test: add test script for LinearTool

The guardrail retry path passed a Pydantic object directly to
TaskOutput.raw (which expects a string), causing a ValidationError
when output_pydantic is set and a guardrail fails. Mirror the
BaseModel check from the initial execution path into both sync
and async retry loops.

Closes #5544 (part 1)

.github/workflows/linter.yml

@@ -6,7 +6,24 @@ permissions:
   contents: read
 
 jobs:
-  lint:
+  changes:
+    name: Detect changes
+    runs-on: ubuntu-latest
+    outputs:
+      code: ${{ steps.filter.outputs.code }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            code:
+              - '!docs/**'
+              - '!**/*.md'
+
+  lint-run:
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -48,3 +65,23 @@ jobs:
             ~/.local/share/uv
             .venv
           key: uv-main-py3.11-${{ hashFiles('uv.lock') }}
+
+  # Summary job to provide single status for branch protection
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    needs: [changes, lint-run]
+    if: always()
+    steps:
+      - name: Check results
+        run: |
+          if [ "${{ needs.changes.outputs.code }}" != "true" ]; then
+            echo "Docs-only change, skipping lint"
+            exit 0
+          fi
+          if [ "${{ needs.lint-run.result }}" == "success" ]; then
+            echo "Lint passed"
+          else
+            echo "Lint failed"
+            exit 1
+          fi

.github/workflows/tests.yml

@@ -6,8 +6,25 @@ permissions:
   contents: read
 
 jobs:
-  tests:
+  changes:
+    name: Detect changes
+    runs-on: ubuntu-latest
+    outputs:
+      code: ${{ steps.filter.outputs.code }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            code:
+              - '!docs/**'
+              - '!**/*.md'
+
+  tests-matrix:
     name: tests (${{ matrix.python-version }})
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     runs-on: ubuntu-latest
     timeout-minutes: 15
     strategy:
@@ -98,3 +115,23 @@ jobs:
             ~/.local/share/uv
             .venv
           key: uv-main-py${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
+
+  # Summary job to provide single status for branch protection
+  tests:
+    name: tests
+    runs-on: ubuntu-latest
+    needs: [changes, tests-matrix]
+    if: always()
+    steps:
+      - name: Check results
+        run: |
+          if [ "${{ needs.changes.outputs.code }}" != "true" ]; then
+            echo "Docs-only change, skipping tests"
+            exit 0
+          fi
+          if [ "${{ needs.tests-matrix.result }}" == "success" ]; then
+            echo "All tests passed"
+          else
+            echo "Tests failed"
+            exit 1
+          fi

.github/workflows/type-checker.yml

@@ -6,8 +6,25 @@ permissions:
   contents: read
 
 jobs:
+  changes:
+    name: Detect changes
+    runs-on: ubuntu-latest
+    outputs:
+      code: ${{ steps.filter.outputs.code }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            code:
+              - '!docs/**'
+              - '!**/*.md'
+
   type-checker-matrix:
     name: type-checker (${{ matrix.python-version }})
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -57,14 +74,18 @@ jobs:
   type-checker:
     name: type-checker
     runs-on: ubuntu-latest
-    needs: type-checker-matrix
+    needs: [changes, type-checker-matrix]
     if: always()
     steps:
-      - name: Check matrix results
+      - name: Check results
         run: |
-          if [ "${{ needs.type-checker-matrix.result }}" == "success" ] || [ "${{ needs.type-checker-matrix.result }}" == "skipped" ]; then
-            echo "✅ All type checks passed"
+          if [ "${{ needs.changes.outputs.code }}" != "true" ]; then
+            echo "Docs-only change, skipping type checks"
+            exit 0
+          fi
+          if [ "${{ needs.type-checker-matrix.result }}" == "success" ]; then
+            echo "All type checks passed"
           else
-            echo "❌ Type checks failed"
+            echo "Type checks failed"
             exit 1
           fi

.pre-commit-config.yaml

@@ -24,6 +24,14 @@ repos:
     rev: 0.11.3
     hooks:
       - id: uv-lock
+  - repo: local
+    hooks:
+      - id: pip-audit
+        name: pip-audit
+        entry: bash -c 'source .venv/bin/activate && uv run pip-audit --skip-editable --ignore-vuln CVE-2025-69872 --ignore-vuln CVE-2026-25645 --ignore-vuln CVE-2026-27448 --ignore-vuln CVE-2026-27459 --ignore-vuln PYSEC-2023-235' --
+        language: system
+        pass_filenames: false
+        stages: [pre-push, manual]
   - repo: https://github.com/commitizen-tools/commitizen
     rev: v4.10.1
     hooks:

crewai/tools/linear_tool.py

@@ -0,0 +1,124 @@
+import os
+from enum import Enum
+from typing import Any, Type
+
+import httpx
+from crewai.tools import BaseTool
+from pydantic import BaseModel, Field
+
+LINEAR_API_URL = "https://api.linear.app/graphql"
+
+
+class LinearAction(str, Enum):
+    MY_ISSUES = "my_issues"
+    LIST_TEAMS = "list_teams"
+    LIST_PROJECTS = "list_projects"
+
+
+class LinearToolInput(BaseModel):
+    action: LinearAction = Field(
+        description=(
+            "Action to perform: "
+            "'my_issues' — fetch issues assigned to the authenticated user; "
+            "'list_teams' — list all teams in the workspace; "
+            "'list_projects' — list all projects in the workspace."
+        )
+    )
+    first: int = Field(
+        default=25,
+        ge=1,
+        le=250,
+        description="Maximum number of records to return (1–250).",
+    )
+
+
+_QUERIES: dict[LinearAction, str] = {
+    LinearAction.MY_ISSUES: """
+        query MyIssues($first: Int!) {
+          viewer {
+            assignedIssues(first: $first, orderBy: updatedAt) {
+              nodes {
+                id
+                identifier
+                title
+                state { name }
+                priority
+                url
+                updatedAt
+              }
+            }
+          }
+        }
+    """,
+    LinearAction.LIST_TEAMS: """
+        query ListTeams($first: Int!) {
+          teams(first: $first) {
+            nodes {
+              id
+              name
+              key
+              description
+            }
+          }
+        }
+    """,
+    LinearAction.LIST_PROJECTS: """
+        query ListProjects($first: Int!) {
+          projects(first: $first, orderBy: updatedAt) {
+            nodes {
+              id
+              name
+              description
+              state
+              url
+              updatedAt
+            }
+          }
+        }
+    """,
+}
+
+
+def _extract(action: LinearAction, data: dict) -> list[dict]:
+    if action == LinearAction.MY_ISSUES:
+        return data["viewer"]["assignedIssues"]["nodes"]
+    if action == LinearAction.LIST_TEAMS:
+        return data["teams"]["nodes"]
+    if action == LinearAction.LIST_PROJECTS:
+        return data["projects"]["nodes"]
+    return []
+
+
+class LinearTool(BaseTool):
+    name: str = "Linear API Tool"
+    description: str = (
+        "Interact with the Linear project management API. "
+        "Supports fetching your assigned issues, listing teams, and listing projects."
+    )
+    args_schema: Type[BaseModel] = LinearToolInput
+
+    def _run(self, action: LinearAction, first: int = 25) -> Any:
+        api_key = os.environ.get("LINEAR_API_KEY", "")
+        if not api_key:
+            raise EnvironmentError("LINEAR_API_KEY environment variable is not set.")
+
+        query = _QUERIES[action]
+        payload = {"query": query, "variables": {"first": first}}
+        headers = {
+            "Authorization": api_key,
+            "Content-Type": "application/json",
+        }
+
+        response = httpx.post(
+            LINEAR_API_URL,
+            json=payload,
+            headers=headers,
+            timeout=15,
+        )
+        response.raise_for_status()
+
+        body = response.json()
+        if "errors" in body:
+            raise RuntimeError(f"Linear API errors: {body['errors']}")
+
+        return _extract(action, body["data"])

