mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-05-21 08:58:12 +00:00
Compare commits
2 Commits
docs/conve
...
docs/add-v
| Author | SHA1 | Date | |
|---|---|---|---|
|
f990a05fc0 | ||
|
|
e0887276c3 |
13
.github/workflows/docs-broken-links.yml
vendored
13
.github/workflows/docs-broken-links.yml
vendored
@@ -4,13 +4,13 @@ on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "docs/**"
|
||||
- "docs/docs.json"
|
||||
- "docs.json"
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "docs/**"
|
||||
- "docs/docs.json"
|
||||
- "docs.json"
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
@@ -25,12 +25,11 @@ jobs:
|
||||
with:
|
||||
node-version: "22"
|
||||
|
||||
- name: Install libsecret for Mintlify CLI
|
||||
run: sudo apt-get update && sudo apt-get install -y libsecret-1-0
|
||||
|
||||
- name: Install Mintlify CLI
|
||||
run: npm install -g mint@latest
|
||||
run: npm i -g mintlify
|
||||
|
||||
- name: Run broken link checker
|
||||
run: |
|
||||
# Auto-answer the prompt with yes command
|
||||
yes "" | mintlify broken-links || test $? -eq 141
|
||||
working-directory: ./docs
|
||||
run: mint broken-links
|
||||
|
||||
@@ -139,7 +139,19 @@ mode: "wide"
|
||||
- **الالتزام بمواصفات ترخيص MCP**: إذا كنت تنفذ المصادقة والترخيص، اتبع بدقة [مواصفات ترخيص MCP](https://modelcontextprotocol.io/specification/draft/basic/authorization).
|
||||
- **تدقيقات أمنية منتظمة**: إذا كان خادم MCP يتعامل مع بيانات حساسة، فكر في إجراء تدقيقات أمنية دورية.
|
||||
|
||||
## 5. قراءة إضافية
|
||||
## 5. الإبلاغ عن الثغرات الأمنية
|
||||
|
||||
إذا اكتشفت ثغرة أمنية في CrewAI، يرجى الإبلاغ عنها بشكل مسؤول من خلال برنامج الكشف عن الثغرات (VDP) الخاص بنا على Bugcrowd:
|
||||
|
||||
**أرسل التقارير إلى:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
|
||||
|
||||
<Warning>
|
||||
**لا تكشف** عن الثغرات عبر issues العامة على GitHub أو pull requests أو وسائل التواصل الاجتماعي. لن تتم مراجعة التقارير المقدمة عبر قنوات غير Bugcrowd.
|
||||
</Warning>
|
||||
|
||||
لمزيد من التفاصيل، راجع [سياسة الأمان](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md) الخاصة بنا.
|
||||
|
||||
## 6. قراءة إضافية
|
||||
|
||||
لمزيد من المعلومات التفصيلية حول أمان MCP، راجع التوثيق الرسمي:
|
||||
- **[أمان نقل MCP](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**
|
||||
|
||||
22
docs/ar/security.mdx
Normal file
22
docs/ar/security.mdx
Normal file
@@ -0,0 +1,22 @@
|
||||
---
|
||||
title: سياسة الأمان
|
||||
description: تعرف على كيفية الإبلاغ عن الثغرات الأمنية وممارسات الأمان في CrewAI.
|
||||
icon: shield
|
||||
mode: "wide"
|
||||
---
|
||||
|
||||
## الإبلاغ عن الثغرات الأمنية
|
||||
|
||||
إذا اكتشفت ثغرة أمنية في CrewAI، يرجى الإبلاغ عنها بشكل مسؤول من خلال برنامج الكشف عن الثغرات (VDP) الخاص بنا على Bugcrowd:
|
||||
|
||||
**أرسل التقارير إلى:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
|
||||
|
||||
<Warning>
|
||||
**لا تكشف** عن الثغرات عبر issues العامة على GitHub أو pull requests أو وسائل التواصل الاجتماعي. لن تتم مراجعة التقارير المقدمة عبر قنوات غير Bugcrowd.
|
||||
</Warning>
|
||||
|
||||
لمزيد من التفاصيل، راجع [سياسة الأمان على GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
|
||||
|
||||
## موارد الأمان
|
||||
|
||||
- **[اعتبارات أمان MCP](/ar/mcp/security)** — أفضل الممارسات لدمج خوادم MCP بأمان مع وكلاء CrewAI، بما في ذلك أمان النقل ومخاطر حقن الأوامر ونصائح تنفيذ الخادم.
|
||||
170
docs/docs.json
170
docs/docs.json
@@ -369,6 +369,12 @@
|
||||
"pages": [
|
||||
"en/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Security",
|
||||
"pages": [
|
||||
"en/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -839,6 +845,12 @@
|
||||
"pages": [
|
||||
"en/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Security",
|
||||
"pages": [
|
||||
"en/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -1308,6 +1320,12 @@
|
||||
"pages": [
|
||||
"en/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Security",
|
||||
"pages": [
|
||||
"en/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -1777,6 +1795,12 @@
|
||||
"pages": [
|
||||
"en/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Security",
|
||||
"pages": [
|
||||
"en/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -2247,6 +2271,12 @@
|
||||
"pages": [
|
||||
"en/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Security",
|
||||
"pages": [
|
||||
"en/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -2715,6 +2745,12 @@
|
||||
"pages": [
|
||||
"en/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Security",
|
||||
"pages": [
|
||||
"en/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -3186,6 +3222,12 @@
|
||||
"pages": [
|
||||
"en/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Security",
|
||||
"pages": [
|
||||
"en/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -3671,6 +3713,12 @@
|
||||
"pages": [
|
||||
"pt-BR/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Segurança",
|
||||
"pages": [
|
||||
"pt-BR/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -4125,6 +4173,12 @@
|
||||
"pages": [
|
||||
"pt-BR/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Segurança",
|
||||
"pages": [
|
||||
"pt-BR/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -4579,6 +4633,12 @@
|
||||
"pages": [
|
||||
"pt-BR/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Segurança",
|
||||
"pages": [
|
||||
"pt-BR/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -5033,6 +5093,12 @@
|
||||
"pages": [
|
||||
"pt-BR/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Segurança",
|
||||
"pages": [
|
||||
"pt-BR/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -5486,6 +5552,12 @@
|
||||
"pages": [
|
||||
"pt-BR/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Segurança",
|
||||
"pages": [
|
||||
"pt-BR/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -5939,6 +6011,12 @@
|
||||
"pages": [
|
||||
"pt-BR/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Segurança",
|
||||
"pages": [
|
||||
"pt-BR/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -6393,6 +6471,12 @@
|
||||
"pages": [
|
||||
"pt-BR/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Segurança",
|
||||
"pages": [
|
||||
"pt-BR/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -6890,6 +6974,12 @@
|
||||
"pages": [
|
||||
"ko/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "보안",
|
||||
"pages": [
|
||||
"ko/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -7356,6 +7446,12 @@
|
||||
"pages": [
|
||||
"ko/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "보안",
|
||||
"pages": [
|
||||
"ko/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -7822,6 +7918,12 @@
|
||||
"pages": [
|
||||
"ko/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "보안",
|
||||
"pages": [
|
||||
"ko/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -8288,6 +8390,12 @@
|
||||
"pages": [
|
||||
"ko/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "보안",
|
||||
"pages": [
|
||||
"ko/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -8753,6 +8861,12 @@
|
||||
"pages": [
|
||||
"ko/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "보안",
|
||||
"pages": [
|
||||
"ko/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -9218,6 +9332,12 @@
|
||||
"pages": [
|
||||
"ko/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "보안",
|
||||
"pages": [
|
||||
"ko/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -9684,6 +9804,12 @@
|
||||
"pages": [
|
||||
"ko/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "보안",
|
||||
"pages": [
|
||||
"ko/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -10181,6 +10307,12 @@
|
||||
"pages": [
|
||||
"ar/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "الأمان",
|
||||
"pages": [
|
||||
"ar/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -10647,6 +10779,12 @@
|
||||
"pages": [
|
||||
"ar/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "الأمان",
|
||||
"pages": [
|
||||
"ar/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -11113,6 +11251,12 @@
|
||||
"pages": [
|
||||
"ar/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "الأمان",
|
||||
"pages": [
|
||||
"ar/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -11579,6 +11723,12 @@
|
||||
"pages": [
|
||||
"ar/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "الأمان",
|
||||
"pages": [
|
||||
"ar/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -12044,6 +12194,12 @@
|
||||
"pages": [
|
||||
"ar/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "الأمان",
|
||||
"pages": [
|
||||
"ar/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -12509,6 +12665,12 @@
|
||||
"pages": [
|
||||
"ar/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "الأمان",
|
||||
"pages": [
|
||||
"ar/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -12975,6 +13137,12 @@
|
||||
"pages": [
|
||||
"ar/telemetry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "الأمان",
|
||||
"pages": [
|
||||
"ar/security"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -13291,4 +13459,4 @@
|
||||
"reddit": "https://www.reddit.com/r/crewAIInc/"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -572,176 +572,6 @@ The `third_method` and `fourth_method` listen to the output of the `second_metho
|
||||
|
||||
When you run this Flow, the output will change based on the random boolean value generated by the `start_method`.
