securevector-sdk-crewai 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,87 @@
1
+ """SecureVector SDK for CrewAI.
2
+
3
+ Usage — wrap your tools (recommended)::
4
+
5
+ from securevector_sdk_crewai import secure_tools
6
+ agent = Agent(tools=secure_tools(my_tools), ...)
7
+
8
+ Or install globally (best-effort monkeypatch of CrewAI's BaseTool)::
9
+
10
+ from securevector_sdk_crewai import install
11
+ install(mode="observe")
12
+
13
+ Or fully zero-config::
14
+
15
+ import securevector_sdk_crewai.auto # reads env, installs globally
16
+
17
+ Either way, every CrewAI tool call runs the local SecureVector app's three
18
+ controls — tool-call permissions, secret/data-leak detection, threat detection
19
+ — and each decision is written to the app's tamper-evident audit chain with
20
+ ``runtime_kind="crewai"``. Requires the SecureVector app running locally
21
+ (installed automatically as the ``securevector-ai-monitor`` dependency).
22
+ """
23
+
24
+ import logging
25
+ from typing import Any, List, Optional
26
+
27
+ from ._version import __version__
28
+ from .config import Config
29
+ from .errors import AppUnreachable, SecureVectorError, ToolBlocked
30
+ from .wrapper import SecureCrew
31
+
32
+ log = logging.getLogger("securevector_sdk_crewai")
33
+
34
+ __all__ = [
35
+ "__version__",
36
+ "install",
37
+ "secure_tool",
38
+ "secure_tools",
39
+ "SecureCrew",
40
+ "Config",
41
+ "SecureVectorError",
42
+ "ToolBlocked",
43
+ "AppUnreachable",
44
+ ]
45
+
46
+ # Process-wide default crew, created lazily so wrapping shares one interceptor.
47
+ _default: Optional[SecureCrew] = None
48
+
49
+
50
+ def _get_default(mode: str = "observe", base_url: Optional[str] = None, **kwargs) -> SecureCrew:
51
+ global _default
52
+ if _default is None:
53
+ _default = SecureCrew(mode=mode, base_url=base_url, **kwargs)
54
+ return _default
55
+
56
+
57
+ def install(
58
+ mode: str = "observe",
59
+ base_url: Optional[str] = None,
60
+ *,
61
+ register_global: bool = True,
62
+ **kwargs,
63
+ ) -> SecureCrew:
64
+ """Create the default crew and (by default) monkeypatch CrewAI's BaseTool so
65
+ every tool call is instrumented. Returns the :class:`SecureCrew`.
66
+
67
+ ``mode``: ``"observe"`` (fail-open, default) or ``"enforce"`` (fail-closed).
68
+ If the global patch can't be applied, wrap tools explicitly with
69
+ :func:`secure_tools`.
70
+ """
71
+ crew = _get_default(mode=mode, base_url=base_url, **kwargs)
72
+ if register_global and not crew.install_global():
73
+ log.warning(
74
+ "Global CrewAI instrumentation unavailable; wrap tools with "
75
+ "secure_tools([...]) instead."
76
+ )
77
+ return crew
78
+
79
+
80
+ def secure_tool(tool: Any, **kwargs) -> Any:
81
+ """Wrap a single CrewAI tool with SecureVector controls."""
82
+ return _get_default(**kwargs).secure_tool(tool)
83
+
84
+
85
+ def secure_tools(tools, **kwargs) -> List[Any]:
86
+ """Wrap a list of CrewAI tools with SecureVector controls."""
87
+ return _get_default(**kwargs).secure_tools(tools)
@@ -0,0 +1,7 @@
1
+ """Single source of truth for the package version at runtime.
2
+
3
+ The published version is stamped from pyproject.toml / the release tag by CI;
4
+ this constant is what `securevector_sdk_crewai.__version__` reports.
5
+ """
6
+
7
+ __version__ = "1.0.0"
@@ -0,0 +1,13 @@
1
+ """Zero-config global install: ``import securevector_sdk_crewai.auto``.
2
+
3
+ Reads ``SECUREVECTOR_SDK_MODE`` (default ``observe``) from the environment and
4
+ monkeypatches CrewAI's BaseTool so every tool call in the process is
5
+ instrumented with no per-tool wiring. All other settings come from the same
6
+ environment variables documented in :mod:`securevector_sdk_crewai.config`.
7
+ """
8
+
9
+ import os
10
+
11
+ from . import install
12
+
13
+ install(mode=os.environ.get("SECUREVECTOR_SDK_MODE", "observe"), register_global=True)
@@ -0,0 +1,223 @@
1
+ """Thin client to the local SecureVector app.
2
+
3
+ Two transports, on purpose:
4
+
5
+ * **Tool-permission resolution + audit** go over the local REST API
6
+ (``/api/tool-permissions/*``) via the stdlib (``urllib``) — no extra HTTP
7
+ dependency. The permission *decision* is computed client-side by merging the
8
+ three policy tiers exactly as the app's own OpenClaw hook does:
9
+ synced (cloud-pushed) > local override > essential registry > default-allow.
10
+
11
+ * **Secret + threat detection** reuses the already-shipped ``SecureVectorClient``
12
+ from ``securevector-ai-monitor`` — the detection engine lives there; the
13
+ adapter must not reimplement it.
14
+
15
+ Everything is best-effort and lazy: importing this module never requires the
16
+ app or langchain to be installed, so unit tests run standalone.
17
+ """
18
+
19
+ import json
20
+ import logging
21
+ import urllib.error
22
+ import urllib.parse
23
+ import urllib.request
24
+ from dataclasses import dataclass
25
+ from typing import Any, Dict, List, Optional
26
+
27
+ from .config import Config
28
+ from .errors import AppUnreachable
29
+ from .tool_id import RUNTIME_KIND
30
+
31
+ log = logging.getLogger("securevector_sdk_crewai")
32
+
33
+ _VALID_AUDIT_ACTIONS = ("block", "allow", "log_only")
34
+
35
+
36
+ @dataclass
37
+ class Verdict:
38
+ """Resolved permission decision for one tool id."""
39
+
40
+ action: str # allow | block | log_only
41
+ risk: str
42
+ reason: str
43
+ is_essential: bool
44
+ tool_id: str
45
+
46
+
47
+ @dataclass
48
+ class AnalysisVerdict:
49
+ """Outcome of a secret/threat scan over a piece of text."""
50
+
51
+ is_threat: bool
52
+ risk_score: int
53
+ reason: str
54
+
55
+
56
+ class LocalAppClient:
57
+ def __init__(self, cfg: Config):
58
+ self.cfg = cfg
59
+
60
+ # ------------------------------------------------------------------ #
61
+ # REST transport (stdlib) #
62
+ # ------------------------------------------------------------------ #
63
+ def _request(self, method: str, path: str, body: Optional[dict]) -> Any:
64
+ url = f"{self.cfg.base_url.rstrip('/')}{path}"
65
+ data = json.dumps(body).encode("utf-8") if body is not None else None
66
+ req = urllib.request.Request(
67
+ url,
68
+ data=data,
69
+ method=method,
70
+ headers={"Content-Type": "application/json"},
71
+ )
72
+ timeout = max(self.cfg.timeout_ms / 1000.0, 0.1)
73
+ with urllib.request.urlopen(req, timeout=timeout) as resp: # noqa: S310 (localhost)
74
+ raw = resp.read()
75
+ return json.loads(raw) if raw else {}
76
+
77
+ def _get(self, path: str) -> Any:
78
+ return self._request("GET", path, None)
79
+
80
+ def _post(self, path: str, body: dict) -> Any:
81
+ return self._request("POST", path, body)
82
+
83
+ def reachable(self) -> bool:
84
+ try:
85
+ self._get("/api/tool-permissions/essential")
86
+ return True
87
+ except Exception:
88
+ return False
89
+
90
+ # ------------------------------------------------------------------ #
91
+ # (a) Permissions — synced > override > essential > default-allow #
92
+ # ------------------------------------------------------------------ #
93
+ def resolve_permission(self, tool_id: str) -> Verdict:
94
+ try:
95
+ essential = self._get("/api/tool-permissions/essential") or {}
96
+ overrides = self._get("/api/tool-permissions/overrides") or {}
97
+ synced = self._get(
98
+ "/api/tool-permissions/synced-overrides?"
99
+ + urllib.parse.urlencode({"runtime": RUNTIME_KIND})
100
+ ) or {}
101
+ except (urllib.error.URLError, OSError, json.JSONDecodeError) as exc:
102
+ raise AppUnreachable(str(exc)) from exc
103
+ return self._resolve(tool_id, essential, overrides, synced)
104
+
105
+ @staticmethod
106
+ def _index(arr: Optional[List[dict]], key: str) -> Dict[str, dict]:
107
+ """Index rows by their id, with a case-insensitive fallback (exact
108
+ casing wins, mirroring the app's lookup)."""
109
+ out: Dict[str, dict] = {}
110
+ for item in arr or []:
111
+ k = item.get(key)
112
+ if k is not None:
113
+ out.setdefault(str(k).lower(), item)
114
+ for item in arr or []:
115
+ k = item.get(key)
116
+ if k is not None:
117
+ out[str(k)] = item
118
+ return out
119
+
120
+ def _resolve(self, tool_id, essential, overrides, synced) -> Verdict:
121
+ name = tool_id
122
+ low = tool_id.lower()
123
+ emap = self._index(essential.get("tools"), "tool_id")
124
+ omap = self._index(overrides.get("overrides"), "tool_id")
125
+ smap = self._index(synced.get("synced"), "tool_id")
126
+
127
+ # 1. Cloud-pushed synced policy wins.
128
+ s = smap.get(name) or smap.get(low)
129
+ if s:
130
+ effect = str(s.get("effect", "")).lower()
131
+ action = "allow" if effect == "allow" else "block"
132
+ policy = s.get("policy_name") or s.get("policy_id") or "synced"
133
+ ver = f" v{s['policy_version']}" if s.get("policy_version") is not None else ""
134
+ return Verdict(
135
+ action, "synced", f"Synced policy '{policy}'{ver}: {effect}",
136
+ (name in emap or low in emap), name,
137
+ )
138
+ # 2. Local user override.
139
+ o = omap.get(name) or omap.get(low)
140
+ if o:
141
+ return Verdict(
142
+ o.get("action", "allow"), "overridden",
143
+ f"User override: {o.get('action')}",
144
+ (name in emap or low in emap), name,
145
+ )
146
+ # 3. Essential registry default.
147
+ e = emap.get(name) or emap.get(low)
148
+ if e:
149
+ return Verdict(
150
+ e.get("effective_action") or e.get("default_action") or "allow",
151
+ e.get("risk", "unknown"), e.get("reason", "Essential tool policy"),
152
+ True, name,
153
+ )
154
+ # 4. Not in registry — allowed by default.
155
+ return Verdict("allow", "unknown", "Not in registry — allowed by default", False, name)
156
+
157
+ # ------------------------------------------------------------------ #
158
+ # (b)+(c) Secret + threat detection — the running app's /api/analyze #
159
+ # ------------------------------------------------------------------ #
160
+ # We deliberately use the app's REST `/analyze` (same engine, same HTTP
161
+ # transport as permissions/audit) rather than constructing an in-process
162
+ # SecureVectorClient: the SDK already requires the app running, and the
163
+ # in-process local analyzer needs its own config/license and can raise on
164
+ # init. Tool input is user→tool ("outgoing"); tool output is fetched
165
+ # context→model, which is exactly the app's IDPI "incoming" scan mode.
166
+ _DIRECTION_MODE = {"tool_input": "outgoing", "tool_output": "incoming"}
167
+
168
+ def analyze(self, text: str, direction: str) -> AnalysisVerdict:
169
+ if not text:
170
+ return AnalysisVerdict(False, 0, "empty")
171
+ mode = self._DIRECTION_MODE.get(direction, "outgoing")
172
+ try:
173
+ # The analyze route is mounted at /analyze (no /api prefix).
174
+ res = self._post("/analyze", {"text": str(text)[:102400], "mode": mode})
175
+ except (urllib.error.URLError, OSError, json.JSONDecodeError) as exc:
176
+ raise AppUnreachable(f"analyze failed: {exc}") from exc
177
+ if not isinstance(res, dict):
178
+ return AnalysisVerdict(False, 0, "no-result")
179
+ risk = int(res.get("risk_score") or 0)
180
+ is_threat = bool(res.get("is_threat", False))
181
+ # Secrets/data-leaks also surface via redaction: the app sets
182
+ # redacted_text (and action_taken=redact/block) when it catches a secret.
183
+ # Control (b) keys on that, control (c) on is_threat. A finding is either.
184
+ has_secret = bool(res.get("redacted_text")) or (res.get("action_taken") in ("redact", "block"))
185
+ finding = is_threat or has_secret
186
+ return AnalysisVerdict(
187
+ finding, risk,
188
+ f"{direction} threat={is_threat} secret={has_secret} risk={risk}",
189
+ )
190
+
191
+ # ------------------------------------------------------------------ #
192
+ # Audit — append to the tamper-evident chain #
193
+ # ------------------------------------------------------------------ #
194
+ def record_audit(
195
+ self,
196
+ *,
197
+ tool_id: str,
198
+ function_name: Optional[str],
199
+ action: str,
200
+ risk: Optional[str],
201
+ reason: Optional[str],
202
+ is_essential: bool,
203
+ args_preview: Optional[str],
204
+ session_id: Optional[str] = None,
205
+ request_id: Optional[str] = None,
206
+ ) -> None:
207
+ act = action if action in _VALID_AUDIT_ACTIONS else "log_only"
208
+ body = {
209
+ "tool_id": tool_id,
210
+ "function_name": function_name or tool_id,
211
+ "action": act,
212
+ "risk": risk,
213
+ "reason": reason,
214
+ "is_essential": bool(is_essential),
215
+ "args_preview": args_preview,
216
+ "runtime_kind": RUNTIME_KIND,
217
+ "session_id": session_id,
218
+ "request_id": (request_id or None) and str(request_id)[:64],
219
+ }
220
+ try:
221
+ self._post("/api/tool-permissions/call-audit", body)
222
+ except Exception as exc: # never let audit failure break the agent
223
+ log.debug("audit post failed: %s", exc)
@@ -0,0 +1,54 @@
1
+ """Adapter configuration — explicit kwargs override environment overrides
2
+ defaults.
3
+
4
+ Environment variables (all optional):
5
+ SECUREVECTOR_SDK_APP_URL local app base URL (default http://127.0.0.1:8741)
6
+ SECUREVECTOR_SDK_MODE observe | enforce (default observe)
7
+ SECUREVECTOR_SDK_TIMEOUT_MS per-call verdict timeout (default 3000)
8
+ SECUREVECTOR_SDK_RISK_THRESHOLD enforce-block risk cutoff (default 70)
9
+ SECUREVECTOR_SDK_ANALYZE_MODE SecureVectorClient mode (default local)
10
+ SECUREVECTOR_SDK_DISABLED set truthy to no-op entirely
11
+
12
+ Note: we deliberately use SECUREVECTOR_SDK_APP_URL, not the existing
13
+ SECUREVECTOR_URL — the latter points at the *cloud* API in the rest of the
14
+ ecosystem, whereas the SDK talks to the *local* app.
15
+ """
16
+
17
+ import os
18
+ from dataclasses import dataclass
19
+
20
+ DEFAULT_BASE_URL = "http://127.0.0.1:8741"
21
+
22
+
23
+ def _truthy(val: str) -> bool:
24
+ return str(val).strip().lower() in ("1", "true", "yes", "on")
25
+
26
+
27
+ @dataclass
28
+ class Config:
29
+ base_url: str = DEFAULT_BASE_URL
30
+ mode: str = "observe" # observe (fail-open) | enforce (fail-closed)
31
+ timeout_ms: int = 3000
32
+ threat_risk_threshold: int = 70 # risk_score >= this blocks in enforce mode
33
+ analyze_mode: str = "local" # SecureVectorClient mode used for /analyze
34
+ enabled: bool = True
35
+
36
+ @classmethod
37
+ def from_env(cls, **overrides) -> "Config":
38
+ cfg = cls(
39
+ base_url=os.environ.get("SECUREVECTOR_SDK_APP_URL", DEFAULT_BASE_URL),
40
+ mode=os.environ.get("SECUREVECTOR_SDK_MODE", "observe").strip().lower(),
41
+ timeout_ms=int(os.environ.get("SECUREVECTOR_SDK_TIMEOUT_MS", "3000")),
42
+ threat_risk_threshold=int(
43
+ os.environ.get("SECUREVECTOR_SDK_RISK_THRESHOLD", "70")
44
+ ),
45
+ analyze_mode=os.environ.get("SECUREVECTOR_SDK_ANALYZE_MODE", "local"),
46
+ enabled=not _truthy(os.environ.get("SECUREVECTOR_SDK_DISABLED", "")),
47
+ )
48
+ # Explicit kwargs win over env, but only when actually provided.
49
+ for key, value in overrides.items():
50
+ if value is not None and hasattr(cfg, key):
51
+ setattr(cfg, key, value)
52
+ if cfg.mode not in ("observe", "enforce"):
53
+ cfg.mode = "observe"
54
+ return cfg
@@ -0,0 +1,180 @@
1
+ """Control routing — the three checks on every tool call.
2
+
3
+ This is the framework-agnostic engine. Detection already exists in the app; the
4
+ job here is **routing + the observe/enforce state machine**. The public surface
5
+ is deliberately non-raising so each adapter can choose how to *act* on a block:
6
+
7
+ * the LangChain/LangGraph ``wrap_tool_call`` middleware returns a ``ToolMessage``
8
+ to short-circuit (the documented block primitive);
9
+ * the CrewAI tool wrapper raises ``ToolBlocked`` (CrewAI has no middleware).
10
+
11
+ Per intercepted call, in order:
12
+
13
+ (a) PERMISSIONS — resolve allow/block for the tool id
14
+ (b) SECRET scan — \\
15
+ (c) THREAT scan — // over the serialized tool input (and, on end, output)
16
+
17
+ ``observe`` (default) is fail-open: everything is logged, nothing is blocked,
18
+ and an unreachable app degrades to allow. ``enforce`` is fail-closed: a policy
19
+ block, a high-risk input finding, or an unreachable app all mark the decision
20
+ ``blocked``.
21
+ """
22
+
23
+ import logging
24
+ import re
25
+ import sys
26
+ from dataclasses import dataclass
27
+ from typing import Optional
28
+
29
+ from .client import LocalAppClient
30
+ from .config import Config
31
+ from .errors import AppUnreachable, ToolBlocked
32
+
33
+ log = logging.getLogger("securevector_sdk_crewai")
34
+
35
+ # Belt-and-braces preview redaction (the app redacts too; this keeps obvious
36
+ # secrets out of the args_preview we send).
37
+ _REDACTIONS = [
38
+ (re.compile(r"AKIA[A-Z0-9]{16}"), "AKIA[REDACTED]"),
39
+ (re.compile(r"ghp_[A-Za-z0-9]{36}"), "ghp_[REDACTED]"),
40
+ (re.compile(r"sk-[A-Za-z0-9]{20,}"), "sk-[REDACTED]"),
41
+ (re.compile(r"(?i)(password\"?\s*[:=]\s*\")[^\"]+(\")"), r"\1[REDACTED]\2"),
42
+ ]
43
+
44
+
45
+ def redact(text: object, limit: int = 500) -> str:
46
+ if not text:
47
+ return ""
48
+ s = str(text)
49
+ for pattern, repl in _REDACTIONS:
50
+ s = pattern.sub(repl, s)
51
+ return s[:limit]
52
+
53
+
54
+ @dataclass
55
+ class Decision:
56
+ """Result of evaluating a tool call's input. ``blocked`` already accounts
57
+ for mode — it is only True when the call should actually be stopped (i.e.
58
+ enforce mode + a deny). ``action`` is the audited action."""
59
+
60
+ blocked: bool
61
+ action: str # allow | block | log_only
62
+ reason: str
63
+ risk: str
64
+
65
+
66
+ class Interceptor:
67
+ def __init__(self, cfg: Config, client: Optional[LocalAppClient] = None):
68
+ self.cfg = cfg
69
+ self.client = client or LocalAppClient(cfg)
70
+ self._disclosed = False
71
+
72
+ @property
73
+ def enforce(self) -> bool:
74
+ return self.cfg.mode == "enforce"
75
+
76
+ def _disclose_once(self) -> None:
77
+ if self.enforce and not self._disclosed:
78
+ self._disclosed = True
79
+ sys.stderr.write(
80
+ "[SecureVector] SDK is in ENFORCE mode — tool calls will be "
81
+ "BLOCKED if a policy denies them or the local app is unreachable.\n"
82
+ )
83
+
84
+ # ------------------------------------------------------------------ #
85
+ # Primary, non-raising API #
86
+ # ------------------------------------------------------------------ #
87
+ def evaluate_input(
88
+ self,
89
+ tool_id: str,
90
+ args_text: str,
91
+ *,
92
+ session_id: Optional[str] = None,
93
+ request_id: Optional[str] = None,
94
+ ) -> Decision:
95
+ """Run the three controls on a tool's input and return a Decision.
96
+ Records the audit row as a side effect. Never raises."""
97
+ if not self.cfg.enabled:
98
+ return Decision(False, "allow", "sdk disabled", "")
99
+ self._disclose_once()
100
+ preview = redact(args_text)
101
+
102
+ # (a) PERMISSIONS
103
+ try:
104
+ verdict = self.client.resolve_permission(tool_id)
105
+ except AppUnreachable:
106
+ if self.enforce:
107
+ return Decision(True, "block", "local app unreachable (fail-closed)", "unreachable")
108
+ log.warning("app unreachable; observe mode allows %s", tool_id)
109
+ return Decision(False, "allow", "app unreachable (observe, fail-open)", "unreachable")
110
+
111
+ if verdict.action == "block":
112
+ self.client.record_audit(
113
+ tool_id=tool_id, function_name=tool_id, action="block",
114
+ risk=verdict.risk, reason=verdict.reason,
115
+ is_essential=verdict.is_essential, args_preview=preview,
116
+ session_id=session_id, request_id=request_id,
117
+ )
118
+ return Decision(self.enforce, "block", verdict.reason, verdict.risk)
119
+
120
+ # (b)+(c) SECRET + THREAT on the tool input
121
+ a_in = None
122
+ try:
123
+ a_in = self.client.analyze(args_text, "tool_input")
124
+ except AppUnreachable:
125
+ a_in = None # analysis best-effort; permissions already passed
126
+
127
+ if a_in and a_in.is_threat:
128
+ should_block = self.enforce and a_in.risk_score >= self.cfg.threat_risk_threshold
129
+ act = "block" if should_block else "log_only"
130
+ self.client.record_audit(
131
+ tool_id=tool_id, function_name=tool_id, action=act,
132
+ risk=str(a_in.risk_score),
133
+ reason=f"Input secret/threat detected (risk={a_in.risk_score})",
134
+ is_essential=verdict.is_essential, args_preview=preview,
135
+ session_id=session_id, request_id=request_id,
136
+ )
137
+ return Decision(should_block, act, f"input secret/threat risk={a_in.risk_score}", str(a_in.risk_score))
138
+
139
+ # Allowed — record the decision.
140
+ self.client.record_audit(
141
+ tool_id=tool_id, function_name=tool_id, action="allow",
142
+ risk=verdict.risk, reason=verdict.reason,
143
+ is_essential=verdict.is_essential, args_preview=preview,
144
+ session_id=session_id, request_id=request_id,
145
+ )
146
+ return Decision(False, "allow", verdict.reason, verdict.risk)
147
+
148
+ def scan_output(
149
+ self,
150
+ tool_id: str,
151
+ output_text: str,
152
+ *,
153
+ session_id: Optional[str] = None,
154
+ request_id: Optional[str] = None,
155
+ ) -> None:
156
+ """Scan the tool RESULT for secrets / exfiltration (observe-only — the
157
+ tool already ran). Records a row if anything is found. Never raises."""
158
+ if not self.cfg.enabled:
159
+ return
160
+ try:
161
+ a_out = self.client.analyze(output_text, "tool_output")
162
+ except AppUnreachable:
163
+ return
164
+ if a_out and a_out.is_threat:
165
+ self.client.record_audit(
166
+ tool_id=tool_id, function_name=tool_id, action="log_only",
167
+ risk=str(a_out.risk_score),
168
+ reason=f"Output secret/threat detected (risk={a_out.risk_score})",
169
+ is_essential=False, args_preview=redact(output_text),
170
+ session_id=session_id, request_id=request_id,
171
+ )
172
+
173
+ # ------------------------------------------------------------------ #
174
+ # Raising convenience (CrewAI wrapper, where blocking == raising) #
175
+ # ------------------------------------------------------------------ #
176
+ def guard_input(self, tool_id: str, args_text: str, **kwargs) -> Decision:
177
+ decision = self.evaluate_input(tool_id, args_text, **kwargs)
178
+ if decision.blocked:
179
+ raise ToolBlocked(tool_id, decision.reason)
180
+ return decision
@@ -0,0 +1,26 @@
1
+ """Exceptions raised by the SecureVector LangChain adapter.
2
+
3
+ ``ToolBlocked`` is the one that matters operationally: in ``enforce`` mode the
4
+ callback handler raises it from ``on_tool_start`` *before* the tool executes,
5
+ which aborts the tool step. In ``observe`` mode it is never raised — the call
6
+ is logged and allowed through.
7
+ """
8
+
9
+
10
+ class SecureVectorError(Exception):
11
+ """Base class for all adapter errors."""
12
+
13
+
14
+ class ToolBlocked(SecureVectorError):
15
+ """Raised in enforce mode to abort a tool call (policy block, input threat,
16
+ or fail-closed when the local app is unreachable)."""
17
+
18
+ def __init__(self, tool_id: str, reason: str):
19
+ self.tool_id = tool_id
20
+ self.reason = reason
21
+ super().__init__(f"SecureVector blocked tool '{tool_id}': {reason}")
22
+
23
+
24
+ class AppUnreachable(SecureVectorError):
25
+ """The local SecureVector app could not be reached. Mode decides the
26
+ consequence: observe → allow (fail-open); enforce → deny (fail-closed)."""
@@ -0,0 +1,40 @@
1
+ """Canonical tool-id normalization — the ONLY framework-specific mapping.