docs/ar/changelog.mdx

@@ -4,6 +4,316 @@ description: "تحديثات المنتج والتحسينات وإصلاحات
 icon: "clock"
 mode: "wide"
 ---
+<Update label="21 أبريل 2026">
+  ## v1.14.3a1
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.3a1)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة دعم نقاط التحقق والفروع لوكلاء مستقلين
+
+  ### إصلاحات الأخطاء
+  - الحفاظ على thought_signature في استدعاءات أداة البث Gemini
+  - إصدار task_started عند استئناف الفرع وإعادة تصميم واجهة المستخدم النصية لنقاط التحقق
+  - تصحيح ترتيب التشغيل الجاف ومعالجة الفرع القديم الذي تم التحقق منه في إصدار أدوات التطوير
+  - استخدام تواريخ مستقبلية في اختبارات تقليم نقاط التحقق لمنع الفشل المعتمد على الوقت (#5543)
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.2
+
+  ## المساهمون
+
+  @alex-clawd, @greysonlalonde
+
+</Update>
+
+<Update label="17 أبريل 2026">
+  ## v1.14.2
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة أوامر استئناف النقاط التفتيش، والاختلاف، والتنظيف مع تحسين إمكانية الاكتشاف.
+  - إضافة معلمة `from_checkpoint` إلى `Agent.kickoff` والطرق ذات الصلة.
+  - إضافة أوامر إدارة القوالب لقوالب المشاريع.
+  - إضافة تلميحات استئناف إلى إصدار أدوات المطور عند الفشل.
+  - إضافة واجهة سطر الأوامر للتحقق من النشر وتعزيز سهولة استخدام تهيئة LLM.
+  - إضافة تقسيم النقاط التفتيشية مع تتبع النسب.
+  - إثراء تتبع رموز LLM مع رموز الاستدلال ورموز إنشاء التخزين المؤقت.
+
+  ### إصلاحات الأخطاء
+  - إصلاح المطالبة بشأن تعارضات الفروع القديمة في إصدار أدوات المطور.
+  - تصحيح الثغرات في `authlib` و `langchain-text-splitters` و `pypdf`.
+  - تحديد نطاق معالجات البث لمنع تلوث أجزاء التشغيل المتقاطعة.
+  - إرسال نقاط التفتيش عبر واجهات Flow في TUI.
+  - استخدام نمط البحث المتكرر لاكتشاف نقاط التفتيش بتنسيق JSON.
+  - التعامل مع مخططات JSON الدائرية في أداة حل MCP.
+  - الحفاظ على معلمات استدعاء أداة Bedrock من خلال إزالة القيمة الافتراضية الصحيحة.
+  - إصدار حدث flow_finished بعد استئناف HITL.
+  - إصلاح ثغرات متنوعة من خلال تحديث التبعيات، بما في ذلك `requests` و `cryptography` و `pytest`.
+  - إصلاح لإيقاف تمرير وضع صارم إلى واجهة برمجة التطبيقات Bedrock Converse.
+
+  ### الوثائق
+  - توثيق المعلمات المفقودة وإضافة قسم النقاط التفتيشية.
+  - تحديث سجل التغييرات والإصدار للإصدار v1.14.2 ومرشحي الإصدار السابقين.
+  - إضافة توثيق ميزة A2A الخاصة بالشركات وتحديث وثائق A2A المفتوحة المصدر.
+
+  ## المساهمون
+
+  @Yanhu007، @alex-clawd، @github-actions[bot]، @greysonlalonde، @iris-clawd، @lorenzejay، @lucasgomide
+
+</Update>
+
+<Update label="16 أبريل 2026">
+  ## v1.14.2rc1
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2rc1)
+
+  ## ما الذي تغير
+
+  ### إصلاحات الأخطاء
+  - إصلاح معالجة مخططات JSON الدائرية في أداة MCP
+  - إصلاح ثغرة أمنية من خلال تحديث python-multipart إلى 0.0.26
+  - إصلاح ثغرة أمنية من خلال تحديث pypdf إلى 6.10.1
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.2a5
+
+  ## المساهمون
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="15 أبريل 2026">
+  ## v1.14.2a5
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a5)
+
+  ## ما الذي تغير
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.2a4
+
+  ## المساهمون
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="15 أبريل 2026">
+  ## v1.14.2a4
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a4)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة تلميحات استئناف إلى إصدار أدوات المطورين عند الفشل
+
+  ### إصلاحات الأخطاء
+  - إصلاح توجيه وضع الصرامة إلى واجهة برمجة تطبيقات Bedrock Converse
+  - إصلاح إصدار pytest إلى 9.0.3 لثغرة الأمان GHSA-6w46-j5rx-g56g
+  - رفع الحد الأدنى لـ OpenAI إلى >=2.0.0
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.2a3
+
+  ## المساهمون
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="13 أبريل 2026">
+  ## v1.14.2a3
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a3)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة واجهة سطر الأوامر للتحقق من النشر
+  - تحسين سهولة استخدام تهيئة LLM
+
+  ### إصلاحات الأخطاء
+  - تجاوز pypdf و uv إلى إصدارات مصححة لـ CVE-2026-40260 و GHSA-pjjw-68hj-v9mw
+  - ترقية requests إلى >=2.33.0 لمعالجة ثغرة ملف مؤقت CVE
+  - الحفاظ على معلمات استدعاء أداة Bedrock من خلال إزالة القيمة الافتراضية الصحيحة
+  - تنظيف مخططات الأدوات لوضع صارم
+  - إصلاح اختبار تسلسل تضمين MemoryRecord
+
+  ### الوثائق
+  - تنظيف لغة A2A الخاصة بالمؤسسات
+  - إضافة وثائق ميزات A2A الخاصة بالمؤسسات
+  - تحديث وثائق A2A الخاصة بالمصادر المفتوحة
+  - تحديث سجل التغييرات والإصدار لـ v1.14.2a2
+
+  ## المساهمون
+
+  @Yanhu007, @greysonlalonde
+
+</Update>
+
+<Update label="10 أبريل 2026">
+  ## v1.14.2a2
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a2)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة واجهة مستخدم نصية لنقطة التحقق مع عرض شجري، ودعم التفرع، ومدخلات/مخرجات قابلة للتعديل
+  - إثراء تتبع رموز LLM مع رموز الاستدلال ورموز إنشاء التخزين المؤقت
+  - إضافة معلمة `from_checkpoint` إلى طرق الانطلاق
+  - تضمين `crewai_version` في نقاط التحقق مع إطار عمل الهجرة
+  - إضافة تفرع نقاط التحقق مع تتبع السلالة
+
+  ### إصلاحات الأخطاء
+  - إصلاح توجيه الوضع الصارم إلى مزودي Anthropic وBedrock
+  - تعزيز NL2SQLTool مع وضع القراءة فقط الافتراضي، والتحقق من الاستعلامات، والاستعلامات المعلمة
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.2a1
+
+  ## المساهمون
+
+  @alex-clawd, @github-actions[bot], @greysonlalonde, @lucasgomide
+
+</Update>
+
+<Update label="9 أبريل 2026">
+  ## v1.14.2a1
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a1)
+
+  ## ما الذي تغير
+
+  ### إصلاحات الأخطاء
+  - إصلاح إصدار حدث flow_finished بعد استئناف HITL
+  - إصلاح إصدار التشفير إلى 46.0.7 لمعالجة CVE-2026-39892
+
+  ### إعادة هيكلة
+  - إعادة هيكلة لاستخدام I18N_DEFAULT المشترك
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.1
+
+  ## المساهمون
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="9 أبريل 2026">
+  ## v1.14.1
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.1)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة متصفح TUI لنقاط التفتيش غير المتزامنة
+  - إضافة دالة aclose()/close() ومدير سياق غير متزامن لمخرجات البث
+
+  ### إصلاحات الأخطاء
+  - إصلاح التعبير النمطي لزيادة إصدار pyproject.toml
+  - تنظيف أسماء الأدوات في مرشحات زخرفة الخطاف
+  - إصلاح تسجيل معالجات نقاط التفتيش عند إنشاء CheckpointConfig
+  - رفع إصدار transformers إلى 5.5.0 لحل CVE-2026-1839
+  - إزالة غلاف FilteredStream لـ stdout/stderr
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.1rc1
+
+  ### إعادة الهيكلة
+  - استبدال القائمة المحظورة الثابتة باستبعاد حقل BaseTool الديناميكي في توليد المواصفات
+  - استبدال التعبير النمطي بـ tomlkit في واجهة سطر أوامر أدوات التطوير
+  - استخدام كائن PRINTER المشترك
+  - جعل BaseProvider نموذجاً أساسياً مع مميز نوع المزود
+
+  ## المساهمون
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay
+
+</Update>
+
+<Update label="9 أبريل 2026">
+  ## v1.14.1rc1
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.1rc1)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة متصفح TUI لنقطة التحقق غير المتزامنة
+  - إضافة aclose()/close() ومدير سياق غير متزامن لمخرجات البث
+
+  ### إصلاحات الأخطاء
+  - إصلاح زيادة إصدارات pyproject.toml باستخدام التعبيرات العادية
+  - تنظيف أسماء الأدوات في مرشحات ديكور المكونات
+  - زيادة إصدار transformers إلى 5.5.0 لحل CVE-2026-1839
+  - تسجيل معالجات نقطة التحقق عند إنشاء CheckpointConfig
+
+  ### إعادة الهيكلة
+  - استبدال القائمة المحظورة الثابتة باستبعاد حقل BaseTool الديناميكي في توليد المواصفات
+  - استبدال التعبيرات العادية بـ tomlkit في واجهة سطر الأوامر devtools
+  - استخدام كائن PRINTER المشترك
+  - جعل BaseProvider نموذجًا أساسيًا مع مميز نوع المزود
+  - إزالة غلاف stdout/stderr لـ FilteredStream
+  - إزالة flow/config.py غير المستخدمة
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.0
+
+  ## المساهمون
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura
+
+</Update>
+
+<Update label="7 أبريل 2026">
+  ## v1.14.0
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.0)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة أوامر CLI لقائمة/معلومات نقاط التحقق
+  - إضافة guardrail_type و name لتمييز التتبع
+  - إضافة SqliteProvider لتخزين نقاط التحقق
+  - إضافة CheckpointConfig للتسجيل التلقائي لنقاط التحقق
+  - تنفيذ تسجيل حالة وقت التشغيل، نظام الأحداث، وإعادة هيكلة المنفذ
+
+  ### إصلاحات الأخطاء
+  - إضافة حماية من SSRF وتجاوز المسار
+  - إضافة التحقق من المسار وعنوان URL لأدوات RAG
+  - استبعاد متجهات التضمين من تسلسل الذاكرة لتوفير الرموز
+  - التأكد من وجود دليل الإخراج قبل الكتابة في قالب التدفق
+  - رفع litellm إلى >=1.83.0 لمعالجة CVE-2026-35030
+  - إزالة حقل فهرسة SEO الذي يتسبب في عرض الصفحة العربية بشكل غير صحيح
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.14.0
+  - تحديث أدلة البدء السريع والتثبيت لتحسين الوضوح
+  - إضافة قسم مزودي التخزين، تصدير JsonProvider
+  - إضافة دليل علامة AMP التدريبية
+
+  ### إعادة الهيكلة
+  - تنظيف واجهة برمجة تطبيقات نقاط التحقق
+  - إزالة CodeInterpreterTool وإهمال معلمات تنفيذ الكود
+
+  ## المساهمون
+
+  @alex-clawd, @github-actions[bot], @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay, @lucasgomide
+
+</Update>
+
 <Update label="7 أبريل 2026">
   ## v1.14.0a4
 

docs/ar/concepts/agents.mdx

@@ -250,16 +250,12 @@ analysis_agent = Agent(
 
 #### تنفيذ الكود
 
-- `allow_code_execution`: يجب أن يكون True لتشغيل الكود
-- `code_execution_mode`:
-  - `"safe"`: يستخدم Docker (موصى به للإنتاج)
-  - `"unsafe"`: تنفيذ مباشر (استخدم فقط في بيئات موثوقة)
+<Warning>
+  `allow_code_execution` و`code_execution_mode` مهجوران. تمت إزالة `CodeInterpreterTool` من `crewai-tools`. استخدم خدمة بيئة معزولة مخصصة مثل [E2B](https://e2b.dev) أو [Modal](https://modal.com) لتنفيذ الكود بأمان.
+</Warning>
 
-<Note>
-  يشغّل هذا صورة Docker افتراضية. إذا أردت تهيئة صورة Docker،
-  راجع أداة Code Interpreter في قسم الأدوات. أضف أداة
-  مفسر الكود كأداة في معامل أداة الوكيل.
-</Note>
+- `allow_code_execution` _(مهجور)_: كان يُمكّن تنفيذ الكود المدمج عبر `CodeInterpreterTool`.
+- `code_execution_mode` _(مهجور)_: كان يتحكم في وضع التنفيذ (`"safe"` لـ Docker، `"unsafe"` للتنفيذ المباشر).
 
 #### الميزات المتقدمة
 
@@ -332,9 +328,9 @@ print(result.raw)
 
 ### الأمان وتنفيذ الكود
 
-- عند استخدام `allow_code_execution`، كن حذرًا مع مدخلات المستخدم وتحقق منها دائمًا
-- استخدم `code_execution_mode: "safe"` (Docker) في بيئات الإنتاج
-- فكّر في تعيين حدود `max_execution_time` مناسبة لمنع الحلقات اللانهائية
+<Warning>
+  `allow_code_execution` و`code_execution_mode` مهجوران وتمت إزالة `CodeInterpreterTool`. استخدم خدمة بيئة معزولة مخصصة مثل [E2B](https://e2b.dev) أو [Modal](https://modal.com) لتنفيذ الكود بأمان.
+</Warning>
 
 ### تحسين الأداء
 

docs/ar/concepts/checkpointing.mdx

@@ -39,7 +39,7 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./my_checkpoints",
+        location="./my_checkpoints",
         on_events=["task_completed", "crew_kickoff_completed"],
         max_checkpoints=5,
     ),
@@ -50,7 +50,7 @@ crew = Crew(
 
 | الحقل | النوع | الافتراضي | الوصف |
 |:------|:------|:----------|:------|
-| `directory` | `str` | `"./.checkpoints"` | مسار ملفات نقاط الحفظ |
+| `location` | `str` | `"./.checkpoints"` | مسار ملفات نقاط الحفظ |
 | `on_events` | `list[str]` | `["task_completed"]` | انواع الاحداث التي تطلق نقطة حفظ |
 | `provider` | `BaseProvider` | `JsonProvider()` | واجهة التخزين |
 | `max_checkpoints` | `int \| None` | `None` | الحد الاقصى للملفات؛ يتم حذف الاقدم اولا |
@@ -95,7 +95,7 @@ result = crew.kickoff()  # يستأنف من اخر مهمة مكتملة
 crew = Crew(
     agents=[researcher, writer],
     tasks=[research_task, write_task, review_task],
-    checkpoint=CheckpointConfig(directory="./crew_cp"),
+    checkpoint=CheckpointConfig(location="./crew_cp"),
 )
 ```
 
@@ -118,7 +118,7 @@ class MyFlow(Flow):
 
 flow = MyFlow(
     checkpoint=CheckpointConfig(
-        directory="./flow_cp",
+        location="./flow_cp",
         on_events=["method_execution_finished"],
     ),
 )
@@ -137,7 +137,7 @@ agent = Agent(
     goal="Research topics",
     backstory="Expert researcher",
     checkpoint=CheckpointConfig(
-        directory="./agent_cp",
+        location="./agent_cp",
         on_events=["lite_agent_execution_completed"],
     ),
 )
@@ -160,7 +160,7 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./my_checkpoints",
+        location="./my_checkpoints",
         provider=JsonProvider(),
         max_checkpoints=5,
     ),
@@ -179,15 +179,12 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./.checkpoints.db",
-        provider=SqliteProvider(max_checkpoints=50),
+        location="./.checkpoints.db",
+        provider=SqliteProvider(),
     ),
 )
 ```
 
