CrewAI

Wrap an entire CrewAI crew with Rune to scan tool calls from every agent in the crew. One line of code covers all agents, all tools, all interactions.

Installation

Terminalbash

pip install runesec[crewai]

Quick Start

crew.pypython

from crewai import Agent, Task, Crew
from rune import Shield
from rune.integrations.crewai import shield_crew

# Your existing crew setup
researcher = Agent(role="Researcher", goal="Find data", tools=[web_search])
writer = Agent(role="Writer", goal="Write reports", tools=[file_write])
crew = Crew(agents=[researcher, writer], tasks=[research_task, write_task])

# Wrap with Rune (1 line)
shield = Shield(api_key="rune_live_xxx")
protected_crew = shield_crew(
    crew,
    shield=shield,
    agent_id="content-crew",
    agent_tags=["content", "prod"],
)

# All tool calls from all agents are now monitored
result = protected_crew.kickoff(inputs={"topic": "AI safety trends"})

Multi-Agent Security

CrewAI crews have unique security concerns because multiple agents collaborate, passing data between each other. Rune addresses these:

Cross-agent injection

Output from one agent becomes input for another. If Agent A retrieves data containing injection payloads, Agent B could execute them. Rune scans at every agent boundary.

Tool scope isolation

Different agents in a crew may have different permission levels. Rune policies can target agents by role/tag, enforcing per-agent tool restrictions.

Chain escalation

A seemingly innocent request to Agent A can escalate through delegation to Agent B which has broader tool access. Rune's behavioral analysis detects these escalation patterns.

Per-Agent Policies

Use agent tags to apply different policies to different agents in the crew:

policy.yamlyaml

version: "1.0"
rules:
  - name: researcher-read-only
    type: tool_access
    allow: ["web_search", "read_file"]
    deny: ["file_write", "send_email", "execute_sql"]
    match:
      agent_tags: [researcher]
    action: block

  - name: writer-no-network
    type: tool_access
    deny: ["web_search", "send_http_request"]
    match:
      agent_tags: [writer]
    action: block

Configuration

Optionspython

protected_crew = shield_crew(
    crew,
    shield=shield,
    agent_id="my-crew",              # Required: crew-level identifier
    agent_tags=["prod"],             # Optional: crew-wide tags
    block_on_error=False,            # Optional: fail open if Rune unreachable
)

Complete Runnable Example

Copy, paste, and run to verify your CrewAI integration:

crewai_rune_test.pypython

import os
assert os.environ.get("RUNE_API_KEY"), "Set RUNE_API_KEY"
assert os.environ.get("OPENAI_API_KEY"), "Set OPENAI_API_KEY"

from crewai import Agent, Task, Crew
from rune import Shield
from rune.integrations.crewai import shield_crew

researcher = Agent(role="Researcher", goal="Find facts", backstory="Expert researcher")
task = Task(description="List 3 facts about AI safety", agent=researcher, expected_output="A list of facts")
crew = Crew(agents=[researcher], tasks=[task])

shield = Shield()
protected_crew = shield_crew(crew, shield=shield, agent_id="crewai-test", agent_tags=["test"])

result = protected_crew.kickoff()
print("Result:", result)
print("Stats:", shield.stats)

Next Steps

Write Policies — Per-agent tool restrictions
Privilege Escalation — The biggest risk in multi-agent crews
Dashboard — Monitor crew behavior in real-time