Skip to main content

OpenAI Agents SDK adapter for Bolyra -- guardrails, tool wrappers, and MCP auth

Project description

bolyra-agents -- Bolyra Auth for OpenAI Agents SDK

Python package that adds Bolyra authentication to OpenAI Agents SDK agents via three integration points:

  1. BolyraAuthGuardrail -- coarse-grained InputGuardrail that verifies credentials before an agent run starts
  2. BolyraToolWrapper / bolyra_tool -- fine-grained per-tool auth that checks permissions before each tool invocation
  3. bolyra_mcp_auth -- wraps MCP server connections to inject Bolyra auth headers

Supports two auth paths:

  • SD-JWT mode -- pure Python credential verification via bolyra.sd_jwt (no infrastructure needed)
  • Gateway mode -- HTTP header injection with a pre-obtained token

Install

pip install bolyra-agents

Dependencies: openai-agents>=0.1.0, bolyra>=0.4.0, PyJWT[crypto]>=2.8.0

Quick Start

1. Guardrail (coarse-grained: entire agent run)

from agents import Agent, Runner
from bolyra_agents import BolyraAuthGuardrail, BolyraAuthContext, AuthMode

ctx = BolyraAuthContext(
    mode=AuthMode.SD_JWT,
    receipt=receipt,
    holder_private_key=agent_key,
    issuer_public_key=operator_pub,
)
guardrail = BolyraAuthGuardrail(auth_context=ctx)
agent = Agent(
    name="my-agent",
    instructions="You are a helpful assistant.",
    input_guardrails=[guardrail.as_input_guardrail()],
)
result = await Runner.run(agent, "Hello")

If verification fails, the SDK raises InputGuardrailTripwireTriggered and halts the agent.

2. Per-tool auth (fine-grained: per tool call)

from agents import Agent, function_tool
from bolyra_agents import BolyraToolWrapper, BolyraAuthContext, AuthMode

ctx = BolyraAuthContext(
    mode=AuthMode.SD_JWT,
    receipt=receipt,
    holder_private_key=agent_key,
    issuer_public_key=operator_pub,
)

# Class-based wrapping
wrapper = BolyraToolWrapper(
    auth_context=ctx,
    required_permissions=["FINANCIAL_SMALL"],
    required_action="purchase",
)

@function_tool
def purchase_item(sku: str, amount: float) -> str:
    return f"Purchased {sku} for ${amount}"

agent = Agent(
    name="shopping-agent",
    tools=[wrapper.wrap(purchase_item), search_tool],  # only purchase needs auth
)

Or use the decorator:

from bolyra_agents import bolyra_tool

@bolyra_tool(ctx, required_permissions=["WRITE_DATA"])
@function_tool
def write_data(content: str) -> str:
    return f"Wrote: {content}"

3. MCP gateway auth

from agents.mcp import MCPServerSse
from bolyra_agents import bolyra_mcp_auth, BolyraAuthContext, AuthMode

server = MCPServerSse(params={"url": "https://my-server.com/sse"})
authed = bolyra_mcp_auth(server, BolyraAuthContext(
    mode=AuthMode.GATEWAY,
    gateway_token="eyJ...",
))
agent = Agent(name="mcp-agent", mcp_servers=[authed])

Auth Modes

SD-JWT Mode

The agent holds an SD-JWT delegation receipt issued by a human/operator. On each operation, the adapter presents the receipt with a fresh KB-JWT (holder binding) and verifies it locally. Pure Python, no infrastructure needed.

ctx = BolyraAuthContext(
    mode=AuthMode.SD_JWT,
    receipt=receipt,              # Issuer-form SD-JWT (from bolyra.sd_jwt.allow())
    holder_private_key=agent_key, # Agent's Ed25519 private key
    issuer_public_key=issuer_pub, # Issuer's Ed25519 public key
)

Gateway Mode

The agent has a pre-obtained auth token. The adapter injects Authorization: Bearer <token> headers and does a local JWT expiry check.

ctx = BolyraAuthContext(
    mode=AuthMode.GATEWAY,
    gateway_token="eyJ...",       # Pre-obtained JWT
)

Permissions

The adapter supports Bolyra's 8-bit cumulative permission model:

Permission Implies
READ_DATA --
WRITE_DATA --
FINANCIAL_SMALL --
FINANCIAL_MEDIUM FINANCIAL_SMALL
FINANCIAL_UNLIMITED FINANCIAL_SMALL, FINANCIAL_MEDIUM
SIGN_ON_BEHALF --
SUB_DELEGATE --
ACCESS_PII --

Dev Mode

For development and testing, set dev_mode=True to bypass credential verification:

ctx = BolyraAuthContext(
    mode=AuthMode.SD_JWT,
    dev_mode=True,
    agent_id="dev-agent",
)

Tracing

Auth operations emit custom spans in the OpenAI Agents SDK tracing system:

  • bolyra.verify -- credential verification
  • bolyra.guardrail -- guardrail check
  • bolyra.tool_auth -- per-tool auth check
  • bolyra.mcp_auth -- MCP auth injection

Spans include operation status but never include key material, receipts, or nonces.

Testing

cd integrations/openai-agents
python3 -m pytest tests/ -v

TypeScript Example

The existing delegation-example.ts shows the TypeScript delegation pattern. This Python package is the full-featured adapter.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bolyra_agents-0.1.0.tar.gz (23.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bolyra_agents-0.1.0-py3-none-any.whl (22.6 kB view details)

Uploaded Python 3

File details

Details for the file bolyra_agents-0.1.0.tar.gz.

File metadata

  • Download URL: bolyra_agents-0.1.0.tar.gz
  • Upload date:
  • Size: 23.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bolyra_agents-0.1.0.tar.gz
Algorithm Hash digest
SHA256 174060c27c586abf0a5541c2dfd73860eea7720dd32ce879973a775d76ed3f7a
MD5 3425aa1654696770e26a1de67ddc0dbe
BLAKE2b-256 d7df3340fbe8912ce8cc0e206b5e6dddf46b7981346f9c78b8be46cc9ad48fa0

See more details on using hashes here.

Provenance

The following attestation bundles were made for bolyra_agents-0.1.0.tar.gz:

Publisher: release.yml on bolyra/bolyra

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file bolyra_agents-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: bolyra_agents-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 22.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bolyra_agents-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c60a312e2eeb65a12a01e5db2fc81060db54d919cc6181c1f7357fb498aae173
MD5 5c8a5047c9b3f39c305f7d529141de23
BLAKE2b-256 b6df91f9c18b7f6cb2542d90734784c29f4c699f0929ad6446e412438bb57d06

See more details on using hashes here.

Provenance

The following attestation bundles were made for bolyra_agents-0.1.0-py3-none-any.whl:

Publisher: release.yml on bolyra/bolyra

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page