§INTEGRATION · CODEX · OPENAI AGENTS SDK
Codex and OpenAI Agents SDK, with one honest caveat.
The OpenAI Agents SDK and the `codex` CLI both respect `OPENAI_BASE_URL`. Client-side actions can flow through the Sentisec control plane. One honest caveat: server-side vendor tools run inside the vendor's infrastructure and are invisible to any external control plane, including ours.
ONE-LINE SETUP
Two lines. One terminal. Done.
Works for any app that uses the OpenAI SDK's base-URL override — Agents SDK, Codex CLI, direct SDK users, or a script piped through `openai` client code.
bash
$ curl -fsSL https://get.sentisec.ch | bash $ export OPENAI_BASE_URL=https://api.sentisec.ch/v1
PATH OF A TOOL CALL
One hop. No framework rewrite.
Diagram is intentionally kept at the category level — the detail of the checks lives on the developer landing page and under NDA.
your agent (Agents SDK / codex CLI) │ ▼ proposed client-side actions sentisec control plane │ cognitive integrity score · workspace policy ▼ OpenAI Chat / Responses API │ ▼ tool result back — or halt + reason
§CATCHES
What this catches
- Client-side tool invocations emitted by your agent.
- Shell / fetch / filesystem tools you declare to the Agents SDK, checked before execution.
- Prompt-injection patterns that bend the agent's next action away from the user's task.
§LIMITS
What this doesn't (yet)
- OpenAI Responses API server-side tools (`web_search`, `file_search`, `computer_use`, `remote_mcp`) are out of scope. They execute inside OpenAI infrastructure before the response is returned to us. We cannot proxy them without vendor cooperation. If your agent uses those tools, assume that surface is unmonitored.
- The `codex` CLI specifically — whether every tool flow traverses the standard API surface — is validated per-release. We publish the current compatibility status; treat any gap as a known caveat, not a silent failure.