andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-04-14 15:02:37 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
Files
31c174e1a4bbefbb841d9c029b3d12d8f1722825
crewAI/lib
History
Devin AI 31c174e1a4 feat: add governance policy framework for ungoverned call sites (OWASP Agentic Top 10) 
Addresses issue #5280 - Security audit identified 266 ungoverned call sites
that could benefit from governance checks per OWASP Agentic Top 10 standards.

Changes:
- Add security/governance.py with SubprocessPolicy, HttpPolicy, ToolPolicy,
  GovernanceConfig classes supporting allowlist/blocklist and custom validators
- Integrate governance into SecurityConfig for crew-level configuration
- Add subprocess governance check in agent _validate_docker_installation
- Add tool governance checks in execute_tool_and_check_finality (sync/async)
- Add tool governance checks in crew_agent_executor native tool call path
- Export governance types from security module
- Add 42 comprehensive tests covering all policy types and integration points

Governance is permissive by default (allows all) to maintain backward
compatibility. Users can configure policies to restrict operations.

Co-Authored-By: João <joao@crewai.com>
2026-04-05 06:05:21 +00:00
..
crewai
feat: add governance policy framework for ungoverned call sites (OWASP Agentic Top 10)
2026-04-05 06:05:21 +00:00
crewai-files
chore: add exclude-newer = 3 days to all pyproject.toml files
2026-04-04 02:02:58 +08:00
crewai-tools
chore: add exclude-newer = 3 days to all pyproject.toml files
2026-04-04 02:02:58 +08:00
devtools
chore: add exclude-newer = 3 days to all pyproject.toml files
2026-04-04 02:02:58 +08:00