paybondpaybond
Sign in

OpenAI Agents SDK spend controls

Guard OpenAI Agents SDK tools with Paybond input guardrails and wrapped invoke — Harbor verify before side effects and auto-evidence after success.

The OpenAI Agents SDK runs tools through FunctionTool.invoke. Paybond hooks that boundary with input guardrails (pre-check) and wrapped invoke (post-success evidence) — not as model middleware.

TypeScript only. Python Kit raises a clear error for openai-agents; use this guide with @paybond/kit or @paybond/openai-agents.

Try it

Terminal
Terminal commandSwipe to inspect long lines
paybond login
paybond agent demo openai-agents smoke \
  --operation paid-tool \
  --requested-spend-cents 100 \
  --evidence-preset cost_and_completion \
  --format table

Scaffold

Terminal
Terminal commandSwipe to inspect long lines
paybond init agent-middleware --framework openai --out paybond-openai-agents.ts
paybond policy init --preset travel --out paybond.policy.yaml
import { tool, Agent, Runner } from "@openai/agents";
import { z } from "zod";
import { Paybond } from "@paybond/kit";

const paybond = await Paybond.open({ apiKey: process.env.PAYBOND_API_KEY! });

const bookHotelTool = tool({
  name: "travel.book_hotel",
  description: "Book a hotel room",
  parameters: z.object({
    city: z.string(),
    estimatedPriceCents: z.number().int().nonnegative(),
  }),
  execute: async (args) => bookHotel(args),
});

const { agentTools: tools, runConfig } = await paybond.agent({
  policy: "travel",
  framework: "openai-agents",
  tools: [bookHotelTool, searchWebTool],
});

const agent = new Agent({ name: "Travel", tools });
await Runner.run(agent, "Book a hotel in Lisbon under $200.", { ...runConfig });

Production: omit sandbox defaults on paybond.agent(), use paybond.instrument() with deferred bind, then instrumented.bind({ intentId, capabilityToken }) per session.

What Paybond adds

PrimitivePurpose
inputGuardrail on side-effecting toolsHarbor verify, deny, or HITL hold before invoke
Wrapped invokeSpend finalize + auto-evidence after success
runConfig.toolExecution.preApprovalInputGuardrailsEnables guardrails before OpenAI approval interruptions

Read-only tools pass through without guardrails.

Optional: pass { bridgeNeedsApproval: true } to createPaybondOpenAIAgentsConfig when you want both Harbor policy and OpenAI's human-in-the-loop pause.

Developer reference: /docs/kit/openai-agents.