Agent Framework

CrewAI + Enterprise Auth & Memory

CrewAI makes multi-agent orchestration easy, but production deployments need auth and persistent memory. Attach Gateway adds both without changing your agent code.

Get Started View Documentation

The Challenge

Building production CrewAI applications? You'll quickly hit these walls:

✗No built-in way to authenticate users before agent runs
✗Agent memory resets between sessions
✗Can't track which user triggered which agent actions
✗No audit trail for compliance requirements

What Attach Adds

Per-User Authentication

Each agent request carries verified user identity. Know exactly who triggered which agent.

Persistent Memory

Weaviate-backed memory that persists across agent runs. Context follows users, not sessions.

Agent-to-Agent Auth

A2A headers propagate identity across your entire crew. No token juggling required.

Quick Start

Install dependencies

pip install attach-dev crewai

Start Weaviate for memory

docker run --rm -d -p 6666:8080 \
  -e AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true \
  semitechnologies/weaviate:1.30.5

Configure Attach Gateway

export OIDC_ISSUER=https://your-domain.auth0.com
export OIDC_AUD=crewai-app
export MEM_BACKEND=weaviate
attach-gateway --port 8080

Point CrewAI to Attach

from crewai import Agent, Crew
import os

# CrewAI uses Attach as the LLM endpoint
os.environ["OPENAI_API_BASE"] = "http://localhost:8080/v1"
os.environ["OPENAI_API_KEY"] = your_jwt_token

# Your agents now have auth + memory
researcher = Agent(
    role="Researcher",
    goal="Find relevant information",
    # ... rest of config
)

Architecture

┌─────────────┐     ┌─────────────────┐     ┌─────────────┐
│   CrewAI    │────▶│  Attach Gateway │────▶│   Ollama    │
│   Agents    │     │  (Auth+Memory)  │     │   / vLLM    │
└─────────────┘     └────────┬────────┘     └─────────────┘
                             │
                             ▼
                    ┌─────────────────┐
                    │    Weaviate     │
                    │  (Vector Memory)│
                    └─────────────────┘

Every agent request flows through Attach. User identity is verified, memory is read/written, and the request is forwarded to your LLM backend.

Full Feature List

Per-user JWT authentication

Persistent vector memory (Weaviate)

X-Attach-User headers on all requests

A2A identity propagation

Per-crew rate limiting

Token usage tracking

Audit logs with trace IDs

Works with any LLM backend

Use Cases

SaaS AI Assistants

Each customer gets isolated memory and tracked usage. Bill per token consumed.

Enterprise Automation

SSO integration ensures only authorized employees can trigger agent workflows.

Frequently Asked Questions

How does agent memory work with Attach?

When enabled, Attach stores conversation history in Weaviate (a vector database). Each user gets isolated memory—when User A's agent runs, it only sees User A's past conversations. Memory persists across sessions, so your agents remember context from previous runs.

Does identity propagate across all agents in a crew?

Yes. When the first agent authenticates via Attach, subsequent agents in the crew inherit that identity through A2A (agent-to-agent) headers. Every agent action is attributed to the original authenticated user, maintaining a complete audit trail.

Can I rate limit individual crews or agents?

Attach applies rate limits at the user level, not the agent level. If a user runs multiple crews or agents, their combined token usage counts against their quota. This prevents users from bypassing limits by spawning multiple agents.

Is Weaviate required for memory?

Currently, yes—Weaviate is the supported memory backend for vector storage. It's open-source and easy to run via Docker (just one command). Memory is optional—if you don't need persistence, you can run Attach without a memory backend.

Ready to Secure Your CrewAI Agents?

Add enterprise auth and memory to CrewAI in minutes. No registration required.

Quick Start Guide View on GitHub