2
+
3
+ The whole SecureVector fleet keys permissions and audit on a single canonical
4
+ ``tool_id``. CrewAI surfaces a tool's name as ``BaseTool.name`` (passed here as
5
+ the flat ``name`` argument). Normalizing it here is the one piece of
6
+ CrewAI-specific code; every downstream step (permission resolution, analysis,
7
+ audit) is shared engine behaviour, so a policy authored once — "allow
8
+ web_search, block shell" — applies identically across LangChain / LangGraph /
9
+ CrewAI.
10
+
11
+ Casing is preserved: the local app matches tool ids case-insensitively, so a
12
+ rule authored ``tool_id="Bash"`` still governs a CrewAI tool named ``bash``.
13
+ """
14
+
15
+ from typing import Any, Optional
16
+
17
+ # The audit/Bill-of-Tools/OCSF pipeline groups by this attribution tag.
18
+ RUNTIME_KIND = "crewai"
19
+
20
+
21
+ def normalize_tool_id(serialized: Any, name: Optional[str] = None) -> str:
22
+ """Resolve a canonical tool id.
23
+
24
+ Accepts a flat ``name`` (CrewAI ``BaseTool.name``) and/or a ``serialized``
25
+ dict (``{"name": ...}`` or a dotted ``{"id": [...]}`` path) for symmetry
26
+ with the other SDKs. Falls back to ``"unknown"`` so a missing name never
27
+ crashes the agent.
28
+ """
29
+ raw: Optional[str] = None
30
+ if isinstance(serialized, dict):
31
+ raw = serialized.get("name")
32
+ if not raw:
33
+ ident = serialized.get("id")
34
+ if isinstance(ident, (list, tuple)) and ident:
35
+ raw = str(ident[-1])
36
+ if not raw:
37
+ raw = name
38
+ if not raw:
39
+ return "unknown"
40
+ return str(raw).strip() or "unknown"
@@ -0,0 +1,136 @@
1
+ """CrewAI tool interception.
2
+
3
+ CrewAI is not built on langchain-core, so there is no shared callback bus to
4
+ hook. Instead we wrap the tool's public ``run`` method: before it executes we
5
+ run the three controls (and, in enforce mode, raise ``ToolBlocked`` to abort);
6
+ after it returns we scan the output. The shared :class:`Interceptor` owns the
7
+ policy — this module only adapts CrewAI's tool surface to it.
8
+
9
+ Two entry points:
10
+
11
+ * ``secure_tools([...])`` / ``secure_tool(t)`` — explicit, robust per-tool
12
+ wrapping. Recommended: ``agent = Agent(tools=secure_tools(my_tools), ...)``.
13
+ * ``install()`` — best-effort global monkeypatch of CrewAI's ``BaseTool.run``
14
+ so every tool is covered without per-tool wiring. Falls back gracefully if
15
+ CrewAI's internals differ from what we expect.
16
+ """
17
+
18
+ import functools
19
+ import json
20
+ import logging
21
+ import uuid
22
+ from typing import Any, Iterable, List, Optional
23
+
24
+ from .config import Config
25
+ from .core import Interceptor
26
+ from .tool_id import normalize_tool_id
27
+
28
+ log = logging.getLogger("securevector_sdk_crewai")
29
+
30
+ _WRAPPED_FLAG = "_securevector_wrapped"
31
+
32
+
33
+ def _to_text(value: Any) -> str:
34
+ if value is None:
35
+ return ""
36
+ if isinstance(value, str):
37
+ return value
38
+ try:
39
+ return json.dumps(value, default=str)
40
+ except Exception:
41
+ return str(value)
42
+
43
+
44
+ class SecureCrew:
45
+ """Holds the config + shared interceptor and wraps CrewAI tools."""
46
+
47
+ def __init__(self, mode: Optional[str] = None, base_url: Optional[str] = None, **kwargs):
48
+ self.cfg = Config.from_env(mode=mode, base_url=base_url, **kwargs)
49
+ self.interceptor = Interceptor(self.cfg)
50
+ self._session = uuid.uuid4().hex[:16]
51
+
52
+ def _secure_callable(self, name: str, original):
53
+ @functools.wraps(original)
54
+ def secured(*args, **kwargs):
55
+ tool_id = normalize_tool_id(None, name=name)
56
+ req = uuid.uuid4().hex[:16]
57
+ # guard_input runs the three controls; in enforce mode a denial
58
+ # raises ToolBlocked here, before the underlying tool executes.
59
+ self.interceptor.guard_input(
60
+ tool_id,
61
+ _to_text({"args": args, "kwargs": kwargs}),
62
+ session_id=self._session,
63
+ request_id=req,
64
+ )
65
+ result = original(*args, **kwargs)
66
+ self.interceptor.scan_output(
67
+ tool_id, _to_text(result), session_id=self._session, request_id=req
68
+ )
69
+ return result
70
+
71
+ return secured
72
+
73
+ def secure_tool(self, tool: Any) -> Any:
74
+ """Wrap a single CrewAI tool in place; returns the same tool."""
75
+ if tool is None or getattr(tool, _WRAPPED_FLAG, False):
76
+ return tool
77
+ name = getattr(tool, "name", None) or tool.__class__.__name__
78
+ original = getattr(tool, "run", None)
79
+ if not callable(original):
80
+ log.warning("tool %r has no callable run(); skipping", name)
81
+ return tool
82
+ secured = self._secure_callable(name, original)
83
+ try:
84
+ # object.__setattr__ bypasses pydantic v2 field validation; the
85
+ # instance attribute shadows the class method on lookup.
86
+ object.__setattr__(tool, "run", secured)
87
+ object.__setattr__(tool, _WRAPPED_FLAG, True)
88
+ except Exception as exc: # pragma: no cover - depends on CrewAI internals
89
+ log.warning("could not wrap tool %r: %s", name, exc)
90
+ return tool
91
+
92
+ def secure_tools(self, tools: Iterable[Any]) -> List[Any]:
93
+ return [self.secure_tool(t) for t in (tools or [])]
94
+
95
+ def install_global(self) -> bool:
96
+ """Monkeypatch CrewAI's BaseTool.run so all tools are covered. Returns
97
+ True if the patch was applied."""
98
+ try:
99
+ # Documented public import path.
