feat(tools): add SignatrustTool for AI Decision Receipts#6369
Open
abokenan444 wants to merge 3 commits into
Open
feat(tools): add SignatrustTool for AI Decision Receipts#6369abokenan444 wants to merge 3 commits into
abokenan444 wants to merge 3 commits into
Conversation
Add SignatrustTool, a BaseTool wrapper around the Signatrust REST API that lets CrewAI agents generate, verify, and retrieve cryptographically signed (Ed25519) AI Decision Receipts — tamper-evident records of agent decisions. - Self-contained tool (no extra runtime deps beyond 'requests') - Declares SIGNATRUST_API_KEY via EnvVar and 'requests' via package_dependencies - Registered in tools/__init__.py and root __init__.py - Regenerated tool.specs.json (single new entry) - 8 unit tests covering init, generate, verify, get, and error paths
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds a new ChangesSignatrustTool
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
lib/crewai-tools/tests/tools/signatrust_tool_test.py (1)
32-90: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winAdd regression coverage for
_arunand output ordering.The current suite only exercises
.run(), so the async path and deterministic-JSON contract can regress unnoticed. One async test plus one assertion on stable key ordering would lock both down.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@lib/crewai-tools/tests/tools/signatrust_tool_test.py` around lines 32 - 90, Add regression coverage in the Signatrust tool tests for the async path and deterministic JSON output: extend the existing `signatrust_tool` test suite so `_arun` is exercised alongside `run()`, and add an assertion that the serialized response preserves stable key ordering. Use the existing `test_generate`, `test_verify`, and `test_get` patterns in `signatrust_tool_test.py` to locate where to add the async test and the JSON-order check.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@lib/crewai-tools/src/crewai_tools/tools/signatrust_tool/signatrust_tool.py`:
- Line 202: The success payload serialization in SignatrustTool is
non-deterministic because json.dumps(result, ensure_ascii=False) preserves
upstream key order; update the return path in SignatrustTool so the serialized
response is stable across equivalent receipts by normalizing the data before
serialization and using a deterministic ordering strategy. Keep the fix local to
the method that returns result, and ensure the output remains valid JSON while
producing the same string for semantically identical payloads.
- Around line 206-208: The _arun method in SignaTrustTool is still calling the
blocking _run path directly, which stalls the event loop for async callers.
Update _arun in signatrust_tool to offload the synchronous _run call to a worker
thread or add a true async client implementation, keeping the async entrypoint
non-blocking while preserving the existing _run logic.
---
Nitpick comments:
In `@lib/crewai-tools/tests/tools/signatrust_tool_test.py`:
- Around line 32-90: Add regression coverage in the Signatrust tool tests for
the async path and deterministic JSON output: extend the existing
`signatrust_tool` test suite so `_arun` is exercised alongside `run()`, and add
an assertion that the serialized response preserves stable key ordering. Use the
existing `test_generate`, `test_verify`, and `test_get` patterns in
`signatrust_tool_test.py` to locate where to add the async test and the
JSON-order check.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 4bcb778a-651f-4827-8208-b7bdb4a5e30e
📒 Files selected for processing (7)
lib/crewai-tools/src/crewai_tools/__init__.pylib/crewai-tools/src/crewai_tools/tools/__init__.pylib/crewai-tools/src/crewai_tools/tools/signatrust_tool/README.mdlib/crewai-tools/src/crewai_tools/tools/signatrust_tool/__init__.pylib/crewai-tools/src/crewai_tools/tools/signatrust_tool/signatrust_tool.pylib/crewai-tools/tests/tools/signatrust_tool_test.pylib/crewai-tools/tool.specs.json
Addresses CodeRabbit review on PR crewAIInc#6369: - json.dumps(..., sort_keys=True) so equivalent receipts always serialize to the same string. - _arun now offloads _run to asyncio.to_thread instead of blocking the event loop. - Add regression tests for both behaviors.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@lib/crewai-tools/tests/tools/signatrust_tool_test.py`:
- Around line 95-112: The test for SignatrustTool._arun currently only checks
the returned payload and does not prove the blocking HTTP call is offloaded;
update test_arun_non_blocking to assert worker-thread execution or event-loop
responsiveness. Use the existing _arun and mock_post setup to capture the thread
identity inside the mocked request path, then verify it differs from the main
thread (or otherwise confirm the loop can keep running while the call is in
progress) so the test fails if _arun regresses to delegating directly to _run.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: dff9b606-c178-44cf-a72e-ae55b56ab158
📒 Files selected for processing (2)
lib/crewai-tools/src/crewai_tools/tools/signatrust_tool/signatrust_tool.pylib/crewai-tools/tests/tools/signatrust_tool_test.py
Address CodeRabbit review: prior test_arun_non_blocking only checked the payload and would pass even if _arun regressed to `return self._run(**kwargs)`. Capture threading.get_ident() inside the mock_post side_effect and assert it differs from the main thread id, proving the blocking HTTP call is dispatched via asyncio.to_thread.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR adds
SignatrustTool— a new tool that lets CrewAI agents generate, verify, and retrieve cryptographically signed AI Decision Receipts via Signatrust.Signatrust produces tamper-evident, Ed25519-signed receipts for decisions made by AI agents, enabling verifiable accountability and auditability of AI-assisted decisions (compliance reviews, approvals, financial actions, content moderation, etc.). By default only a SHA-256 hash of the decision payload is stored server-side, so the tool is privacy-first.
What's included
crewai_tools/tools/signatrust_tool/signatrust_tool.py— theSignatrustToolimplementationcrewai_tools/tools/signatrust_tool/README.md— usage docs and required env varstests/tools/signatrust_tool_test.py— 8 unit tests (no real network calls, all passing)crewai_tools/tools/__init__.pyandcrewai_tools/__init__.pytool.specs.jsonentry (generated viagenerate_tool_specs.py)Supported operations
generate— create a new signed Decision Receipt for an agent decisionverify— verify the cryptographic integrity of an existing receipt by idget— retrieve a stored receipt by idConventions followed (per
BUILDING_TOOLS.md)Tooland subclassesBaseToolargs_schemawith explicit field descriptionsenv_vars(SIGNATRUST_API_KEY) andpackage_dependenciesdeclaredtests/tools/, fast and deterministicRequired environment variables
SIGNATRUST_API_KEYsk_live_...)Notes
A standalone package (
crewai-signatrust) is also published on PyPI; this PR brings the integration into the officialcrewai-toolscollection for discoverability.Summary by CodeRabbit