Skip to main content
Use this page when your application already calls the OpenAI SDK. The wrappers keep the OpenAI client shape and add Averta checkpoints around supported calls.

Install

npm install openai @averta-security/sdk-openai
Python support is source-install only until averta-openai is published to PyPI. Run the Python install command from the SDK repository.
export OPENAI_API_KEY="your-openai-key"
export AVERTA_API_KEY="your-averta-key"
The OpenAI wrapper reads AVERTA_API_KEY from the environment. Pass avertaApiKey or averta_api_key only when this client should use a different Averta key.

Wrap the Client

import OpenAI from "openai";
import { wrapOpenAI } from "@averta-security/sdk-openai";

let client = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY!,
});

client = wrapOpenAI(client);
Do not wrap the same OpenAI client twice. Create a fresh OpenAI client for each distinct Averta configuration.

Send a Tool-capable Request

const tools = [
  {
    type: "function" as const,
    name: "search_docs",
    description: "Search the internal support documentation.",
    strict: true,
    parameters: {
      type: "object",
      properties: {
        query: { type: "string" },
      },
      required: ["query"],
      additionalProperties: false,
    },
  },
];

const response = await client.responses.create({
  model: process.env.OPENAI_MODEL ?? "gpt-5.4-mini",
  input: "Search the docs for password reset guidance.",
  tools,
});
At this point Averta has run the request checkpoint. If policy returns restrict_tools, the wrapper forwards only the allowed tools to OpenAI.

Continue the Tool Loop

OpenAI function calls include a call_id. Use that value when you send the result back. 
const functionCall = response.output.find(
  (item) => item.type === "function_call"
);

if (functionCall) {
  const nextResponse = await client.responses.create({
    model: process.env.OPENAI_MODEL ?? "gpt-5.4-mini",
    input: [
      ...response.output,
      {
        type: "function_call_output",
        call_id: functionCall.call_id,
        output: JSON.stringify({
          matches: ["Password reset links expire after 24 hours."],
        }),
      },
    ],
    tools,
  });

  console.log(nextResponse.output_text);
}
When the continuation request is sent, Averta evaluates the tool result before OpenAI sees it.

Confirm Decisions

With an allowing policy and a tool call, Events should show a sequence like: 
request -> tool_call -> tool_result -> output
The exact sequence depends on whether the model calls a tool. A request with no tool call can skip tool_call and tool_result. The SDK generates requestId and traceId automatically; pass requestContext only when you need your own conversationId, requestId, or traceId.

Runnable Example

The SDK repository includes runnable OpenAI examples: 
cp examples/.env.example examples/.env
npm --prefix examples/openai/basic install
npm run example:openai:basic:start
Fill OPENAI_API_KEY and AVERTA_API_KEY in examples/.env before running an example.

Chat Completions

The same wrapped client also guards supported Chat Completions calls. 
const completion = await client.chat.completions.create({
  model: process.env.OPENAI_MODEL ?? "gpt-5.4-mini",
  messages: [
    {
      role: "user",
      content: "Explain password reset link expiration in one sentence.",
    },
  ],
});

console.log(completion.choices[0]?.message.content);

Python Support

Python V1 wraps sync OpenAI clients and guards responses.create(...), responses.create(stream=True, ...), responses.stream(...), chat.completions.create(...), and chat.completions.create(stream=True, ...).

Next Steps

Responses API

See the guarded Responses lifecycle.

Tools

Understand tool exposure and tool-call checks.

Output checks

Evaluate final answers before returning them.

Events

Investigate decisions in the dashboard.