100
+ from crewai.tools import BaseTool # type: ignore
101
+ except Exception:
102
+ try:
103
+ from crewai.tools.base_tool import BaseTool # type: ignore
104
+ except Exception as exc:
105
+ log.warning("CrewAI BaseTool not importable (%s); use secure_tools() instead", exc)
106
+ return False
107
+ if getattr(BaseTool, _WRAPPED_FLAG, False):
108
+ return True
109
+ crew = self
110
+
111
+ original_run = BaseTool.run
112
+
113
+ @functools.wraps(original_run)
114
+ def patched_run(self, *args, **kwargs): # noqa: ANN001
115
+ name = getattr(self, "name", None) or self.__class__.__name__
116
+ tool_id = normalize_tool_id(None, name=name)
117
+ req = uuid.uuid4().hex[:16]
118
+ crew.interceptor.guard_input(
119
+ tool_id,
120
+ _to_text({"args": args, "kwargs": kwargs}),
121
+ session_id=crew._session,
122
+ request_id=req,
123
+ )
124
+ result = original_run(self, *args, **kwargs)
125
+ crew.interceptor.scan_output(
126
+ tool_id, _to_text(result), session_id=crew._session, request_id=req
127
+ )
128
+ return result
129
+
130
+ try:
131
+ BaseTool.run = patched_run # type: ignore[method-assign]
132
+ setattr(BaseTool, _WRAPPED_FLAG, True)
133
+ return True
134
+ except Exception as exc: # pragma: no cover
135
+ log.warning("global CrewAI patch failed: %s", exc)
136
+ return False
@@ -0,0 +1,127 @@
1
+ Metadata-Version: 2.4
2
+ Name: securevector-sdk-crewai
3
+ Version: 1.0.0
4
+ Summary: SecureVector SDK for CrewAI — brings the local threat monitor's three controls (tool-call permissions, secret/data-leak detection, threat detection) to every CrewAI tool call, with tamper-evident audit logging.
5
+ Author: SecureVector
6
+ License: Apache-2.0
7
+ Project-URL: Homepage, https://securevector.io
8
+ Project-URL: Source, https://github.com/Secure-Vector/securevector-sdk-crewai
9
+ Keywords: crewai,llm,security,ai-agent,audit,compliance,tool-permissions
10
+ Classifier: Development Status :: 5 - Production/Stable
11
+ Classifier: Intended Audience :: Developers
12
+ Classifier: License :: OSI Approved :: Apache Software License
13
+ Classifier: Programming Language :: Python :: 3
14
+ Classifier: Topic :: Security
15
+ Requires-Python: >=3.10
16
+ Description-Content-Type: text/markdown
17
+ License-File: LICENSE
18
+ License-File: NOTICE
19
+ Requires-Dist: securevector-ai-monitor>=4.7
20
+ Requires-Dist: crewai>=0.30
21
+ Provides-Extra: dev
22
+ Requires-Dist: pytest>=7.0; extra == "dev"
23
+ Dynamic: license-file
24
+
25
+ # SecureVector SDK for CrewAI
26
+
27
+ [![PyPI](https://img.shields.io/pypi/v/securevector-sdk-crewai)](https://pypi.org/project/securevector-sdk-crewai/)
28
+ [![Downloads](https://img.shields.io/pypi/dm/securevector-sdk-crewai)](https://pypistats.org/packages/securevector-sdk-crewai)
29
+ [![Python](https://img.shields.io/badge/python-3.10%2B-blue)](https://pypi.org/project/securevector-sdk-crewai/)
30
+ [![License](https://img.shields.io/badge/license-Apache--2.0-green)](LICENSE)
31
+
32
+ > Bring the SecureVector local threat monitor's three controls — **tool-call
33
+ > permissions**, **secret / data-leak detection**, and **threat detection** —
34
+ > to every CrewAI tool call, with tamper-evident audit logging.
35
+
36
+ ```bash
37
+ pip install securevector-sdk-crewai
38
+ ```
39
+
40
+ > 📦 **One install — batteries included.** `pip install securevector-sdk-crewai`
41
+ > **also installs the local SecureVector app** (`securevector-ai-monitor`): the
42
+ > adapter **and** the detection engine + tamper-evident audit chain arrive in a
43
+ > single `pip install`. The SDK is a thin interception layer — **the app must be
44
+ > running locally** (`securevector-app --web`) for it to do anything.
45
+
46
+ ## Quick start
47
+
48
+ Wrap your tools (recommended — robust across CrewAI versions):
49
+
50
+ ```python
51
+ from securevector_sdk_crewai import secure_tools
52
+
53
+ agent = Agent(tools=secure_tools(my_tools), ...)
54
+ ```
55
+
56
+ or install globally (best-effort monkeypatch of CrewAI's `BaseTool`):
57
+
58
+ ```python
59
+ from securevector_sdk_crewai import install
60
+
61
+ install(mode="observe")
62
+ ```
63
+
64
+ or fully zero-config:
65
+
66
+ ```python
67
+ import securevector_sdk_crewai.auto # reads env, installs globally
68
+ ```
69
+
70
+ ## What happens on every tool call
71
+
72
+ Before a tool runs, the SDK:
73
+
74
+ 1. **(a) Permissions** — resolves an allow/block verdict for the tool, using the
75
+ app's own precedence: cloud-pushed **synced** policy → local **override** →
76
+ **essential** registry → default-allow.
77
+ 2. **(b)+(c) Secret & threat scan** — sends the serialized tool input through the
78
+ app's `/analyze` pipeline.
79
+
80
+ After the tool returns, the result is scanned the same way to catch secrets /
81
+ exfiltration in tool output. Every decision is written to the app's audit chain
82
+ tagged `runtime_kind="crewai"`.
83
+
84
+ ## observe vs enforce
85
+
86
+ | | local app reachable | local app unreachable |
87
+ |---|---|---|
88
+ | **observe** (default) | log + advisory verdict; tool always runs | tool runs (fail-open) |
89
+ | **enforce** (opt-in) | tool runs only if the verdict ≠ block | **tool denied** (fail-closed) |
90
+
91
+ ```python
92
+ install(mode="enforce") # blocks denied tools and fails closed if the app is down
93
+ ```
94
+
95
+ In enforce mode a denied tool raises `ToolBlocked` before it executes; enforce
96
+ also prints a one-time disclosure to stderr.
97
+
98
+ ## Configuration
99
+
100
+ All optional, via env or kwargs:
101
+
102
+ | Env var | Default | Meaning |
103
+ |---|---|---|
104
+ | `SECUREVECTOR_SDK_APP_URL` | `http://127.0.0.1:8741` | local app base URL |
105
+ | `SECUREVECTOR_SDK_MODE` | `observe` | `observe` or `enforce` |
106
+ | `SECUREVECTOR_SDK_TIMEOUT_MS` | `3000` | per-call verdict timeout |
107
+ | `SECUREVECTOR_SDK_RISK_THRESHOLD` | `70` | risk score that blocks in enforce mode |
108
+ | `SECUREVECTOR_SDK_DISABLED` | _(unset)_ | set truthy to no-op |
109
+
110
+ ## Compliance
111
+
112
+ The tool-call-level, attributed, tamper-evident audit trail this produces is
113
+ exactly the **action-layer logging** auditors ask for under **EU AI Act
114
+ Art. 12 / 15**. This SDK produces the local evidence; the cloud governance
115
+ surface turns it into an auditor-ready pack.
116
+
117
+ ## Trademarks
118
+
119
+ **SecureVector** is the product name of this SDK. **CrewAI** is a trademark of
120
+ CrewAI, Inc. This is an independent, community SDK that *integrates with*
121
+ CrewAI via its public tool API. It is **not affiliated with, sponsored by, or
122
+ endorsed by CrewAI, Inc.** The name uses "crewai" only descriptively, to
123
+ identify the framework this package works with (nominative fair use).
124
+
125
+ ## License
126
+
127
+ Apache-2.0. See [LICENSE](LICENSE) and [NOTICE](NOTICE).
@@ -0,0 +1,15 @@
1
+ securevector_sdk_crewai/__init__.py,sha256=dYRj-l6kyHYhq4MI8p2M9_fCRR1B26yueQceVr-5wIs,2720
2
+ securevector_sdk_crewai/_version.py,sha256=4_Iw2PPMRJdf0KXcuqiDTYYX24Ba-DrXu6x_clV2LAc,237
3
+ securevector_sdk_crewai/auto.py,sha256=4fmltXbHPByv4SxNCIhPppHf9ApfPyip5LmvL3fYjow,498
4
+ securevector_sdk_crewai/client.py,sha256=WwhupJZwf-wTSt6uIYKF3FKV0E_1lFuozvxXJsqMIEc,9159
5
+ securevector_sdk_crewai/config.py,sha256=mWaJZ_xIEInTH1n3ylqyDZ9MHNwQUCcD6lGDNayTgE8,2299
6
+ securevector_sdk_crewai/core.py,sha256=OQl0QwWkuwfGwsH5B6zHvV7esrBJBq3Z7yMIPqAnREA,7203
7
+ securevector_sdk_crewai/errors.py,sha256=LbpINzHdiP62-N6PNm2HZNGjON1xDKMZxp9XAGG6HVU,982
8
+ securevector_sdk_crewai/tool_id.py,sha256=c-rd7nKRjC2QYW9lF85tLgvTflsJ_SGcSdgr7ltI1Io,1588
9
+ securevector_sdk_crewai/wrapper.py,sha256=YGp-bp681DIlVts24oojp9a2W983fLmIuolXiH13724,5286
10
+ securevector_sdk_crewai-1.0.0.dist-info/licenses/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
11
+ securevector_sdk_crewai-1.0.0.dist-info/licenses/NOTICE,sha256=mt_xl7vhVLPAaNSMHJKTaEjigjRXvFUpCvj84jUgp9k,594
12
+ securevector_sdk_crewai-1.0.0.dist-info/METADATA,sha256=j_x8_GrC6XV1Pr7H91gIVXAOw6Sf7L_Gxr8VFKL--hw,4925
13
+ securevector_sdk_crewai-1.0.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
14
+ securevector_sdk_crewai-1.0.0.dist-info/top_level.txt,sha256=7JER7zbIUseMB5iXtAgRaHk_Jh0sVK09L08rjvvdFJ0,24
15
+ securevector_sdk_crewai-1.0.0.dist-info/RECORD,,
@@ -0,0 +1,5 @@
1
+ Wheel-Version: 1.0
2
+ Generator: setuptools (82.0.1)
3
+ Root-Is-Purelib: true
4
+ Tag: py3-none-any
5
+
@@ -0,0 +1,202 @@
1
+
2
+ Apache License
3
+ Version 2.0, January 2004
4
+ http://www.apache.org/licenses/
5
+
6
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7
+
8
+ 1. Definitions.
9
+
10
+ "License" shall mean the terms and conditions for use, reproduction,
11
+ and distribution as defined by Sections 1 through 9 of this document.
12
+
13
+ "Licensor" shall mean the copyright owner or entity authorized by
14
+ the copyright owner that is granting the License.
15
+
16
+ "Legal Entity" shall mean the union of the acting entity and all
17
+ other entities that control, are controlled by, or are under common
18
+ control with that entity. For the purposes of this definition,
19
+ "control" means (i) the power, direct or indirect, to cause the
20
+ direction or management of such entity, whether by contract or
21
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
22
+ outstanding shares, or (iii) beneficial ownership of such entity.
23
+
24
+ "You" (or "Your") shall mean an individual or Legal Entity
25
+ exercising permissions granted by this License.
26
+
27
+ "Source" form shall mean the preferred form for making modifications,
28
+ including but not limited to software source code, documentation
29
+ source, and configuration files.
30
+
31
+ "Object" form shall mean any form resulting from mechanical
32
+ transformation or translation of a Source form, including but
33
+ not limited to compiled object code, generated documentation,
34
+ and conversions to other media types.
35
+
36
+ "Work" shall mean the work of authorship, whether in Source or
37
+ Object form, made available under the License, as indicated by a
38
+ copyright notice that is included in or attached to the work
39
+ (an example is provided in the Appendix below).
40
+
41
+ "Derivative Works" shall mean any work, whether in Source or Object
42
+ form, that is based on (or derived from) the Work and for which the
43
+ editorial revisions, annotations, elaborations, or other modifications
44
+ represent, as a whole, an original work of authorship. For the purposes
45
+ of this License, Derivative Works shall not include works that remain
46
+ separable from, or merely link (or bind by name) to the interfaces of,
47
+ the Work and Derivative Works thereof.
48
+
49
+ "Contribution" shall mean any work of authorship, including
50
+ the original version of the Work and any modifications or additions
51
+ to that Work or Derivative Works thereof, that is intentionally
52
+ submitted to Licensor for inclusion in the Work by the copyright owner
53
+ or by an individual or Legal Entity authorized to submit on behalf of
54
+ the copyright owner. For the purposes of this definition, "submitted"
55
+ means any form of electronic, verbal, or written communication sent
56
+ to the Licensor or its representatives, including but not limited to
57
+ communication on electronic mailing lists, source code control systems,
58
+ and issue tracking systems that are managed by, or on behalf of, the
59
+ Licensor for the purpose of discussing and improving the Work, but
60
+ excluding communication that is conspicuously marked or otherwise
61
+ designated in writing by the copyright owner as "Not a Contribution."
62
+
63
+ "Contributor" shall mean Licensor and any individual or Legal Entity
64
+ on behalf of whom a Contribution has been received by Licensor and
65
+ subsequently incorporated within the Work.
66
+
67
+ 2. Grant of Copyright License. Subject to the terms and conditions of
68
+ this License, each Contributor hereby grants to You a perpetual,
69
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70
+ copyright license to reproduce, prepare Derivative Works of,
71
+ publicly display, publicly perform, sublicense, and distribute the
72
+ Work and such Derivative Works in Source or Object form.
