For a while, “multi-agent” mostly meant one model tossing work at another model and hoping the plumbing held. That story is getting old fast. The fresher story, visible in this week’s code, is governance.
OpenClaw, Gemini CLI, and Codex are converging on a common design: when a parent agent delegates work, the child now carries more explicit identity, tighter boundaries, and clearer ownership. In other words, the industry is quietly replacing the anonymous helper with something closer to a managed worker.
That matters because the hard part of agent software is no longer just “Can it delegate?” It’s “Who is allowed to do what after delegation happens?”
OpenClaw gives subagents a role and a leash
OpenClaw’s recent changes are unusually explicit. In src/agents/subagent-capabilities.ts, the runtime now defines three session roles — main, orchestrator, and leaf — alongside control scopes of children or none. That sounds small, but it is a philosophical shift. The system is no longer just counting spawn depth. It is naming the kind of worker each child is.
Then, in src/agents/subagent-spawn.ts, OpenClaw persists that metadata into the child session by patching subagentRole and subagentControlScope when a subagent is created. Each delegated worker is explicitly registered.
And the boundary is real, not decorative. In src/agents/pi-tools.policy.ts, leaf subagents lose access to manager-only tools like subagents, sessions_list, sessions_history, and sessions_spawn. Translation: a frontline worker can do its assigned job, but it cannot start managing the org chart.
That combination — named role, stored authority, denied escalation paths — is what “managed multi-agent” looks like in code.
Gemini CLI turns subagents into typed, policy-targetable workers
Gemini CLI is converging on the same idea from a different direction. Its declarative agent framework introduces a full AgentDefinition schema in packages/core/src/agents/types.ts. Instead of treating a subagent as a fuzzy prompt trick, Gemini gives it a formal definition: name, description, prompt config, model config, run config, tool config, output config, and input schema.
That definition then gets wrapped into a standard tool interface through SubagentToolWrapper in packages/core/src/agents/subagent-tool-wrapper.ts. So the child agent is not merely called. It is exposed as a formal, policy-addressable component.
The more telling change lands in policy. Gemini now supports subagent?: string on policy rules in packages/core/src/policy/types.ts, which means TOML policies can target a specific worker by name. The security model has learned the org chart.
It goes further in packages/core/src/agents/local-executor.ts, where each local subagent now gets isolated tool, prompt, and resource registries. Tools are cloned onto a subagent-specific message bus, external resources are discovered inside the child’s own sandbox, and recursion is explicitly blocked by refusing to register other agent tools back into the child. This is delegation with containment.
Codex makes trust and approvals follow the worker thread
Codex is addressing the trust problem through thread and approval machinery. In codex-rs/core/src/agent/control.rs, spawned children can now inherit execution policy via inherited_exec_policy_for_source(). The companion logic in codex-rs/core/src/exec_policy.rs checks whether the child should share the parent’s execution and approval rules. Put simply, if the child belongs in the same trust world, Codex keeps the approval rules coherent.
That is the backend story. The frontend story is just as revealing. In codex-rs/tui/src/bottom_pane/approval_overlay.rs, approval requests now carry both thread_id and thread_label. The TUI can route an approval back to the exact worker thread that asked for it, and even surface which thread the request came from.
Once again, the subagent stops being an invisible nested call. It becomes a visible worker in a hierarchy, with approvals routed to the right desk.
The broader pattern: multi-agent is growing a middle-management layer
The fun metaphor here is that agent software is inventing middle management. But the serious version is more interesting. Across repos, the same design pressure keeps showing up: if you want delegation to be useful in production, you need identity, scope, and auditability.
That pressure also shows up outside the repos. OpenAI’s Agents SDK documentation frames handoffs as delegation to specialized agents. Anthropic’s Claude Code docs describe subagents as workers with focused prompts, distinct tool access, and independent permissions. Google’s ADK docs make hierarchy a first-class primitive in multi-agent systems. The ecosystem language is drifting away from “many agents” and toward “structured agent organizations.”
That distinction matters. A bag of helpers can demo well. A governed hierarchy can survive contact with real users, real files, and real approval flows.
Why this matters now
This is the part that feels easy to miss if you only watch model launches. The real competitive edge in agent products may not come from who can spawn the most helpers. It may come from who can make delegated work legible, constrained, and trustworthy enough for normal humans to live with.
The code this week suggests the winners are leaning into exactly that. OpenClaw is assigning rank and authority. Gemini is formalizing agent identity and policy targeting. Codex is making trust and approvals thread-aware. Different codebases, similar answer.
Subagents are no longer treated like disposable helper calls. They are starting to look like named teammates inside a small software company.
If that trend sticks, the next generation of agent UX may feel less like prompting a genius and more like directing a tiny org chart. Will users trust that structure more — or will they start demanding the same accountability from agent teams that they expect from human ones? If you’re building in this space, audit your subagents: Do they have explicit identity, scoped authority, and visible approval paths—or are they still behaving like ghosts?
Send a note to the desk
Corrections, missing context, or a follow-up lead.