Skip to content

airblackbox/trust-crewai

BranchesTags

Repository files navigation

air-crewai-trust

CI License Python 3.10+

EU AI Act compliance infrastructure for CrewAI agents. Drop-in trust layer that adds tamper-evident audit logging, PII tokenization, consent-based tool gating, and prompt injection detection — making your CrewAI agent stack compliant with Articles 9, 10, 11, 12, 14, and 15 of the EU AI Act.

Part of the AIR Blackbox ecosystem — the compliance layer for autonomous AI agents.

The EU AI Act enforcement date for high-risk AI systems is August 2, 2026. See the full compliance mapping for article-by-article coverage.

View Interactive Demo — Walk through every feature with animated examples.

Quick Start

pip install air-crewai-trust
from crewai import Agent, Task, Crew
from air_crewai_trust import activate_trust

# One line activates all trust hooks
plugin = activate_trust()

# Your CrewAI code runs as normal — trust layer works transparently
agent = Agent(role="Researcher", goal="Find information", backstory="...")
task = Task(description="Research AI safety", agent=agent)
crew = Crew(agents=[agent], tasks=[task])
crew.kickoff()

# Check what happened
print(plugin.get_audit_stats())
print(plugin.verify_chain())

What It Does

Tamper-Proof Audit Trail

Every tool call and LLM interaction is logged to an HMAC-SHA256 signed chain. Each entry references the previous entry's hash — modify any record and the chain breaks. Like a blockchain, but for your AI agent's actions.

Sensitive Data Tokenization

API keys, credentials, PII (emails, SSNs, phone numbers, credit cards) are automatically detected and replaced with opaque tokens before they reach the LLM. Original values are stored locally in the vault and can be restored when the tool actually needs them.

14 built-in patterns covering:

  • API keys (OpenAI, Anthropic, AWS, GitHub, Stripe)
  • Credentials (Bearer tokens, private keys, connection strings, passwords)
  • PII (emails, phone numbers, SSNs, credit cards)

Consent Gate

Destructive tools (exec, shell, deploy, file_delete) are blocked until the user explicitly approves them. Risk classification:

Risk Level Tools Action
Critical exec, spawn, shell Always requires consent
High fs_write, deploy, git_push Requires consent (default threshold)
Medium send_email, http_request Configurable
Low fs_read, search, query Auto-approved

Prompt Injection Detection

15+ weighted patterns detect prompt injection attempts including role overrides, jailbreaks, delimiter injection, privilege escalation, and data exfiltration. Configurable sensitivity (low/medium/high) and block threshold.

Configuration

from air_crewai_trust import activate_trust, AirTrustConfig

config = AirTrustConfig(
    consent_gate={
        "enabled": True,
        "always_require": ["exec", "spawn", "shell", "deploy"],
        "risk_threshold": "high",
    },
    vault={
        "enabled": True,
        "categories": ["api_key", "credential", "pii"],
    },
    injection_detection={
        "enabled": True,
        "sensitivity": "medium",
        "block_threshold": 0.8,
    },
    audit_ledger={
        "enabled": True,
        "max_entries": 10000,
    },
    # Optional: forward audit records to AIR Blackbox gateway
    gateway_url="https://your-gateway.example.com",
    gateway_key="your-api-key",
)

plugin = activate_trust(config)

CrewAI Hook Mapping

CrewAI Hook Trust Components
before_tool_call ConsentGate → DataVault → AuditLedger
after_tool_call AuditLedger
before_llm_call InjectionDetector → DataVault → AuditLedger
after_llm_call AuditLedger

API Reference

from air_crewai_trust import activate_trust, deactivate_trust, get_plugin

# Activate / deactivate
plugin = activate_trust(config=None)  # Returns AirTrustPlugin
deactivate_trust()                     # Unregisters all hooks

# Plugin methods
plugin.get_audit_stats()   # → {"total_entries": 42, "chain_valid": True, ...}
plugin.verify_chain()      # → {"valid": True, "total_entries": 42}
plugin.export_audit()      # → [{"id": "...", "action": "tool_call", ...}, ...]
plugin.get_vault_stats()   # → {"total_tokens": 5, "by_category": {"api_key": 3, "pii": 2}}

EU AI Act Compliance

EU AI Act Article Requirement AIR Feature
Art. 9 Risk management ConsentGate risk classification
Art. 10 Data governance DataVault PII tokenization
Art. 11 Technical documentation Full call graph audit logging
Art. 12 Record-keeping HMAC-SHA256 tamper-evident chain
Art. 14 Human oversight Consent-based tool blocking
Art. 15 Robustness & security InjectionDetector + multi-layer defense

See docs/eu-ai-act-compliance.md for the full article-by-article mapping.

AIR Blackbox Ecosystem

Package Framework Install
air-langchain-trust LangChain / LangGraph pip install air-langchain-trust
air-crewai-trust CrewAI pip install air-crewai-trust
openclaw-air-trust TypeScript / Node.js npm install openclaw-air-trust
Gateway Any HTTP agent docker pull ghcr.io/airblackbox/gateway:main
air-compliance Compliance Scanner pip install air-compliance

Development

git clone https://github.com/airblackbox/trust-crewai.git
cd trust-crewai
pip install -e ".[dev]"
pytest tests/ -v

License

Apache-2.0

About

AIR Trust Layer for CrewAI — Drop-in security, audit, and compliance for CrewAI multi-agent workflows. Part of the AIR Blackbox ecosystem.

Topics

python security ai audit trust compliance governance ai-safety opentelemetry llm crewai eu-ai-act

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 — Initial Release Latest
Feb 23, 2026

Packages

 
 
 

Contributors

Languages