-<Note>
-عند استخدام `SqliteProvider`، حقل `directory` هو مسار ملف قاعدة البيانات، وليس مجلدا.
-</Note>
 
 ## انواع الاحداث
 

docs/ar/installation.mdx

@@ -196,7 +196,7 @@ python3 --version
 - يدعم أي مزود سحابي بما في ذلك النشر المحلي
 - تكامل مع أنظمة الأمان الحالية
 
-<Card title="استكشف خيارات المؤسسات" icon="building" href="https://crewai.com/enterprise">
+<Card title="استكشف خيارات المؤسسات" icon="building" href="https://share.hsforms.com/1Ooo2UViKQ22UOzdr7i77iwr87kg">
   تعرّف على عروض CrewAI للمؤسسات وجدول عرضًا توضيحيًا
 </Card>
 </Note>

docs/ar/learn/streaming-crew-execution.mdx

@@ -325,6 +325,34 @@ asyncio.run(interactive_research())
 - **تجربة المستخدم**: تقليل زمن الاستجابة المتصور بعرض نتائج تدريجية
 - **لوحات المعلومات الحية**: بناء واجهات مراقبة تعرض حالة تنفيذ الطاقم
 
+## الإلغاء وتنظيف الموارد
+
+يدعم `CrewStreamingOutput` الإلغاء السلس بحيث يتوقف العمل الجاري فوراً عند انقطاع اتصال المستهلك.
+
+### مدير السياق غير المتزامن
+
+```python Code
+streaming = await crew.akickoff(inputs={"topic": "AI"})
+
+async with streaming:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+```
+
+### الإلغاء الصريح
+
+```python Code
+streaming = await crew.akickoff(inputs={"topic": "AI"})
+try:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+finally:
+    await streaming.aclose()  # غير متزامن
+    # streaming.close()       # المكافئ المتزامن
+```
+
+بعد الإلغاء، يكون كل من `streaming.is_cancelled` و `streaming.is_completed` بقيمة `True`. كل من `aclose()` و `close()` متساويان القوة.
+
 ## ملاحظات مهمة
 
 - يفعّل البث تلقائياً بث LLM لجميع الوكلاء في الطاقم

docs/ar/learn/streaming-flow-execution.mdx

@@ -420,6 +420,34 @@ except Exception as e:
         print("Streaming completed but flow encountered an error")
 ```
 
+## الإلغاء وتنظيف الموارد
+
+يدعم `FlowStreamingOutput` الإلغاء السلس بحيث يتوقف العمل الجاري فوراً عند انقطاع اتصال المستهلك.
+
+### مدير السياق غير المتزامن
+
+```python Code
+streaming = await flow.kickoff_async()
+
+async with streaming:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+```
+
+### الإلغاء الصريح
+
+```python Code
+streaming = await flow.kickoff_async()
+try:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+finally:
+    await streaming.aclose()  # غير متزامن
+    # streaming.close()       # المكافئ المتزامن
+```
+
+بعد الإلغاء، يكون كل من `streaming.is_cancelled` و `streaming.is_completed` بقيمة `True`. كل من `aclose()` و `close()` متساويان القوة.
+
 ## ملاحظات مهمة
 
 - يفعّل البث تلقائياً بث LLM لأي أطقم مستخدمة داخل التدفق

docs/ar/skills.mdx

@@ -0,0 +1,50 @@
+---
+title: Skills
+description: ثبّت crewaiinc/skills من السجل الرسمي على skills.sh—Flows وCrews ووكلاء مرتبطون بالوثائق لـ Claude Code وCursor وCodex وغيرها.
+icon: wand-magic-sparkles
+mode: "wide"
+---
+
+# Skills
+
+**امنح وكيل البرمجة سياق CrewAI في أمر واحد.**
+
+تُنشر **Skills** الخاصة بـ CrewAI على **[skills.sh/crewaiinc/skills](https://skills.sh/crewaiinc/skills)**—السجل الرسمي لـ `crewaiinc/skills`، بما في ذلك كل مهارة (مثل **design-agent** و**getting-started** و**design-task** و**ask-docs**) وإحصاءات التثبيت والتدقيقات. تعلّم وكلاء البرمجة—مثل Claude Code وCursor وCodex—هيكلة Flows وضبط Crews واستخدام الأدوات واتباع أنماط CrewAI. نفّذ الأمر أدناه (أو الصقه في الوكيل).
+
+```shell Terminal
+npx skills add crewaiinc/skills
+```
+
+يضيف ذلك حزمة المهارات إلى سير عمل الوكيل لتطبيق اتفاقيات CrewAI دون إعادة شرح الإطار في كل جلسة. المصدر والقضايا على [GitHub](https://github.com/crewAIInc/skills).
+
+## ما يحصل عليه الوكيل
+
+- **Flows** — تطبيقات ذات حالة وخطوات وkickoffs للـ crew على نمط CrewAI
+- **Crews والوكلاء** — أنماط YAML أولاً، أدوار، مهام، وتفويض
+- **الأدوات والتكاملات** — ربط الوكلاء بالبحث وواجهات API وأدوات CrewAI الشائعة
+- **هيكل المشروع** — مواءمة مع قوالب CLI واتفاقيات المستودع
+- **أنماط محدثة** — تتبع المهارات وثائق CrewAI والممارسات الموصى بها
+
+## تعرّف أكثر على هذا الموقع
+
+<CardGroup cols={2}>
+  <Card title="أدوات البرمجة و AGENTS.md" icon="terminal" href="/ar/guides/coding-tools/agents-md">
+    استخدام `AGENTS.md` وسير عمل وكلاء البرمجة مع CrewAI.
+  </Card>
+  <Card title="البداية السريعة" icon="rocket" href="/ar/quickstart">
+    ابنِ أول Flow وcrew من البداية للنهاية.
+  </Card>
+  <Card title="التثبيت" icon="download" href="/ar/installation">
+    ثبّت CrewAI CLI وحزمة Python.
+  </Card>
+  <Card title="سجل Skills (skills.sh)" icon="globe" href="https://skills.sh/crewaiinc/skills">
+    القائمة الرسمية لـ `crewaiinc/skills`—المهارات والتثبيتات والتدقيقات.
+  </Card>
+  <Card title="المصدر على GitHub" icon="code-branch" href="https://github.com/crewAIInc/skills">
+    مصدر الحزمة والتحديثات والقضايا.
+  </Card>
+</CardGroup>
+
+### فيديو: CrewAI مع مهارات وكلاء البرمجة
+
+<iframe src="https://www.loom.com/embed/befb9f68b81f42ad8112bfdd95a780af" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen style={{ width: "100%", height: "400px" }} />

docs/ar/tools/ai-ml/codeinterpretertool.mdx

@@ -7,6 +7,10 @@ mode: "wide"
 
 # `CodeInterpreterTool`
 
+<Warning>
+  **مهجور:** تمت إزالة `CodeInterpreterTool` من `crewai-tools`. كما أن معاملَي `allow_code_execution` و`code_execution_mode` على `Agent` أصبحا مهجورَين. استخدم خدمة بيئة معزولة مخصصة — [E2B](https://e2b.dev) أو [Modal](https://modal.com) — لتنفيذ الكود بشكل آمن ومعزول.
+</Warning>
+
 ## الوصف
 
 تمكّن `CodeInterpreterTool` وكلاء CrewAI من تنفيذ كود Python 3 الذي يولّدونه بشكل مستقل. هذه الوظيفة ذات قيمة خاصة لأنها تتيح للوكلاء إنشاء الكود وتنفيذه والحصول على النتائج واستخدام تلك المعلومات لاتخاذ القرارات والإجراءات اللاحقة.

docs/ar/tools/database-data/nl2sqltool.mdx

@@ -11,7 +11,7 @@ mode: "wide"
 
 يتيح ذلك سير عمل متعددة مثل أن يقوم وكيل بالوصول إلى قاعدة البيانات واسترجاع المعلومات بناءً على الهدف ثم استخدام تلك المعلومات لتوليد استجابة أو تقرير أو أي مخرجات أخرى. بالإضافة إلى ذلك، يوفر القدرة للوكيل على تحديث قاعدة البيانات بناءً على هدفه.
 
-**تنبيه**: تأكد من أن الوكيل لديه وصول إلى نسخة قراءة فقط أو أنه من المقبول أن يقوم الوكيل بتنفيذ استعلامات إدراج/تحديث على قاعدة البيانات.
+**تنبيه**: الأداة للقراءة فقط بشكل افتراضي (SELECT/SHOW/DESCRIBE/EXPLAIN فقط). تتطلب عمليات الكتابة تمرير `allow_dml=True` أو ضبط متغير البيئة `CREWAI_NL2SQL_ALLOW_DML=true`. عند تفعيل الكتابة، تأكد من أن الوكيل يستخدم مستخدم قاعدة بيانات محدود الصلاحيات أو نسخة قراءة كلما أمكن.
 
 ## نموذج الأمان
 
@@ -36,6 +36,74 @@ mode: "wide"
 - أضف خطافات `before_tool_call` لفرض أنماط الاستعلام المسموح بها
 - فعّل تسجيل الاستعلامات والتنبيهات للعبارات التدميرية
 
+## وضع القراءة فقط وتهيئة DML
+
+تعمل `NL2SQLTool` في **وضع القراءة فقط بشكل افتراضي**. لا يُسمح إلا بأنواع العبارات التالية دون تهيئة إضافية:
+
+- `SELECT`
+- `SHOW`
+- `DESCRIBE`
+- `EXPLAIN`
+
+أي محاولة لتنفيذ عملية كتابة (`INSERT`، `UPDATE`، `DELETE`، `DROP`، `CREATE`، `ALTER`، `TRUNCATE`، إلخ) ستُسبب خطأً ما لم يتم تفعيل DML صراحةً.
+
+كما تُحظر الاستعلامات متعددة العبارات التي تحتوي على فاصلة منقوطة (مثل `SELECT 1; DROP TABLE users`) في وضع القراءة فقط لمنع هجمات الحقن.
+
+### تفعيل عمليات الكتابة
+
+يمكنك تفعيل DML (لغة معالجة البيانات) بطريقتين:
+
+**الخيار الأول — معامل المُنشئ:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+nl2sql = NL2SQLTool(
+    db_uri="postgresql://example@localhost:5432/test_db",
+    allow_dml=True,
+)
+```
+
+**الخيار الثاني — متغير البيئة:**
+
+```bash
+CREWAI_NL2SQL_ALLOW_DML=true
+```
+
+```python
+from crewai_tools import NL2SQLTool
+
+# DML مفعّل عبر متغير البيئة
+nl2sql = NL2SQLTool(db_uri="postgresql://example@localhost:5432/test_db")
+```
+
+### أمثلة الاستخدام
+
+**القراءة فقط (الافتراضي) — آمن للتحليلات والتقارير:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+# يُسمح فقط بـ SELECT/SHOW/DESCRIBE/EXPLAIN
+nl2sql = NL2SQLTool(db_uri="postgresql://example@localhost:5432/test_db")
+```
+
+**مع تفعيل DML — مطلوب لأعباء عمل الكتابة:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+# يُسمح بـ INSERT وUPDATE وDELETE وDROP وغيرها
+nl2sql = NL2SQLTool(
+    db_uri="postgresql://example@localhost:5432/test_db",
+    allow_dml=True,
+)
+```
+
+<Warning>
+يمنح تفعيل DML للوكيل القدرة على تعديل البيانات أو حذفها. لا تفعّله إلا عندما يتطلب حالة الاستخدام صراحةً وصولاً للكتابة، وتأكد من أن بيانات اعتماد قاعدة البيانات محدودة بالحد الأدنى من الصلاحيات المطلوبة.
+</Warning>
+
 ## المتطلبات
 
 - SqlAlchemy

docs/ar/tools/file-document/csvsearchtool.mdx

@@ -74,3 +74,19 @@ tool = CSVSearchTool(
     }
 )
 ```
+
+## الأمان
+
+### التحقق من صحة المسارات
+
+يتم التحقق من مسارات الملفات المقدمة لهذه الأداة مقابل مجلد العمل الحالي. يتم رفض المسارات التي تحل خارج مجلد العمل وإطلاق `ValueError`.
+
+للسماح بالمسارات خارج مجلد العمل (مثلاً في الاختبارات أو خطوط الأنابيب الموثوقة)، عيّن متغير البيئة التالي:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### التحقق من صحة الروابط
+
+يتم التحقق من مدخلات الروابط: يتم حظر مخطط `file://` والطلبات التي تستهدف نطاقات IP الخاصة أو المحجوزة لمنع هجمات تزوير الطلبات من جانب الخادم (SSRF).

