2297 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Devin	7fcd6db48a	style: ruff format	2026-04-20 10:21:08 +00:00
Devin	f06c2c3c4f	fix(checkpoint,task): serialize Task class refs and propagate JSON mode through events	2026-04-20 10:11:44 +00:00
alex-clawd	0b120fac90	fix: use future dates in checkpoint prune tests to prevent time-dependent failures (#5543) ... The test_older_than tests in both JSON and SQLite prune suites used hardcoded 2026-04-17 timestamps for the 'new' checkpoint. Once that date passes, the checkpoint is older than 1 day and gets pruned along with the 'old' one, causing assert count >= 1 to fail (count=0). Use 2099-01-01 for the 'new' checkpoint so tests remain stable. Co-authored-by: Joao Moura <joaomdmoura@gmail.com>	2026-04-20 01:27:12 -03:00
Greyson LaLonde	f879909526	fix: emit task_started on fork resume, redesign checkpoint TUI ... Redesign checkpoint TUI with tabbed detail panel, collapsible agent rosters, keybinding actions, and human-readable timestamps.	2026-04-18 04:19:31 +08:00
Greyson LaLonde	c9b0004d0e	fix: correct dry-run order and handle checked-out stale branch in devtools release ... - Move _update_all_versions inside each dry-run branch so output order matches actual execution - Switch to main before deleting the stale local branch in create_or_reset_branch	2026-04-17 23:26:52 +08:00
Greyson LaLonde	a8994347b0	docs: update changelog and version for v1.14.2 1.14.2	2026-04-17 22:08:25 +08:00
Greyson LaLonde	5ca62c20f2	feat: bump versions to 1.14.2	2026-04-17 22:01:27 +08:00
Greyson LaLonde	11989da4b1	fix: prompt on stale branch conflicts in devtools release	2026-04-17 21:55:48 +08:00
Greyson LaLonde	19ac7d2f64	fix: patch authlib, langchain-text-splitters, and pypdf vulnerabilities ... - authlib 1.6.9 -> 1.6.11 (GHSA-jj8c-mmj3-mmgv) - langchain-text-splitters 1.1.1 -> 1.1.2 (GHSA-fv5p-p927-qmxr) - langchain-core 1.2.28 -> 1.2.31 (required by text-splitters 1.1.2) - pypdf 6.10.1 -> 6.10.2 (GHSA-4pxv-j86v-mhcw, GHSA-7gw9-cf7v-778f, GHSA-x284-j5p8-9c5p) Pinned tool.uv.exclude-newer to 2026-04-17 so the 2026-04-16 patch releases fall inside the resolution window.	2026-04-17 21:25:47 +08:00
Lorenze Jay	2f48937ce4	docs(crews): document missing params and add Checkpointing section (OSS-32) (#5409) ... - Add 8 missing parameters to the Crew Attributes table: chat_llm, before_kickoff_callbacks, after_kickoff_callbacks, tracing, skills, security_config, checkpoint - Add new "## Checkpointing" section before "## Memory Utilization" with: - Quick-start checkpoint=True example - Full CheckpointConfig usage example - Crew.from_checkpoint() resume pattern - CheckpointConfig attributes table (location, on_events, provider, max_checkpoints) - Note on auto-restored checkpoint fields Closes OSS-32	2026-04-16 16:57:00 -07:00
Greyson LaLonde	c5192b970c	feat: add checkpoint resume, diff, prune commands and save discoverability ... Add three new CLI subcommands to improve checkpoint UX: - `crewai checkpoint resume [id]` skips the TUI and resumes from the latest or specified checkpoint directly - `crewai checkpoint diff <id1> <id2>` compares two checkpoints showing changes in metadata, inputs, task status, and outputs - `crewai checkpoint prune --keep N --older-than Xd` removes old checkpoints from JSON dirs or SQLite databases Also writes a resume hint to stderr after every checkpoint save so users discover the command without needing to know it exists.	2026-04-17 04:50:15 +08:00
Greyson LaLonde	54391fdbdf	feat: add from_checkpoint parameter to Agent.kickoff, kickoff_async, akickoff	2026-04-17 03:40:37 +08:00
Greyson LaLonde	6136228a66	fix: scope streaming handlers to prevent cross-run chunk contamination ... Concurrent streaming runs registered handlers on the singleton event bus that received all LLMStreamChunkEvent emissions, causing chunks to fan out across unrelated queues. Introduces a ContextVar-based stream scope ID so each handler only accepts events from its own execution context. Closes #5376	2026-04-17 03:02:03 +08:00
