@orangecheck/agent-openai
Advanced tools
Wrap OpenAI function-calling (Responses API + Chat Completions tool path) with OC Agent scope enforcement and emit a signed agent-action envelope per function invocation.
Wrap OpenAI function calls with OC Agent scope enforcement and emit a signed agent-action envelope per invocation. Covers both the new Responses API (function_call items) and the legacy Chat Completions tool path (tool_calls).
Function calling is the OpenAI-shaped way agents reach out to the world. Without scope enforcement and a cryptographic action receipt, "the model called this function" is the entire audit trail. With this adapter, every call carries: the agent address (BIP-322 signed), the active delegation, the exercised scope, the content hash of the inputs, and the OC Stamp anchor — replayable offline forever.
v0.0.1 · in design. API shape is stable; canonicalization is locked. Production wiring (per-event streaming integration with the OpenAI SDK's responses.stream() / chat.completions.create()) lands when the first design partner names the integration.
npm i @orangecheck/agent-openai
# peer deps:
npm i @orangecheck/agent-core @orangecheck/agent-signer
import { invokeWithStamp } from '@orangecheck/agent-openai';
// Pull a tool_call out of a Chat Completions response …
const toolCall = response.choices[0].message.tool_calls[0];
const { result, action, call } = await invokeWithStamp({
agent,
delegation,
call: toolCall, // raw OpenAI shape — we normalize
execute: async (c) => myInvoiceCreateImpl(c.arguments),
});
// `result` becomes the tool result you feed back to the model.
// `call` is the normalized OpenAiFunctionCall (id, name, arguments).
// `action` is the signed envelope; ship to your audit bundle / Nostr.
The same invokeWithStamp works on Responses-API function_call items — parseFunctionCall handles the call_id / id and string-vs-object arguments differences automatically.
The stamp's content.hash is a SHA-256 of the RFC-8785-canonicalized JSON:
{
"arguments": <canonical JSON of arguments>,
"id": "<call id>",
"name": "<function name>"
}
The action's scope_exercised defaults to openai:function(name=<name>). Override via scopeExercised.
parseFunctionCall(raw) — normalizes a Chat Completions tool_call or Responses function_call into {id, name, arguments}.canonicalizeFunctionCall(call) — RFC 8785 canonical bytes.functionCallHash(call) — sha256:<64-hex> for content.hash.stampFunctionCall(input) — sign without executing.invokeWithStamp(input) — sign + execute + return both.MIT.
FAQs
Wrap OpenAI function-calling (Responses API + Chat Completions tool path) with OC Agent scope enforcement and emit a signed agent-action envelope per function invocation.
We found that @orangecheck/agent-openai demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
Research
More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infostealer during installation.
Research
/Security News
A new npm package tests AI malware scanners with prompt injection, safety-triggering comments, context flooding, and obfuscated JavaScript.