|
||||
|
||||
### Conversational Flows (User Input)
|
||||
|
||||
The `self.ask()` method pauses flow execution to request input from a user inline, then returns their response as a string. This enables conversational, interactive flows where the AI can gather information, ask clarifying questions, or request approvals during execution.
|
||||
|
||||
#### Basic Usage
|
||||
|
||||
```python Code
|
||||
from crewai.flow.flow import Flow, start, listen
|
||||
|
||||
class GreetingFlow(Flow):
|
||||
@start()
|
||||
def greet(self):
|
||||
name = self.ask("What's your name?")
|
||||
self.state["name"] = name
|
||||
|
||||
@listen(greet)
|
||||
def welcome(self):
|
||||
print(f"Welcome, {self.state['name']}!")
|
||||
|
||||
flow = GreetingFlow()
|
||||
flow.kickoff()
|
||||
```
|
||||
|
||||
By default, `self.ask()` uses a `ConsoleProvider` that prompts via Python's built-in `input()`.
|
||||
|
||||
#### Multiple Asks in One Method
|
||||
|
||||
You can call `self.ask()` multiple times within a single method to gather several inputs:
|
||||
|
||||
```python Code
|
||||
from crewai.flow.flow import Flow, start
|
||||
|
||||
class OnboardingFlow(Flow):
|
||||
@start()
|
||||
def collect_info(self):
|
||||
name = self.ask("What's your name?")
|
||||
role = self.ask("What's your role?")
|
||||
team = self.ask("Which team are you joining?")
|
||||
self.state["profile"] = {"name": name, "role": role, "team": team}
|
||||
print(f"Welcome {name}, {role} on {team}!")
|
||||
|
||||
flow = OnboardingFlow()
|
||||
flow.kickoff()
|
||||
```
|
||||
|
||||
#### Timeout Support
|
||||
|
||||
Pass `timeout=` (in seconds) to avoid blocking indefinitely. If the user doesn't respond in time, `self.ask()` returns `None`:
|
||||
|
||||
```python Code
|
||||
from crewai.flow.flow import Flow, start
|
||||
|
||||
class ApprovalFlow(Flow):
|
||||
@start()
|
||||
def request_approval(self):
|
||||
response = self.ask("Approve deployment? (yes/no)", timeout=120)
|
||||
|
||||
if response is None:
|
||||
print("No response received — timed out.")
|
||||
self.state["approved"] = False
|
||||
return
|
||||
|
||||
self.state["approved"] = response.strip().lower() == "yes"
|
||||
```
|
||||
|
||||
Use a `while` loop to retry on timeout:
|
||||
|
||||
```python Code
|
||||
from crewai.flow.flow import Flow, start
|
||||
|
||||
class RetryFlow(Flow):
|
||||
@start()
|
||||
def ask_with_retry(self):
|
||||
answer = None
|
||||
while answer is None:
|
||||
answer = self.ask("Please confirm (yes/no):", timeout=60)
|
||||
if answer is None:
|
||||
print("Timed out, asking again...")
