fix: address review comments for MCP stdio command allowlist

- Remove unused pytest import from test_stdio_config.py
- Strip file extension from base_command for Windows compatibility
  (e.g., python.exe -> python) using os.path.splitext

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

docs/ar/changelog.mdx

@@ -4,53 +4,6 @@ description: "تحديثات المنتج والتحسينات وإصلاحات
 icon: "clock"
 mode: "wide"
 ---
-<Update label="2 أبريل 2026">
-  ## v1.13.0
-
-  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.13.0)
-
-  ## ما الذي تغير
-
-  ### الميزات
-  - إضافة نموذج RuntimeState RootModel لتوحيد تسلسل الحالة
-  - تعزيز مستمع الأحداث مع نطاقات جديدة للقياس عن أحداث المهارة والذاكرة
-  - إضافة امتداد A2UI مع دعم v0.8/v0.9، والمخططات، والوثائق
-  - إصدار بيانات استخدام الرموز في حدث LLMCallCompletedEvent
-  - تحديث تلقائي لمستودع اختبار النشر أثناء الإصدار
-  - تحسين مرونة الإصدار المؤسسي وتجربة المستخدم
-
-  ### إصلاحات الأخطاء
-  - إضافة بيانات اعتماد مستودع الأدوات إلى تثبيت crewai
-  - إضافة بيانات اعتماد مستودع الأدوات إلى بناء uv في نشر الأدوات
-  - تمرير بيانات التعريف عبر الإعدادات بدلاً من معلمات الأدوات
-  - معالجة نماذج GPT-5.x التي لا تدعم معلمة API `stop`
-  - إضافة GPT-5 وسلسلة o إلى بادئات الرؤية متعددة الوسائط
-  - مسح ذاكرة التخزين المؤقت uv للحزم التي تم نشرها حديثًا في الإصدار المؤسسي
-  - تحديد lancedb أقل من 0.30.1 لضمان التوافق مع Windows
-  - إصلاح مستويات أذونات RBAC لتتناسب مع خيارات واجهة المستخدم الفعلية
-  - إصلاح عدم الدقة في قدرات الوكيل عبر جميع اللغات
-
-  ### الوثائق
-  - إضافة فيديو توضيحي لمهارات وكيل البرمجة إلى صفحات البدء
-  - إضافة دليل شامل لتكوين SSO
-  - إضافة مصفوفة شاملة لأذونات RBAC ودليل النشر
-  - تحديث سجل التغييرات والإصدار إلى v1.13.0
-
-  ### الأداء
-  - تقليل الحمل الزائد للإطار باستخدام حافلة الأحداث الكسولة، وتخطي التتبع عند تعطيله
-
-  ### إعادة الهيكلة
-  - تحويل Flow إلى Pydantic BaseModel
-  - تحويل فئات LLM إلى Pydantic BaseModel
-  - استبدال InstanceOf[T] بتعليقات نوع عادية
-  - إزالة دليل LLM الخاص بالطرف الثالث غير المستخدم
-
-  ## المساهمون
-
-  @alex-clawd, @dependabot[bot], @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay, @lucasgomide, @thiagomoretto
-
-</Update>
-
 <Update label="2 أبريل 2026">
   ## v1.13.0a7
 

