SecureVector SDK for CrewAI — brings the local threat monitor's three controls (tool-call permissions, secret/data-leak detection, threat detection) to every CrewAI tool call, with tamper-evident audit logging.
Project description
SecureVector SDK for CrewAI
Bring the SecureVector local threat monitor's three controls — tool-call permissions, secret / data-leak detection, and threat detection — to every CrewAI tool call, with tamper-evident audit logging.
pip install securevector-sdk-crewai
📦 One install — batteries included.
pip install securevector-sdk-crewaialso installs the local SecureVector app (securevector-ai-monitor): the adapter and the detection engine + tamper-evident audit chain arrive in a singlepip install. The SDK is a thin interception layer — the app must be running locally (securevector-app --web) for it to do anything.
🌐 Pointing at your own cloud? Use the lightweight install. If you've deployed SecureVector to your own cloud, you don't need the bundled local app. Install only the adapter on the machine where your agents run, and point it at your deployment:
# lightweight — adapter only, no local app (your env already has crewai) pip install securevector-sdk-crewai --no-deps # point at your SecureVector endpoint — all you need for a private (in-VPC) endpoint export SECUREVECTOR_SDK_APP_URL=https://<your-securevector-endpoint> # OPTIONAL: only if your endpoint is publicly exposed and gated with an inbound token. # A private endpoint in your own VPC needs no key. To gate a public one, use a free # SecureVector cloud account API key or an SVET token — it gates access only; no agent # data is sent to SecureVector. export SECUREVECTOR_API_KEY=<SecureVector account key or SVET token>The adapter then forwards every tool call to your remote deployment instead of a local app. The default
pip install securevector-sdk-crewai(no--no-deps) still bundles the app for local use.
Quick start
Wrap your tools (recommended — robust across CrewAI versions):
from securevector_sdk_crewai import secure_tools
agent = Agent(tools=secure_tools(my_tools), ...)
or install globally (best-effort monkeypatch of CrewAI's BaseTool):
from securevector_sdk_crewai import install
install(mode="observe")
or fully zero-config:
import securevector_sdk_crewai.auto # reads env, installs globally
What happens on every tool call
Before a tool runs, the SDK:
- (a) Permissions — resolves an allow/block verdict for the tool, using the app's own precedence: cloud-pushed synced policy → local override → essential registry → default-allow.
- (b)+(c) Secret & threat scan — sends the serialized tool input through the
app's
/analyzepipeline.
After the tool returns, the result is scanned the same way to catch secrets /
exfiltration in tool output. Every decision is written to the app's audit chain
tagged runtime_kind="crewai".
observe vs enforce
| local app reachable | local app unreachable | |
|---|---|---|
| observe (default) | log + advisory verdict; tool always runs | tool runs (fail-open) |
| enforce (opt-in) | tool runs only if the verdict ≠ block | tool denied (fail-closed) |
install(mode="enforce") # blocks denied tools and fails closed if the app is down
In enforce mode a denied tool raises ToolBlocked before it executes; enforce
also prints a one-time disclosure to stderr.
Configuration
All optional, via env or kwargs:
| Env var | Default | Meaning |
|---|---|---|
SECUREVECTOR_SDK_APP_URL |
http://127.0.0.1:8741 |
local app base URL |
SECUREVECTOR_SDK_MODE |
observe |
observe or enforce |
SECUREVECTOR_SDK_TIMEOUT_MS |
3000 |
per-call verdict timeout |
SECUREVECTOR_SDK_RISK_THRESHOLD |
70 |
risk score that blocks in enforce mode |
SECUREVECTOR_SDK_DISABLED |
(unset) | set truthy to no-op |
Compliance
The tool-call-level, attributed, tamper-evident audit trail this produces is exactly the action-layer logging auditors ask for under EU AI Act Art. 12 / 15. This SDK produces the local evidence; the cloud governance surface turns it into an auditor-ready pack.
Trademarks
SecureVector is the product name of this SDK. CrewAI is a trademark of CrewAI, Inc. This is an independent, community SDK that integrates with CrewAI via its public tool API. It is not affiliated with, sponsored by, or endorsed by CrewAI, Inc. The name uses "crewai" only descriptively, to identify the framework this package works with (nominative fair use).
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file securevector_sdk_crewai-1.1.0.tar.gz.
File metadata
- Download URL: securevector_sdk_crewai-1.1.0.tar.gz
- Upload date:
- Size: 23.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0c83c6aaea78acef525970e2b102f2a4ebedf60d5cc53cec109a5fb1b54548e
|
|
| MD5 |
149e5a6ec4ea8be110384009fa8c997f
|
|
| BLAKE2b-256 |
8d16cb4fb3acc1f4eeaa5748de5732560817d9c576767fe60b3c4a22ad741cc5
|
Provenance
The following attestation bundles were made for securevector_sdk_crewai-1.1.0.tar.gz:
Publisher:
release.yml on Secure-Vector/securevector-sdk-crewai
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
securevector_sdk_crewai-1.1.0.tar.gz -
Subject digest:
c0c83c6aaea78acef525970e2b102f2a4ebedf60d5cc53cec109a5fb1b54548e - Sigstore transparency entry: 2031068643
- Sigstore integration time:
-
Permalink:
Secure-Vector/securevector-sdk-crewai@ce7961e306cf4a59c17d24cf9eac9e2e51454c8e -
Branch / Tag:
refs/tags/v1.1.0 - Owner: https://github.com/Secure-Vector
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@ce7961e306cf4a59c17d24cf9eac9e2e51454c8e -
Trigger Event:
release
-
Statement type:
File details
Details for the file securevector_sdk_crewai-1.1.0-py3-none-any.whl.
File metadata
- Download URL: securevector_sdk_crewai-1.1.0-py3-none-any.whl
- Upload date:
- Size: 21.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7a0252d702b7ebe5c8355bde535ea4cdb627bc6435d263ea1b3759b13eb3c1f0
|
|
| MD5 |
107baf6f13f273874f41952aba092fa9
|
|
| BLAKE2b-256 |
f04f86b9107d7f9c3b188c4ef71429c6cdd2bc6e6a2aa8fa45192f210a4744e7
|
Provenance
The following attestation bundles were made for securevector_sdk_crewai-1.1.0-py3-none-any.whl:
Publisher:
release.yml on Secure-Vector/securevector-sdk-crewai
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
securevector_sdk_crewai-1.1.0-py3-none-any.whl -
Subject digest:
7a0252d702b7ebe5c8355bde535ea4cdb627bc6435d263ea1b3759b13eb3c1f0 - Sigstore transparency entry: 2031068856
- Sigstore integration time:
-
Permalink:
Secure-Vector/securevector-sdk-crewai@ce7961e306cf4a59c17d24cf9eac9e2e51454c8e -
Branch / Tag:
refs/tags/v1.1.0 - Owner: https://github.com/Secure-Vector
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@ce7961e306cf4a59c17d24cf9eac9e2e51454c8e -
Trigger Event:
release
-
Statement type: