Replay the event record during _restore_runtime to rebuild
_event_id_stack with correct event IDs. Remove manual push_event_scope
calls from task and crew resume paths that used task UUIDs instead
of event IDs.
Extract _prepare_event to set previous_event_id, triggered_by_event_id,
emission_sequence, parent/child scoping, and event_record tracking.
Both emit and aemit now call it, fixing aemit's missing metadata.
litellm 1.83.0 fixes CVE-2026-35029 (proxy config privilege escalation)
and CVE-2026-35030 (proxy JWT auth bypass), and is the first release
after the supply chain incident. Bump openai to 2.x to satisfy litellm's
dependency.
- Bump uv-pre-commit from 0.9.3 to 0.11.3 to support relative
exclude-newer values in pyproject.toml
- Use checkpoint_kickoff_event_id to detect resume, preventing
second kickoff() from skipping tasks or suppressing events
- Return len(tasks) from _get_execution_start_index when all tasks
complete, preventing full re-execution of finished checkpoints
- Add _get_execution_start_index call to _aexecute_tasks so async
resume skips completed tasks like the sync path does
- Cache inspect.signature results per handler to avoid repeated
introspection on every event emission
- Disable union-attr/arg-type at file level in the two executor files
where agent/task/crew are always set at runtime but typed as optional
- Fix Liskov override in OpenAICompletion: use BaseAgent instead of Agent
- Remove stale type: ignore comments now covered by file-level disables
After model_rebuild, BaseAgentExecutor rejects plain MagicMock for
typed fields. Construct with defaults then assign mocks post-init.
Also guard RuntimeState tests for environments where model_rebuild fails.
- Replace MagicMock fixtures with real Agent/Task instances in
test_async_agent_executor.py so pydantic validation passes
- Guard CacheHandler creation in Crew.set_private_attrs to avoid
replacing an existing handler when the model validator re-runs
during RuntimeState registration
- Move runtime_state.py to state/runtime.py
- Add acheckpoint async method using aiofiles
- Introduce BaseProvider protocol and JsonProvider for pluggable storage
- Add aiofiles dependency to crewai package
- Use PrivateAttr for provider on RootModel
* fix: add tool repository credentials to crewai install
crewai install (uv sync) was failing with 401 Unauthorized when the
project depends on tools from a private package index (e.g. AMP tool
repository). The credentials were already injected for 'crewai run'
and 'crewai tool publish' but were missing from 'crewai install'.
Reads [tool.uv.sources] from pyproject.toml and injects UV_INDEX_*
credentials into the subprocess environment, matching the pattern
already used in run_crew.py.
* refactor: extract duplicated credential-building into utility function
Create build_env_with_all_tool_credentials() in utils.py to consolidate
the ~10-line block that reads [tool.uv.sources] from pyproject.toml and
calls build_env_with_tool_repository_credentials for each index.
This eliminates code duplication across install_crew.py, run_crew.py,
and cli.py, reducing the risk of inconsistent bug fixes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add debug logging for credential errors instead of silent swallow
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add tool repository credentials to uv build in tool publish
When running 'uv build' during tool publish, the build process now has access
to tool repository credentials. This mirrors the pattern used in run_crew.py,
ensuring private package indexes are properly authenticated during the build.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add env kwarg to subprocess.run mock assertions in publish tests
The actual code passes env= to subprocess.run but the test assertions
were missing this parameter, causing assertion failures.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