docs/ar/tools/file-document/directorysearchtool.mdx

@@ -68,3 +68,15 @@ tool = DirectorySearchTool(
     }
 )
 ```
+
+## الأمان
+
+### التحقق من صحة المسارات
+
+يتم التحقق من مسارات المجلدات المقدمة لهذه الأداة مقابل مجلد العمل الحالي. يتم رفض المسارات التي تحل خارج مجلد العمل وإطلاق `ValueError`.
+
+للسماح بالمسارات خارج مجلد العمل (مثلاً في الاختبارات أو خطوط الأنابيب الموثوقة)، عيّن متغير البيئة التالي:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```

docs/ar/tools/file-document/jsonsearchtool.mdx

@@ -73,3 +73,19 @@ tool = JSONSearchTool(
     }
 )
 ```
+
+## الأمان
+
+### التحقق من صحة المسارات
+
+يتم التحقق من مسارات الملفات المقدمة لهذه الأداة مقابل مجلد العمل الحالي. يتم رفض المسارات التي تحل خارج مجلد العمل وإطلاق `ValueError`.
+
+للسماح بالمسارات خارج مجلد العمل (مثلاً في الاختبارات أو خطوط الأنابيب الموثوقة)، عيّن متغير البيئة التالي:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### التحقق من صحة الروابط
+
+يتم التحقق من مدخلات الروابط: يتم حظر مخطط `file://` والطلبات التي تستهدف نطاقات IP الخاصة أو المحجوزة لمنع هجمات تزوير الطلبات من جانب الخادم (SSRF).

docs/ar/tools/file-document/pdfsearchtool.mdx

@@ -105,3 +105,19 @@ tool = PDFSearchTool(
     }
 )
 ```
+
+## الأمان
+
+### التحقق من صحة المسارات
+
+يتم التحقق من مسارات الملفات المقدمة لهذه الأداة مقابل مجلد العمل الحالي. يتم رفض المسارات التي تحل خارج مجلد العمل وإطلاق `ValueError`.
+
+للسماح بالمسارات خارج مجلد العمل (مثلاً في الاختبارات أو خطوط الأنابيب الموثوقة)، عيّن متغير البيئة التالي:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### التحقق من صحة الروابط
+
+يتم التحقق من مدخلات الروابط: يتم حظر مخطط `file://` والطلبات التي تستهدف نطاقات IP الخاصة أو المحجوزة لمنع هجمات تزوير الطلبات من جانب الخادم (SSRF).

docs/en/changelog.mdx

@@ -4,6 +4,316 @@ description: "Product updates, improvements, and bug fixes for CrewAI"
 icon: "clock"
 mode: "wide"
 ---
+<Update label="Apr 21, 2026">
+  ## v1.14.3a1
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.3a1)
+
+  ## What's Changed
+
+  ### Features
+  - Add checkpoint and fork support to standalone agents
+
+  ### Bug Fixes
+  - Preserve thought_signature in Gemini streaming tool calls
+  - Emit task_started on fork resume and redesign checkpoint TUI
+  - Correct dry-run order and handle checked-out stale branch in devtools release
+  - Use future dates in checkpoint prune tests to prevent time-dependent failures (#5543)
+
+  ### Documentation
+  - Update changelog and version for v1.14.2
+
+  ## Contributors
+
+  @alex-clawd, @greysonlalonde
+
+</Update>
+
+<Update label="Apr 17, 2026">
+  ## v1.14.2
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2)
+
+  ## What's Changed
+
+  ### Features
+  - Add checkpoint resume, diff, and prune commands with improved discoverability.
+  - Add `from_checkpoint` parameter to `Agent.kickoff` and related methods.
+  - Add template management commands for project templates.
+  - Add resume hints to devtools release on failure.
+  - Add deploy validation CLI and enhance LLM initialization ergonomics.
+  - Add checkpoint forking with lineage tracking.
+  - Enrich LLM token tracking with reasoning tokens and cache creation tokens.
+
+  ### Bug Fixes
+  - Fix prompt on stale branch conflicts in devtools release.
+  - Patch vulnerabilities in `authlib`, `langchain-text-splitters`, and `pypdf`.
+  - Scope streaming handlers to prevent cross-run chunk contamination.
+  - Dispatch Flow checkpoints through Flow APIs in TUI.
+  - Use recursive glob for JSON checkpoint discovery.
+  - Handle cyclic JSON schemas in MCP tool resolution.
+  - Preserve Bedrock tool call arguments by removing truthy default.
+  - Emit flow_finished event after HITL resume.
+  - Fix various vulnerabilities by updating dependencies, including `requests`, `cryptography`, and `pytest`.
+  - Fix to stop forwarding strict mode to Bedrock Converse API.
+
+  ### Documentation
+  - Document missing parameters and add Checkpointing section.
+  - Update changelog and version for v1.14.2 and previous release candidates.
+  - Add enterprise A2A feature documentation and update OSS A2A docs.
+
+  ## Contributors
+
+  @Yanhu007, @alex-clawd, @github-actions[bot], @greysonlalonde, @iris-clawd, @lorenzejay, @lucasgomide
+
+</Update>
+
+<Update label="Apr 16, 2026">
+  ## v1.14.2rc1
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2rc1)
+
+  ## What's Changed
+
+  ### Bug Fixes
+  - Fix handling of cyclic JSON schemas in MCP tool resolution
+  - Fix vulnerability by bumping python-multipart to 0.0.26
+  - Fix vulnerability by bumping pypdf to 6.10.1
+
+  ### Documentation
+  - Update changelog and version for v1.14.2a5
+
+  ## Contributors
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="Apr 15, 2026">
+  ## v1.14.2a5
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a5)
+
+  ## What's Changed
+
+  ### Documentation
+  - Update changelog and version for v1.14.2a4
+
+  ## Contributors
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="Apr 15, 2026">
+  ## v1.14.2a4
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a4)
+
+  ## What's Changed
+
+  ### Features
+  - Add resume hints to devtools release on failure
+
+  ### Bug Fixes
+  - Fix strict mode forwarding to Bedrock Converse API
+  - Fix pytest version to 9.0.3 for security vulnerability GHSA-6w46-j5rx-g56g
+  - Bump OpenAI lower bound to >=2.0.0
+
+  ### Documentation
+  - Update changelog and version for v1.14.2a3
+
+  ## Contributors
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="Apr 13, 2026">
+  ## v1.14.2a3
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a3)
+
+  ## What's Changed
+
+  ### Features
+  - Add deploy validation CLI
+  - Improve LLM initialization ergonomics
+
+  ### Bug Fixes
+  - Override pypdf and uv to patched versions for CVE-2026-40260 and GHSA-pjjw-68hj-v9mw
+  - Upgrade requests to >=2.33.0 for CVE temp file vulnerability
+  - Preserve Bedrock tool call arguments by removing truthy default
+  - Sanitize tool schemas for strict mode
+  - Deflake MemoryRecord embedding serialization test
+
+  ### Documentation
+  - Clean up enterprise A2A language
+  - Add enterprise A2A feature documentation
+  - Update OSS A2A documentation
+  - Update changelog and version for v1.14.2a2
+
+  ## Contributors
+
+  @Yanhu007, @greysonlalonde
+
+</Update>
+
+<Update label="Apr 10, 2026">
+  ## v1.14.2a2
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a2)
+
+  ## What's Changed
+
+  ### Features
+  - Add checkpoint TUI with tree view, fork support, and editable inputs/outputs
+  - Enrich LLM token tracking with reasoning tokens and cache creation tokens
+  - Add `from_checkpoint` parameter to kickoff methods
+  - Embed `crewai_version` in checkpoints with migration framework
+  - Add checkpoint forking with lineage tracking
+
+  ### Bug Fixes
+  - Fix strict mode forwarding to Anthropic and Bedrock providers
+  - Harden NL2SQLTool with read-only default, query validation, and parameterized queries
+
+  ### Documentation
+  - Update changelog and version for v1.14.2a1
+
+  ## Contributors
+
+  @alex-clawd, @github-actions[bot], @greysonlalonde, @lucasgomide
+
+</Update>
+
+<Update label="Apr 09, 2026">
+  ## v1.14.2a1
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a1)
+
+  ## What's Changed
+
+  ### Bug Fixes
+  - Fix emission of flow_finished event after HITL resume
+  - Fix cryptography version to 46.0.7 to address CVE-2026-39892
+
+  ### Refactoring
+  - Refactor to use shared I18N_DEFAULT singleton
+
+  ### Documentation
+  - Update changelog and version for v1.14.1
+
+  ## Contributors
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="Apr 09, 2026">
+  ## v1.14.1
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.1)
+
+  ## What's Changed
+
+  ### Features
+  - Add async checkpoint TUI browser
+  - Add aclose()/close() and async context manager to streaming outputs
+
+  ### Bug Fixes
+  - Fix regex for template pyproject.toml version bumps
