OpenAI Agents SDK adapter for Bolyra -- guardrails, tool wrappers, and MCP auth
Project description
bolyra-agents -- Bolyra Auth for OpenAI Agents SDK
Python package that adds Bolyra authentication to OpenAI Agents SDK agents via three integration points:
- BolyraAuthGuardrail -- coarse-grained InputGuardrail that verifies credentials before an agent run starts
- BolyraToolWrapper / bolyra_tool -- fine-grained per-tool auth that checks permissions before each tool invocation
- bolyra_mcp_auth -- wraps MCP server connections to inject Bolyra auth headers
Supports two auth paths:
- SD-JWT mode -- pure Python credential verification via
bolyra.sd_jwt(no infrastructure needed) - Gateway mode -- HTTP header injection with a pre-obtained token
Install
pip install bolyra-agents
Dependencies: openai-agents>=0.1.0, bolyra>=0.4.0, PyJWT[crypto]>=2.8.0
Quick Start
1. Guardrail (coarse-grained: entire agent run)
from agents import Agent, Runner
from bolyra_agents import BolyraAuthGuardrail, BolyraAuthContext, AuthMode
ctx = BolyraAuthContext(
mode=AuthMode.SD_JWT,
receipt=receipt,
holder_private_key=agent_key,
issuer_public_key=operator_pub,
)
guardrail = BolyraAuthGuardrail(auth_context=ctx)
agent = Agent(
name="my-agent",
instructions="You are a helpful assistant.",
input_guardrails=[guardrail.as_input_guardrail()],
)
result = await Runner.run(agent, "Hello")
If verification fails, the SDK raises InputGuardrailTripwireTriggered and halts the agent.
2. Per-tool auth (fine-grained: per tool call)
from agents import Agent, function_tool
from bolyra_agents import BolyraToolWrapper, BolyraAuthContext, AuthMode
ctx = BolyraAuthContext(
mode=AuthMode.SD_JWT,
receipt=receipt,
holder_private_key=agent_key,
issuer_public_key=operator_pub,
)
# Class-based wrapping
wrapper = BolyraToolWrapper(
auth_context=ctx,
required_permissions=["FINANCIAL_SMALL"],
required_action="purchase",
)
@function_tool
def purchase_item(sku: str, amount: float) -> str:
return f"Purchased {sku} for ${amount}"
agent = Agent(
name="shopping-agent",
tools=[wrapper.wrap(purchase_item), search_tool], # only purchase needs auth
)
Or use the decorator:
from bolyra_agents import bolyra_tool
@bolyra_tool(ctx, required_permissions=["WRITE_DATA"])
@function_tool
def write_data(content: str) -> str:
return f"Wrote: {content}"
3. MCP gateway auth
from agents.mcp import MCPServerSse
from bolyra_agents import bolyra_mcp_auth, BolyraAuthContext, AuthMode
server = MCPServerSse(params={"url": "https://my-server.com/sse"})
authed = bolyra_mcp_auth(server, BolyraAuthContext(
mode=AuthMode.GATEWAY,
gateway_token="eyJ...",
))
agent = Agent(name="mcp-agent", mcp_servers=[authed])
Auth Modes
SD-JWT Mode
The agent holds an SD-JWT delegation receipt issued by a human/operator. On each operation, the adapter presents the receipt with a fresh KB-JWT (holder binding) and verifies it locally. Pure Python, no infrastructure needed.
ctx = BolyraAuthContext(
mode=AuthMode.SD_JWT,
receipt=receipt, # Issuer-form SD-JWT (from bolyra.sd_jwt.allow())
holder_private_key=agent_key, # Agent's Ed25519 private key
issuer_public_key=issuer_pub, # Issuer's Ed25519 public key
)
Gateway Mode
The agent has a pre-obtained auth token. The adapter injects Authorization: Bearer <token> headers and does a local JWT expiry check.