Greyson LaLonde	fbe2a04064	fix: mock Repository.__init__ in test_publish_when_not_in_sync	2026-04-17 02:39:22 +08:00
iris-clawd	baf91d8f0a	fix: update broken enterprise link on installation page (OSS-36) (#5443) ... * fix: update broken enterprise link on installation page (OSS-36) The 'Explore Enterprise Options' card on the installation page linked to https://crewai.com/enterprise which returns a 404. Updated the href to https://crewai.com/amp across all locales (en, pt-BR, ko, ar). * fix: use HubSpot form link for enterprise options card Updated per team feedback — the enterprise card should link to the HubSpot demo form instead of crewai.com/amp. --------- Co-authored-by: Lorenze Jay <63378463+lorenzejay@users.noreply.github.com>	2026-04-16 11:01:59 -07:00
Greyson LaLonde	7e01c5a030	fix: dispatch Flow checkpoints through Flow APIs in TUI	2026-04-17 01:34:06 +08:00
Lorenze Jay	105a9778cc	feat: add template management commands for project templates (#5444) ... * feat: add template management commands for project templates - Introduced command group to browse and install project templates. - Added command to display available templates. - Implemented command to install a selected template into the current directory. - Created class to handle template-related operations, including fetching templates from GitHub and managing installations. - Enhanced telemetry to track template installations. * linted * adressing comments * comment addressed	2026-04-16 10:18:15 -07:00
Greyson LaLonde	32ec4414bf	fix: use recursive glob for JSON checkpoint discovery ... Branch-aware checkpoint storage writes under subdirectories (e.g. main/, fork/exp1/) but _list_json and _info_json_latest used flat globs that missed them.	2026-04-17 00:13:35 +08:00
Greyson LaLonde	63fc2e7588	fix: complete recursive MCP schema handling ... resolve_refs now returns type-preserving stubs instead of {} for circular $refs, and create_model_from_schema catches JsonRefError to fall back to lazy top-level-only inlining.	2026-04-17 00:06:02 +08:00
Greyson LaLonde	749fe85325	fix: bump langsmith to 0.7.31 to patch GHSA-rr7j-v2q5-chgv ... langsmith <0.7.31 bypasses output redaction for streaming token events, leaking sensitive LLM outputs into LangSmith storage.	2026-04-16 23:55:30 +08:00
Greyson LaLonde	0bb6faa9d3	docs: update changelog and version for v1.14.2rc1 1.14.2rc1	2026-04-16 05:24:57 +08:00
Greyson LaLonde	aa28eeab6a	feat: bump versions to 1.14.2rc1	2026-04-16 05:18:24 +08:00
Greyson LaLonde	29b5531f78	fix: handle cyclic JSON schemas in MCP tool resolution	2026-04-16 05:03:00 +08:00
Greyson LaLonde	74d061e994	fix: bump python-multipart to 0.0.26 to patch GHSA-mj87-hwqh-73pj ... Fixes GHSA-mj87-hwqh-73pj	2026-04-16 04:25:35 +08:00
Greyson LaLonde	18d0fd6b80	fix: bump pypdf to 6.10.1 to patch GHSA-jj6c-8h6c-hppx ... Fixes GHSA-jj6c-8h6c-hppx	2026-04-16 04:11:08 +08:00
Greyson LaLonde	1c90d574ab	docs: update changelog and version for v1.14.2a5 1.14.2a5	2026-04-15 22:45:15 +08:00
Greyson LaLonde	3a7c550512	feat: bump versions to 1.14.2a5	2026-04-15 22:40:48 +08:00
Greyson LaLonde	5b6f89fe64	docs: update changelog and version for v1.14.2a4 1.14.2a4	2026-04-15 02:34:32 +08:00
Greyson LaLonde	ad5e66d1d0	feat: bump versions to 1.14.2a4	2026-04-15 02:29:06 +08:00
Greyson LaLonde	94e7d86df1	fix: stop forwarding strict mode to Bedrock Converse API ... Forwarding strict and sanitizing tool schemas for strict mode causes Bedrock Converse requests to hang until timeout. Drop strict forwarding and schema sanitization from the Bedrock provider.	2026-04-15 02:22:50 +08:00
Greyson LaLonde	0dba95e166	fix: bump pytest to 9.0.3 for GHSA-6w46-j5rx-g56g ... pytest <9.0.3 has an insecure tmpdir vulnerability (CVE / GHSA-6w46-j5rx-g56g). Bump pytest-split to 0.11.0 to satisfy the new pytest>=9 requirement.	2026-04-14 02:38:05 +08:00
Greyson LaLonde	58208fdbae	fix: bump openai lower bound to >=2.0.0	2026-04-14 02:19:47 +08:00