+  - Sanitize tool names in hook decorator filters
+  - Fix checkpoint handlers registration when CheckpointConfig is created
+  - Bump transformers to 5.5.0 to resolve CVE-2026-1839
+  - Remove FilteredStream stdout/stderr wrapper
+
+  ### Documentation
+  - Update changelog and version for v1.14.1rc1
+
+  ### Refactoring
+  - Replace hardcoded denylist with dynamic BaseTool field exclusion in spec gen
+  - Replace regex with tomlkit in devtools CLI
+  - Use shared PRINTER singleton
+  - Make BaseProvider a BaseModel with provider_type discriminator
+
+  ## Contributors
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay
+
+</Update>
+
+<Update label="Apr 09, 2026">
+  ## v1.14.1rc1
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.1rc1)
+
+  ## What's Changed
+
+  ### Features
+  - Add async checkpoint TUI browser
+  - Add aclose()/close() and async context manager to streaming outputs
+
+  ### Bug Fixes
+  - Fix template pyproject.toml version bumps using regex
+  - Sanitize tool names in hook decorator filters
+  - Bump transformers to 5.5.0 to resolve CVE-2026-1839
+  - Register checkpoint handlers when CheckpointConfig is created
+
+  ### Refactoring
+  - Replace hardcoded denylist with dynamic BaseTool field exclusion in spec gen
+  - Replace regex with tomlkit in devtools CLI
+  - Use shared PRINTER singleton
+  - Make BaseProvider a BaseModel with provider_type discriminator
+  - Remove FilteredStream stdout/stderr wrapper
+  - Remove unused flow/config.py
+
+  ### Documentation
+  - Update changelog and version for v1.14.0
+
+  ## Contributors
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura
+
+</Update>
+
+<Update label="Apr 07, 2026">
+  ## v1.14.0
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.0)
+
+  ## What's Changed
+
+  ### Features
+  - Add checkpoint list/info CLI commands
+  - Add guardrail_type and name to distinguish traces
+  - Add SqliteProvider for checkpoint storage
+  - Add CheckpointConfig for automatic checkpointing
+  - Implement runtime state checkpointing, event system, and executor refactor
+
+  ### Bug Fixes
+  - Add SSRF and path traversal protections
+  - Add path and URL validation to RAG tools
+  - Exclude embedding vectors from memory serialization to save tokens
+  - Ensure output directory exists before writing in flow template
+  - Bump litellm to >=1.83.0 to address CVE-2026-35030
+  - Remove SEO indexing field causing Arabic page rendering
+
+  ### Documentation
+  - Update changelog and version for v1.14.0
+  - Update quickstart and installation guides for improved clarity
+  - Add storage providers section, export JsonProvider
+  - Add AMP Training Tab guide
+
+  ### Refactoring
+  - Clean up checkpoint API
+  - Remove CodeInterpreterTool and deprecate code execution parameters
+
+  ## Contributors
+
+  @alex-clawd, @github-actions[bot], @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay, @lucasgomide
+
+</Update>
+
 <Update label="Apr 07, 2026">
   ## v1.14.0a4
 

docs/en/concepts/agents.mdx

@@ -308,16 +308,12 @@ multimodal_agent = Agent(
 
 #### Code Execution
 
-- `allow_code_execution`: Must be True to run code
-- `code_execution_mode`:
-  - `"safe"`: Uses Docker (recommended for production)
-  - `"unsafe"`: Direct execution (use only in trusted environments)
+<Warning>
+  `allow_code_execution` and `code_execution_mode` are deprecated. `CodeInterpreterTool` has been removed from `crewai-tools`. Use a dedicated sandbox service such as [E2B](https://e2b.dev) or [Modal](https://modal.com) for secure code execution.
+</Warning>
 
-<Note>
-  This runs a default Docker image. If you want to configure the docker image,
-  the checkout the Code Interpreter Tool in the tools section. Add the code
-  interpreter tool as a tool in the agent as a tool parameter.
-</Note>
+- `allow_code_execution` _(deprecated)_: Previously enabled built-in code execution via `CodeInterpreterTool`.
+- `code_execution_mode` _(deprecated)_: Previously controlled execution mode (`"safe"` for Docker, `"unsafe"` for direct execution).
 
 #### Advanced Features
 
@@ -667,9 +663,9 @@ asyncio.run(main())
 
 ### Security and Code Execution
 
-- When using `allow_code_execution`, be cautious with user input and always validate it
-- Use `code_execution_mode: "safe"` (Docker) in production environments
-- Consider setting appropriate `max_execution_time` limits to prevent infinite loops
+<Warning>
+  `allow_code_execution` and `code_execution_mode` are deprecated and `CodeInterpreterTool` has been removed. Use a dedicated sandbox service such as [E2B](https://e2b.dev) or [Modal](https://modal.com) for secure code execution.
+</Warning>
 
 ### Performance Optimization
 

docs/en/concepts/checkpointing.mdx

@@ -39,7 +39,7 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./my_checkpoints",
+        location="./my_checkpoints",
         on_events=["task_completed", "crew_kickoff_completed"],
         max_checkpoints=5,
     ),
@@ -50,10 +50,11 @@ crew = Crew(
 
 | Field | Type | Default | Description |
 |:------|:-----|:--------|:------------|
-| `directory` | `str` | `"./.checkpoints"` | Filesystem path for checkpoint files |
+| `location` | `str` | `"./.checkpoints"` | Storage destination — a directory for `JsonProvider`, a database file path for `SqliteProvider` |
 | `on_events` | `list[str]` | `["task_completed"]` | Event types that trigger a checkpoint |
 | `provider` | `BaseProvider` | `JsonProvider()` | Storage backend |
-| `max_checkpoints` | `int \| None` | `None` | Max files to keep; oldest pruned first |
+| `max_checkpoints` | `int \| None` | `None` | Max checkpoints to keep. Oldest are pruned after each write. Pruning is handled by the provider. |
+| `restore_from` | `Path \| str \| None` | `None` | Path to a checkpoint to restore from. Used when passing config via a kickoff method's `from_checkpoint` parameter. |
 
 ### Inheritance and Opt-Out
 
@@ -79,13 +80,42 @@ crew = Crew(
 
 ## Resuming from a Checkpoint
 
+Pass a `CheckpointConfig` with `restore_from` to any kickoff method. The crew restores from that checkpoint, skips completed tasks, and resumes.
+
 ```python
-# Restore and resume
-crew = Crew.from_checkpoint("./my_checkpoints/20260407T120000_abc123.json")
-result = crew.kickoff()  # picks up from last completed task
+from crewai import Crew, CheckpointConfig
+
+crew = Crew(agents=[...], tasks=[...])
+result = crew.kickoff(
+    from_checkpoint=CheckpointConfig(
+        restore_from="./my_checkpoints/20260407T120000_abc123.json",
+    ),
+)
 ```
 
-The restored crew skips already-completed tasks and resumes from the first incomplete one.
+Remaining `CheckpointConfig` fields apply to the new run, so checkpointing continues after the restore.
+
+You can also use the classmethod directly:
+
+```python
+config = CheckpointConfig(restore_from="./my_checkpoints/20260407T120000_abc123.json")
+crew = Crew.from_checkpoint(config)
+result = crew.kickoff()
+```
+
+## Forking from a Checkpoint
+
+`fork()` restores a checkpoint and starts a new execution branch. Useful for exploring alternative paths from the same point.
+
+```python
+from crewai import Crew, CheckpointConfig
+
+config = CheckpointConfig(restore_from="./my_checkpoints/20260407T120000_abc123.json")
+crew = Crew.fork(config, branch="experiment-a")
+result = crew.kickoff(inputs={"strategy": "aggressive"})
+```
+
+Each fork gets a unique lineage ID so checkpoints from different branches don't collide. The `branch` label is optional and auto-generated if omitted.
 
 ## Works on Crew, Flow, and Agent
 
@@ -95,7 +125,7 @@ The restored crew skips already-completed tasks and resumes from the first incom
 crew = Crew(
     agents=[researcher, writer],
     tasks=[research_task, write_task, review_task],
-    checkpoint=CheckpointConfig(directory="./crew_cp"),
+    checkpoint=CheckpointConfig(location="./crew_cp"),
 )
 ```
 
