Using TameFlare with CrewAI: Govern Multi-Agent Workflows

Why CrewAI agents need governance

CrewAI is the fastest-growing multi-agent orchestration framework. It lets you define agents with roles, goals, and tools, then compose them into crews that collaborate on complex tasks.

But CrewAI has no built-in security layer. When a CrewAI agent calls a tool, the HTTP request goes directly to the upstream API with whatever credentials are in the environment. There is no policy check, no approval workflow, no audit trail.

This is especially risky with multi-agent workflows because:

Agents delegate to other agents. A research agent might trigger a deployment agent, which calls production APIs. The chain of delegation has no access control.

Tool calls are non-deterministic. The same crew can make different API calls on different runs. You cannot predict which tools will be used.

Credentials are shared. All agents in a crew share the same environment variables. A compromised research agent can use the deployment agent's API keys.

How TameFlare works with CrewAI

TameFlare is a transparent HTTP/HTTPS proxy. You wrap your CrewAI process with tf run, and all outbound traffic is routed through the proxy. No code changes required.

# Before: CrewAI crew runs with full access
python my_crew.py

# After: CrewAI crew runs through TameFlare proxy
tf run -- "crewai-prod" python my_crew.py

When you run your crew with tf run, TameFlare sets HTTP_PROXY and HTTPS_PROXY environment variables. Python's requests library (which CrewAI uses internally for tool calls) automatically routes all traffic through the proxy.

Step-by-step setup

1. Install TameFlare CLI

npm install -g @tameflare/cli
tf init

2. Add connectors for the APIs your crew uses

tf connector add (now configured in dashboard) github --token-env GITHUB_TOKEN
tf connector add (now configured in dashboard) openai --token-env OPENAI_API_KEY
tf connector add (now configured in dashboard) slack --token-env SLACK_BOT_TOKEN

3. Set permissions

# Allow the crew to create GitHub issues and PRs
tf permissions set --gateway "crewai-prod" --connector github \
    --action "github.issue.*" --decision allow
tf permissions set --gateway "crewai-prod" --connector github \
    --action "github.pr.create" --decision allow

# Block branch deletion and require approval for merges
tf permissions set --gateway "crewai-prod" --connector github \
    --action "github.branch.delete" --decision deny
tf permissions set --gateway "crewai-prod" --connector github \
    --action "github.pr.merge" --decision require_approval

# Allow all OpenAI calls (LLM inference)
tf permissions set --gateway "crewai-prod" --connector openai \
    --action "*" --decision allow

# Allow Slack messages but require approval for channel-wide broadcasts
tf permissions set --gateway "crewai-prod" --connector slack \
    --action "slack.chat.postMessage" --decision allow

4. Run your CrewAI workflow

tf run -- "crewai-prod" python my_crew.py

Example: governed research + deployment crew

Here is a typical CrewAI setup with a researcher and a deployer:

from crewai import Agent, Task, Crew

researcher = Agent(
    role="Security Researcher",
    goal="Analyze GitHub repositories for vulnerabilities",
    tools=[github_search_tool, github_read_tool],
)

deployer = Agent(
    role="Deployment Manager",
    goal="Create PRs with security fixes",
    tools=[github_pr_tool, slack_notify_tool],
)

research_task = Task(
    description="Find repos with outdated dependencies",
    agent=researcher,
)

deploy_task = Task(
    description="Create PRs to update vulnerable packages",
    agent=deployer,
)

crew = Crew(
    agents=[researcher, deployer],
    tasks=[research_task, deploy_task],
)

crew.kickoff()

Without TameFlare: Both agents have full access to GitHub and Slack. The researcher could accidentally (or maliciously, via prompt injection) delete branches or merge PRs. The deployer could send mass Slack messages. With TameFlare: Run with tf run -- "crewai-prod" python my_crew.py. Now:

The researcher can only read repos and search (read-only GitHub actions are allowed)

The deployer can create PRs but cannot merge them without human approval

Neither agent can delete branches (hard deny)

All API calls are logged with the gateway name, action type, and decision

Multi-gateway pattern for CrewAI

For stricter isolation, run each agent type through a separate gateway:

import subprocess

# Research agent: read-only GitHub access
subprocess.Popen([
    "tf", "run", "--gateway", "researcher",
    "python", "research_agent.py"
])

# Deployer agent: write GitHub access, requires approval for merges
subprocess.Popen([
    "tf", "run", "--gateway", "deployer",
    "python", "deploy_agent.py"
])

Each gateway has its own permissions, audit trail, and kill switch.

Monitoring your crew

# Live traffic from all gateways
tf logs

# Filter by gateway
tf logs --gateway "crewai-prod"

# Pending approvals (e.g., PR merge requests)
tf approvals list
tf approvals approve <id>

Or open the dashboard for a real-time view with filters, search, and CSV export.

Getting started

1. Create a free account - 3 gateways, 1,000 actions/month
2. Install the CLI: npm install -g @tameflare/cli
3. Add connectors for the APIs your crew uses
4. Set permissions per gateway
5. Run your crew: tf run -- "my-crew" python crew.py

Zero code changes. Under 5 minutes to set up. Works with any CrewAI version.