docs/en/changelog.mdx

@@ -4,53 +4,6 @@ description: "Product updates, improvements, and bug fixes for CrewAI"
 icon: "clock"
 mode: "wide"
 ---
-<Update label="Apr 02, 2026">
-  ## v1.13.0
-
-  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.13.0)
-
-  ## What's Changed
-
-  ### Features
-  - Add RuntimeState RootModel for unified state serialization
-  - Enhance event listener with new telemetry spans for skill and memory events
-  - Add A2UI extension with v0.8/v0.9 support, schemas, and docs
-  - Emit token usage data in LLMCallCompletedEvent
-  - Auto-update deployment test repo during release
-  - Improve enterprise release resilience and UX
-
-  ### Bug Fixes
-  - Add tool repository credentials to crewai install
-  - Add tool repository credentials to uv build in tool publish
-  - Pass fingerprint metadata via config instead of tool args
-  - Handle GPT-5.x models not supporting the `stop` API parameter
-  - Add GPT-5 and o-series to multimodal vision prefixes
-  - Bust uv cache for freshly published packages in enterprise release
-  - Cap lancedb below 0.30.1 for Windows compatibility
-  - Fix RBAC permission levels to match actual UI options
-  - Fix inaccuracies in agent-capabilities across all languages
-
-  ### Documentation
-  - Add coding agent skills demo video to getting started pages
-  - Add comprehensive SSO configuration guide
-  - Add comprehensive RBAC permissions matrix and deployment guide
-  - Update changelog and version for v1.13.0
-
-  ### Performance
-  - Reduce framework overhead with lazy event bus, skip tracing when disabled
-
-  ### Refactoring
-  - Convert Flow to Pydantic BaseModel
-  - Convert LLM classes to Pydantic BaseModel
-  - Replace InstanceOf[T] with plain type annotations
-  - Remove unused third_party LLM directory
-
-  ## Contributors
-
-  @alex-clawd, @dependabot[bot], @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay, @lucasgomide, @thiagomoretto
-
-</Update>
-
 <Update label="Apr 02, 2026">
   ## v1.13.0a7
 

docs/ko/changelog.mdx

@@ -4,53 +4,6 @@ description: "CrewAI의 제품 업데이트, 개선 사항 및 버그 수정"
 icon: "clock"
 mode: "wide"
 ---
-<Update label="2026년 4월 2일">
-  ## v1.13.0
-
-  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.13.0)
-
-  ## 변경 사항
-
-  ### 기능
-  - 통합 상태 직렬화를 위한 RuntimeState RootModel 추가
-  - 기술 및 메모리 이벤트에 대한 새로운 텔레메트리 스팬으로 이벤트 리스너 강화
-  - v0.8/v0.9 지원, 스키마 및 문서가 포함된 A2UI 확장 추가
-  - LLMCallCompletedEvent에서 토큰 사용 데이터 방출
-  - 릴리스 중 배포 테스트 리포 자동 업데이트
-  - 기업 릴리스의 복원력 및 사용자 경험 개선
-
-  ### 버그 수정
-  - crewai 설치에 도구 리포지토리 자격 증명 추가
-  - 도구 게시의 uv 빌드에 도구 리포지토리 자격 증명 추가
-  - 도구 인수 대신 구성으로 지문 메타데이터 전달
-  - `stop` API 매개변수를 지원하지 않는 GPT-5.x 모델 처리
-  - 멀티모달 비전 접두사에 GPT-5 및 o-series 추가
-  - 기업 릴리스에서 새로 게시된 패키지에 대한 uv 캐시 무효화
-  - Windows 호환성을 위해 lancedb를 0.30.1 이하로 제한
-  - 실제 UI 옵션과 일치하도록 RBAC 권한 수준 수정
-  - 모든 언어에서 에이전트 기능의 부정확성 수정
-
-  ### 문서
-  - 시작하기 페이지에 코딩 에이전트 기술 데모 비디오 추가
-  - 포괄적인 SSO 구성 가이드 추가
-  - 포괄적인 RBAC 권한 매트릭스 및 배포 가이드 추가
-  - v1.13.0에 대한 변경 로그 및 버전 업데이트
-
-  ### 성능
-  - 비활성화 시 추적 건너뛰기와 함께 지연 이벤트 버스를 사용하여 프레임워크 오버헤드 감소
-
-  ### 리팩토링
-  - Flow를 Pydantic BaseModel로 변환
-  - LLM 클래스를 Pydantic BaseModel로 변환
-  - InstanceOf[T]를 일반 타입 주석으로 교체
-  - 사용되지 않는 third_party LLM 디렉토리 제거
-
-  ## 기여자
-
-  @alex-clawd, @dependabot[bot], @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay, @lucasgomide, @thiagomoretto
-
-</Update>
-
 <Update label="2026년 4월 2일">
   ## v1.13.0a7
 

docs/pt-BR/changelog.mdx

@@ -4,53 +4,6 @@ description: "Atualizações de produto, melhorias e correções do CrewAI"
 icon: "clock"
 mode: "wide"
 ---
-<Update label="02 abr 2026">
-  ## v1.13.0
-
-  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.13.0)
-
-  ## O que Mudou
-
-  ### Funcionalidades
-  - Adicionar RuntimeState RootModel para serialização de estado unificado
-  - Melhorar o listener de eventos com novos spans de telemetria para eventos de habilidade e memória
-  - Adicionar extensão A2UI com suporte a v0.8/v0.9, esquemas e documentação
-  - Emitir dados de uso de token no LLMCallCompletedEvent
-  - Atualizar automaticamente o repositório de testes de implantação durante o lançamento
-  - Melhorar a resiliência e a experiência do usuário na versão empresarial
-
-  ### Correções de Bugs
-  - Adicionar credenciais do repositório de ferramentas ao crewai install
-  - Adicionar credenciais do repositório de ferramentas ao uv build na publicação de ferramentas
-  - Passar metadados de impressão digital via configuração em vez de argumentos de ferramenta
-  - Lidar com modelos GPT-5.x que não suportam o parâmetro API `stop`
-  - Adicionar GPT-5 e a série o aos prefixos de visão multimodal
-  - Limpar cache uv para pacotes recém-publicados na versão empresarial
-  - Limitar lancedb abaixo de 0.30.1 para compatibilidade com Windows
-  - Corrigir níveis de permissão RBAC para corresponder às opções reais da interface do usuário
-  - Corrigir imprecisões nas capacidades do agente em todos os idiomas
-
-  ### Documentação
-  - Adicionar vídeo de demonstração de habilidades do agente de codificação às páginas de introdução
-  - Adicionar guia abrangente de configuração SSO
-  - Adicionar matriz de permissões RBAC abrangente e guia de implantação
-  - Atualizar changelog e versão para v1.13.0
-
-  ### Desempenho
-  - Reduzir a sobrecarga do framework com bus de eventos preguiçoso, pular rastreamento quando desativado
-
-  ### Refatoração
-  - Converter Flow para Pydantic BaseModel
-  - Converter classes LLM para Pydantic BaseModel
-  - Substituir InstanceOf[T] por anotações de tipo simples
-  - Remover diretório LLM de terceiros não utilizado
-
-  ## Contribuidores
-
-  @alex-clawd, @dependabot[bot], @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay, @lucasgomide, @thiagomoretto
-
-</Update>
-
 <Update label="02 abr 2026">
   ## v1.13.0a7
 

lib/crewai-files/src/crewai_files/__init__.py

@@ -152,4 +152,4 @@ __all__ = [
     "wrap_file_source",
 ]
 
-__version__ = "1.13.0"
+__version__ = "1.13.0a7"

lib/crewai-tools/pyproject.toml

@@ -11,7 +11,7 @@ dependencies = [
     "pytube~=15.0.0",
     "requests~=2.32.5",
     "docker~=7.1.0",
-    "crewai==1.13.0",
+    "crewai==1.13.0a7",
     "tiktoken~=0.8.0",
     "beautifulsoup4~=4.13.4",
     "python-docx~=1.2.0",

lib/crewai-tools/src/crewai_tools/__init__.py

@@ -309,4 +309,4 @@ __all__ = [
     "ZapierActionTools",
 ]
 
-__version__ = "1.13.0"
+__version__ = "1.13.0a7"

lib/crewai/pyproject.toml

@@ -54,7 +54,7 @@ Repository = "https://github.com/crewAIInc/crewAI"
 
 [project.optional-dependencies]
 tools = [
-    "crewai-tools==1.13.0",
+    "crewai-tools==1.13.0a7",
 ]
 embeddings = [
     "tiktoken~=0.8.0"

lib/crewai/src/crewai/__init__.py

@@ -46,7 +46,7 @@ def _suppress_pydantic_deprecation_warnings() -> None:
 
 _suppress_pydantic_deprecation_warnings()
 