@@ -118,14 +148,15 @@ class MyFlow(Flow):
 
 flow = MyFlow(
     checkpoint=CheckpointConfig(
-        directory="./flow_cp",
+        location="./flow_cp",
         on_events=["method_execution_finished"],
     ),
 )
 result = flow.kickoff()
 
 # Resume
-flow = MyFlow.from_checkpoint("./flow_cp/20260407T120000_abc123.json")
+config = CheckpointConfig(restore_from="./flow_cp/20260407T120000_abc123.json")
+flow = MyFlow.from_checkpoint(config)
 result = flow.kickoff()
 ```
 
@@ -137,7 +168,7 @@ agent = Agent(
     goal="Research topics",
     backstory="Expert researcher",
     checkpoint=CheckpointConfig(
-        directory="./agent_cp",
+        location="./agent_cp",
         on_events=["lite_agent_execution_completed"],
     ),
 )
@@ -160,14 +191,14 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./my_checkpoints",
+        location="./my_checkpoints",
         provider=JsonProvider(),       # this is the default
         max_checkpoints=5,             # prunes oldest files
     ),
 )
 ```
 
-Files are named `<timestamp>_<uuid>.json` inside the directory.
+Files are named `<timestamp>_<uuid>.json` inside the location directory.
 
 ### SqliteProvider
 
@@ -181,17 +212,14 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./.checkpoints.db",
-        provider=SqliteProvider(max_checkpoints=50),
+        location="./.checkpoints.db",
+        provider=SqliteProvider(),
+        max_checkpoints=50,
     ),
 )
 ```
 
-`SqliteProvider` accepts its own `max_checkpoints` parameter that prunes old rows via SQL. WAL journal mode is enabled for concurrent read access.
-
-<Note>
-When using `SqliteProvider`, the `directory` field is the database file path, not a directory. The `max_checkpoints` on `CheckpointConfig` controls filesystem pruning (for `JsonProvider`), while `SqliteProvider.max_checkpoints` controls row pruning in the database.
-</Note>
+WAL journal mode is enabled for concurrent read access.
 
 ## Event Types
 
@@ -234,3 +262,44 @@ async def on_llm_done_async(source, event, state):
 The `state` argument is the `RuntimeState` passed automatically by the event bus when your handler accepts 3 parameters. You can register handlers on any event type listed in the [Event Listeners](/en/concepts/event-listener) documentation.
 
 Checkpointing is best-effort: if a checkpoint write fails, the error is logged but execution continues uninterrupted.
+
+## CLI
+
+The `crewai checkpoint` command gives you a TUI for browsing, inspecting, resuming, and forking checkpoints. It auto-detects whether your checkpoints are JSON files or a SQLite database.
+
+```bash
+# Launch the TUI — auto-detects .checkpoints/ or .checkpoints.db
+crewai checkpoint
+
+# Point at a specific location
+crewai checkpoint --location ./my_checkpoints
+crewai checkpoint --location ./.checkpoints.db
+```
+
+<Frame>
+  <img src="/images/checkpointing.png" alt="Checkpoint TUI" />
+</Frame>
+
+The left panel is a tree view. Checkpoints are grouped by branch, and forks nest under the checkpoint they diverged from. Select a checkpoint to see its metadata, entity state, and task progress in the detail panel. Hit **Resume** to pick up where it left off, or **Fork** to start a new branch from that point.
+
+### Editing inputs and task outputs
+
+When a checkpoint is selected, the detail panel shows:
+
+- **Inputs** — if the original kickoff had inputs (e.g. `{topic}`), they appear as editable fields pre-filled with the original values. Change them before resuming or forking.
+- **Task outputs** — completed tasks show their output in editable text areas. Edit a task's output to change the context that downstream tasks receive. When you modify a task output and hit Fork, all subsequent tasks are invalidated and re-run with the new context.
+
+This is useful for "what if" exploration — fork from a checkpoint, tweak a task's result, and see how it changes downstream behavior.
+
+### Subcommands
+
+```bash
+# List all checkpoints
+crewai checkpoint list ./my_checkpoints
+
+# Inspect a specific checkpoint
+crewai checkpoint info ./my_checkpoints/20260407T120000_abc123.json
+
+# Inspect latest in a SQLite database
+crewai checkpoint info ./.checkpoints.db
+```

docs/en/concepts/crews.mdx

@@ -33,7 +33,14 @@ A crew in crewAI represents a collaborative group of agents working together to
 | **Planning** *(optional)*             | `planning`             | Adds planning ability to the Crew. When activated before each Crew iteration, all Crew data is sent to an AgentPlanner that will plan the tasks and this plan will be added to each task description.                                                     |
 | **Planning LLM** *(optional)*         | `planning_llm`         | The language model used by the AgentPlanner in a planning process.                                                                                                                                                                                        |
 | **Knowledge Sources** _(optional)_    | `knowledge_sources`    | Knowledge sources available at the crew level, accessible to all the agents.                                                                                                                                                                                    |
-| **Stream** _(optional)_               | `stream`               | Enable streaming output to receive real-time updates during crew execution. Returns a `CrewStreamingOutput` object that can be iterated for chunks. Defaults to `False`.                                                                                    |
+| **Stream** _(optional)_                        | `stream`                      | Enable streaming output to receive real-time updates during crew execution. Returns a `CrewStreamingOutput` object that can be iterated for chunks. Defaults to `False`.                                                                                    |
+| **Chat LLM** _(optional)_                      | `chat_llm`                    | The language model used to orchestrate `crewai chat` CLI interactions with the crew. Accepts a model name string or `LLM` instance. Defaults to `None`.                                                                                                    |
+| **Before Kickoff Callbacks** _(optional)_      | `before_kickoff_callbacks`    | A list of callable functions executed **before** the crew starts. Each callback receives and can modify the inputs dict. Distinct from the `@before_kickoff` decorator. Defaults to `[]`.                                                                   |
+| **After Kickoff Callbacks** _(optional)_       | `after_kickoff_callbacks`     | A list of callable functions executed **after** the crew finishes. Each callback receives and can modify the `CrewOutput`. Distinct from the `@after_kickoff` decorator. Defaults to `[]`.                                                                  |
+| **Tracing** _(optional)_                       | `tracing`                     | Controls OpenTelemetry tracing for the crew. `True` = always enable, `False` = always disable, `None` = inherit from environment / user settings. Defaults to `None`.                                                                                      |
+| **Skills** _(optional)_                        | `skills`                      | A list of `Path` objects (skill search directories) or pre-loaded `Skill` objects applied to all agents in the crew. Defaults to `None`.                                                                                                                    |
+| **Security Config** _(optional)_               | `security_config`              | A `SecurityConfig` instance managing crew fingerprinting and identity. Defaults to `SecurityConfig()`.                                                                                                                                                      |
+| **Checkpoint** _(optional)_                    | `checkpoint`                  | Enables automatic checkpointing. Pass `True` for sensible defaults, a `CheckpointConfig` for full control, `False` to opt out, or `None` to inherit. See the [Checkpointing](#checkpointing) section below. Defaults to `None`.                             |
 
 <Tip>
 **Crew Max RPM**: The `max_rpm` attribute sets the maximum number of requests per minute the crew can perform to avoid rate limits and will override individual agents' `max_rpm` settings if you set it.
@@ -271,6 +278,72 @@ crew = Crew(output_log_file = file_name.json)  # Logs will be saved as file_name
 
 
 
+## Checkpointing
+
+Checkpointing lets a crew automatically save its state after key events (e.g. task completion) so that long-running or interrupted runs can be resumed exactly where they left off without re-executing completed tasks.
+
+### Quick Start
+
+Pass `checkpoint=True` to enable checkpointing with sensible defaults (saves to `.checkpoints/` after every task):
+
+```python Code
+from crewai import Crew, Process
+
+crew = Crew(
+    agents=[researcher, writer],
+    tasks=[research_task, write_task],
+    process=Process.sequential,
+    checkpoint=True,  # saves to .checkpoints/ after every task
+)
+
+crew.kickoff(inputs={"topic": "AI trends"})
+```
+
+### Full Control with `CheckpointConfig`
+
+Use `CheckpointConfig` for fine-grained control over location, trigger events, storage backend, and retention:
+
+```python Code
+from crewai import Crew, Process
+from crewai.state.checkpoint_config import CheckpointConfig
+
+crew = Crew(
+    agents=[researcher, writer],
+    tasks=[research_task, write_task],
+    process=Process.sequential,
+    checkpoint=CheckpointConfig(
+        location="./.checkpoints",       # directory for JSON files (default)
+        on_events=["task_completed"],    # trigger after each task (default)
+        max_checkpoints=5,               # keep only the 5 most recent checkpoints
+    ),
+)
+
+crew.kickoff(inputs={"topic": "AI trends"})
+```
+
+### Resuming from a Checkpoint
+
+Use `Crew.from_checkpoint()` to restore a crew from a saved checkpoint file, then call `kickoff()` to resume:
+
+```python Code
+# Resume from the most recent checkpoint
+crew = Crew.from_checkpoint(".checkpoints/latest.json")
+crew.kickoff()
+```
+
+<Note>
+When restoring from a checkpoint, `checkpoint_inputs`, `checkpoint_train`, and `checkpoint_kickoff_event_id` are automatically reconstructed — you do not need to set these manually.
+</Note>
+
+### `CheckpointConfig` Attributes
+
+| Attribute          | Type                                   | Default              | Description                                                                                   |
+| :----------------- | :------------------------------------- | :------------------- | :-------------------------------------------------------------------------------------------- |
+| `location`         | `str`                                  | `"./.checkpoints"`   | Storage destination. For `JsonProvider` this is a directory path; for `SqliteProvider` a database file path. |
+| `on_events`        | `list[str]`                            | `["task_completed"]` | Event types that trigger a checkpoint write. Use `["*"]` to checkpoint on every event.        |
+| `provider`         | `JsonProvider \| SqliteProvider`       | `JsonProvider()`     | Storage backend. Defaults to `JsonProvider` (plain JSON files).                               |
+| `max_checkpoints`  | `int \| None`                          | `None`               | Maximum checkpoints to keep. Oldest are pruned after each write. `None` keeps all.            |
+
 ## Memory Utilization
 
 Crews can utilize memory (short-term, long-term, and entity memory) to enhance their execution and learning over time. This feature allows crews to store and recall execution memories, aiding in decision-making and task execution strategies.

docs/en/enterprise/features/a2a.mdx

@@ -0,0 +1,227 @@
+---
+title: A2A on AMP
+description: Production-grade Agent-to-Agent communication with distributed state and multi-scheme authentication
+icon: "network-wired"
+mode: "wide"
+---
+
+<Warning>
+A2A server agents on AMP are in early release. APIs may change in future versions.
+</Warning>
+
+## Overview
+
+CrewAI AMP extends the open-source [A2A protocol implementation](/en/learn/a2a-agent-delegation) with production infrastructure for deploying distributed agents at scale. AMP supports A2A protocol versions 0.2 and 0.3. When you deploy a crew or agent with A2A server configuration to AMP, the platform automatically provisions distributed state management, authentication, multi-transport endpoints, and lifecycle management.
+
+<Note>
+  For A2A protocol fundamentals, client/server configuration, and authentication schemes, see the [A2A Agent Delegation](/en/learn/a2a-agent-delegation) documentation. This page covers what AMP adds on top of the open-source implementation.
+</Note>
+
+### Usage
+
+Add `A2AServerConfig` to any agent in your crew and deploy to AMP. The platform detects agents with server configuration and automatically registers A2A endpoints, generates agent cards, and provisions the infrastructure described below.
+
+```python
+from crewai import Agent, Crew, Task
+from crewai.a2a import A2AServerConfig
+from crewai.a2a.auth import EnterpriseTokenAuth
+
+agent = Agent(
+    role="Data Analyst",
+    goal="Analyze datasets and provide insights",
+    backstory="Expert data scientist with statistical analysis skills",
+    llm="gpt-4o",
+    a2a=A2AServerConfig(
+        auth=EnterpriseTokenAuth()
+    )
+)
+
+task = Task(
+    description="Analyze the provided dataset",
+    expected_output="Statistical summary with key insights",
+    agent=agent
+)
+
+crew = Crew(agents=[agent], tasks=[task])
+```
+
+After [deploying to AMP](/en/enterprise/guides/deploy-to-amp), the platform registers two levels of A2A endpoints:
+
+- **Crew-level**: an aggregate agent card at `/.well-known/agent-card.json` where each agent with `A2AServerConfig` is listed as a skill, with a JSON-RPC endpoint at `/a2a`
+- **Per-agent**: isolated agent cards and JSON-RPC endpoints mounted at `/a2a/agents/{role}/`, each with its own tenancy
