Add native CrewAI tools for RustChain ecosystem#242
Conversation
Signed-off-by: Gautam Kumar <gautamkumarofficial@users.noreply.github.com>
|
Elyan Labs review. CrewAI tools are a welcome addition — the wiring looks right. One blocking security issue before merge: Blocking — |
FakerHideInBush
left a comment
There was a problem hiding this comment.
Good structure for a CrewAI integration — the tool class layout, input schemas, and test coverage are solid. Two bugs that must be fixed before merging:
1. TLS certificate verification is disabled by default — silent MITM risk
# Self-signed cert on dev nodes
_TLS_VERIFY = os.environ.get("TLS_VERIFY", "0") != "0"With the default TLS_VERIFY=0, this evaluates to "0" != "0" = False, so every HTTP call (_get, _post) uses verify=False. Certificate verification is silently skipped for all calls to the node, BoTTube, and Beacon endpoints — not just the dev-node endpoint. Any user who installs this package and calls RustChainCheckBalance() or RustChainBeaconChat() against a production URL will have their requests silently sent without TLS verification, opening them to MITM attacks.
The correct default is verify=True (the requests library default). If the dev node uses a self-signed cert, the opt-out should be explicit: TLS_VERIFY=0 to disable, not TLS_VERIFY=1 to enable. Fix:
_TLS_VERIFY = os.environ.get("TLS_VERIFY", "1") != "0" # default: verify certsOr better: document that dev-node users should set REQUESTS_CA_BUNDLE to the self-signed cert path rather than disabling verification globally.
2. pyproject-crewai.toml is a non-standard filename — the package cannot be installed, and the README installation section is missing the install step
Python tooling (pip, hatch, build, uv) look for pyproject.toml at the project root — not pyproject-crewai.toml. Running pip install . from the repo root will use the existing pyproject.toml (or fail if there is none), not the file added by this PR. The rustchain_crewai package will never be installed via the standard workflow.
Additionally, the README installation section only lists:
pip install crewai requestsThis installs crewai and requests but not rustchain_crewai itself. After following the README exactly, from rustchain_crewai import RustChainCheckBalance raises ModuleNotFoundError.
Options to fix:
- Rename
pyproject-crewai.toml→pyproject.toml(if this is a standalone package directory) - Or add the package as an optional extra in the existing
pyproject.toml:pip install "rustchain-mcp[crewai]"withrustchain_crewaiincluded in the wheel - And update the README to include the actual install command for
rustchain_crewai
Summary
Adds native CrewAI tools for the RustChain ecosystem, fulfilling Bounty #13952 (25 RTC per framework).
Changes
New module with 10 CrewAI tools:
for standalone installation
with comprehensive unit tests
with usage examples
Features
Usage
Installation
Or install from source: