Skip to content

webpro255/openai-agentlock

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

openai-agentlock

AgentLock authorization middleware for the OpenAI Agents SDK.

Wraps FunctionTool instances so every tool call passes through an AuthorizationGate before the tool body runs. Denials are returned to the model as plain strings; allowed calls receive a single-use execution token, optional output transforms, and provenance tracking.

Install

pip install openai-agentlock

Minimal usage

from agents import Agent, function_tool
from agentlock import AuthorizationGate, AgentLockPermissions
from openai_agentlock import lock_agent

gate = AuthorizationGate()

@function_tool
def read_record(record_id: str) -> str:
    return f"record {record_id}"

agent = Agent(name="demo", tools=[read_record])

lock_agent(
    agent,
    gate,
    permissions={
        "read_record": AgentLockPermissions(
            allowed_roles=["reader"],
            requires_auth=True,
        ),
    },
)

Pass an identity object through RunContextWrapper.context that exposes user_id, role, and (optionally) session_id so the gate can evaluate role and scope.

License

Apache 2.0.