Skip to main content

Install

CrewAI is a peer dependency:

Scope-Enforced Tools

Before each protected invocation, the tool verifies the token signature and claims with verify_grant_token(), using the configured JWKS endpoint, and checks the verified scopes. The verifier may contact that endpoint to resolve keys, so it must be reachable. Invalid tokens and missing scopes raise before the wrapped function runs.

Audit Logging

Wrap any Grantex tool with audit logging:

API Reference

create_grantex_tool()

Raises: PermissionError if the grant token doesn’t contain required_scope.

with_audit_logging()

get_tool_scopes(grant_token)

Returns unverified scopes decoded from a grant token. Use this only for display or debugging, never for an authorization decision.

Requirements

  • Python 3.9+
  • grantex >= 0.1.0
  • crewai >= 0.28.0 (peer dependency)
Last modified on July 11, 2026