-__version__ = "1.13.0"
+__version__ = "1.13.0a7"
 _telemetry_submitted = False
 
 

lib/crewai/src/crewai/cli/cli.py

@@ -27,7 +27,7 @@ from crewai.cli.tools.main import ToolCommand
 from crewai.cli.train_crew import train_crew
 from crewai.cli.triggers.main import TriggersCommand
 from crewai.cli.update_crew import update_crew
-from crewai.cli.utils import build_env_with_all_tool_credentials, read_toml
+from crewai.cli.utils import build_env_with_tool_repository_credentials, read_toml
 from crewai.memory.storage.kickoff_task_outputs_storage import (
     KickoffTaskOutputsSQLiteStorage,
 )
@@ -48,18 +48,24 @@ def crewai() -> None:
 @click.argument("uv_args", nargs=-1, type=click.UNPROCESSED)
 def uv(uv_args: tuple[str, ...]) -> None:
     """A wrapper around uv commands that adds custom tool authentication through env vars."""
+    env = os.environ.copy()
     try:
-        # Verify pyproject.toml exists first
-        read_toml()
-    except FileNotFoundError as e:
+        pyproject_data = read_toml()
+        sources = pyproject_data.get("tool", {}).get("uv", {}).get("sources", {})
+
+        for source_config in sources.values():
+            if isinstance(source_config, dict):
+                index = source_config.get("index")
+                if index:
+                    index_env = build_env_with_tool_repository_credentials(index)
+                    env.update(index_env)
+    except (FileNotFoundError, KeyError) as e:
         raise SystemExit(
             "Error. A valid pyproject.toml file is required. Check that a valid pyproject.toml file exists in the current directory."
         ) from e
     except Exception as e:
         raise SystemExit(f"Error: {e}") from e
 
-    env = build_env_with_all_tool_credentials()
-
     try:
         subprocess.run(  # noqa: S603
             ["uv", *uv_args],  # noqa: S607

lib/crewai/src/crewai/cli/install_crew.py

@@ -2,8 +2,6 @@ import subprocess
 
 import click
 
-from crewai.cli.utils import build_env_with_all_tool_credentials
-
 
 # Be mindful about changing this.
 # on some environments we don't use this command but instead uv sync directly
@@ -15,14 +13,7 @@ def install_crew(proxy_options: list[str]) -> None:
     """
     try:
         command = ["uv", "sync", *proxy_options]
-
-        # Inject tool repository credentials so uv can authenticate
-        # against private package indexes (e.g. crewai tool repository).
-        # Without this, `uv sync` fails with 401 Unauthorized when the
-        # project depends on tools from a private index.
-        env = build_env_with_all_tool_credentials()
-
-        subprocess.run(command, check=True, capture_output=False, text=True, env=env)  # noqa: S603
+        subprocess.run(command, check=True, capture_output=False, text=True)  # noqa: S603
 
     except subprocess.CalledProcessError as e:
         click.echo(f"An error occurred while running the crew: {e}", err=True)

lib/crewai/src/crewai/cli/run_crew.py

@@ -1,10 +1,11 @@
 from enum import Enum
+import os
 import subprocess
 
 import click
 from packaging import version
 
-from crewai.cli.utils import build_env_with_all_tool_credentials, read_toml
+from crewai.cli.utils import build_env_with_tool_repository_credentials, read_toml
 from crewai.cli.version import get_crewai_version
 
 
@@ -55,7 +56,19 @@ def execute_command(crew_type: CrewType) -> None:
     """
     command = ["uv", "run", "kickoff" if crew_type == CrewType.FLOW else "run_crew"]
 
-    env = build_env_with_all_tool_credentials()
+    env = os.environ.copy()
+    try:
+        pyproject_data = read_toml()
+        sources = pyproject_data.get("tool", {}).get("uv", {}).get("sources", {})
+
+        for source_config in sources.values():
+            if isinstance(source_config, dict):
+                index = source_config.get("index")
+                if index:
+                    index_env = build_env_with_tool_repository_credentials(index)
+                    env.update(index_env)
+    except Exception:  # noqa: S110
+        pass
 
     try:
         subprocess.run(command, capture_output=False, text=True, check=True, env=env)  # noqa: S603

lib/crewai/src/crewai/cli/templates/crew/pyproject.toml

@@ -5,7 +5,7 @@ description = "{{name}} using crewAI"
 authors = [{ name = "Your Name", email = "you@example.com" }]
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.13.0"
+    "crewai[tools]==1.13.0a7"
 ]
 
