Our own third-generation agent runtime — every leading agent SDK, one governed fabric.
OpenLI Codex is OpenRunner: a unified agent-runtime fabric with one simple contract — products send context plus a request and receive a stream plus usage and cost, without knowing or caring which runner served them. At its centre is OpenCodex, OpenLI’s own third-generation in-house harness — an explicit plan→act→observe→reflect loop with pluggable tools, permission tiers, policy hooks and an audit trail on every action.
We do not wrap LangGraph. We do not wrap LangChain. And we do not lock you to any one vendor’s SDK: the Claude Agent SDK and the OpenAI Codex SDK run inside OpenRunner as interchangeable runners — peers of our own OpenCodex, switchable per task, tenant and compliance zone with zero consumer code change. That is what production agentic systems in healthcare, finance and clinical research actually need: governance and vendor-independence built in, not bolted on.
Our vision: natural language is the only programming language enterprises need.
In tomorrow’s software, every developer interface is conversational. Every legacy system can be modernised in plain English. Every agent action is governed, auditable and reversible. OpenLI Codex is the runtime that makes that real for buyers in regulated industries today — not in some indefinite future.
AI-native, not AI-bolted-on
Codex is purpose-built for production agentic workflows. Tool surfaces, multi-turn reasoning, structured output extraction, runner orchestration, prompt template versioning — all built into the runtime, not stitched together at the application layer.
Governance-first, not governance-bolted-on
Human approval gates at every state transition. 7-tier RBAC. Audit trails on every agent action. PII sanitisation hooks. Tenant isolation. Aligned with EU AI Act, ISO/IEC 42001, NHS DSPT and UK GDPR from day one — before a single line of product code is written.
Sector-specialised, fabric-shared
Same fabric. Same governance. Same audit story. The OpenLI fleet — HIE, Integrai, IRIS CoPilot, OpenTriage, DMM, OpenCT, OpenTrial, OpenInvestor and the GSJ Platform — grew from a common Codex origin and is consolidating onto OpenRunner: one runner service, one cost ledger, one protocol. One security review covers the portfolio. Lower TCO when you adopt more than one product.
One fabric. Every runner. Including our own.
OpenRunner is a unified agent-runtime fabric: every runner — our own OpenCodex, the Claude Agent SDK, the OpenAI Codex SDK and a deterministic Mock — speaks the identical Unified Runner Protocol. That means you can switch runner per task, per workspace, per tenant and per compliance zone with zero consumer code change, and callers built for either vendor SDK keep working because the fabric emits events in the dialect they expect. Regulated enterprise buyers cannot accept single-vendor lock-in for the AI substrate that powers their mission-critical workflows — so we made the substrate interchangeable, and we built our own runner to prove it.
OpenCodex · our in-house harness
OpenLI’s own third-generation agent runner — a clean-room enterprise harness, not a wrapper. An explicit plan→act→observe→reflect loop with a curated tool set, permission tiers and governed hooks. Because it’s ours, it evolves on its own cadence behind the frozen protocol — no downstream product has to change.
- Own the loop; decouple the model and the consumer
- Permission tiers: plan / default / acceptEdits / auto / bypass
- Agentic search (glob→grep→read) — no vector RAG, no external index of your code
- LLM-agnostic: runs on Anthropic, OpenAI, Bedrock, vLLM or self-hosted models
Claude Agent SDK · Claude Code
Anthropic’s agentic runtime, available as a runner inside the fabric for long-context reasoning, tool-calling chains and complex multi-turn workflows. Claude Code also drives our own engineering, including work on the OpenLI website itself.
- Strong long-context behaviour and reasoning
- Mature tool-use and structured output
- Production-grade safety and refusal behaviour
- Used for: HIE, Integrai, OpenTriage, OpenTrial (planned)
OpenAI Codex SDK
OpenAI’s code-aware runtime, available as a runner where deterministic code transformation, language conversion, or tight integration with the OpenAI platform is preferred. Switchable per tenant for customers who already operate on Azure OpenAI.
- Strong code generation and refactoring
- Tight integration with Azure OpenAI deployments
- Cost-efficient for high-throughput workloads
- Used for: OpenCT, DMM, IRIS CoPilot code generation
The Mock runner is the fourth: a deterministic, zero-token runner that drives the real tool loop so CI and demos cost nothing unless a live model is explicitly opted in. This is the differentiation a single-vendor SDK cannot offer — it is the vendor. OpenRunner makes the vendor a swappable detail.
Capabilities
The capabilities below ship in the OpenRunner fabric (v0.2.1) today — the building blocks that every OpenLI product reuses through one protocol and one client library.
