Metadata-Version: 2.4
Name: ory-openai-agents
Version: 0.11.1
Summary: Ory Agent Security for the OpenAI Agents SDK — per-tool authorization, tracing, and identity propagation via a tool-input guardrail. Built on ory-argus.
Author: Ory
License-Expression: Apache-2.0
Keywords: agent,agents,ai,authorization,openai,ory,permissions
Requires-Python: >=3.10
Requires-Dist: openai-agents>=0.1
Requires-Dist: ory-argus<1,>=0.8
Provides-Extra: dev
Requires-Dist: pytest>=8; extra == 'dev'
Requires-Dist: ruff>=0.6; extra == 'dev'
Description-Content-Type: text/markdown

# ory-openai-agents

Ory Agent Security for the [OpenAI Agents SDK](https://openai.github.io/openai-agents-python/).

Authorizes every tool call against Ory Permissions via a **tool-input guardrail**, traces
invocations, and propagates user → agent identity — built on
[`ory-argus`](https://pypi.org/project/ory-argus/).

```bash
pip install ory-openai-agents
```

```python
from agents import Agent, Runner
from ory_openai_agents import ory_tool_input_guardrail, ory_run_hooks

agent = Agent(
    name="assistant",
    tools=[search, send_email],
    tool_input_guardrails=[ory_tool_input_guardrail()],  # gate every tool call
)
Runner.run(agent, "…", hooks=ory_run_hooks())  # trace completed calls
```

- **observe** (default): denied tools still run; a `permission.observe_deny` span is recorded.
- **enforce** (`ORY_PERMISSION_MODE=enforce`): denied tools are rejected — the model receives
  the denial and the tool never executes.

Credentials are read from the shared `~/.config/ory-agent-plugins/config.json`, so a login
from any Ory harness or `ory-argus login` is reused automatically.