ctx = BolyraAuthContext(
mode=AuthMode.GATEWAY,
gateway_token="eyJ...", # Pre-obtained JWT
)
Permissions
The adapter supports Bolyra's 8-bit cumulative permission model:
| Permission | Implies |
|---|---|
| READ_DATA | -- |
| WRITE_DATA | -- |
| FINANCIAL_SMALL | -- |
| FINANCIAL_MEDIUM | FINANCIAL_SMALL |
| FINANCIAL_UNLIMITED | FINANCIAL_SMALL, FINANCIAL_MEDIUM |
| SIGN_ON_BEHALF | -- |
| SUB_DELEGATE | -- |
| ACCESS_PII | -- |
Dev Mode
For development and testing, set dev_mode=True to bypass credential verification:
ctx = BolyraAuthContext(
mode=AuthMode.SD_JWT,
dev_mode=True,
agent_id="dev-agent",
)
Tracing
Auth operations emit custom spans in the OpenAI Agents SDK tracing system:
bolyra.verify-- credential verificationbolyra.guardrail-- guardrail checkbolyra.tool_auth-- per-tool auth checkbolyra.mcp_auth-- MCP auth injection
Spans include operation status but never include key material, receipts, or nonces.
Testing
cd integrations/openai-agents
python3 -m pytest tests/ -v
TypeScript Example
The existing delegation-example.ts shows the TypeScript delegation pattern. This Python package is the full-featured adapter.
License
Apache-2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bolyra_agents-0.1.0.tar.gz.
File metadata
- Download URL: bolyra_agents-0.1.0.tar.gz
- Upload date:
- Size: 23.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
174060c27c586abf0a5541c2dfd73860eea7720dd32ce879973a775d76ed3f7a
|
|
| MD5 |
3425aa1654696770e26a1de67ddc0dbe
|
|
| BLAKE2b-256 |
d7df3340fbe8912ce8cc0e206b5e6dddf46b7981346f9c78b8be46cc9ad48fa0
|
Provenance
The following attestation bundles were made for bolyra_agents-0.1.0.tar.gz:
Publisher:
release.yml on bolyra/bolyra
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bolyra_agents-0.1.0.tar.gz -
Subject digest:
174060c27c586abf0a5541c2dfd73860eea7720dd32ce879973a775d76ed3f7a - Sigstore transparency entry: 1886666617
- Sigstore integration time:
-
Permalink:
bolyra/bolyra@5b889144ee0a6018944b7252558d6bbbeb360b44 -
Branch / Tag:
refs/tags/bolyra-agents@0.1.0 - Owner: https://github.com/bolyra
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@5b889144ee0a6018944b7252558d6bbbeb360b44 -
Trigger Event:
push
-
Statement type:
File details
Details for the file bolyra_agents-0.1.0-py3-none-any.whl.
File metadata
- Download URL: bolyra_agents-0.1.0-py3-none-any.whl
- Upload date:
- Size: 22.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c60a312e2eeb65a12a01e5db2fc81060db54d919cc6181c1f7357fb498aae173
|
|
| MD5 |
5c8a5047c9b3f39c305f7d529141de23
|
|
| BLAKE2b-256 |
b6df91f9c18b7f6cb2542d90734784c29f4c699f0929ad6446e412438bb57d06
|
Provenance
The following attestation bundles were made for bolyra_agents-0.1.0-py3-none-any.whl:
Publisher:
release.yml on bolyra/bolyra
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bolyra_agents-0.1.0-py3-none-any.whl -
Subject digest:
c60a312e2eeb65a12a01e5db2fc81060db54d919cc6181c1f7357fb498aae173 - Sigstore transparency entry: 1886666623
- Sigstore integration time:
-
Permalink:
bolyra/bolyra@5b889144ee0a6018944b7252558d6bbbeb360b44 -
Branch / Tag:
refs/tags/bolyra-agents@0.1.0 - Owner: https://github.com/bolyra
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@5b889144ee0a6018944b7252558d6bbbeb360b44 -
Trigger Event:
push
-
Statement type: