OpenAI Integration
Secure OpenAI GPT agents with Agent Action Firewall.
Overview
Integrate the firewall with OpenAI's function calling and Assistants API to ensure all tool executions are validated against your security policies.
Function Calling Integration
TypeScript
import OpenAI from 'openai';
import { AgentFirewallClient } from '@agent-action-firewall/sdk';
const openai = new OpenAI();
const firewall = new AgentFirewallClient({
baseUrl: process.env.AGENT_FIREWALL_BASE_URL!,
apiKey: process.env.AGENT_FIREWALL_API_KEY!,
agentId: 'openai-agent',
});
const functions = [
{
name: 'search_database',
description: 'Search the customer database',
parameters: {
type: 'object',
properties: {
query: { type: 'string' },
filters: { type: 'object' },
},
required: ['query'],
},
},
];
async function executeWithFirewall(
name: string,
args: Record<string, unknown>
) {
// Validate with firewall
const response = await firewall.submitAction({
tool: name,
operation: 'execute',
params: args,
});
switch (response.status) {
case 'allowed':
return executeTool(name, args);
case 'pending_approval':
const result = await firewall.waitForApproval(response.id);
return result.status === 'allowed'
? executeTool(name, args)
: { error: 'Not approved' };
case 'denied':
return { error: response.decision?.reason };
}
}
async function chat(messages: OpenAI.Chat.ChatCompletionMessageParam[]) {
const response = await openai.chat.completions.create({
model: 'gpt-4-turbo',
messages,
functions,
function_call: 'auto',
});
const message = response.choices[0].message;
if (message.function_call) {
const args = JSON.parse(message.function_call.arguments);
const result = await executeWithFirewall(
message.function_call.name,
args
);
// Continue conversation with function result...
}
return message;
}Assistants API Integration
TypeScript
// Create assistant with firewall-protected tools
const assistant = await openai.beta.assistants.create({
name: 'Secure Agent',
model: 'gpt-4-turbo',
tools: [
{ type: 'code_interpreter' },
{
type: 'function',
function: {
name: 'update_record',
description: 'Update a database record',
parameters: { /* ... */ },
},
},
],
});
// Handle tool calls with firewall
async function handleRun(threadId: string, runId: string) {
let run = await openai.beta.threads.runs.retrieve(threadId, runId);
while (run.status === 'requires_action') {
const toolCalls = run.required_action?.submit_tool_outputs.tool_calls;
const outputs = await Promise.all(
toolCalls?.map(async (call) => {
const args = JSON.parse(call.function.arguments);
const result = await executeWithFirewall(call.function.name, args);
return {
tool_call_id: call.id,
output: JSON.stringify(result),
};
}) || []
);
run = await openai.beta.threads.runs.submitToolOutputs(threadId, runId, {
tool_outputs: outputs,
});
}
}GPT Actions (Custom GPTs)
For Custom GPTs with Actions, route API calls through the firewall:
YAML
openapi: 3.0.0
info:
title: Firewall-Protected API
version: 1.0.0
servers:
- url: https://api.agentactionfirewall.com/v1/proxy
paths:
/actions:
post:
operationId: submitAction
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
tool: { type: string }
operation: { type: string }
params: { type: object }Best Practices
- Use function descriptions to inform policy decisions
- Log all function calls for audit purposes
- Set appropriate timeouts for approval waits
- Handle denied actions gracefully in the conversation