As agent systems become more autonomous and gain access to tools, external APIs, file systems, databases, and execution environments, I’ve become increasingly curious about how teams are approaching governance and auditability in production deployments.
Most discussions seem to focus on:
- Agent performance
- Memory systems
- Tool integrations
- Model selection
- Cost optimization
But I’m interested in a different question:
How are teams handling execution governance once agents start taking actions that can affect real systems?
For example:
- Are you maintaining audit trails of agent decisions and tool executions?
- How do you handle approval workflows for sensitive actions?
- Are agent actions replayable for investigation or debugging purposes?
- Do you rely primarily on infrastructure-level controls (Docker, Kubernetes, cloud permissions, network isolation)?
- Or do you implement governance and policy controls within the application layer itself?
I’m not suggesting that CrewAI should necessarily implement any of these directly.
In fact, there are strong arguments for keeping governance responsibilities outside the framework and leaving them to application developers or platform teams.
I’m mainly interested in understanding how people building production CrewAI systems think about these problems and where they believe the responsibility should live.
For those running CrewAI in production or near-production environments:
- What governance controls have proven useful?
- What has turned out to be unnecessary complexity?
- Have you encountered situations where auditability or replayability became important after deployment?
Curious to hear both community and maintainer perspectives.