|
||||
self.state["confirmed"] = answer.strip().lower() == "yes"
|
||||
```
|
||||
|
||||
#### Metadata Support
|
||||
|
||||
The `metadata` parameter enables bidirectional context passing between the flow and the input provider. Send context to the provider, and receive structured context back:
|
||||
|
||||
```python Code
|
||||
from crewai.flow.flow import Flow, start
|
||||
|
||||
class ContextualFlow(Flow):
|
||||
@start()
|
||||
def gather_feedback(self):
|
||||
response = self.ask(
|
||||
"Rate this output (1-5):",
|
||||
metadata={
|
||||
"step": "quality_review",
|
||||
"output_id": "abc-123",
|
||||
"options": ["1", "2", "3", "4", "5"],
|
||||
},
|
||||
)
|
||||
self.state["rating"] = int(response) if response else None
|
||||
```
|
||||
|
||||
When a custom provider returns an `InputResponse`, it can include its own metadata (e.g., user identity, timestamp, channel info) that your flow can process.
|
||||
|
||||
#### Custom InputProvider
|
||||
|
||||
For production use cases (Slack bots, web UIs, webhooks), implement the `InputProvider` protocol:
|
||||
|
||||
```python Code
|
||||
from crewai.flow.flow import Flow, start
|
||||
from crewai.flow.input_provider import InputProvider, InputResponse
|
||||
import requests
|
||||
|
||||
class SlackInputProvider(InputProvider):
|
||||
def __init__(self, channel_id: str, bot_token: str):
|
||||
self.channel_id = channel_id
|
||||
self.bot_token = bot_token
|
||||
|
||||
def request_input(self, message, flow, metadata=None):
|
||||
# Post the question to Slack
|
||||
requests.post(
|
||||
"https://slack.com/api/chat.postMessage",
|
||||
headers={"Authorization": f"Bearer {self.bot_token}"},
|
||||
json={"channel": self.channel_id, "text": message},
|
||||
)
|
||||
# Wait for and return the user's reply (simplified)
|
||||
reply = self.poll_for_reply()
|
||||
return InputResponse(
|
||||
value=reply["text"],
|
||||
metadata={"user": reply["user"], "ts": reply["ts"]},
|
||||
)
|
||||
|
||||
def poll_for_reply(self):
|
||||
# Your implementation to wait for a Slack reply
|
||||
...
|
||||
|
||||
# Use the custom provider
|
||||
flow = Flow(input_provider=SlackInputProvider(
|
||||
channel_id="C01ABC123",
|
||||
bot_token="xoxb-...",
|
||||
))
|
||||
flow.kickoff()
|
||||
```
|
||||
|
||||
The `request_input` method can return:
|
||||
- A **string** — used directly as the user's response
|
||||
- An **`InputResponse`** — includes `value` (the response string) and optional `metadata`
|
||||
- **`None`** — treated as a timeout / no response
|
||||
|
||||
#### Auto-Checkpoint Behavior
|
||||
|
||||
<Note>
|
||||
When persistence is configured, the flow state is automatically saved **before** each `self.ask()` call. If the process restarts while waiting for input, the flow can resume from the checkpoint without losing progress.
|
||||
</Note>
|
||||
|
||||
#### `self.ask()` vs `@human_feedback`
|
||||
|
||||
| | `self.ask()` | `@human_feedback` |
|
||||
|---|---|---|
|
||||
| **Purpose** | Inline user input during execution | Approval gates and review feedback |
|
||||
| **Returns** | `str \| None` | `HumanFeedbackResult` with structured fields |
|
||||
| **Timeout** | Built-in `timeout=` parameter | Not built-in |
|
||||
| **Provider** | Pluggable `InputProvider` protocol | Console-based |
|
||||
| **Use when** | Gathering data, clarifications, confirmations | Review/approval workflows with structured feedback |
|
||||
| **Decorator** | None — call `self.ask()` anywhere | `@human_feedback` on the method |
|
||||
|
||||
<Note>
|
||||
Both features coexist — you can use `self.ask()` and `@human_feedback` in the same flow. Use `self.ask()` for inline data gathering and `@human_feedback` for structured review gates.
