Enhanced filesystem tools for CrewAI with whitelist/blacklist filtering and directory sandboxing

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mgfeller from gravatar.com mgfeller

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Max Gfeller
  • Tags crewai , tools , filesystem , ai , agents
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

CrewAI FS Plus

Enhanced filesystem tools for CrewAI with whitelist/blacklist filtering and directory sandboxing.

Features

  • Base Directory Sandboxing: Restrict file operations to a specific directory
  • Whitelist Patterns: Only allow access to files matching glob patterns
  • Blacklist Patterns: Deny access to files matching glob patterns
  • Drop-in Replacement: Same interface as CrewAI's built-in file tools

Installation

pip install crewai-fs-plus

Quick Start

from crewai import Agent
from crewai_fs_plus import FileReadTool, FileWriteTool, FileDeleteTool, DirectoryReadTool

# Create sandboxed tools
reader = FileReadTool(
    base_directory="/path/to/project",
    whitelist=["*.py", "*.md", "docs/**"],
    blacklist=["**/secret*", "**/.env"]
)

writer = FileWriteTool(
    base_directory="/path/to/project",
    whitelist=["output/**", "logs/**"]
)

# Use with CrewAI agent
agent = Agent(
    role="Document Processor",
    goal="Process files safely within the project directory",
    tools=[reader, writer]
)

Tools

FileReadTool

Read file contents with optional line range.

from crewai_fs_plus import FileReadTool

# Basic usage
reader = FileReadTool()
content = reader._run(file_path="document.txt")

# Read specific lines
content = reader._run(
    file_path="large_file.txt",
    start_line=100,
    line_count=50
)

# With sandboxing and filters
reader = FileReadTool(
    base_directory="/app/data",
    whitelist=["*.txt", "*.json"],
    blacklist=["*secret*", "*.env"]
)

Parameters:

  • file_path: Path to the file to read
  • start_line: Line number to start reading from (1-indexed, default: 1)
  • line_count: Number of lines to read (default: all)

FileWriteTool

Write content to files with overwrite protection.

from crewai_fs_plus import FileWriteTool

# Basic usage
writer = FileWriteTool()
result = writer._run(
    file_path="output.txt",
    content="Hello, World!"
)

# Overwrite existing file
result = writer._run(
    file_path="output.txt",
    content="Updated content",
    overwrite=True
)

# With sandboxing - only allow writes to output directory
writer = FileWriteTool(
    base_directory="/app",
    whitelist=["output/**", "logs/**"]
)

Parameters:

  • file_path: Path to the file to write
  • content: Content to write
  • overwrite: Whether to overwrite existing files (default: False)

FileDeleteTool

Delete files and directories safely.

from crewai_fs_plus import FileDeleteTool

# Delete a file
deleter = FileDeleteTool()
result = deleter._run(path="temp_file.txt")

# Delete a non-empty directory
result = deleter._run(
    path="temp_directory",
    recursive=True
)

# With sandboxing - only allow deletion in temp directories
deleter = FileDeleteTool(
    base_directory="/app",
    whitelist=["temp/**", "cache/**"],
    blacklist=["**/.git/**"]
)

Parameters:

  • path: Path to the file or directory to delete
  • recursive: Delete directories recursively (default: False)

DirectoryReadTool

List directory contents with filtering.

from crewai_fs_plus import DirectoryReadTool

# List all files
reader = DirectoryReadTool()
files = reader._run(directory="/path/to/dir")

# Non-recursive listing
files = reader._run(
    directory="/path/to/dir",
    recursive=False
)

# Only show Python files, exclude tests
reader = DirectoryReadTool(
    whitelist=["*.py"],
    blacklist=["test_*", "*_test.py"]
)

Parameters:

  • directory: Path to the directory to list
  • recursive: List contents recursively (default: True)

Configuration

Base Directory (Sandboxing)

The base_directory parameter creates a sandbox that prevents access outside of the specified directory:

tool = FileReadTool(base_directory="/app/data")

# This works - path is within sandbox
tool._run(file_path="documents/file.txt")

# This fails - path is outside sandbox
tool._run(file_path="/etc/passwd")

# This fails - path escape attempt
tool._run(file_path="../../../etc/passwd")

Whitelist

The whitelist parameter restricts access to paths matching the specified glob patterns. If the whitelist is empty (default), all paths are allowed.