Workspace registry
Multi-tenant workspace management with GitHub repository import or local folder mounting. Each workspace has its own isolated state, skills, prompt templates and audit trail.
Skills management system
Reusable platform skills (10+ shipped) plus tenant-specific skill definitions. Each skill has versioned prompts, defined tool surfaces and explicit input/output contracts.
Prompt template library
Versioned, reviewable prompt templates with tenant-scoped overrides. Templates are first-class artefacts — not strings buried in code — so they can be audited, diffed and rolled back.
RBAC with approval workflows
Seven role tiers (super_admin, org_admin, project_admin, editor, viewer, plus tenant-scoped variants) with admin approval workflows for state transitions and high-risk agent actions.
Session-based transcript UI
Every agent session is recorded as a transcript with tool calls visible, structured output extraction, and the full conversation persisted for audit. Operators can review and replay any session.
SSE streaming runtime
Server-sent events for real-time updates from agents to operator UIs. No polling. No websockets complexity. Production-tested at scale across the OpenTriage and HIE deployments.
Audit trail on every action
Immutable event log of every state transition, every tool call, every prompt sent and every response received. Exportable for regulatory submission and internal forensics.
Unified Runner Protocol
One versioned, A2A-aligned contract for every runner: create a thread, start a run, stream events, read usage and cost. Swap OpenCodex, Claude or OpenAI Codex per tenant, project or task — the consumer code never changes, and events are emitted in the dialect each caller expects.
LLM-agnostic gateway
Runners hold no API keys. Model calls route through a central gateway that translates for Anthropic, OpenAI, Bedrock, vLLM or self-hosted models. Change the underlying model — or keep secrets in one governed place — without touching a runner or a product.
Durable, resumable runs
Runs are backed by a Postgres event outbox with idempotency and leases. If a worker is lost mid-run, the run resumes from the last committed event — no lost turns, no double-billing. Threads and sessions survive restarts.
Metered by default
Every run tees usage into a durable per-tenant, per-run cost ledger with budgets and ceilings. The deterministic Mock runner keeps CI and demos at zero tokens unless a live model is explicitly opted in — cost governance the vendor SDKs simply do not provide.
Open source core
AGPL-3.0 with a commercial dual licence for enterprises. Auditable by your security team. Self-hostable. No black box. The Codex / OpenRunner core is on GitHub at zhongli1990/saas-codex.
How it works
Three steps from natural language to a governed, auditable, reversible action.
1. Define
A skill or workflow is defined as a versioned prompt template with an explicit tool surface and output contract. Templates are reviewable artefacts in the prompt manager — not strings buried in code.
2. Run
The fabric invokes the chosen runner — OpenCodex, Claude Agent SDK or OpenAI Codex SDK — over the Unified Runner Protocol, passes the template, the workspace context and the tool surface, and streams the response back via SSE. Tool calls go through the tenant’s policy hooks; usage and cost are metered on the way back.
3. Govern
Every action is recorded in the audit log. State transitions require explicit human approval where the policy says so. The operator UI shows the full transcript with tool calls and structured output. Roll back via config snapshots.
Every OpenLI product runs on this foundation.
That’s the commercial point of Codex. Buy one product, get the same governance, audit, multi-tenancy and runner orchestration that every other OpenLI product uses. One security review. One operational model. One AI substrate strategy.
Healthcare & Operations
- OpenLI HIE — healthcare integration engine
- OpenLI TIE Migration — engine migration
- IRIS CoPilot — legacy IRIS modernisation
- OpenTriage — AI alert triage
- OpenLI Data Migration — PAS data migration
Pharma & Clinical
- OpenTrial — clinical trial RBM Pipeline
More clinical research products in development.
Finance & Compliance
- OpenCT — UK CT600 filing
- OpenInvestor — banking AI guidance Pipeline
Whitelabel for OEM partners
OpenLI Codex is whitelabel-ready. System integrators, healthcare consultancies, and technology partners can deploy Codex under their own brand, with their own tenant management, their own skills library, and a commercial model that fits their channel.
Branding & tenant config
Per-tenant logo, colour, copyright notice, and domain. Each tenant feels like a first-class product, not a re-skinned multi-tenant SaaS.
Custom skills & templates
Bring your own skills, prompt templates, and tool surfaces. Codex skills are first-class objects, not hard-coded in the runtime.
Commercial model
OEM licence, revenue share, or annual platform fee — we work with the model that fits your channel motion. Talk to the team to scope a partnership.
Compliance & assurance
Every product in the OpenLI family inherits the same compliance posture from Codex. One security review covers the entire portfolio.
Ready to see what an AI-native foundation looks like in production?
Open the Codex portal, view the source on GitHub, or talk to the team about deploying Codex inside your enterprise.