CrewAI Agent Guardrails with Veto

Role-based authorization for multi-agent systems. Each crew member operates within defined boundaries, preventing unauthorized actions across your agent teams.

CrewAI guardrailsCrewAI agent authorizationCrewAI security

Multi-agent systems need multi-layered authorization

CrewAI orchestrates teams of specialized agents working together on complex tasks. Each agent has a role, a goal, and access to specific tools. But without authorization, any agent can potentially access any tool or perform any action, regardless of its role.

Veto adds a runtime authorization layer that enforces role-based policies for each crew member. Your Researcher agent can't delete files. Your Writer agent can't make API calls. Your Manager agent can approve transactions but only under certain conditions. Authorization becomes part of the crew definition.

Integration

Wrap your CrewAI tools with Veto's Python SDK. The agent remains unaware of the authorization layer. Policies are evaluated at runtime before each tool execution.

crewai_guardrails.py

from crewai import Agent, Task, Crew, Tool
from veto import VetoClient

# Initialize Veto client
veto = VetoClient(api_key="veto_live_xxx")

# Wrap tools with authorization
@veto.guard(
    policy="file_operations",
    agent_role="researcher"  # Context passed to policy
)
def read_documents(query: str) -> str:
    """Read documents from the knowledge base."""
    return document_store.search(query)

@veto.guard(
    policy="api_calls",
    agent_role="writer"
)
def publish_content(content: str) -> dict:
    """Publish content to external platforms."""
    return api_client.publish(content)

# Define agents with wrapped tools
researcher = Agent(
    role="Researcher",
    goal="Find and analyze relevant information",
    tools=[Tool(name="read_documents", func=read_documents)],
    backstory="Expert at finding accurate information"
)

writer = Agent(
    role="Writer",
    goal="Create engaging content based on research",
    tools=[Tool(name="publish_content", func=publish_content)],
    backstory="Skilled at crafting compelling narratives"
)

# Create and run the crew
crew = Crew(
    agents=[researcher, writer],
    tasks=[...],
    verbose=True
)

result = crew.kickoff()

Role-specific policies

Define authorization rules based on agent roles. Each crew member operates within their designated boundaries, preventing cross-role tool access.

veto-policy.yaml

# Role-based policies for CrewAI agents
policies:
  file_operations:
    description: "File system access controls"
    rules:
      - name: "researcher_read_only"
        condition:
          agent_role: "researcher"
        allow:
          actions: ["read"]
        deny:
          actions: ["write", "delete"]
          paths: ["/etc/*", "/.env*"]

      - name: "manager_full_access"
        condition:
          agent_role: "manager"
        allow:
          actions: ["read", "write"]
        deny:
          actions: ["delete"]
          paths: ["/production/*"]

  api_calls:
    description: "External API access controls"
    rules:
      - name: "writer_limited_publish"
        condition:
          agent_role: "writer"
        allow:
          endpoints: ["api.example.com/publish"]
          methods: ["POST"]
        deny:
          endpoints: ["api.example.com/delete", "api.example.com/admin/*"]

      - name: "researcher_no_external"
        condition:
          agent_role: "researcher"
        deny:
          endpoints: ["*"]

  financial:
    description: "Transaction and payment controls"
    rules:
      - name: "manager_approval_required"
        condition:
          agent_role: "manager"
          amount: {greater_than: 1000}
        require_approval: true

      - name: "accountant_limited"
        condition:
          agent_role: "accountant"
        allow:
          actions: ["read", "create"]
        deny:
          actions: ["delete"]

How it works

Agent Context

Each tool call includes agent role, task context, and crew metadata for policy evaluation.

Policy Engine

Rules evaluate agent role, tool arguments, and conditions before execution.

Enforcement

Allow, deny, or route to human approval. All decisions logged with full context.

Advanced multi-agent patterns

CrewAI supports hierarchical crews, sequential processes, and consensual tasks. Veto policies adapt to each pattern, enforcing authorization across complex agent interactions.

hierarchical_crew.py

from crewai import Agent, Task, Crew, Process
from veto import VetoClient, ApprovalRequest

veto = VetoClient(api_key="veto_live_xxx")

# Manager with approval workflow for high-value actions
@veto.guard(
    policy="manager_actions",
    on_deny="request_approval"  # Route to human approval
)
def approve_transaction(amount: float, recipient: str) -> dict:
    """Approve financial transactions."""
    return payment_service.process(amount, recipient)

# Hierarchical crew with manager
manager = Agent(
    role="Manager",
    goal="Oversee crew operations and approve critical decisions",
    tools=[Tool(name="approve_transaction", func=approve_transaction)],
    allow_delegation=True,
    backstory="Experienced team lead with approval authority"
)

workers = [
    Agent(role="Analyst", goal="Analyze data", tools=[...]),
    Agent(role="Executor", goal="Execute approved tasks", tools=[...]),
]

crew = Crew(
    agents=[manager, *workers],
    tasks=[...],
    process=Process.hierarchical,  # Manager delegates to workers
    manager_llm="gpt-4"
)

# Policies automatically apply based on delegating agent
result = crew.kickoff()

Frequently asked questions

How does Veto handle agent delegation in CrewAI?

When a manager agent delegates a task to a worker, Veto tracks the delegation chain. Policies can evaluate based on the delegating agent's role, not just the executing agent. This prevents privilege escalation through delegation.

Can I have different policies for the same tool across agents?

Yes. Policies evaluate the agent_role context passed with each tool call. The same read_documents tool can allow full access for researchers but restrict sensitive paths for writers. Each rule specifies which roles it applies to.

What happens when a tool call is denied?

The agent receives a configurable response explaining the denial. You can return an error message, a fallback value, or route to human approval. The agent can then adjust its approach or report the limitation to the user.

Does Veto add latency to crew execution?

Minimal impact. Policy evaluation happens in-process, typically under 10ms. The SDK runs locally with no network dependency for standard policies. Only human approval workflows require external coordination, and those are asynchronous.

Related integrations

AI Agent Guardrails

Core concepts and architecture for agent authorization

LangChain Integration

Guardrails for LangChain agents and chains

LangGraph Integration

State-based authorization for graph-based agents

Python SDK

Native Python SDK for AI agent authorization

Your crew, your rules. Authorization built for multi-agent systems.

Start free Read the docs