tool = FileReadTool(whitelist=["*.py", "*.md", "docs/**"])

# Allowed
tool._run(file_path="script.py")
tool._run(file_path="docs/guide.md")

# Blocked
tool._run(file_path="data.json")

Blacklist

The blacklist parameter denies access to paths matching the specified glob patterns. Blacklist takes precedence over whitelist.

tool = FileReadTool(blacklist=["*secret*", "*.env", "**/.git/**"])

# Blocked
tool._run(file_path="secret_config.txt")
tool._run(file_path=".env")

# Allowed
tool._run(file_path="config.txt")

Combined Example

from crewai_fs_plus import FileReadTool, FileWriteTool, FileDeleteTool

# Secure file reader for a web application
reader = FileReadTool(
    base_directory="/app",
    whitelist=["*.py", "*.html", "*.css", "*.js", "templates/**", "static/**"],
    blacklist=["**/secret*", "**/.env", "**/credentials*", "**/*.key"]
)

# Writer restricted to output and logs
writer = FileWriteTool(
    base_directory="/app",
    whitelist=["output/**", "logs/**", "tmp/**"]
)

# Deleter for temporary files only
deleter = FileDeleteTool(
    base_directory="/app",
    whitelist=["tmp/**", "cache/**"],
    blacklist=["**/.git/**", "**/node_modules/**"]
)

Glob Pattern Reference

Pattern Matches
*.txt All .txt files
*.py All Python files
docs/* Files directly in docs/
docs/** All files in docs/ recursively
**/test_* test_ files in any directory
**/*.log .log files in any directory
*secret* Files containing "secret"

Error Handling

The tools return error messages as strings rather than raising exceptions:

result = reader._run(file_path="nonexistent.txt")
# Returns: "Error: File not found: nonexistent.txt"

result = reader._run(file_path="../../../etc/passwd")
# Returns: "Error: Path '/etc/passwd' is outside the sandbox directory '/app'"

result = reader._run(file_path="secret.txt")
# Returns: "Error: Path matches blacklist pattern: /app/secret.txt"

For programmatic error handling, you can check if the result starts with "Error:":

result = reader._run(file_path="file.txt")
if result.startswith("Error"):
    print(f"Operation failed: {result}")
else:
    print(f"Content: {result}")

Development

Setup

# Clone the repository
git clone https://github.com/MaxGfeller/crewai-fs-plus.git
cd crewai-fs-plus

# Install with dev dependencies
pip install -e ".[dev]"

Running Tests

pytest

Running Tests with Coverage

pytest --cov=crewai_fs_plus --cov-report=html

License

MIT License - see LICENSE for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mgfeller from gravatar.com mgfeller

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Max Gfeller
  • Tags crewai , tools , filesystem , ai , agents
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

crewai_fs_plus-0.1.0.tar.gz (16.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

crewai_fs_plus-0.1.0-py3-none-any.whl (14.4 kB view details)

Uploaded Python 3

File details

Details for the file crewai_fs_plus-0.1.0.tar.gz.

File metadata

  • Download URL: crewai_fs_plus-0.1.0.tar.gz
  • Upload date:
  • Size: 16.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for crewai_fs_plus-0.1.0.tar.gz
Algorithm Hash digest
SHA256 8799fa812695c19247060499f8936cb515adc978f6a229b2b8ccbfcb704c4f43
MD5 f4dc12482fa55a9efb2bf9054e41a344
BLAKE2b-256 1005c91bfe9b4da503d15e233863466ceff70ae4912aa9afe614d4dc357a3fd3

See more details on using hashes here.

Provenance

The following attestation bundles were made for crewai_fs_plus-0.1.0.tar.gz:

Publisher: publish.yml on MaxGfeller/crewai-fs-plus

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file crewai_fs_plus-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: crewai_fs_plus-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 14.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for crewai_fs_plus-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a398ab029bf1078be6eab1184dff190f4769ecaba4a1e7e39ccbfb53fef1f33c
MD5 f3184de60c6cf3e2faa87d4456853175
BLAKE2b-256 87893c7d305eb5199b71b0492e1409c849cc659f1601eb1b1dd2d8a0a01564a0

See more details on using hashes here.

Provenance

The following attestation bundles were made for crewai_fs_plus-0.1.0-py3-none-any.whl:

Publisher: publish.yml on MaxGfeller/crewai-fs-plus

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page