openai-agents-js

v0.11.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 26d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agents openai openai-api realtime-api typescript

Summary

AI summary

RealtimeAgent now defaults to gpt-realtime-2 and sandbox local sources are constrained to the base directory.

Full changelog

Key Changes

RealtimeAgent's default is now gpt-realtime-2

Since this version, the default model for RealtimeAgents is gpt-realtime-2: https://developers.openai.com/api/docs/models/gpt-realtime-2

Sandbox local source materialization change

In this version, sandbox local source materialization keeps LocalFile.src and LocalDir.src within the materialization baseDir unless the source path is covered by Manifest.extraPathGrants. The baseDir is the SDK process current working directory when the manifest is applied; relative local sources are resolved from that directory, while absolute local sources must already be inside it or under an explicit grant. This closes a local artifact boundary issue, but it can affect applications that intentionally copy trusted host files or directories from outside that base directory into a sandbox workspace.

import { Manifest, localDir, skills } from '@openai/agents/sandbox';
import { localDirLazySkillSource } from '@openai/agents/sandbox/local';
import { dirname, join } from 'node:path';
import { fileURLToPath } from 'node:url';

// Outside the base dir
const sharedSkillsDir = '/opt/company/agent-skills';

// Under the base dir
const appRoot = dirname(fileURLToPath(import.meta.url));
const repoDir = join(appRoot, 'repo');

const manifest = new Manifest({
  // Having extraPathGrants for the path outside the baseDir is now required
  extraPathGrants: [
    {
      path: sharedSkillsDir,
      readOnly: true,
      description: 'Shared skill bundle.',
    },
  ],
  entries: {
    // This one doesn't need extraPathGrants
    repo: localDir({ src: repoDir }),
  },
});

const skillCapability = skills({
  lazyFrom: localDirLazySkillSource({
    src: sharedSkillsDir,
  }),
});

What's Changed

feat: default realtime sessions to gpt-realtime-2 by @seratch in https://github.com/openai/openai-agents-js/pull/1270
fix: constrain local sandbox artifact sources to source base directory by @seratch in https://github.com/openai/openai-agents-js/pull/1267

Documentation & Other Changes

chore(deps): bump hono from 4.12.14 to 4.12.16 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/openai/openai-agents-js/pull/1269
docs: make computer-use examples use headless click demo by @seratch in https://github.com/openai/openai-agents-js/pull/1273
chore: update versions by @github-actions[bot] in https://github.com/openai/openai-agents-js/pull/1272

Full Changelog: https://github.com/openai/openai-agents-js/compare/v0.10.1...v0.11.0

Breaking Changes

RealtimeAgent default model changed from previous version to gpt-realtime-2
Sandbox local source paths (`LocalFile.src`, `LocalDir.src`) must reside within the materialization base directory unless explicitly granted via `Manifest.extraPathGrants`

Security Fixes

Constraining local sandbox artifact sources to the source base directory closes a local artifact boundary issue

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track openai-agents-js

Get notified when new releases ship.

About openai-agents-js

A lightweight, powerful framework for multi-agent workflows and voice agents

All releases →