ci: check linter files over changed ones

missing code to kickoff the monitoring for the crew

Co-authored-by: Lorenze Jay <63378463+lorenzejay@users.noreply.github.com>
Co-authored-by: Tony Kipkemboi <iamtonykipkemboi@gmail.com>

.github/security.md

@@ -1,19 +1,27 @@
-CrewAI takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organization.
-If you believe you have found a security vulnerability in any CrewAI product or service, please report it to us as described below.
+## CrewAI Security Vulnerability Reporting Policy
 
- ## Reporting a Vulnerability
- Please do not report security vulnerabilities through public GitHub issues.
- To report a vulnerability, please email us at security@crewai.com.
- Please include the requested information listed below so that we can triage your report more quickly
+CrewAI prioritizes the security of our software products, services, and GitHub repositories. To promptly address vulnerabilities, follow these steps for reporting security issues:
 
- - Type of issue (e.g. SQL injection, cross-site scripting, etc.)
- - Full paths of source file(s) related to the manifestation of the issue
- - The location of the affected source code (tag/branch/commit or direct URL)
- - Any special configuration required to reproduce the issue
- - Step-by-step instructions to reproduce the issue (please include screenshots if needed)
- - Proof-of-concept or exploit code (if possible)
- - Impact of the issue, including how an attacker might exploit the issue
+### Reporting Process
+Do **not** report vulnerabilities via public GitHub issues.
 
- Once we have received your report, we will respond to you at the email address you provide. If the issue is confirmed, we will release a patch as soon as possible depending on the complexity of the issue.
+Email all vulnerability reports directly to:  
+**security@crewai.com**
 
- At this time, we are not offering a bug bounty program. Any rewards will be at our discretion.
+### Required Information
+To help us quickly validate and remediate the issue, your report must include:
+
+- **Vulnerability Type:** Clearly state the vulnerability type (e.g., SQL injection, XSS, privilege escalation).
+- **Affected Source Code:** Provide full file paths and direct URLs (branch, tag, or commit).
+- **Reproduction Steps:** Include detailed, step-by-step instructions. Screenshots are recommended.
+- **Special Configuration:** Document any special settings or configurations required to reproduce.
+- **Proof-of-Concept (PoC):** Provide exploit or PoC code (if available).
+- **Impact Assessment:** Clearly explain the severity and potential exploitation scenarios.
+
+### Our Response
+- We will acknowledge receipt of your report promptly via your provided email.
+- Confirmed vulnerabilities will receive priority remediation based on severity.
+- Patches will be released as swiftly as possible following verification.
+
+### Reward Notice
+Currently, we do not offer a bug bounty program. Rewards, if issued, are discretionary.

.github/workflows/linter.yml

@@ -5,12 +5,29 @@ on: [pull_request]
 jobs:
   lint:
     runs-on: ubuntu-latest
+    env:
+      TARGET_BRANCH: ${{ github.event.pull_request.base.ref }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
-      - name: Install Requirements
+      - name: Fetch Target Branch
+        run: git fetch origin $TARGET_BRANCH --depth=1
+
+      - name: Install Ruff
+        run: pip install ruff
+
+      - name: Get Changed Python Files
+        id: changed-files
         run: |
-          pip install ruff
+          merge_base=$(git merge-base origin/"$TARGET_BRANCH" HEAD)
+          changed_files=$(git diff --name-only --diff-filter=ACMRTUB "$merge_base" | grep '\.py$' || true)
+          echo "files<<EOF" >> $GITHUB_OUTPUT
+          echo "$changed_files" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
 
-      - name: Run Ruff Linter
-        run: ruff check
+      - name: Run Ruff on Changed Files
+        if: ${{ steps.changed-files.outputs.files != '' }}
+        run: |
+          echo "${{ steps.changed-files.outputs.files }}" | tr " " "\n" | xargs -I{} ruff check "{}"

.ruff.toml

@@ -2,8 +2,3 @@ exclude = [
     "templates",
     "__init__.py",
 ]
-
-[lint]
-select = [
-    "I", # isort rules
-]

docs/concepts/llms.mdx

@@ -169,19 +169,55 @@ In this section, you'll find detailed examples that help you select, configure,
     ```
   </Accordion>
 
-  <Accordion title="Google">
-    Set the following environment variables in your `.env` file:
+  <Accordion title="Google (Gemini API)">
+    Set your API key in your `.env` file. If you need a key, or need to find an
+    existing key, check [AI Studio](https://aistudio.google.com/apikey).
 
-    ```toml Code
-    # Option 1: Gemini accessed with an API key.
+    ```toml .env
     # https://ai.google.dev/gemini-api/docs/api-key
     GEMINI_API_KEY=<your-api-key>
-
-    # Option 2: Vertex AI IAM credentials for Gemini, Anthropic, and Model Garden.
-    # https://cloud.google.com/vertex-ai/generative-ai/docs/overview
     ```
 
-    Get credentials from your Google Cloud Console and save it to a JSON file with the following code:
+    Example usage in your CrewAI project:
+    ```python Code
+    from crewai import LLM
+
+    llm = LLM(
+        model="gemini/gemini-2.0-flash",
+        temperature=0.7,
+    )
+    ```
+
+    ### Gemini models
+
+    Google offers a range of powerful models optimized for different use cases.
+
+    | Model                          | Context Window | Best For                                                          |
+    |--------------------------------|----------------|-------------------------------------------------------------------|
+    | gemini-2.5-flash-preview-04-17 | 1M tokens      | Adaptive thinking, cost efficiency                                |
+    | gemini-2.5-pro-preview-05-06   | 1M tokens      | Enhanced thinking and reasoning, multimodal understanding, advanced coding, and more |
+    | gemini-2.0-flash               | 1M tokens      | Next generation features, speed, thinking, and realtime streaming |
+    | gemini-2.0-flash-lite          | 1M tokens      | Cost efficiency and low latency                                   |
+    | gemini-1.5-flash               | 1M tokens      | Balanced multimodal model, good for most tasks                    |
+    | gemini-1.5-flash-8B            | 1M tokens      | Fastest, most cost-efficient, good for high-frequency tasks       |
+    | gemini-1.5-pro                 | 2M tokens      | Best performing, wide variety of reasoning tasks including logical reasoning, coding, and creative collaboration |
+
+    The full list of models is available in the [Gemini model docs](https://ai.google.dev/gemini-api/docs/models).
+
+    ### Gemma
+
+    The Gemini API also allows you to use your API key to access [Gemma models](https://ai.google.dev/gemma/docs) hosted on Google infrastructure.
+
+    | Model          | Context Window |
+    |----------------|----------------|
+    | gemma-3-1b-it  | 32k tokens     |
+    | gemma-3-4b-it  | 32k tokens     |
+    | gemma-3-12b-it | 32k tokens     |
+    | gemma-3-27b-it | 128k tokens    |
+
+  </Accordion>
+  <Accordion title="Google (Vertex AI)">
+    Get credentials from your Google Cloud Console and save it to a JSON file, then load it with the following code:
     ```python Code
     import json
 
@@ -205,14 +241,18 @@ In this section, you'll find detailed examples that help you select, configure,
         vertex_credentials=vertex_credentials_json
     )
     ```
+
     Google offers a range of powerful models optimized for different use cases:
 
-    | Model                  | Context Window | Best For                                                          |
-    |-----------------------|----------------|------------------------------------------------------------------|
-    | gemini-2.0-flash-exp  | 1M tokens      | Higher quality at faster speed, multimodal model, good for most tasks |
-    | gemini-1.5-flash      | 1M tokens      | Balanced multimodal model, good for most tasks                    |
-    | gemini-1.5-flash-8B   | 1M tokens      | Fastest, most cost-efficient, good for high-frequency tasks       |
-    | gemini-1.5-pro        | 2M tokens      | Best performing, wide variety of reasoning tasks including logical reasoning, coding, and creative collaboration |
+    | Model                          | Context Window | Best For                                                          |
+    |--------------------------------|----------------|-------------------------------------------------------------------|
+    | gemini-2.5-flash-preview-04-17 | 1M tokens      | Adaptive thinking, cost efficiency                                |
+    | gemini-2.5-pro-preview-05-06   | 1M tokens      | Enhanced thinking and reasoning, multimodal understanding, advanced coding, and more |
+    | gemini-2.0-flash               | 1M tokens      | Next generation features, speed, thinking, and realtime streaming |
+    | gemini-2.0-flash-lite          | 1M tokens      | Cost efficiency and low latency                                   |
+    | gemini-1.5-flash               | 1M tokens      | Balanced multimodal model, good for most tasks                    |
+    | gemini-1.5-flash-8B            | 1M tokens      | Fastest, most cost-efficient, good for high-frequency tasks       |
+    | gemini-1.5-pro                 | 2M tokens      | Best performing, wide variety of reasoning tasks including logical reasoning, coding, and creative collaboration |
   </Accordion>
 
   <Accordion title="Azure">

docs/how-to/arize-phoenix-observability.mdx

@@ -68,7 +68,13 @@ We'll create a CrewAI application where two agents collaborate to research and w
 ```python
 from crewai import Agent, Crew, Process, Task
 from crewai_tools import SerperDevTool
+from openinference.instrumentation.crewai import CrewAIInstrumentor
+from phoenix.otel import register
 
+# setup monitoring for your crew
+tracer_provider = register(
+    endpoint="http://localhost:6006/v1/traces")
+CrewAIInstrumentor().instrument(skip_dep_check=True, tracer_provider=tracer_provider)
 search_tool = SerperDevTool()
 
 # Define your agents with roles and goals

src/crewai/cli/constants.py

@@ -13,7 +13,7 @@ ENV_VARS = {
     ],
     "gemini": [
         {
-            "prompt": "Enter your GEMINI API key (press Enter to skip)",
+            "prompt": "Enter your GEMINI API key from https://ai.dev/apikey (press Enter to skip)",
             "key_name": "GEMINI_API_KEY",
         }
     ],