pliuzv0.1.x
Get started
Menu
Featuresvs DIYSecurityDocsAbout
Sign in

Integrations

Human approval gates for CrewAI

CrewAI can pause a task and ask for human input. It does not store the decision, route it to the right person, or prove it happened later. Pliuz is the production approval layer that wraps a CrewAI tool in one line, sends the request to Slack or a web inbox, and records every approve, reject, or edit in a tamper-evident audit trail. Enforcement before the action runs, not documentation after it.

What CrewAI gives you

human_input=True on a Task (and the @human_feedback decorator for Flows). Setting human_input=True on a CrewAI Task makes the agent pause before delivering its final answer and wait for a human to type feedback, which is then fed back into the task as added context. The newer @human_feedback decorator (1.8.0+) does the same for Flow steps. On CrewAI's platform, the equivalent is a webhook HITL flow: the crew pauses in a "Pending Human Input" state, fires a webhook with the execution_id, task_id, and task output, and you resume by calling the API with human_feedback and is_approve.

The local human_input=True and @human_feedback primitives block on stdin/console input by default, so they only work in a terminal, not in a web app, API server, or backend crew. The platform webhook HITL solves the pause but hands you everything after it: the docs specify the webhook payload and the resume parameters, but say nothing about where the approval is stored, how it is routed to the right human, who is allowed to approve, or how the decision is audited. Storage, routing-to-a-human, identity, and the audit trail are left entirely to your application to build.

Add a Pliuz approval gate

One wrapper is the whole integration surface — the gate is enforced at runtime, before the tool executes.

install
pip install pliuz
Python
from crewai.tools import tool
from pliuz import gated

# Wrap the underlying tool function. CrewAI has no Pliuz-specific
# adapter — gated() works on any callable.
@tool("wire_transfer")
@gated(policy="wire-transfers", redact=["account"])
def wire_transfer(account: str, amount_eur: float) -> str:
    # This body only runs AFTER a human approves in Slack
    # or the Pliuz web inbox. Reject raises; the run stops.
    return execute_transfer(account, amount_eur)

# Give the gated tool to your agent as usual.
# Every approve / reject / edit is written to the
# tamper-evident, EU-hosted Pliuz audit trail.

Where do approvals go in production?

With CrewAI alone, approvals go wherever you build them to go: human_input=True blocks on the console, and the platform webhook hands you an execution_id and task output but leaves storage, routing, identity, and audit to your application. With Pliuz, approvals go to a Slack channel or a web inbox where a named human approves, rejects, or edits the call, and the action is blocked at runtime until they do. Every decision is written to a tamper-evident, append-only, Ed25519-anchored audit trail hosted in the EU, which is what turns a console pause into a production approval gate you can prove.

Enforcement before the action, not a log after it
CrewAI's human_input=True can pause a run, and observability tools can record that it happened. Neither stops the tool call at the moment it matters. Pliuz enforces the approval gate before the wrapped function executes — reject means the action never runs — and anchors the decision in a cryptographic audit trail. That is the difference between documenting compliance after the fact and enforcing human oversight at runtime, the way EU AI Act Article 14 (human oversight) and Article 12 (logging) describe it.

FAQ

How do I add human approval to a CrewAI agent in production?

CrewAI's built-in human_input=True blocks on the terminal, so it does not work for a backend crew or web app. The production pattern is to wrap the underlying tool function with Pliuz: from pliuz import gated, decorate the callable with @gated, then give it to your agent. The wrapped action pauses and routes an approval request to Slack or a web inbox, and only runs after a human approves. Install with pip install pliuz.

Does CrewAI have a built-in approval audit trail?

No. CrewAI's HITL primitives pause execution for feedback, and the platform webhook flow tells you a run is pending and lets you resume with is_approve, but neither stores the decision or produces an audit trail — that is left to your application. Pliuz records every approve, reject, and edit in a tamper-evident, append-only, Ed25519-anchored audit log hosted in the EU.

What is the difference between CrewAI human_input and Pliuz?

human_input=True is a console pause for collecting feedback during a single run. Pliuz is the production approval layer around it: a one-line wrapper that enforces the gate before the tool executes, routes the request to a named human in Slack or a web inbox, and proves the decision with a tamper-evident audit trail. Pliuz competes with building this approval handler yourself, not with CrewAI.

Related

Approval gates for LangGraph

How Pliuz adds the same runtime approval layer to LangGraph's interrupt-based human-in-the-loop.

How approvals work

The approve, reject, and edit flow: how a gated tool call pauses and routes to Slack or the web inbox.

The audit trail

How Pliuz records every decision in a tamper-evident, append-only, Ed25519-anchored log hosted in the EU.