Skip to content

examples: add signed tool receipts#3565

Closed
tomjwxf wants to merge 1 commit into
openai:mainfrom
tomjwxf:codex/signed-tool-receipts
Closed

examples: add signed tool receipts#3565
tomjwxf wants to merge 1 commit into
openai:mainfrom
tomjwxf:codex/signed-tool-receipts

Conversation

@tomjwxf
Copy link
Copy Markdown

@tomjwxf tomjwxf commented Jun 2, 2026

Summary

  • Add a basic example that uses RunHooks.on_tool_start and RunHooks.on_tool_end to emit signed receipts around local tool calls.
  • Demonstrate pre-execution and post-execution receipts linked with previous_receipt_hash.
  • Sign each canonical JSON receipt with Ed25519 and verify the chain locally at the end.

This is examples-only and does not change SDK runtime behavior. The example uses the existing optional cryptography dependency surface for Ed25519 signing.

Verification

  • python3 -m ruff format examples/basic/signed_tool_receipts.py
  • python3 -m ruff check examples/basic/signed_tool_receipts.py
  • python3 -m py_compile examples/basic/signed_tool_receipts.py

@ZeroXLauren
examples: add signed tool receipts
430ace4 
Signed-off-by: tommylauren <tfarley@utexas.edu>
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 430ace4398

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread examples/basic/signed_tool_receipts.py

def verify_receipt_chain(self) -> bool:
previous_hash: str | None = None
public_key: Ed25519PublicKey = self.verify_key
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Bind the embedded public key to verification

When the printed receipt JSON is archived or transferred for later verification, signature.public_key is the receipt’s only signer identifier, but it is excluded from the signed payload/hash and this verifier never checks it against the trusted key. As a result, changing signature.public_key in any emitted receipt still leaves verify_receipt_chain() returning true, so the example can validate receipts that misidentify who signed them; either include the signer key ID in the signed payload or explicitly reject receipts whose embedded key differs from the verifier key.

Useful? React with 👍 / 👎.

@seratch
Copy link
Copy Markdown
Member

seratch commented Jun 4, 2026

Thanks for sharing this idea. While we won't add this example within this repo, please feel free to share it in your own repo or any other resources.

@seratch seratch closed this Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tomjwxf @seratch @ZeroXLauren