Skip to content

webpro255/openai-agentlock

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

openai-agentlock

AgentLock authorization middleware for the OpenAI Agents SDK.

Wraps FunctionTool instances so every tool call passes through an AuthorizationGate before the tool body runs. Denials are returned to the model as plain strings; allowed calls receive a single-use execution token, optional output transforms, and provenance tracking.

Install

pip install openai-agentlock

Minimal usage

from agents import Agent, function_tool
from agentlock import AuthorizationGate, AgentLockPermissions
from openai_agentlock import lock_agent

gate = AuthorizationGate()

@function_tool
def read_record(record_id: str) -> str:
    return f"record {record_id}"

agent = Agent(name="demo", tools=[read_record])

lock_agent(
    agent,
    gate,
    permissions={
        "read_record": AgentLockPermissions(
            allowed_roles=["reader"],
            requires_auth=True,
        ),
    },
)

Pass an identity object through RunContextWrapper.context that exposes user_id, role, and (optionally) session_id so the gate can evaluate role and scope.

License

This package is Apache 2.0.

It depends on AgentLock, which is licensed AGPL-3.0-or-later from v1.3.0 onward, and this package requires agentlock>=1.5. Installing it therefore pulls in AGPL code, and combined use is subject to the AGPL: if you run it in a network service or distribute software built on it, the AGPL's terms apply to the combined work. Commercial licenses for AgentLock that remove the AGPL obligations are available at licensing@agentlock.dev.

Read the AGPL and take your own advice on what it requires of you. This note is a pointer, not legal advice.

About

AgentLock authorization middleware for OpenAI Agents SDK tool calls

Topics

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Contributors

Languages