 [project.scripts]

lib/crewai/src/crewai/cli/templates/flow/pyproject.toml

@@ -5,7 +5,7 @@ description = "{{name}} using crewAI"
 authors = [{ name = "Your Name", email = "you@example.com" }]
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.13.0"
+    "crewai[tools]==1.13.0a7"
 ]
 
 [project.scripts]

lib/crewai/src/crewai/cli/templates/tool/pyproject.toml

@@ -5,7 +5,7 @@ description = "Power up your crews with {{folder_name}}"
 readme = "README.md"
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.13.0"
+    "crewai[tools]==1.13.0a7"
 ]
 
 [tool.crewai]

lib/crewai/src/crewai/cli/tools/main.py

@@ -21,7 +21,6 @@ from crewai.cli.utils import (
     get_project_description,
     get_project_name,
     get_project_version,
-    read_toml,
     tree_copy,
     tree_find_and_replace,
 )
@@ -117,26 +116,11 @@ class ToolCommand(BaseCommand, PlusAPIMixin):
         self._print_tools_preview(tools_metadata)
         self._print_current_organization()
 
-        build_env = os.environ.copy()
-        try:
-            pyproject_data = read_toml()
-            sources = pyproject_data.get("tool", {}).get("uv", {}).get("sources", {})
-
-            for source_config in sources.values():
-                if isinstance(source_config, dict):
-                    index = source_config.get("index")
-                    if index:
-                        index_env = build_env_with_tool_repository_credentials(index)
-                        build_env.update(index_env)
-        except Exception:  # noqa: S110
-            pass
-
         with tempfile.TemporaryDirectory() as temp_build_dir:
             subprocess.run(  # noqa: S603
                 ["uv", "build", "--sdist", "--out-dir", temp_build_dir],  # noqa: S607
                 check=True,
                 capture_output=False,
-                env=build_env,
             )
 
             tarball_filename = next(

lib/crewai/src/crewai/cli/utils.py

@@ -484,12 +484,8 @@ def get_flows(flow_path: str = "main.py") -> list[Flow[Any]]:
             if flow_instances:
                 break
 
-    except Exception as e:
-        import logging
-
-        logging.getLogger(__name__).debug(
-            f"Could not load tool repository credentials: {e}"
-        )
+    except Exception:  # noqa: S110
+        pass
 
     return flow_instances
 
@@ -553,31 +549,6 @@ def build_env_with_tool_repository_credentials(
     return env
 
 
-def build_env_with_all_tool_credentials() -> dict[str, Any]:
-    """
-    Build environment dict with credentials for all tool repository indexes
-    found in pyproject.toml's [tool.uv.sources] section.
-
-    Returns:
-        dict: Environment variables with credentials for all private indexes.
-    """
-    env = os.environ.copy()
-    try:
-        pyproject_data = read_toml()
-        sources = pyproject_data.get("tool", {}).get("uv", {}).get("sources", {})
-
-        for source_config in sources.values():
-            if isinstance(source_config, dict):
-                index = source_config.get("index")
-                if index:
-                    index_env = build_env_with_tool_repository_credentials(index)
-                    env.update(index_env)
-    except Exception:  # noqa: S110
-        pass
-
-    return env
-
-
 @contextmanager
 def _load_module_from_file(
     init_file: Path, module_name: str | None = None

lib/crewai/src/crewai/experimental/agent_executor.py

@@ -1907,37 +1907,6 @@ class AgentExecutor(Flow[AgentExecutorState], CrewAgentExecutorMixin):
             "original_tool": original_tool,
         }
 
-    def _extract_tool_name(self, tool_call: Any) -> str:
-        """Extract tool name from various tool call formats."""
-        if hasattr(tool_call, "function"):
-            return sanitize_tool_name(tool_call.function.name)
-        if hasattr(tool_call, "function_call") and tool_call.function_call:
-            return sanitize_tool_name(tool_call.function_call.name)
-        if hasattr(tool_call, "name"):
-            return sanitize_tool_name(tool_call.name)
-        if isinstance(tool_call, dict):
-            func_info = tool_call.get("function", {})
-            return sanitize_tool_name(
-                func_info.get("name", "") or tool_call.get("name", "unknown")
-            )
-        return "unknown"
-
-    @router(execute_native_tool)
-    def check_native_todo_completion(
-        self,
-    ) -> Literal["todo_satisfied", "todo_not_satisfied"]:
-        """Check if the native tool execution satisfied the active todo.
-
-        Similar to check_todo_completion but for native tool execution path.
-        """
-        current_todo = self.state.todos.current_todo
-
-        if not current_todo:
-            return "todo_not_satisfied"
-
-        # For native tools, any tool execution satisfies the todo
-        return "todo_satisfied"
-
     @listen("initialized")
     def continue_iteration(self) -> Literal["check_iteration"]:
         """Bridge listener that connects iteration loop back to iteration check."""

lib/crewai/src/crewai/mcp/config.py

@@ -7,6 +7,7 @@ various transport types, similar to OpenAI's Agents SDK.
 from pydantic import BaseModel, Field
 
 from crewai.mcp.filters import ToolFilter
+from crewai.mcp.transports.stdio import DEFAULT_ALLOWED_COMMANDS
 
 
 class MCPServerStdio(BaseModel):
@@ -44,6 +45,14 @@ class MCPServerStdio(BaseModel):
         default=None,
         description="Optional tool filter for filtering available tools.",
     )
+    allowed_commands: frozenset[str] | None = Field(
+        default=DEFAULT_ALLOWED_COMMANDS,
+        description=(
+            "Optional frozenset of allowed command basenames for security validation. "
+            "Defaults to common runtimes (python, node, npx, uvx, uv, deno, docker). "
+            "Set to None to disable the allowlist check."
+        ),
+    )
     cache_tools_list: bool = Field(
         default=False,
         description="Whether to cache the tool list for faster subsequent access.",

lib/crewai/src/crewai/mcp/tool_resolver.py

@@ -292,6 +292,7 @@ class MCPToolResolver:
                 command=mcp_config.command,
                 args=mcp_config.args,
                 env=mcp_config.env,
+                allowed_commands=mcp_config.allowed_commands,
             )
             server_name = f"{mcp_config.command}_{'_'.join(mcp_config.args)}"
         elif isinstance(mcp_config, MCPServerHTTP):

lib/crewai/src/crewai/mcp/transports/__init__.py

@@ -3,11 +3,12 @@
 from crewai.mcp.transports.base import BaseTransport, TransportType
 from crewai.mcp.transports.http import HTTPTransport
 from crewai.mcp.transports.sse import SSETransport
-from crewai.mcp.transports.stdio import StdioTransport
+from crewai.mcp.transports.stdio import DEFAULT_ALLOWED_COMMANDS, StdioTransport
 
 
 __all__ = [
     "BaseTransport",
+    "DEFAULT_ALLOWED_COMMANDS",
     "HTTPTransport",
     "SSETransport",
     "StdioTransport",

lib/crewai/src/crewai/mcp/transports/stdio.py

@@ -9,6 +9,22 @@ from typing_extensions import Self
 
 from crewai.mcp.transports.base import BaseTransport, TransportType
 
+# Default allowlist for common MCP server runtimes.
+# Covers the vast majority of MCP server launch commands.
+# Pass ``allowed_commands=None`` to disable validation entirely.
+DEFAULT_ALLOWED_COMMANDS: frozenset[str] = frozenset(
+    {
+        "python",
+        "python3",
+        "node",
+        "npx",
+        "uvx",
+        "uv",
+        "deno",
+        "docker",
+    }
+)
+
 
 class StdioTransport(BaseTransport):
     """Stdio transport for connecting to local MCP servers.
@@ -34,6 +50,7 @@ class StdioTransport(BaseTransport):
         command: str,
         args: list[str] | None = None,
         env: dict[str, str] | None = None,
+        allowed_commands: frozenset[str] | None = DEFAULT_ALLOWED_COMMANDS,
         **kwargs: Any,
     ) -> None:
         """Initialize stdio transport.
@@ -42,9 +59,26 @@ class StdioTransport(BaseTransport):
             command: Command to execute (e.g., "python", "node", "npx").
             args: Command arguments (e.g., ["server.py"] or ["-y", "@mcp/server"]).
             env: Environment variables to pass to the process.
+            allowed_commands: Optional frozenset of allowed command basenames.
+                Defaults to ``DEFAULT_ALLOWED_COMMANDS`` which includes common
+                runtimes (python, node, npx, uvx, uv, deno, docker).  Pass
+                ``None`` to disable the check entirely.
             **kwargs: Additional transport options.
         """
         super().__init__(**kwargs)
+
+        if allowed_commands is not None:
+            base_command = os.path.basename(command)
+            # Strip extension for Windows compatibility (e.g., python.exe -> python)
+            base_command = os.path.splitext(base_command)[0]
+            if base_command not in allowed_commands:
+                raise ValueError(
+                    f"Command '{command}' is not in the allowed commands list: "
+                    f"{sorted(allowed_commands)}. "
+                    f"To allow this command, add it to allowed_commands or pass "
+                    f"allowed_commands=None to disable this check."
+                )
+
         self.command = command
         self.args = args or []
         self.env = env or {}

lib/crewai/tests/agents/test_agent_executor.py

@@ -927,30 +927,6 @@ class TestNativeToolExecution:
         assert len(tool_messages) == 1
         assert tool_messages[0]["tool_call_id"] == "call_1"
 
-    def test_check_native_todo_completion_requires_current_todo(
-        self, mock_dependencies
-    ):
-        from crewai.utilities.planning_types import TodoList
-
-        executor = _build_executor(**mock_dependencies)
-
-        # No current todo → not satisfied
-        executor.state.todos = TodoList(items=[])
-        assert executor.check_native_todo_completion() == "todo_not_satisfied"
-
-        # With a current todo that has tool_to_use → satisfied
-        running = TodoItem(
-            step_number=1,
-            description="Use the expected tool",
-            tool_to_use="expected_tool",
-            status="running",
-        )
-        executor.state.todos = TodoList(items=[running])
-        assert executor.check_native_todo_completion() == "todo_satisfied"
-
-        # With a current todo without tool_to_use → still satisfied
-        running.tool_to_use = None
-        assert executor.check_native_todo_completion() == "todo_satisfied"
 
 
 class TestPlannerObserver:

lib/crewai/tests/cli/tools/test_main.py

@@ -218,7 +218,6 @@ def test_publish_when_not_in_sync_and_force(
         ["uv", "build", "--sdist", "--out-dir", unittest.mock.ANY],
         check=True,
         capture_output=False,
-        env=unittest.mock.ANY,
     )
     mock_open.assert_called_with(unittest.mock.ANY, "rb")
     mock_publish.assert_called_with(
@@ -280,7 +279,6 @@ def test_publish_success(
         ["uv", "build", "--sdist", "--out-dir", unittest.mock.ANY],
         check=True,
         capture_output=False,
-        env=unittest.mock.ANY,
     )
     mock_open.assert_called_with(unittest.mock.ANY, "rb")
     mock_publish.assert_called_with(

lib/crewai/tests/mcp/test_stdio_config.py

@@ -0,0 +1,28 @@
+"""Tests for MCPServerStdio allowed_commands config integration."""
+
+from crewai.mcp.config import MCPServerStdio
+from crewai.mcp.transports.stdio import DEFAULT_ALLOWED_COMMANDS
+
+
+class TestMCPServerStdioConfig:
+    """Tests for the allowed_commands field on MCPServerStdio."""
+
+    def test_default_allowed_commands(self):
+        """MCPServerStdio should default to DEFAULT_ALLOWED_COMMANDS."""
+        config = MCPServerStdio(command="python", args=["server.py"])
+        assert config.allowed_commands == DEFAULT_ALLOWED_COMMANDS
+
+    def test_custom_allowed_commands(self):
+        """Users can override allowed_commands in config."""
+        custom = frozenset({"my-runtime"})
+        config = MCPServerStdio(
+            command="my-runtime", args=[], allowed_commands=custom
+        )
+        assert config.allowed_commands == custom
+
+    def test_none_allowed_commands(self):
+        """Users can disable the allowlist via config."""
+        config = MCPServerStdio(
+            command="anything", args=[], allowed_commands=None
+        )
+        assert config.allowed_commands is None

