CrewAI adapter for Sentinel AI agent governance — wrap any CrewAI tool so every call is authorized (and audited) by the Sentinel gateway before it runs. Private beta: cosimo@plannest.net
Project description
sentinel-agent-trust-crewai
CrewAI adapter for Sentinel AI — the identity & governance layer for AI agents. Wrap any CrewAI tool so that every call is authorized (and audited) by the Sentinel gateway before it runs: your tool code and your crew stay untouched.
Sentinel is in private beta. For source access, a hosted sandbox organization key, or to collaborate: cosimo@plannest.net
Install
pip install sentinel-agent-trust-crewai
Quickstart
import os
from crewai import Agent
from crewai.tools import tool
from sentinel_crewai import SentinelGuard
@tool("create_refund")
def create_refund(customer: str, amount: float) -> str:
"""Issue a refund to a customer."""
return billing.refund(customer, amount)
guard = SentinelGuard(
agent_id="agt_...",
private_key=os.environ["SENTINEL_AGENT_PRIVATE_KEY"], # base64 Ed25519 seed
gateway_url="https://your-gateway.example.com",
)
agent = Agent(
role="billing assistant",
goal="handle refunds within policy",
backstory="…",
tools=guard.wrap_all([create_refund]), # ← the only change to your crew
)
Every tool call is signed with the agent's Ed25519 key and checked against your policies in real time. The wrapped tool keeps the same name, description, and argument schema — the LLM sees no difference.
What the model sees
Sentinel's decision comes back as the tool's observation (the underlying tool is never executed unless the gateway approves):
| Gateway outcome | Tool behavior |
|---|---|
200 approved |
the wrapped tool runs, result returned as usual |
403 denied (policy, constraint, budget) |
not executed; observation says the denial is final for these arguments — don't retry, branch |
202 approval required |
not executed; observation carries the approval_id and says to inform the user and retry the identical call after a human approves |
| gateway unreachable | not executed (fail-closed); observation says it's transient and safe to retry |
This mapping is what keeps agents out of retry loops: a policy denial reads as a hard "no", an approval-pending reads as "park it", an outage reads as "try again shortly".
Mapping tools to your policy taxonomy
By default a tool named create_refund is authorized as action
tool.create_refund on resource tool://create_refund (tool names with
spaces are slugified), so a single policy with action_pattern: "tool.*"
governs every wrapped tool. For business-level policies, map tools
explicitly:
tools = guard.wrap_all(
[create_refund, read_contact],
overrides={
"create_refund": {"action": "crm.refund.create", "resource": "crm://refunds"},
"read_contact": {"action": "crm.contact.read", "resource": "crm://contacts/*"},
},
)
…and the policy on the Sentinel side:
{
"action_pattern": "crm.refund.create",
"constraints": {"max_amount": 5000, "max_total_amount_per_day": 20000},
"approval_thresholds": {"amount": 500}
}
Each refund ≤ 5000, at most 20 000/day in total, and a human approves anything from 500 up — enforced outside the model, no prompt engineering.
The tool's keyword arguments are sent as the action payload, so constraints
like max_amount apply to the actual amount argument the model chose.
Demo
With the repo's demo gateway running (cd gateway && go run .):
pip install -e sdk/python -e sdk/adapters/crewai
python examples/crewai_crm_agent.py
See also
sentinel-agent-trust-langchain— the LangChain twin of this adaptersentinel-agent-trust— the underlying Python SDK (includes proxy mode)
License
Apache 2.0 (the adapter and SDKs). The Sentinel platform is licensed separately under BSL 1.1 — see the repository root.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sentinel_agent_trust_crewai-0.1.0.tar.gz.
File metadata
- Download URL: sentinel_agent_trust_crewai-0.1.0.tar.gz
- Upload date:
- Size: 12.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2960b444d4326a13618c22d0b8de3903b9c5731060f08663b31e409d6c1fce84
|
|
| MD5 |
8f78f641a1986e38f657bb184cc44457
|
|
| BLAKE2b-256 |
2452fb552d89a8e2ff0df2b50e2c98f4f588bd1cee394859148980ab8d4214bb
|
Provenance
The following attestation bundles were made for sentinel_agent_trust_crewai-0.1.0.tar.gz:
Publisher:
release.yml on viperformanz/sentinel-ai
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sentinel_agent_trust_crewai-0.1.0.tar.gz -
Subject digest:
2960b444d4326a13618c22d0b8de3903b9c5731060f08663b31e409d6c1fce84 - Sigstore transparency entry: 2187390954
- Sigstore integration time:
-
Permalink:
viperformanz/sentinel-ai@e1bfb1dc5a6f60ff896338db5f076924f6d81032 -
Branch / Tag:
refs/tags/adapter-crewai-v0.1.0 - Owner: https://github.com/viperformanz
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@e1bfb1dc5a6f60ff896338db5f076924f6d81032 -
Trigger Event:
push
-
Statement type:
File details
Details for the file sentinel_agent_trust_crewai-0.1.0-py3-none-any.whl.
File metadata
- Download URL: sentinel_agent_trust_crewai-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7c8f75df2dfc6738bafc020d1d9aa5aa7319d8839d76da1e199d5361f8f7279c
|
|
| MD5 |
5e0358bb8c065b029bc6a0462fb0c650
|
|
| BLAKE2b-256 |
4669db1e8324016ea4091a973e3c04a7ca2f16cc75cd9e48f5100a5cb6ddac48
|
Provenance
The following attestation bundles were made for sentinel_agent_trust_crewai-0.1.0-py3-none-any.whl:
Publisher:
release.yml on viperformanz/sentinel-ai
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sentinel_agent_trust_crewai-0.1.0-py3-none-any.whl -
Subject digest:
7c8f75df2dfc6738bafc020d1d9aa5aa7319d8839d76da1e199d5361f8f7279c - Sigstore transparency entry: 2187390964
- Sigstore integration time:
-
Permalink:
viperformanz/sentinel-ai@e1bfb1dc5a6f60ff896338db5f076924f6d81032 -
Branch / Tag:
refs/tags/adapter-crewai-v0.1.0 - Owner: https://github.com/viperformanz
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@e1bfb1dc5a6f60ff896338db5f076924f6d81032 -
Trigger Event:
push
-
Statement type: