Skip to main content

CrewAI tools for Bolyra mutual ZKP authentication and SD-JWT delegation

Project description

Bolyra CrewAI Integration

Status: Alpha (0.1.0) -- Mutual ZKP authentication, scoped delegation, and SD-JWT tools for CrewAI multi-agent workflows.

Install

pip install bolyra-crewai

# For ZKP tools (auth + delegate), also need Node.js bridge:
npm install @bolyra/sdk && npx bolyra setup

Quick Start

from crewai import Agent, Crew, Task
from bolyra_crewai import (
    BolyraAuthTool,
    BolyraDelegateTool,
    BolyraSDJWTTool,
    BolyraGuard,
    BolyraSession,
)

# 1. Create tools
auth = BolyraAuthTool(permissions=["read_data", "write_data"])
delegate = BolyraDelegateTool(agent_permissions=["read_data", "write_data"])
sd_jwt = BolyraSDJWTTool()

# 2. Create session + guard
session = BolyraSession(auth_tool=auth, delegate_tool=delegate, sd_jwt_tool=sd_jwt)
guard = BolyraGuard(session=session, on_failure="raise")

# 3. Wrap tools with pre-execution auth enforcement
analyst_tools = guard.guard_tools([auth, sd_jwt])
delegator_tools = guard.guard_tools([delegate])

# 4. Build agents
analyst = Agent(
    role="Authenticated Data Analyst",
    goal="Analyze data only after mutual ZKP authentication",
    tools=analyst_tools,
)

delegator = Agent(
    role="Delegation Manager",
    goal="Delegate scoped permissions to sub-agents",
    tools=delegator_tools,
)

# 5. Build crew
crew = Crew(
    agents=[analyst, delegator],
    tasks=[
        Task(
            description="Authenticate and analyze the dataset",
            expected_output="Analysis report",
            agent=analyst,
        ),
    ],
)

Tools

BolyraAuthTool

Mutual ZKP handshake authentication. Returns a JSON string with session nonce, scope commitment, and nullifiers.

auth = BolyraAuthTool(
    permissions=["read_data", "write_data"],
    agent_model_hash="gpt-4o",        # optional
    operator_key="0xdeadbeef...",       # optional (dev mode if omitted)
    human_secret=12345,                # optional (dev mode if omitted)
    expiry_seconds=86400,              # credential validity
)

BolyraDelegateTool

Scoped permission delegation with cryptographic scope narrowing. Permissions are passed as a comma-separated string.

delegate = BolyraDelegateTool(
    agent_permissions=["read_data", "write_data", "financial_small"],
)

# CrewAI agent calls with:
# permissions="read_data, write_data"  (comma-separated string)

BolyraSDJWTTool

Lightweight SD-JWT delegation (pure Python, no Node.js). Raw receipts are vaulted internally -- only JTI references appear in tool output.

tool = BolyraSDJWTTool(dev_mode=True)  # auto-generates Ed25519 keys

# Production mode:
from bolyra.sd_jwt import generate_ed25519_keypair
issuer_priv, _ = generate_ed25519_keypair()
tool = BolyraSDJWTTool(
    issuer_private_key=issuer_priv,
    issuer_kid="my-key-1",
    dev_mode=False,
)

BolyraGuard

Two enforcement modes:

Pre-execution (recommended): wraps tools so auth is checked before execution:

guard = BolyraGuard(
    session=session,
    on_failure="raise",      # "raise" | "warn" | "skip"
    session_ttl_seconds=3600, # optional session expiry
)

# Wrap tools for pre-execution enforcement
tools = guard.guard_tools([auth, sd_jwt, delegate])

analyst = Agent(role="Analyst", tools=tools, ...)
crew = Crew(agents=[analyst], tasks=[...])

Post-execution audit: hooks into CrewAI's step callback (fires after each step):

crew = Crew(..., step_callback=guard.step_callback)

BolyraSession

Stateful session that chains handshake -> delegate -> SD-JWT flows. Thread-safe.

session = BolyraSession(auth_tool=auth, delegate_tool=delegate, sd_jwt_tool=sd_jwt)

# Authenticate
result = session.authenticate(scope="my-app")

# Delegate (session_nonce + scope_commitment auto-injected)
result = session.delegate(delegatee_id="0xabc", permissions="read_data")

# Authorize via SD-JWT
result = session.authorize(action="read", audience="api.example.com")

# Reset
session.reset()

Security

  • Receipt vaulting: Raw SD-JWT bearer credentials never appear in tool output (which flows through the LLM context). Only JTI references are returned.
  • Dev mode guard: Set BOLYRA_ENV=production to block dev-mode auto-generated identities.
  • Scope narrowing: Delegation enforces one-way narrowing at both the SDK and circuit level.
  • Nonce binding: Every handshake commits to a fresh session nonce. Replay requires rebinding.
  • Canonical nonce format: (unix_seconds << 64) | os.urandom(8) for dev-mode SD-JWT nonces.

Non-Monorepo Setup

If you installed bolyra from PyPI (not from the monorepo checkout), the Python SDK needs to know where the Node.js @bolyra/sdk package lives:

export BOLYRA_NODE_SDK_PATH=/path/to/node_modules/@bolyra/sdk

Inside the monorepo, the SDK auto-discovers ../sdk and no configuration is needed.

License

Apache-2.0. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bolyra_crewai-0.1.0.tar.gz (26.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bolyra_crewai-0.1.0-py3-none-any.whl (24.6 kB view details)

Uploaded Python 3

File details

Details for the file bolyra_crewai-0.1.0.tar.gz.

File metadata

  • Download URL: bolyra_crewai-0.1.0.tar.gz
  • Upload date:
  • Size: 26.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bolyra_crewai-0.1.0.tar.gz
Algorithm Hash digest
SHA256 25e0f1002e6ee9c5e08a9225231e24d819ed0a72130da2abd78e20d911fd3cf8
MD5 1c36cc2da2387eb775520ae91a9b570b
BLAKE2b-256 7d9a33d28d969703d8574eee287b3ccdcc7d1be5516f7348f4b1317578393fd2

See more details on using hashes here.

Provenance

The following attestation bundles were made for bolyra_crewai-0.1.0.tar.gz:

Publisher: release.yml on bolyra/bolyra

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file bolyra_crewai-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: bolyra_crewai-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 24.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bolyra_crewai-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ca76d369e3666f76510bd79e9b247149a86b20244088112e8f9a831b8b4fff2d
MD5 242065f2ac755e8e83c61c6e6d1e0331
BLAKE2b-256 6ece3799721d059bf29dcaf6928113d37c410010946e108c238d0272d85b51fe

See more details on using hashes here.

Provenance

The following attestation bundles were made for bolyra_crewai-0.1.0-py3-none-any.whl:

Publisher: release.yml on bolyra/bolyra

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page