|
||||
</Note>
|
||||
|
||||
### Human in the Loop (human feedback)
|
||||
|
||||
<Note>
|
||||
|
||||
@@ -156,7 +156,19 @@ If you are developing an MCP server that CrewAI agents might connect to, conside
|
||||
- **Adherence to MCP Authorization Spec**: If implementing authentication and authorization, strictly follow the [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) and relevant [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700).
|
||||
- **Regular Security Audits**: If your MCP server handles sensitive data, performs critical operations, or is publicly exposed, consider periodic security audits by qualified professionals.
|
||||
|
||||
## 5. Further Reading
|
||||
## 5. Reporting Security Vulnerabilities
|
||||
|
||||
If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP):
|
||||
|
||||
**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
|
||||
|
||||
<Warning>
|
||||
**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed.
|
||||
</Warning>
|
||||
|
||||
For full details, see our [Security Policy](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
|
||||
|
||||
## 6. Further Reading
|
||||
|
||||
For more detailed information on MCP security, refer to the official documentation:
|
||||
- **[MCP Transport Security](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**
|
||||
|
||||
22
docs/en/security.mdx
Normal file
22
docs/en/security.mdx
Normal file
@@ -0,0 +1,22 @@
|
||||
---
|
||||
title: Security Policy
|
||||
description: Learn how to report security vulnerabilities and about CrewAI's security practices.
|
||||
icon: shield
|
||||
mode: "wide"
|
||||
---
|
||||
|
||||
## Reporting Security Vulnerabilities
|
||||
|
||||
If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP):
|
||||
|
||||
**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
|
||||
|
||||
<Warning>
|
||||
**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed.
|
||||
</Warning>
|
||||
|
||||
For full details, see our [Security Policy on GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
|
||||
|
||||
## Security Resources
|
||||
|
||||
- **[MCP Security Considerations](/en/mcp/security)** — Best practices for securely integrating MCP servers with your CrewAI agents, including transport security, prompt injection risks, and server implementation advice.
|
||||
@@ -156,7 +156,19 @@ CrewAI 에이전트가 연결할 수 있는 MCP 서버를 개발하고 있다면
|
||||
- **MCP 인증 사양 준수**: 인증 및 권한 부여를 구현할 경우, [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) 및 관련 [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700)를 엄격히 준수하세요.
|
||||
- **정기적인 보안 감사**: MCP 서버가 민감한 데이터를 처리하거나, 중요한 작업을 수행하거나, 대외적으로 노출된 경우 자격을 갖춘 전문가의 정기적인 보안 감사를 고려하세요.
|
||||
|
||||
## 5. 추가 참고 자료
|
||||
## 5. 보안 취약점 보고
|
||||
|
||||
CrewAI에서 보안 취약점을 발견하셨다면, Bugcrowd 취약점 공개 프로그램(VDP)을 통해 책임감 있게 보고해 주세요:
|
||||
|
||||
**보고서 제출:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
|
||||
|
||||
<Warning>
|
||||
공개 GitHub 이슈, 풀 리퀘스트 또는 소셜 미디어를 통해 취약점을 공개하지 **마세요**. Bugcrowd 이외의 채널로 제출된 보고서는 검토되지 않습니다.
|
||||
</Warning>
|
||||
|
||||
자세한 내용은 [보안 정책](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md)을 참조하세요.
|
||||
|
||||
## 6. 추가 참고 자료
|
||||
|
||||
MCP 보안에 대한 자세한 내용은 공식 문서를 참고하세요:
|
||||
- **[MCP 전송 보안](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**
|
||||
|
||||
22
docs/ko/security.mdx
Normal file
22
docs/ko/security.mdx
Normal file
@@ -0,0 +1,22 @@
|
||||
---
|
||||
title: 보안 정책
|
||||
description: CrewAI의 보안 취약점 보고 방법과 보안 관행에 대해 알아보세요.
