AgentLock authorization middleware for the OpenAI Agents SDK.
Wraps FunctionTool instances so every tool call passes through an
AuthorizationGate before the tool body runs. Denials are returned to the
model as plain strings; allowed calls receive a single-use execution token,
optional output transforms, and provenance tracking.
pip install openai-agentlockfrom agents import Agent, function_tool
from agentlock import AuthorizationGate, AgentLockPermissions
from openai_agentlock import lock_agent
gate = AuthorizationGate()
@function_tool
def read_record(record_id: str) -> str:
return f"record {record_id}"
agent = Agent(name="demo", tools=[read_record])
lock_agent(
agent,
gate,
permissions={
"read_record": AgentLockPermissions(
allowed_roles=["reader"],
requires_auth=True,
),
},
)Pass an identity object through RunContextWrapper.context that exposes
user_id, role, and (optionally) session_id so the gate can evaluate
role and scope.
This package is Apache 2.0.
It depends on AgentLock, which is licensed AGPL-3.0-or-later from v1.3.0 onward, and this package requires agentlock>=1.5. Installing it therefore pulls in AGPL code, and combined use is subject to the AGPL: if you run it in a network service or distribute software built on it, the AGPL's terms apply to the combined work. Commercial licenses for AgentLock that remove the AGPL obligations are available at licensing@agentlock.dev.
Read the AGPL and take your own advice on what it requires of you. This note is a pointer, not legal advice.