Switch RuntimeState serializer from mode="wrap" to mode="plain" with
dict return type so pydantic doesn't re-serialize entities through the
Entity union pipeline. Also switch to string-based field discriminator
for Entity union.
Replay the event record during _restore_runtime to rebuild
_event_id_stack with correct event IDs. Remove manual push_event_scope
calls from task and crew resume paths that used task UUIDs instead
of event IDs.
Extract _prepare_event to set previous_event_id, triggered_by_event_id,
emission_sequence, parent/child scoping, and event_record tracking.
Both emit and aemit now call it, fixing aemit's missing metadata.
litellm 1.83.0 fixes CVE-2026-35029 (proxy config privilege escalation)
and CVE-2026-35030 (proxy JWT auth bypass), and is the first release
after the supply chain incident. Bump openai to 2.x to satisfy litellm's
dependency.
- Bump uv-pre-commit from 0.9.3 to 0.11.3 to support relative
exclude-newer values in pyproject.toml
- Use checkpoint_kickoff_event_id to detect resume, preventing
second kickoff() from skipping tasks or suppressing events
- Return len(tasks) from _get_execution_start_index when all tasks
complete, preventing full re-execution of finished checkpoints
- Add _get_execution_start_index call to _aexecute_tasks so async
resume skips completed tasks like the sync path does
- Cache inspect.signature results per handler to avoid repeated
introspection on every event emission
- Disable union-attr/arg-type at file level in the two executor files
where agent/task/crew are always set at runtime but typed as optional
- Fix Liskov override in OpenAICompletion: use BaseAgent instead of Agent
- Remove stale type: ignore comments now covered by file-level disables
After model_rebuild, BaseAgentExecutor rejects plain MagicMock for
typed fields. Construct with defaults then assign mocks post-init.
Also guard RuntimeState tests for environments where model_rebuild fails.
- Replace MagicMock fixtures with real Agent/Task instances in
test_async_agent_executor.py so pydantic validation passes
- Guard CacheHandler creation in Crew.set_private_attrs to avoid
replacing an existing handler when the model validator re-runs
during RuntimeState registration
- Move runtime_state.py to state/runtime.py
- Add acheckpoint async method using aiofiles
- Introduce BaseProvider protocol and JsonProvider for pluggable storage
- Add aiofiles dependency to crewai package
- Use PrivateAttr for provider on RootModel
* fix: add tool repository credentials to crewai install
crewai install (uv sync) was failing with 401 Unauthorized when the
project depends on tools from a private package index (e.g. AMP tool
repository). The credentials were already injected for 'crewai run'
and 'crewai tool publish' but were missing from 'crewai install'.
Reads [tool.uv.sources] from pyproject.toml and injects UV_INDEX_*
credentials into the subprocess environment, matching the pattern
already used in run_crew.py.
* refactor: extract duplicated credential-building into utility function
Create build_env_with_all_tool_credentials() in utils.py to consolidate
the ~10-line block that reads [tool.uv.sources] from pyproject.toml and
calls build_env_with_tool_repository_credentials for each index.
This eliminates code duplication across install_crew.py, run_crew.py,
and cli.py, reducing the risk of inconsistent bug fixes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add debug logging for credential errors instead of silent swallow
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>