|
||||
icon: shield
|
||||
mode: "wide"
|
||||
---
|
||||
|
||||
## 보안 취약점 보고
|
||||
|
||||
CrewAI에서 보안 취약점을 발견하셨다면, Bugcrowd 취약점 공개 프로그램(VDP)을 통해 책임감 있게 보고해 주세요:
|
||||
|
||||
**보고서 제출:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
|
||||
|
||||
<Warning>
|
||||
공개 GitHub 이슈, 풀 리퀘스트 또는 소셜 미디어를 통해 취약점을 공개하지 **마세요**. Bugcrowd 이외의 채널로 제출된 보고서는 검토되지 않습니다.
|
||||
</Warning>
|
||||
|
||||
자세한 내용은 [GitHub 보안 정책](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md)을 참조하세요.
|
||||
|
||||
## 보안 리소스
|
||||
|
||||
- **[MCP 보안 고려사항](/ko/mcp/security)** — MCP 서버를 CrewAI 에이전트와 안전하게 통합하기 위한 모범 사례로, 전송 보안, 프롬프트 인젝션 위험 및 서버 구현 권장 사항을 포함합니다.
|
||||
@@ -156,7 +156,19 @@ Se você está desenvolvendo um servidor MCP ao qual agentes CrewAI possam se co
|
||||
- **Aderência à Especificação de Autorização MCP**: Caso implemente autenticação e autorização, siga estritamente a [especificação de autorização MCP](https://modelcontextprotocol.io/specification/draft/basic/authorization) e as [melhores práticas de segurança OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc9700) relevantes.
|
||||
- **Auditorias de Segurança Regulares**: Caso seu servidor MCP manipule dados sensíveis, realize operações críticas ou seja exposto publicamente, considere auditorias de segurança periódicas conduzidas por profissionais qualificados.
|
||||
|
||||
## 5. Leituras Adicionais
|
||||
## 5. Reportando Vulnerabilidades de Segurança
|
||||
|
||||
Se você descobrir uma vulnerabilidade de segurança no CrewAI, por favor reporte de forma responsável através do nosso Programa de Divulgação de Vulnerabilidades (VDP) no Bugcrowd:
|
||||
|
||||
**Envie relatórios para:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
|
||||
|
||||
<Warning>
|
||||
**Não** divulgue vulnerabilidades por meio de issues públicas no GitHub, pull requests ou redes sociais. Relatórios enviados por outros canais que não o Bugcrowd não serão analisados.
|
||||
</Warning>
|
||||
|
||||
Para mais detalhes, consulte nossa [Política de Segurança](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
|
||||
|
||||
## 6. Leituras Adicionais
|
||||
|
||||
Para informações mais detalhadas sobre segurança MCP, consulte a documentação oficial:
|
||||
- **[Segurança de Transporte MCP](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**
|
||||
|
||||
22
docs/pt-BR/security.mdx
Normal file
22
docs/pt-BR/security.mdx
Normal file
@@ -0,0 +1,22 @@
|
||||
---
|
||||
title: Política de Segurança
|
||||
description: Saiba como reportar vulnerabilidades de segurança e sobre as práticas de segurança do CrewAI.
|
||||
icon: shield
|
||||
mode: "wide"
|
||||
---
|
||||
|
||||
## Reportando Vulnerabilidades de Segurança
|
||||
|
||||
Se você descobrir uma vulnerabilidade de segurança no CrewAI, por favor reporte de forma responsável através do nosso Programa de Divulgação de Vulnerabilidades (VDP) no Bugcrowd:
|
||||
|
||||
**Envie relatórios para:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
|
||||
|
||||
<Warning>
|
||||
**Não** divulgue vulnerabilidades por meio de issues públicas no GitHub, pull requests ou redes sociais. Relatórios enviados por outros canais que não o Bugcrowd não serão analisados.
|
||||
</Warning>
|
||||
|
||||
Para mais detalhes, consulte nossa [Política de Segurança no GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
|
||||
|
||||
## Recursos de Segurança
|
||||
|
||||
- **[Considerações de Segurança MCP](/pt-BR/mcp/security)** — Melhores práticas para integrar servidores MCP com segurança aos seus agentes CrewAI, incluindo segurança de transporte, riscos de injeção de prompt e conselhos de implementação de servidor.
|
||||
Reference in New Issue
Block a user