lib/crewai/tests/mcp/test_stdio_transport.py

@@ -0,0 +1,93 @@
+"""Tests for StdioTransport command allowlist validation."""
+
+import pytest
+
+from crewai.mcp.transports.stdio import DEFAULT_ALLOWED_COMMANDS, StdioTransport
+
+
+class TestStdioTransportAllowlist:
+    """Tests for the command allowlist feature."""
+
+    def test_default_allowed_commands_contains_common_runtimes(self):
+        """DEFAULT_ALLOWED_COMMANDS should include all common MCP server runtimes."""
+        expected = {"python", "python3", "node", "npx", "uvx", "uv", "deno", "docker"}
+        assert expected == DEFAULT_ALLOWED_COMMANDS
+
+    def test_allowed_command_passes_validation(self):
+        """Commands in the default allowlist should be accepted."""
+        for cmd in DEFAULT_ALLOWED_COMMANDS:
+            transport = StdioTransport(command=cmd, args=["server.py"])
+            assert transport.command == cmd
+
+    def test_allowed_command_with_full_path(self):
+        """Full paths to allowed commands should pass (basename is checked)."""
+        transport = StdioTransport(command="/usr/bin/python3", args=["server.py"])
+        assert transport.command == "/usr/bin/python3"
+
+    def test_disallowed_command_raises_value_error(self):
+        """Commands not in the allowlist should raise ValueError."""
+        with pytest.raises(ValueError, match="not in the allowed commands list"):
+            StdioTransport(command="malicious-binary", args=["--evil"])
+
+    def test_disallowed_command_with_full_path_raises(self):
+        """Full paths to disallowed commands should also be rejected."""
+        with pytest.raises(ValueError, match="not in the allowed commands list"):
+            StdioTransport(command="/tmp/evil/script", args=[])
+
+    def test_allowed_commands_none_disables_validation(self):
+        """Setting allowed_commands=None should disable the check entirely."""
+        transport = StdioTransport(
+            command="any-custom-binary",
+            args=["--flag"],
+            allowed_commands=None,
+        )
+        assert transport.command == "any-custom-binary"
+
+    def test_custom_allowlist(self):
+        """Users should be able to pass a custom allowlist."""
+        custom = frozenset({"my-server", "python"})
+
+        # Allowed
+        transport = StdioTransport(
+            command="my-server", args=[], allowed_commands=custom
+        )
+        assert transport.command == "my-server"
+
+        # Not allowed
+        with pytest.raises(ValueError, match="not in the allowed commands list"):
+            StdioTransport(command="node", args=[], allowed_commands=custom)
+
+    def test_extended_allowlist(self):
+        """Users should be able to extend the default allowlist."""
+        extended = DEFAULT_ALLOWED_COMMANDS | frozenset({"my-custom-runtime"})
+
+        transport = StdioTransport(
+            command="my-custom-runtime", args=[], allowed_commands=extended
+        )
+        assert transport.command == "my-custom-runtime"
+
+        # Original defaults still work
+        transport2 = StdioTransport(
+            command="python", args=["server.py"], allowed_commands=extended
+        )
+        assert transport2.command == "python"
+
+    def test_error_message_includes_sorted_allowed_commands(self):
+        """The error message should list the allowed commands for discoverability."""
+        with pytest.raises(ValueError) as exc_info:
+            StdioTransport(command="bad-cmd", args=[])
+
+        error_msg = str(exc_info.value)
+        assert "bad-cmd" in error_msg
+        assert "allowed_commands=None" in error_msg
+
+    def test_args_and_env_still_work(self):
+        """Existing args and env functionality should be unaffected."""
+        transport = StdioTransport(
+            command="python",
+            args=["server.py", "--port", "8080"],
+            env={"API_KEY": "test123"},
+        )
+        assert transport.command == "python"
+        assert transport.args == ["server.py", "--port", "8080"]
+        assert transport.env == {"API_KEY": "test123"}

lib/devtools/src/crewai_devtools/__init__.py

@@ -1,3 +1,3 @@
 """CrewAI development tools."""
 
-__version__ = "1.13.0"
+__version__ = "1.13.0a7"