Skip to main content
Best for: teams already using the OpenAI Agents SDK and wanting native protection without changing runtimes.

Install

pip install verifiedx
This page assumes your app already uses agents in Python or @openai/agents in TypeScript.

Net-new VerifiedX code

This is the smallest truthful integration in an existing OpenAI Agents setup. 
from verifiedx import init_verifiedx, run_openai_agents_sync

verifiedx = init_verifiedx()
result = run_openai_agents_sync(agent, input, verifiedx=verifiedx)
That is the important part. Your existing agent, tools, instructions, handoffs, and orchestration stay the same.
Start with the wrapper-first path above. If you later want to keep calling the SDK’s own runner directly, attach VerifiedX once to the agent or runner instead.
Your native tool surface is the config. VerifiedX uses your existing tool names, descriptions, schemas, approval hints, MCP servers, and built-in tool types as the source of truth for what to preflight.

Attach once instead of wrapping run

If you prefer to attach VerifiedX to the agent and keep calling the SDK runner directly, use the native attach surface. 
from agents import Runner
from verifiedx import attach_openai_agents_agent, init_verifiedx

verifiedx = init_verifiedx()
attach_openai_agents_agent(agent, verifiedx=verifiedx)

result = Runner.run_sync(agent, input)

Linked runtime / runner setups

If you already manage a runner or trace installer yourself, attach VerifiedX there instead of changing the rest of your code. 
from verifiedx import attach_openai_agents_runner, init_verifiedx

verifiedx = init_verifiedx()
attach_openai_agents_runner(runner, verifiedx=verifiedx)

Full example

from agents import Agent, function_tool
from verifiedx import init_verifiedx, run_openai_agents_sync

@function_tool
def set_workflow_status(workflow_id: str, status: str, reason: str) -> dict:
    return {
        "ok": True,
        "workflow_id": workflow_id,
        "status": status,
        "reason": reason,
    }

agent = Agent(
    name="WorkflowOps",
    model="gpt-5.4-mini",
    instructions="Update internal workflows safely.",
    tools=[set_workflow_status],
)

verifiedx = init_verifiedx()

result = run_openai_agents_sync(
    agent,
    "Set workflow WF-1002 to awaiting_human because billing verification is missing.",
    verifiedx=verifiedx,
)
Do not use raw install_runtime(...) or bindHarness(...) for this path. The OpenAI Agents adapter is native to the SDK and wraps the agent or runner directly.

Composed systems

If this OpenAI Agents run is part of a larger multi-agent or agent+human workflow, pass upstream context into VerifiedX so the current run has better system and situational awareness before it takes a high-impact action. This is useful when a supervisor agent, parent workflow, or human reviewer already has context that the current run should use before taking action. VerifiedX does not require a fixed schema for this. Pass the upstream context you already have in any JSON-serializable shape. 
upstream = {
    "source": "workflow_supervisor",
    "workflow_id": "WF-2203",
    "approval_status": "approved_with_follow_up",
    "human_review": {
        "reviewer": "ops_lead",
        "result": "approved",
    },
    "prior_agent_output": {
        "summary": "Billing verification is complete.",
    },
}

with verifiedx.with_upstream_context(upstream):
    result = run_openai_agents_sync(agent, input, verifiedx=verifiedx)
Upstream context is supporting workflow context from outside the current run. It is not proof that this run already executed any local action.

What the adapter already captures

Once attached, VerifiedX already captures and protects the native OpenAI Agents surface, including:
  • Native tool-call history through tracing
  • Tool execution through both tool.execute(...) and SDK-style tool.invoke(...)
  • Durable memory writes inferred from tool name, schema, and description
  • High-impact tools such as record mutations, system changes, and external messages
  • Handoffs and delegated or subagent traces when present
  • MCP server listTools() and callTool(...)
  • Hosted MCP approval requests and MCP calls from response spans
  • Native built-in tool types such as shell, apply-patch, computer, file search, web search, tool search, image generation, and MCP-style tools when present
If a trace processor cannot be installed in the current setup, VerifiedX falls back to wrapper-only mode instead of failing the integration. Wrapped tools and MCP boundaries still stay protected.

What to expect at runtime

Protected boundaries can return:
  • allow
  • allow_with_warning
  • replan_required
  • goal_fail_terminal
Every outcome includes a structured decision receipt. If a tool or memory write is replanned, the side effect does not execute. The wrapped tool returns the normal VerifiedX blocked result shape, including ok: false, blocked: true, boundary_outcome, safe_next_steps, and decision_receipt, so the agent can keep moving toward the same goal safely or route the receipt upstream when needed.

Production-style validation coverage

The OpenAI Agents validation paths in this repo cover real workflows including:
  • Clean durable memory writes
  • Clean record mutations
  • Clean internal workflow updates
  • Multi-step internal runs across retrieval, mutation, memory, and internal notification
  • External email attempts that replan into safer internal Slack fallbacks
  • Repeated adversarial external-email attempts that should not keep pushing the same unsafe action
  • MCP filesystem list, read, and write flows
  • Hosted MCP approval requests captured into history and boundary preflight

Pricing note

One protected action check equals one real boundary preflight. Taint, event ingest, execution reports, and decision reads are all included at that price. The Free Sandbox includes every language, provider, framework, and adapter. VerifiedX does not replace your orchestrator or human workflow. It returns receipts your system can keep local, route downstream, or pass upstream.
For the raw runtime reference, see the Python SDK and TypeScript SDK. For direct OpenAI tool loops outside the Agents SDK, see the OpenAI pages.