73
+
74
+ 3. Grant of Patent License. Subject to the terms and conditions of
75
+ this License, each Contributor hereby grants to You a perpetual,
76
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77
+ (except as stated in this section) patent license to make, have made,
78
+ use, offer to sell, sell, import, and otherwise transfer the Work,
79
+ where such license applies only to those patent claims licensable
80
+ by such Contributor that are necessarily infringed by their
81
+ Contribution(s) alone or by combination of their Contribution(s)
82
+ with the Work to which such Contribution(s) was submitted. If You
83
+ institute patent litigation against any entity (including a
84
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
85
+ or a Contribution incorporated within the Work constitutes direct
86
+ or contributory patent infringement, then any patent licenses
87
+ granted to You under this License for that Work shall terminate
88
+ as of the date such litigation is filed.
89
+
90
+ 4. Redistribution. You may reproduce and distribute copies of the
91
+ Work or Derivative Works thereof in any medium, with or without
92
+ modifications, and in Source or Object form, provided that You
93
+ meet the following conditions:
94
+
95
+ (a) You must give any other recipients of the Work or
96
+ Derivative Works a copy of this License; and
97
+
98
+ (b) You must cause any modified files to carry prominent notices
99
+ stating that You changed the files; and
100
+
101
+ (c) You must retain, in the Source form of any Derivative Works
102
+ that You distribute, all copyright, patent, trademark, and
103
+ attribution notices from the Source form of the Work,
104
+ excluding those notices that do not pertain to any part of
105
+ the Derivative Works; and
106
+
107
+ (d) If the Work includes a "NOTICE" text file as part of its
108
+ distribution, then any Derivative Works that You distribute must
109
+ include a readable copy of the attribution notices contained
110
+ within such NOTICE file, excluding those notices that do not
111
+ pertain to any part of the Derivative Works, in at least one
112
+ of the following places: within a NOTICE text file distributed
113
+ as part of the Derivative Works; within the Source form or
114
+ documentation, if provided along with the Derivative Works; or,
115
+ within a display generated by the Derivative Works, if and
116
+ wherever such third-party notices normally appear. The contents
117
+ of the NOTICE file are for informational purposes only and
118
+ do not modify the License. You may add Your own attribution
119
+ notices within Derivative Works that You distribute, alongside
120
+ or as an addendum to the NOTICE text from the Work, provided
121
+ that such additional attribution notices cannot be construed
122
+ as modifying the License.
123
+
124
+ You may add Your own copyright statement to Your modifications and
125
+ may provide additional or different license terms and conditions
126
+ for use, reproduction, or distribution of Your modifications, or
127
+ for any such Derivative Works as a whole, provided Your use,
128
+ reproduction, and distribution of the Work otherwise complies with
129
+ the conditions stated in this License.
130
+
131
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
132
+ any Contribution intentionally submitted for inclusion in the Work
133
+ by You to the Licensor shall be under the terms and conditions of
134
+ this License, without any additional terms or conditions.
135
+ Notwithstanding the above, nothing herein shall supersede or modify
136
+ the terms of any separate license agreement you may have executed
137
+ with Licensor regarding such Contributions.
138
+
139
+ 6. Trademarks. This License does not grant permission to use the trade
140
+ names, trademarks, service marks, or product names of the Licensor,
141
+ except as required for reasonable and customary use in describing the
142
+ origin of the Work and reproducing the content of the NOTICE file.
143
+
144
+ 7. Disclaimer of Warranty. Unless required by applicable law or
145
+ agreed to in writing, Licensor provides the Work (and each
146
+ Contributor provides its Contributions) on an "AS IS" BASIS,
147
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148
+ implied, including, without limitation, any warranties or conditions
149
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150
+ PARTICULAR PURPOSE. You are solely responsible for determining the
151
+ appropriateness of using or redistributing the Work and assume any
152
+ risks associated with Your exercise of permissions under this License.
153
+
154
+ 8. Limitation of Liability. In no event and under no legal theory,
155
+ whether in tort (including negligence), contract, or otherwise,
156
+ unless required by applicable law (such as deliberate and grossly
157
+ negligent acts) or agreed to in writing, shall any Contributor be
158
+ liable to You for damages, including any direct, indirect, special,
159
+ incidental, or consequential damages of any character arising as a
160
+ result of this License or out of the use or inability to use the
161
+ Work (including but not limited to damages for loss of goodwill,
162
+ work stoppage, computer failure or malfunction, or any and all
163
+ other commercial damages or losses), even if such Contributor
164
+ has been advised of the possibility of such damages.
165
+
166
+ 9. Accepting Warranty or Additional Liability. While redistributing
167
+ the Work or Derivative Works thereof, You may choose to offer,
168
+ and charge a fee for, acceptance of support, warranty, indemnity,
169
+ or other liability obligations and/or rights consistent with this
170
+ License. However, in accepting such obligations, You may act only
171
+ on Your own behalf and on Your sole responsibility, not on behalf
172
+ of any other Contributor, and only if You agree to indemnify,
173
+ defend, and hold each Contributor harmless for any liability
174
+ incurred by, or claims asserted against, such Contributor by reason
175
+ of your accepting any such warranty or additional liability.
176
+
177
+ END OF TERMS AND CONDITIONS
178
+
179
+ APPENDIX: How to apply the Apache License to your work.
180
+
181
+ To apply the Apache License to your work, attach the following
182
+ boilerplate notice, with the fields enclosed by brackets "[]"
183
+ replaced with your own identifying information. (Don't include
184
+ the brackets!) The text should be enclosed in the appropriate
185
+ comment syntax for the file format. We also recommend that a
186
+ file or class name and description of purpose be included on the
187
+ same "printed page" as the copyright notice for easier
188
+ identification within third-party archives.
189
+
190
+ Copyright [yyyy] [name of copyright owner]
191
+
192
+ Licensed under the Apache License, Version 2.0 (the "License");
193
+ you may not use this file except in compliance with the License.
194
+ You may obtain a copy of the License at
195
+
196
+ http://www.apache.org/licenses/LICENSE-2.0
197
+
198
+ Unless required by applicable law or agreed to in writing, software
199
+ distributed under the License is distributed on an "AS IS" BASIS,
200
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201
+ See the License for the specific language governing permissions and
202
+ limitations under the License.
@@ -0,0 +1,14 @@
1
+ SecureVector SDK for CrewAI
2
+ Copyright (c) SecureVector
3
+
4
+ This product is licensed under the Apache License, Version 2.0 (see LICENSE).
5
+
6
+ This software integrates with the CrewAI framework via its public tool API.
7
+ "CrewAI" is a trademark of CrewAI, Inc. This package is an independent,
8
+ community integration and is not affiliated with, sponsored by, or endorsed by
9
+ CrewAI, Inc. The framework name is used only descriptively to identify
10
+ compatibility (nominative fair use).
11
+
12
+ This package depends on:
13
+ - securevector-ai-monitor (the local SecureVector app + SDK)
14
+ - crewai (MIT, (c) CrewAI, Inc.)
@@ -0,0 +1 @@
1
+ securevector_sdk_crewai