+
+Clients can interact with the crew as a whole or target a specific agent directly. To route a request to a specific agent through the crew-level endpoint, include `"target_agent"` in the message metadata with the agent's slugified role name (e.g., `"data-analyst"` for an agent with role `"Data Analyst"`). If no `target_agent` is provided, the request is handled by the first agent in the crew.
+
+See [A2A Agent Delegation](/en/learn/a2a-agent-delegation#server-configuration-options) for the full list of `A2AServerConfig` options.
+
+<Warning>
+  Per the A2A protocol, agent cards are publicly accessible to enable discovery. This includes both the crew-level card at `/.well-known/agent-card.json` and per-agent cards at `/a2a/agents/{role}/.well-known/agent-card.json`. Do not include sensitive information in agent names, descriptions, or skill definitions.
+</Warning>
+
+### File Inputs and Structured Output
+
+A2A on AMP supports passing files and requesting structured output in both directions. Clients can send files as `FilePart`s and request structured responses by embedding a JSON schema in the message. Server agents receive files as `input_files` on the task, and return structured data as `DataPart`s when a schema is provided. See [File Inputs and Structured Output](/en/learn/a2a-agent-delegation#file-inputs-and-structured-output) for details.
+
+### What AMP Adds
+
+<CardGroup cols={2}>
+  <Card title="Distributed State" icon="database">
+    Persistent task, context, and result storage
+  </Card>
+  <Card title="Enterprise Authentication" icon="shield-halved">
+    OIDC, OAuth2, mTLS, and Enterprise token validation beyond simple bearer tokens
+  </Card>
+  <Card title="gRPC Transport" icon="bolt">
+    Full gRPC server with TLS and authentication
+  </Card>
+  <Card title="Context Lifecycle" icon="clock-rotate-left">
+    Automatic idle detection, expiration, and cleanup of long-running conversations
+  </Card>
+  <Card title="Signed Webhooks" icon="signature">
+    HMAC-SHA256 signed push notifications with replay protection
+  </Card>
+  <Card title="Multi-Transport" icon="arrows-split-up-and-left">
+    REST, JSON-RPC, and gRPC endpoints served simultaneously from a single deployment
+  </Card>
+</CardGroup>
+
+---
+
+## Distributed State Management
+
+In the open-source implementation, task and context state lives in memory on a single process. AMP replaces this with persistent, distributed stores.
+
+### Storage Layers
+
+| Store | Purpose |
+|---|---|
+| **Task Store** | Persists A2A task state and metadata |
+| **Context Store** | Tracks conversation context, creation time, last activity, and associated tasks |
+| **Result Store** | Caches task results for retrieval |
+| **Push Config Store** | Manages webhook subscriptions per task |
+
+Multiple A2A deployments are automatically isolated from each other, preventing data collisions when sharing infrastructure.
+
+---
+
+## Enterprise Authentication
+
+AMP supports six authentication schemes for incoming A2A requests, configurable per deployment. Authentication works across both HTTP and gRPC transports.
+
+| Scheme | Description | Use Case |
+|---|---|---|
+| **SimpleTokenAuth** | Static bearer token from `AUTH_TOKEN` env var | Development, simple deployments |
+| **EnterpriseTokenAuth** | Token verification via CrewAI PlusAPI with integration token claims | AMP-to-AMP agent communication |
+| **OIDCAuth** | OpenID Connect JWT validation with JWKS endpoint caching | Enterprise SSO integration |
+| **OAuth2ServerAuth** | OAuth2 with configurable scopes | Fine-grained access control |
+| **APIKeyServerAuth** | API key validation via header or query parameter | Third-party integrations |
+| **MTLSServerAuth** | Mutual TLS certificate-based authentication | Zero-trust environments |
+
+The configured auth scheme automatically populates the agent card's `securitySchemes` and `security` fields. Clients discover authentication requirements by fetching the agent card before making requests.
+
+---
+
+## Extended Agent Cards
+
+AMP supports role-based skill visibility through extended agent cards. Unauthenticated users see the standard agent card with public skills. Authenticated users receive an extended card with additional capabilities.
+
+This enables patterns like:
+- Public agents that expose basic skills to anyone, with advanced skills available to authenticated clients
+- Internal agents that advertise different capabilities based on the caller's identity
+
+---
+
+## gRPC Transport
+
+If enabled, AMP provides full gRPC support alongside the default JSON-RPC transport.
+
+- **TLS termination** with configurable certificate and key paths
+- **gRPC reflection** for debugging with tools like `grpcurl`
+- **Authentication** using the same schemes available for HTTP
+- **Extension validation** ensuring clients support required protocol extensions
+- **Version negotiation** across A2A protocol versions 0.2 and 0.3
+
+For deployments exposing multiple agents, AMP automatically allocates per-agent gRPC ports and coordinates TLS, startup, and shutdown across all servers.
+
+---
+
+## Context Lifecycle Management
+
+AMP tracks the lifecycle of A2A conversation contexts and automatically manages cleanup.
+
+### Lifecycle States
+
+| State | Condition | Action |
+|---|---|---|
+| **Active** | Context has recent activity | None |
+| **Idle** | No activity for a configured period | Marked idle, event emitted |
+| **Expired** | Context exceeds its maximum lifetime | Marked expired, associated tasks cleaned up, event emitted |
+
+A background cleanup task runs hourly to scan for idle and expired contexts. All state transitions emit CrewAI events that integrate with the platform's observability features.
+
+---
+
+## Signed Push Notifications
+
+When an A2A agent sends push notifications to a client webhook, AMP signs each request with HMAC-SHA256 to ensure integrity and prevent tampering.
+
+### Signature Headers
+
+| Header | Purpose |
+|---|---|
+| `X-A2A-Signature` | HMAC-SHA256 signature in `sha256={hex_digest}` format |
+| `X-A2A-Signature-Timestamp` | Unix timestamp bound to the signature |
+| `X-A2A-Notification-Token` | Optional notification auth token |
+
+### Security Properties
+
+- **Integrity**: payload cannot be modified without invalidating the signature
+- **Replay protection**: signatures are timestamp-bound with a configurable tolerance window
+- **Retry with backoff**: failed deliveries retry with exponential backoff
+
+---
+
+## Distributed Event Streaming
+
+In the open-source implementation, SSE streaming works within a single process. AMP propagates SSE events across instances so that clients receive updates even when the instance holding the streaming connection differs from the instance executing the task.
+
+---
+
+## Multi-Transport Endpoints
+
+AMP serves REST and JSON-RPC by default. gRPC is available as an additional transport if enabled.
+
+| Transport | Path Convention | Description |
+|---|---|---|
+| **REST** | `/v1/message:send`, `/v1/message:stream`, `/v1/tasks` | Google API conventions |
+| **JSON-RPC** | Standard A2A JSON-RPC endpoint | Default A2A protocol transport |
+| **gRPC** | Per-agent port allocation | Optional, high-performance binary protocol |
+
+All active transports share the same authentication, version negotiation, and extension validation. Agent cards are generated from agent and crew metadata — roles, goals, and tools become skills and descriptions — and automatically include interfaces for each active transport. They can also be manually configured via `A2AServerConfig`.
+
+---
+
+## Version and Extension Negotiation
+
+AMP validates A2A protocol versions and extensions at the transport layer.
+
+### Version Negotiation
+
+- Clients send the `A2A-Version` header with their preferred version
+- AMP validates against supported versions (0.2, 0.3) and falls back to 0.3 if unspecified
+- The negotiated version is returned in the response headers
+
+### Extension Validation
+
+- Clients declare supported extensions via the `X-A2A-Extensions` header
+- AMP validates that clients support all extensions the agent requires
+- Requests from clients missing required extensions receive an `UnsupportedExtensionError`
+
+---
+
+## Next Steps
+
+- [A2A Agent Delegation](/en/learn/a2a-agent-delegation) — A2A protocol fundamentals and configuration
+- [A2UI](/en/learn/a2ui) — Interactive UI rendering over A2A
+- [Deploy to AMP](/en/enterprise/guides/deploy-to-amp) — General deployment guide
+- [Webhook Streaming](/en/enterprise/features/webhook-streaming) — Event streaming for deployed automations

docs/en/installation.mdx

@@ -199,7 +199,7 @@ For teams and organizations, CrewAI offers enterprise deployment options that el
 - Supports any hyperscaler including on prem deployments
 - Integration with your existing security systems
 
-<Card title="Explore Enterprise Options" icon="building" href="https://crewai.com/enterprise">
+<Card title="Explore Enterprise Options" icon="building" href="https://share.hsforms.com/1Ooo2UViKQ22UOzdr7i77iwr87kg">
   Learn about CrewAI's enterprise offerings and schedule a demo
 </Card>
 </Note>

docs/en/learn/a2a-agent-delegation.mdx

@@ -7,6 +7,10 @@ mode: "wide"
 
 ## A2A Agent Delegation
 
+<Info>
+  Deploying A2A agents to production? See [A2A on AMP](/en/enterprise/features/a2a) for distributed state, enterprise authentication, gRPC transport, and horizontal scaling.
+</Info>
+
 CrewAI treats [A2A protocol](https://a2a-protocol.org/latest/) as a first-class delegation primitive, enabling agents to delegate tasks, request information, and collaborate with remote agents, as well as act as A2A-compliant server agents.
 In client mode, agents autonomously choose between local execution and remote delegation based on task requirements.
 
@@ -96,24 +100,28 @@ The `A2AClientConfig` class accepts the following parameters:
   Update mechanism for receiving task status. Options: `StreamingConfig`, `PollingConfig`, or `PushNotificationConfig`.
 </ParamField>
 
-<ParamField path="transport_protocol" type="Literal['JSONRPC', 'GRPC', 'HTTP+JSON']" default="JSONRPC">
-  Transport protocol for A2A communication. Options: `JSONRPC` (default), `GRPC`, or `HTTP+JSON`.
-</ParamField>
-
 <ParamField path="accepted_output_modes" type="list[str]" default='["application/json"]'>
   Media types the client can accept in responses.
 </ParamField>
 
-<ParamField path="supported_transports" type="list[str]" default='["JSONRPC"]'>
-  Ordered list of transport protocols the client supports.
-</ParamField>
-
-<ParamField path="use_client_preference" type="bool" default="False">
-  Whether to prioritize client transport preferences over server.
-</ParamField>
-
 <ParamField path="extensions" type="list[str]" default="[]">
-  Extension URIs the client supports.
+  A2A protocol extension URIs the client supports.
+</ParamField>
+
+<ParamField path="client_extensions" type="list[A2AExtension]" default="[]">
+  Client-side processing hooks for tool injection, prompt augmentation, and response modification.
+</ParamField>
+
+<ParamField path="transport" type="ClientTransportConfig" default="ClientTransportConfig()">
+  Transport configuration including preferred transport, supported transports for negotiation, and protocol-specific settings (gRPC message sizes, keepalive, etc.).
+</ParamField>
+
+<ParamField path="transport_protocol" type="Literal['JSONRPC', 'GRPC', 'HTTP+JSON']" default="None">
+  **Deprecated**: Use `transport=ClientTransportConfig(preferred=...)` instead.
+</ParamField>
+
+<ParamField path="supported_transports" type="list[str]" default="None">
+  **Deprecated**: Use `transport=ClientTransportConfig(supported=...)` instead.
 </ParamField>
 
 ## Authentication
@@ -405,11 +413,7 @@ agent = Agent(
   Preferred endpoint URL. If set, overrides the URL passed to `to_agent_card()`.
 </ParamField>
 
-<ParamField path="preferred_transport" type="Literal['JSONRPC', 'GRPC', 'HTTP+JSON']" default="JSONRPC">
-  Transport protocol for the preferred endpoint.
-</ParamField>
-
-<ParamField path="protocol_version" type="str" default="0.3">
+<ParamField path="protocol_version" type="str" default="0.3.0">
   A2A protocol version this agent supports.
 </ParamField>
 
@@ -441,8 +445,36 @@ agent = Agent(
   Whether agent provides extended card to authenticated users.
 </ParamField>
 
-<ParamField path="signatures" type="list[AgentCardSignature]" default="[]">
-  JSON Web Signatures for the AgentCard.
+<ParamField path="extended_skills" type="list[AgentSkill]" default="[]">
+  Additional skills visible only to authenticated users in the extended agent card.
+</ParamField>
+
+<ParamField path="signing_config" type="AgentCardSigningConfig" default="None">
+  Configuration for signing the AgentCard with JWS. Supports RS256, ES256, PS256, and related algorithms.
+</ParamField>
+
+<ParamField path="server_extensions" type="list[ServerExtension]" default="[]">
+  Server-side A2A protocol extensions with `on_request`/`on_response` hooks that modify agent behavior.
+</ParamField>
+
+<ParamField path="push_notifications" type="ServerPushNotificationConfig" default="None">
+  Configuration for outgoing push notifications, including HMAC-SHA256 signing secret.
+</ParamField>
+
+<ParamField path="transport" type="ServerTransportConfig" default="ServerTransportConfig()">
+  Transport configuration including preferred transport, gRPC server settings, JSON-RPC paths, and HTTP+JSON settings.
+</ParamField>
+
+<ParamField path="auth" type="ServerAuthScheme" default="None">
+  Authentication scheme for incoming A2A requests. Defaults to `SimpleTokenAuth` using the `AUTH_TOKEN` environment variable.
+</ParamField>
+
+<ParamField path="preferred_transport" type="Literal['JSONRPC', 'GRPC', 'HTTP+JSON']" default="None">
+  **Deprecated**: Use `transport=ServerTransportConfig(preferred=...)` instead.
+</ParamField>
+
+<ParamField path="signatures" type="list[AgentCardSignature]" default="None">
+  **Deprecated**: Use `signing_config=AgentCardSigningConfig(...)` instead.
 </ParamField>
 
 ### Combined Client and Server
@@ -468,6 +500,14 @@ agent = Agent(
 )
 ```
 
