Skip to main content

OpenAI Agents SDK Integration

The OpenAI Agents provider gives your agents governed API keys, tool authentication headers, and scoped credentials for multi-agent handoffs — all backed by the vault’s audit trail and policy enforcement.

Setup

import { WisperaOpenAIAgentProvider } from '@id-wispera/core';

const oai = new WisperaOpenAIAgentProvider({ vaultPath: '~/.id-wispera' });

Agent Keys

Retrieve an API key for agent initialization. 
const apiKey = await oai.getAgentKey('openai-prod');

Agent Config

Get a full configuration object with api_key, model, and provider — ready to pass to the SDK. 
const config = await oai.getAgentConfig('openai-prod', 'gpt-4');
// → { api_key: 'sk-...', model: 'gpt-4', provider: 'openai' }

Tool Auth

Generate HTTP auth headers for agent tools that call external APIs. 
const toolAuth = await oai.getToolAuth('serper-api');
// → { Authorization: 'Bearer sk-...' }

// Custom header name
const custom = await oai.getToolAuth('serper-api', 'X-API-Key');
// → { 'X-API-Key': 'sk-...' }

Batch Tool Credentials

Retrieve credentials for multiple tools at once from a map of tool names to passport names. 
const creds = await oai.getToolCredentials({
  'web-search': 'serper-api',
  'code-exec': 'e2b-key',
  'email': 'sendgrid-key',
});
// → { 'web-search': 'sk-...', 'code-exec': 'e2b_...', 'email': 'SG...' }

Multi-Agent Handoff Credentials

Create scoped credentials for multi-agent handoffs. The provider validates that the requested scopes are a subset of the passport’s allowed scopes before issuing the credential. 
const handoffCred = await oai.getHandoffCredential(
  'openai-prod',       // passport name
  'research-agent',    // target agent
  ['read'],            // allowed scopes (must be subset of passport scopes)
);
Handoff credentials enforce the principle of least privilege. The requested scopes must be a subset of the passport’s scopes — scope widening is never allowed.

Full Example

import { WisperaOpenAIAgentProvider } from '@id-wispera/core';

const oai = new WisperaOpenAIAgentProvider({ vaultPath: '~/.id-wispera' });

// 1. Get agent key
const apiKey = await oai.getAgentKey('openai-prod');

// 2. Get tool auth headers
const toolAuth = await oai.getToolAuth('serper-api');

// 3. Create a handoff credential for a sub-agent
const handoffCred = await oai.getHandoffCredential(
  'openai-prod',
  'research-agent',
  ['read'],
);

console.log('Agent key ready');
console.log('Tool auth:', Object.keys(toolAuth));
console.log('Handoff scopes:', handoffCred.scopes);

Next Steps

Google A2A

Agent-to-agent token validation and task-scoped credentials.

Slack

Bot, app, and user tokens with auto-detection.

Framework overview

All framework integrations and the base provider API.