Download Latest Version
v0.17.3 source code.tar.gz (5.4 MB)
Get an email when there's a new version of OpenAI Agents (Python)
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-05-08 | 3.1 kB | |
| v0.17.0 source code.tar.gz | 2026-05-08 | 5.4 MB | |
| v0.17.0 source code.zip | 2026-05-08 | 6.1 MB | |
| Totals: 3 Items | 11.5 MB | 0 | |
Key Changes
RealtimeAgent's default is now gpt-realtime-2
Since this version, the default model for RealtimeAgents is gpt-realtime-2: https://developers.openai.com/api/docs/models/gpt-realtime-2
Sandbox local source materialization change
In this version, sandbox local source materialization keeps LocalFile.src and LocalDir.src within the materialization base_dir unless the source path is covered by Manifest.extra_path_grants. The base_dir is the SDK process current working directory when the manifest is applied; relative local sources are resolved from that directory, while absolute local sources must already be inside it or under an explicit grant. This closes a local artifact boundary issue, but it can affect applications that intentionally copy trusted host files or directories from outside that base directory into a sandbox workspace.Expand commentComment on line R24Resolved
To migrate, grant trusted host roots at the manifest level with SandboxPathGrant, preferably as read-only when the sandbox only needs to read those files:
:::python
from pathlib import Path
from agents.sandbox import Manifest, SandboxPathGrant
from agents.sandbox.entries import Dir, LocalDir
# This is an absolute host path outside the SDK process base_dir.
TRUSTED_DOCS_ROOT = Path("/opt/my-app/docs")
manifest = Manifest(
extra_path_grants=(
# This host root is outside the SDK process base_dir, so the manifest must grant it.
SandboxPathGrant(path=str(TRUSTED_DOCS_ROOT), read_only=True),
),
entries={
# No grant is needed for local sources that stay under the SDK process base_dir.
"fixtures": LocalDir(src=Path("fixtures"), description="Local test fixtures."),
# This entry reads from the granted host root and copies it into the sandbox workspace.
"docs": LocalDir(src=TRUSTED_DOCS_ROOT, description="Trusted local documents."),
# Dir creates a sandbox workspace directory; it does not read from the host filesystem.
"output": Dir(description="Generated artifacts."),
},
)
Treat extra_path_grants as trusted application configuration. Do not populate grants from model output or other untrusted manifest input unless your application has already approved those host paths.
What's Changed
- feat: default realtime sessions to gpt-realtime-2 by @seratch in https://github.com/openai/openai-agents-python/pull/3190
- fix: [#3169] constrain local sandbox artifact sources to base dir by @seratch in https://github.com/openai/openai-agents-python/pull/3177
- fix: Responses context-management extra_args collision by @alfozan in https://github.com/openai/openai-agents-python/pull/3185
Documentation & Other Changes
- Release 0.17.0 by @github-actions[bot] in https://github.com/openai/openai-agents-python/pull/3191
Full Changelog: https://github.com/openai/openai-agents-python/compare/v0.16.1...v0.17.0
