Skip to main content

What it does

This example demonstrates the grantex-openai-agents integration by building scope-enforced tools for the OpenAI Agents SDK:
  1. Register an agent and obtain a grant token via the sandbox flow
  2. Create scoped tools using create_grantex_tool — each tool is bound to a specific scope (calendar:read, email:send)
  3. Invoke tools directly (in a full Agents workflow, the LLM would select and call these tools)
  4. Demonstrate scope enforcement — attempting to create a tool with account:delete (a scope not in the grant) raises a PermissionError
  5. Inspect the audit trail to see the logged actions

Prerequisites

  • Python 3.9+
  • Docker (Docker Desktop or Docker Engine with Compose)

Run

Start the local Grantex stack from the repository root: 
docker compose up --build
In a separate terminal, run the example: 
cd examples/openai-agents
pip install -r requirements.txt
python main.py

Expected output

Agent registered: ag_01HXYZ...
Grant token received, grantId: grnt_01HXYZ...
Tools created: read_calendar, send_email

--- Invoking read_calendar ---
Result: {"events": [{"title": "Team standup", "time": "9:00 AM", "query": "today"}, {"title": "Design review", "time": "2:00 PM", "query": "today"}]}

--- Invoking send_email ---
Result: Email sent successfully: "Meeting summary: standup at 9 AM, design review at 2 PM"

--- Testing scope enforcement ---
Scope check blocked unauthorized tool: Grant token does not include required scope "account:delete". Granted scopes: calendar:read, email:send

--- Audit trail ---
  [success] read_calendar — 2026-02-28T12:00:00.000Z
  [success] send_email — 2026-02-28T12:00:01.000Z

Done! OpenAI Agents SDK integration demo complete.

Environment variables

VariableDefaultDescription
GRANTEX_URLhttp://localhost:3001Base URL of the Grantex auth service
GRANTEX_API_KEYsandbox-api-key-localAPI key. Use a sandbox key for auto-approval

Source code

The full source is in examples/openai-agents/main.py.