Skip to main content

CrewAI 0.80+ Python 3.12

:::info New to Cordum? Start with the CrewAI quickstart to verify the adapter against the live bridge. This page focuses on PII scanning and approval gates for jobs submitted through Cordum. :::

Add Safety Gates to CrewAI

Problem: Your CrewAI crew processes customer data. How do you enforce PII redaction and add approval gates for sensitive operations — without modifying your crew code?

Solution: Cordum enforces safety policies at the platform level. Your crew code stays clean — governance is handled before jobs reach your agents.

User → API Gateway → Safety Kernel → [ALLOW/DENY/APPROVE] → CrewAI Crew

PII scan, approval gates, audit trail

Prerequisites

  • Docker and Docker Compose installed
  • cordumctl binary (install guide)

Step 1: Scaffold the Project

cordumctl init --framework crewai my-crewai-project
cd my-crewai-project

This generates a project with a two-agent crew (Research Analyst + Content Writer) and a safety policy with PII detection and approval gates.

Step 2: Review the Safety Policy

Open config/safety.yaml:

version: v1
default_decision: deny

rules:
- id: allow-crew-tasks
match:
topics: ["job.default"]
decision: allow

input_rules:
- id: deny-pii-input
severity: high
match:
topics: ["job.default"]
scanners: ["pii"]
decision: deny
reason: "Input contains PII — redact before submitting"

- id: require-approval-sensitive
severity: high
match:
topics: ["job.default"]
keywords: ["delete production", "drop table", "admin access"]
decision: require_approval
reason: "Task involves sensitive operations — human approval required"

Three safety gates:

  1. PII gate — Denies jobs containing SSNs or credit card numbers
  2. Approval gate — Holds jobs with sensitive keywords for human approval
  3. Default allow — Clean jobs on job.default pass through to your crew

Step 3: Start the Stack

docker compose up -d
docker compose ps # Wait for all services to be healthy

Step 4: Submit a Clean Job (Allowed)

curl -s --cacert ./certs/ca/ca.crt https://localhost:8081/api/v1/jobs \
-H "Content-Type: application/json" \
-H "X-API-Key: $CORDUM_API_KEY" \
-H "X-Tenant-ID: default" \
-d '{
"topic": "job.default",
"input": {"prompt": "Research best practices for container security"}
}' | jq .

Expected response — job submission is asynchronous, so an allowed job is accepted (not run inline). The gateway returns a job id you poll for the result:

{
"job_id": "job-001",
"trace_id": "b1c2d3e4..."
}

Poll GET /api/v1/jobs/{job_id} until the status is terminal; the crew result (summary, agents used, etc.) lands in the job result payload your worker writes, not in this submit response.

Step 5: Trigger the PII Gate (Denied)

curl -s --cacert ./certs/ca/ca.crt https://localhost:8081/api/v1/jobs \
-H "Content-Type: application/json" \
-H "X-API-Key: $CORDUM_API_KEY" \
-H "X-Tenant-ID: default" \
-d '{
"topic": "job.default",
"input": {"prompt": "Summarize account for SSN 123-45-6789"}
}' | jq .

Expected response — a submit-time deny short-circuits to a denied result:

{
"job_id": "job-002",
"status": "JOB_STATUS_DENIED",
"error": {"message": "Input contains PII — redact before submitting"}
}

Your crew never saw the SSN. The Safety Kernel blocked it at the gate.

Step 6: Trigger the Approval Gate (Held for Review)

curl -s --cacert ./certs/ca/ca.crt https://localhost:8081/api/v1/jobs \
-H "Content-Type: application/json" \
-H "X-API-Key: $CORDUM_API_KEY" \
-H "X-Tenant-ID: default" \
-d '{
"topic": "job.default",
"input": {"prompt": "Review procedure to delete production database backups"}
}' | jq .

Expected response:

{
"job_id": "job-003",
"status": "approval_required",
"reason": "Task involves sensitive operations — human approval required"
}

The job is held. Your crew won't process it until a human approves:

# Approve the job via CLI
cordumctl approval job job-003 --approve

# Or reject it
cordumctl approval job job-003 --reject

You can also approve/reject from the Cordum dashboard at http://localhost:8082 under Approvals.

Step 7: View the Audit Trail

Open the dashboard and navigate to the Audit page:

TimeJob IDDecisionRuleReason
nowjob-003REQUIRE_APPROVALrequire-approval-sensitiveSensitive operation
nowjob-002DENYdeny-pii-inputPII detected
nowjob-001ALLOWallow-crew-tasks

Every decision is auditable — who submitted, what was decided, which rule matched, and why.

What You Get Without Changing Crew Code

ConcernHandled byYour crew code
PII in inputSafety Kernel scannerUnchanged
Sensitive operationsApproval gateUnchanged
Audit trailCordum platformUnchanged
Output redactionOutput policy (opt-in)Unchanged

Your crew.py stays focused on business logic. Governance is a platform concern.

Next Steps

  • Output scanning: Add output_policy.enabled: true to scan crew responses for sensitive data
  • Custom keywords: Add your own keywords to the approval gate (e.g., "transfer funds", "modify permissions")
  • Multi-tenant: Configure per-tenant policies for different security postures
  • See the Output Safety docs for output policy reference
  • Try the AutoGen tutorial for multi-agent governance