Greyson LaLonde	655e75038b	feat: add resume hints to devtools release on failure	2026-04-14 01:26:29 +08:00
Greyson LaLonde	8e2a529d94	chore: add deprecation decorator to LiteAgent	2026-04-14 00:51:11 +08:00
Greyson LaLonde	58bbd0a400	docs: update changelog and version for v1.14.2a3 1.14.2a3	2026-04-13 21:38:12 +08:00
Greyson LaLonde	9708b94979	feat: bump versions to 1.14.2a3	2026-04-13 21:30:14 +08:00
Greyson LaLonde	0b0521b315	chore: improve typing in task module	2026-04-13 21:21:18 +08:00
Greyson LaLonde	c8694fbed2	fix: override pypdf and uv to patched versions for CVE-2026-40260 and GHSA-pjjw-68hj-v9mw	2026-04-13 21:04:37 +08:00
Greyson LaLonde	a4e7b322c5	docs: clean up enterprise A2A language	2026-04-13 20:53:31 +08:00
Greyson LaLonde	ee049999cb	docs: add enterprise A2A feature doc and update OSS A2A docs	2026-04-13 20:28:06 +08:00
Greyson LaLonde	1d6f84c7aa	chore: clean up redundant inline docs in agents module	2026-04-13 11:00:42 +08:00
Greyson LaLonde	8dc2655cbf	chore: clean up redundant inline docs in agent module	2026-04-13 10:55:29 +08:00
Greyson LaLonde	121720cbb3	chore: clean up redundant inline docs in a2a module	2026-04-13 10:49:59 +08:00
Greyson LaLonde	16bf24001e	fix: upgrade requests to >=2.33.0 for CVE temp file vulnerability	2026-04-12 16:12:35 +08:00
Greyson LaLonde	29fc4ac226	feat: add deploy validation CLI and improve LLM initialization ergonomics ... Add crewai deploy validate to check project structure, dependencies, imports, and env usage before deploy Run validation automatically in deploy create and deploy push with skip flag support Return structured findings with stable codes and hints Add test coverage for validation scenarios refactor: defer LLM client construction to first use Move SDK client creation out of model initialization into lazy getters Add _get_sync_client and _get_async_client across providers Route all provider calls through lazy getters Surface credential errors at first real invocation refactor: standardize provider client access Align async paths to use _get_async_client Avoid client construction in lightweight config accessors Simplify provider lifecycle and improve consistency test: update suite for new behavior Update tests for lazy initialization contract Update CLI tests for validation flow and skip flag Expand coverage for provider initialization paths	2026-04-12 16:00:46 +08:00
Yanhu	25fcf39cc1	fix: preserve Bedrock tool call arguments by removing truthy default ... func_info.get('arguments', '{}') returns '{}' (truthy) when no 'function' wrapper exists (Bedrock format), causing the or-fallback to tool_call.get('input', {}) to never execute. The actual Bedrock arguments are silently discarded. Remove the default so get('arguments') returns None (falsy) when there's no function wrapper, allowing the or-chain to correctly fall through to Bedrock's 'input' field. Fixes #5275	2026-04-12 15:50:56 +08:00
Greyson LaLonde	3b280e41fb	chore: bump pypdf to 6.10.0 for GHSA-3crg-w4f6-42mx ... Resolves CVE-2026-40260 where manipulated XMP metadata entity declarations can exhaust RAM in pypdf <6.10.0.	2026-04-11 05:56:11 +08:00
Greyson LaLonde	8de4421705	fix: sanitize tool schemas for strict mode ... Pydantic schemas intermittently fail strict tool-use on openai, anthropic, and bedrock. All three reject nested objects missing additionalProperties: false, and anthropic also rejects keywords like minLength and top-level anyOf. Adds per-provider sanitizers that inline refs, close objects, mark every property required, preserve nullable unions, and strip keywords each grammar compiler rejects. Verified against real bedrock, anthropic, and openai.	2026-04-11 05:26:48 +08:00
Greyson LaLonde	62484934c1	chore: bump uv to 0.11.6 for GHSA-pjjw-68hj-v9mw ... Low-severity advisory: malformed RECORD entries in wheels could delete files outside the venv on uninstall. Fixed in uv 0.11.6.	2026-04-11 05:09:24 +08:00
Greyson LaLonde	298fc7b9c0	chore: drop tiktoken from anthropic async max_tokens test	2026-04-11 03:20:20 +08:00