Skip to main content

CrewAI adapter for Sentinel AI agent governance — wrap any CrewAI tool so every call is authorized (and audited) by the Sentinel gateway before it runs. Private beta: cosimo@plannest.net

Project description

sentinel-agent-trust-crewai

PyPI License: Apache 2.0

CrewAI adapter for Sentinel AI — the identity & governance layer for AI agents. Wrap any CrewAI tool so that every call is authorized (and audited) by the Sentinel gateway before it runs: your tool code and your crew stay untouched.

Sentinel is in private beta. For source access, a hosted sandbox organization key, or to collaborate: cosimo@plannest.net

Install

pip install sentinel-agent-trust-crewai

Quickstart

import os
from crewai import Agent
from crewai.tools import tool
from sentinel_crewai import SentinelGuard

@tool("create_refund")
def create_refund(customer: str, amount: float) -> str:
    """Issue a refund to a customer."""
    return billing.refund(customer, amount)

guard = SentinelGuard(
    agent_id="agt_...",
    private_key=os.environ["SENTINEL_AGENT_PRIVATE_KEY"],  # base64 Ed25519 seed
    gateway_url="https://your-gateway.example.com",
)

agent = Agent(
    role="billing assistant",
    goal="handle refunds within policy",
    backstory="…",
    tools=guard.wrap_all([create_refund]),   # ← the only change to your crew
)

Every tool call is signed with the agent's Ed25519 key and checked against your policies in real time. The wrapped tool keeps the same name, description, and argument schema — the LLM sees no difference.

What the model sees

Sentinel's decision comes back as the tool's observation (the underlying tool is never executed unless the gateway approves):

Gateway outcome Tool behavior
200 approved the wrapped tool runs, result returned as usual
403 denied (policy, constraint, budget) not executed; observation says the denial is final for these arguments — don't retry, branch
202 approval required not executed; observation carries the approval_id and says to inform the user and retry the identical call after a human approves
gateway unreachable not executed (fail-closed); observation says it's transient and safe to retry

This mapping is what keeps agents out of retry loops: a policy denial reads as a hard "no", an approval-pending reads as "park it", an outage reads as "try again shortly".

Mapping tools to your policy taxonomy

By default a tool named create_refund is authorized as action tool.create_refund on resource tool://create_refund (tool names with spaces are slugified), so a single policy with action_pattern: "tool.*" governs every wrapped tool. For business-level policies, map tools explicitly:

tools = guard.wrap_all(
    [create_refund, read_contact],
    overrides={
        "create_refund": {"action": "crm.refund.create", "resource": "crm://refunds"},
        "read_contact":  {"action": "crm.contact.read",  "resource": "crm://contacts/*"},
    },
)

…and the policy on the Sentinel side:

{
  "action_pattern": "crm.refund.create",
  "constraints": {"max_amount": 5000, "max_total_amount_per_day": 20000},
  "approval_thresholds": {"amount": 500}
}

Each refund ≤ 5000, at most 20 000/day in total, and a human approves anything from 500 up — enforced outside the model, no prompt engineering.

The tool's keyword arguments are sent as the action payload, so constraints like max_amount apply to the actual amount argument the model chose.

Demo

With the repo's demo gateway running (cd gateway && go run .):

pip install -e sdk/python -e sdk/adapters/crewai
python examples/crewai_crm_agent.py

See also

License

Apache 2.0 (the adapter and SDKs). The Sentinel platform is licensed separately under BSL 1.1 — see the repository root.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentinel_agent_trust_crewai-0.1.0.tar.gz (12.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentinel_agent_trust_crewai-0.1.0-py3-none-any.whl (12.1 kB view details)

Uploaded Python 3

File details

Details for the file sentinel_agent_trust_crewai-0.1.0.tar.gz.

File metadata

File hashes

Hashes for sentinel_agent_trust_crewai-0.1.0.tar.gz
Algorithm Hash digest
SHA256 2960b444d4326a13618c22d0b8de3903b9c5731060f08663b31e409d6c1fce84
MD5 8f78f641a1986e38f657bb184cc44457
BLAKE2b-256 2452fb552d89a8e2ff0df2b50e2c98f4f588bd1cee394859148980ab8d4214bb

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentinel_agent_trust_crewai-0.1.0.tar.gz:

Publisher: release.yml on viperformanz/sentinel-ai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sentinel_agent_trust_crewai-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for sentinel_agent_trust_crewai-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 7c8f75df2dfc6738bafc020d1d9aa5aa7319d8839d76da1e199d5361f8f7279c
MD5 5e0358bb8c065b029bc6a0462fb0c650
BLAKE2b-256 4669db1e8324016ea4091a973e3c04a7ca2f16cc75cd9e48f5100a5cb6ddac48

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentinel_agent_trust_crewai-0.1.0-py3-none-any.whl:

Publisher: release.yml on viperformanz/sentinel-ai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page