control. You can build a reasoning agent that uses custom MCTS techniques with GPT5.6 models today if you are willing to get your hands just a little bit dirty. You have to enable experimental flags and set options in slightly confusing ways, but it still works. You can use models up to gpt5.5 with custom API tokens and model configuration in VS Copilot. gpt5.6 family (currently) no longer work in this setup. Presumably, because we aren't explicitly forcing reasoning_effort to none to satisfy the new moat expansion behavior.

  4. clickety_clack

    It’s just a short hop to not being able to see it at all. I started using pi.dev recently, the idea that a third party is taking more and more direct control of my software development process sits badly with me.

  5. xnorswap

    HN Title is ( edit: was ) very misleading, it makes it sound like inference is being done directly on ciphertext, which would require homomorphic encryption well advanced of what is known.

  6. pshirshov

    I wonder if they are gonna stop us from using gpt subscriptions in alternative harnesses. If not - that doesn't matter much, codex cli is a remarkably unremarkable harness.

  7. HarHarVeryFunny

    There was a recent report on twitter of a GPT 5.6 sub-agent accidentally deleting the user's home directory. I wonder if there was any safeguard failure due to loss of visibility into what the sub-agent was trying to do? https://x.com/mattshumer_/status/2076794038456385546?s=20

  8. kingstnap

    If the orchestrator agent -> subagent prompt is encrypted then how do you even know if the orchestrator agent is doing its job? Now one reason I could see for why they do this is because maybe they made the model "better at using subagents" by using thinking tokens for the subagent prompt instead of normal output tokens.