Wrap a deny.sh vault entry as an OpenAI Agents SDK tool. The credential resolves inside the tool boundary; only a narrowed DTO reaches the model. Fail-closed leak sweep.
Project description
deny-sh-openai-agents
Wrap a deny.sh vault entry as an OpenAI Agents SDK tool (Python). The credential resolves inside the tool boundary; only a narrowed DTO reaches the model. Fail-closed leak sweep.
pip install deny-sh-openai-agents openai-agents
Usage
import os
import requests
from pydantic import BaseModel
from agents import Agent, Runner
from deny_sh_openai_agents import deny_vault_tool
class InvoiceArgs(BaseModel):
id: str
def lookup(stripe_key: str, args: dict) -> dict:
r = requests.get(
f"https://api.stripe.com/v1/invoices/{args['id']}",
headers={"Authorization": f"Bearer {stripe_key}"},
)
body = r.json()
# narrowed DTO -- never the raw key, never the raw upstream body
return {"id": body.get("id"), "amount_due": body.get("amount_due"), "status": body.get("status")}
invoice_tool = deny_vault_tool(
label="stripe-prod", # or: id="item_abc"
password=os.environ["VAULT_PW"], # server env, never the prompt
name="get_invoice",
description="Look up a Stripe invoice by id",
args_schema=InvoiceArgs,
use=lookup,
)
agent = Agent(
name="Billing",
instructions="Help the user with their invoices.",
tools=[invoice_tool],
)
result = Runner.run_sync(agent, "What is the status of invoice in_1?")
print(result.final_output)
The Stripe key is resolved + consumed entirely inside lookup. The agent and
the model provider see only the input args and the narrowed return. The key
never enters the model's context window. If use ever returns the raw secret,
the leak sweep raises (DenyLeakError) and the secret never crosses back into
the model context.
Multi-tenant
Pass a per-tenant client_options={"api_key": ...} and password. One tenant
cannot decrypt another's vault entry; the boundary is cryptographic, not
policy-based.
Config
| Field | Required | Notes |
|---|---|---|
label / id |
one of | vault entry label, or a stable item id |
password |
yes | vault wrap password |
name, description, args_schema |
yes | standard Agents SDK tool fields (args_schema is a pydantic model) |
use(secret, args) |
yes | privileged work; return a narrowed DTO |
client_options |
no | forwarded to deny_sh.vault_get (api_key, base_url, ...) |
leak_sweep |
no | default True; fail-closed scan of the returned DTO |
Apache-2.0. Part of deny-sh-integrations.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file deny_sh_openai_agents-0.1.0.tar.gz.
File metadata
- Download URL: deny_sh_openai_agents-0.1.0.tar.gz
- Upload date:
- Size: 9.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3cf65492abebc1216ce4b1b17e377408316a53b58193fdc30a1bd5d6df7684af
|
|
| MD5 |
cd2afb02fb387109fff3187bf0b7927d
|
|
| BLAKE2b-256 |
027bf8a00c4d002d95124c32e78e105a2acf27ef3ddfa47a078b26d3f6de35bc
|
File details
Details for the file deny_sh_openai_agents-0.1.0-py3-none-any.whl.
File metadata
- Download URL: deny_sh_openai_agents-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3aa78e4b94df535851be9c90c7addea5e5be59632ee475c4c067e3d1f7f08b33
|
|
| MD5 |
08617f246fd8f1627cd3bdec103c23f3
|
|
| BLAKE2b-256 |
0e7ff49dbf57614d6afd589dad9dc28f44e165e6cf8fe094f622d4f7a9806023
|