+### File Inputs and Structured Output
+
+A2A supports passing files and requesting structured output in both directions.
+
+**Client side**: When delegating to a remote A2A agent, files from the task's `input_files` are sent as `FilePart`s in the outgoing message. If `response_model` is set on the `A2AClientConfig`, the Pydantic model's JSON schema is embedded in the message metadata, requesting structured output from the remote agent.
+
+**Server side**: Incoming `FilePart`s are extracted and passed to the agent's task as `input_files`. If the client included a JSON schema, the server creates a response model from it and applies it to the task. When the agent returns structured data, the response is sent back as a `DataPart` rather than plain text.
+
 ## Best Practices
 
 <CardGroup cols={2}>

docs/en/learn/streaming-crew-execution.mdx

@@ -325,6 +325,34 @@ Streaming is particularly valuable for:
 - **User Experience**: Reduce perceived latency by showing incremental results
 - **Live Dashboards**: Build monitoring interfaces that display crew execution status
 
+## Cancellation and Resource Cleanup
+
+`CrewStreamingOutput` supports graceful cancellation so that in-flight work stops promptly when the consumer disconnects.
+
+### Async Context Manager
+
+```python Code
+streaming = await crew.akickoff(inputs={"topic": "AI"})
+
+async with streaming:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+```
+
+### Explicit Cancellation
+
+```python Code
+streaming = await crew.akickoff(inputs={"topic": "AI"})
+try:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+finally:
+    await streaming.aclose()  # async
+    # streaming.close()       # sync equivalent
+```
+
+After cancellation, `streaming.is_cancelled` and `streaming.is_completed` are both `True`. Both `aclose()` and `close()` are idempotent.
+
 ## Important Notes
 
 - Streaming automatically enables LLM streaming for all agents in the crew

docs/en/learn/streaming-flow-execution.mdx

@@ -420,6 +420,34 @@ except Exception as e:
         print("Streaming completed but flow encountered an error")
 ```
 
+## Cancellation and Resource Cleanup
+
+`FlowStreamingOutput` supports graceful cancellation so that in-flight work stops promptly when the consumer disconnects.
+
+### Async Context Manager
+
+```python Code
+streaming = await flow.kickoff_async()
+
+async with streaming:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+```
+
+### Explicit Cancellation
+
+```python Code
+streaming = await flow.kickoff_async()
+try:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+finally:
+    await streaming.aclose()  # async
+    # streaming.close()       # sync equivalent
+```
+
+After cancellation, `streaming.is_cancelled` and `streaming.is_completed` are both `True`. Both `aclose()` and `close()` are idempotent.
+
 ## Important Notes
 
 - Streaming automatically enables LLM streaming for any crews used within the flow

docs/en/skills.mdx

@@ -0,0 +1,50 @@
+---
+title: Skills
+description: Install crewaiinc/skills from the official registry at skills.sh—Flows, Crews, and docs-aware agents for Claude Code, Cursor, Codex, and more.
+icon: wand-magic-sparkles
+mode: "wide"
+---
+
+# Skills
+
+**Give your AI coding agent CrewAI context in one command.**
+
+CrewAI **Skills** are published on **[skills.sh/crewaiinc/skills](https://skills.sh/crewaiinc/skills)**—the official registry for `crewaiinc/skills`, including individual skills (for example **design-agent**, **getting-started**, **design-task**, and **ask-docs**), install stats, and audits. They teach coding agents—like Claude Code, Cursor, and Codex—how to scaffold Flows, configure Crews, use tools, and follow CrewAI patterns. Run the install below (or paste it into your agent).
+
+```shell Terminal
+npx skills add crewaiinc/skills
+```
+
+That pulls the official skill pack into your agent workflow so it can apply CrewAI conventions without you re-explaining the framework each session. Source code and issues live on [GitHub](https://github.com/crewAIInc/skills).
+
+## What your agent gets
+
+- **Flows** — structure stateful apps, steps, and crew kickoffs the CrewAI way
+- **Crews & agents** — YAML-first patterns, roles, tasks, and delegation
+- **Tools & integrations** — hook agents to search, APIs, and common CrewAI tools
+- **Project layout** — align with CLI scaffolds and repo conventions
+- **Up-to-date patterns** — skills track current CrewAI docs and recommended practices
+
+## Learn more on this site
+
+<CardGroup cols={2}>
+  <Card title="Coding tools & AGENTS.md" icon="terminal" href="/en/guides/coding-tools/agents-md">
+    How to use `AGENTS.md` and coding-agent workflows with CrewAI.
+  </Card>
+  <Card title="Quickstart" icon="rocket" href="/en/quickstart">
+    Build your first Flow and crew end-to-end.
+  </Card>
+  <Card title="Installation" icon="download" href="/en/installation">
+    Install the CrewAI CLI and Python package.
+  </Card>
+  <Card title="Skills registry (skills.sh)" icon="globe" href="https://skills.sh/crewaiinc/skills">
+    Official listing for `crewaiinc/skills`—skills, installs, and audits.
+  </Card>
+  <Card title="GitHub source" icon="code-branch" href="https://github.com/crewAIInc/skills">
+    Source, updates, and issues for the skill pack.
+  </Card>
+</CardGroup>
+
+### Video: CrewAI with coding agent skills
+
+<iframe src="https://www.loom.com/embed/befb9f68b81f42ad8112bfdd95a780af" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen style={{ width: "100%", height: "400px" }} />

docs/en/tools/ai-ml/codeinterpretertool.mdx

@@ -7,6 +7,10 @@ mode: "wide"
 
 # `CodeInterpreterTool`
 
+<Warning>
+  **Deprecated:** `CodeInterpreterTool` has been removed from `crewai-tools`. The `allow_code_execution` and `code_execution_mode` parameters on `Agent` are also deprecated. Use a dedicated sandbox service — [E2B](https://e2b.dev) or [Modal](https://modal.com) — for secure, isolated code execution.
+</Warning>
+
 ## Description
 
 The `CodeInterpreterTool` enables CrewAI agents to execute Python 3 code that they generate autonomously. This functionality is particularly valuable as it allows agents to create code, execute it, obtain the results, and utilize that information to inform subsequent decisions and actions.

docs/en/tools/database-data/nl2sqltool.mdx

@@ -13,7 +13,7 @@ This tool is used to convert natural language to SQL queries. When passed to the
 This enables multiple workflows like having an Agent to access the database fetch information based on the goal and then use the information to generate a response, report or any other output. 
 Along with that provides the ability for the Agent to update the database based on its goal.
 
-**Attention**: Make sure that the Agent has access to a Read-Replica or that is okay for the Agent to run insert/update queries on the database.
+**Attention**: By default the tool is read-only (SELECT/SHOW/DESCRIBE/EXPLAIN only). Write operations require `allow_dml=True` or the `CREWAI_NL2SQL_ALLOW_DML=true` environment variable. When write access is enabled, make sure the Agent uses a scoped database user or a read replica where possible.
 
 ## Security Model
 
@@ -38,6 +38,74 @@ Use all of the following in production:
 - Add `before_tool_call` hooks to enforce allowed query patterns
 - Enable query logging and alerting for destructive statements
 
+## Read-Only Mode & DML Configuration
+
+`NL2SQLTool` operates in **read-only mode by default**. Only the following statement types are permitted without additional configuration:
+
+- `SELECT`
+- `SHOW`
+- `DESCRIBE`
+- `EXPLAIN`
+
+Any attempt to execute a write operation (`INSERT`, `UPDATE`, `DELETE`, `DROP`, `CREATE`, `ALTER`, `TRUNCATE`, etc.) will raise an error unless DML is explicitly enabled.
+
+Multi-statement queries containing semicolons (e.g. `SELECT 1; DROP TABLE users`) are also blocked in read-only mode to prevent injection attacks.
+
+### Enabling Write Operations
+
+You can enable DML (Data Manipulation Language) in two ways:
+
+**Option 1 — constructor parameter:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+nl2sql = NL2SQLTool(
+    db_uri="postgresql://example@localhost:5432/test_db",
+    allow_dml=True,
+)
+```
+
+**Option 2 — environment variable:**
+
+```bash
+CREWAI_NL2SQL_ALLOW_DML=true
+```
+
+```python
+from crewai_tools import NL2SQLTool
+
+# DML enabled via environment variable
+nl2sql = NL2SQLTool(db_uri="postgresql://example@localhost:5432/test_db")
+```
+
+### Usage Examples
+
+**Read-only (default) — safe for analytics and reporting:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+# Only SELECT/SHOW/DESCRIBE/EXPLAIN are permitted
+nl2sql = NL2SQLTool(db_uri="postgresql://example@localhost:5432/test_db")
+```
+
+**DML enabled — required for write workloads:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+# INSERT, UPDATE, DELETE, DROP, etc. are permitted
+nl2sql = NL2SQLTool(
+    db_uri="postgresql://example@localhost:5432/test_db",
+    allow_dml=True,
+)
+```
+
+<Warning>
+Enabling DML gives the agent the ability to modify or destroy data. Only enable this when your use case explicitly requires write access, and ensure the database credentials are scoped to the minimum required privileges.
+</Warning>
+
 ## Requirements
 
 - SqlAlchemy

docs/en/tools/file-document/csvsearchtool.mdx

@@ -75,4 +75,20 @@ tool = CSVSearchTool(
         },
     }
 )
+
+## Security
+
+### Path Validation
+
+File paths provided to this tool are validated against the current working directory. Paths that resolve outside the working directory are rejected with a `ValueError`.
+
+To allow paths outside the working directory (for example, in tests or trusted pipelines), set the environment variable:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### URL Validation
+
+URL inputs are validated: `file://` URIs and requests targeting private or reserved IP ranges are blocked to prevent server-side request forgery (SSRF) attacks.
 ```

docs/en/tools/file-document/directorysearchtool.mdx

@@ -67,4 +67,16 @@ tool = DirectorySearchTool(
         },
     }
 )
+
+## Security
+
+### Path Validation
+
+Directory paths provided to this tool are validated against the current working directory. Paths that resolve outside the working directory are rejected with a `ValueError`.
+
+To allow paths outside the working directory (for example, in tests or trusted pipelines), set the environment variable:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
 ```

docs/en/tools/file-document/jsonsearchtool.mdx

@@ -74,3 +74,19 @@ tool = JSONSearchTool(
     }
 )
 ```
+
+## Security
+
+### Path Validation
+
+File paths provided to this tool are validated against the current working directory. Paths that resolve outside the working directory are rejected with a `ValueError`.
+
+To allow paths outside the working directory (for example, in tests or trusted pipelines), set the environment variable:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### URL Validation
+
+URL inputs are validated: `file://` URIs and requests targeting private or reserved IP ranges are blocked to prevent server-side request forgery (SSRF) attacks.

docs/en/tools/file-document/pdfsearchtool.mdx

@@ -105,4 +105,20 @@ tool = PDFSearchTool(
         },
     }
 )
+
+## Security
+
+### Path Validation
+
+File paths provided to this tool are validated against the current working directory. Paths that resolve outside the working directory are rejected with a `ValueError`.
+
+To allow paths outside the working directory (for example, in tests or trusted pipelines), set the environment variable:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### URL Validation
+
+URL inputs are validated: `file://` URIs and requests targeting private or reserved IP ranges are blocked to prevent server-side request forgery (SSRF) attacks.
 ```

docs/ko/changelog.mdx

@@ -4,6 +4,316 @@ description: "CrewAI의 제품 업데이트, 개선 사항 및 버그 수정"
 icon: "clock"
 mode: "wide"
 ---
+<Update label="2026년 4월 21일">
+  ## v1.14.3a1
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.3a1)
+
+  ## 변경 사항
+
+  ### 기능
+  - 독립형 에이전트에 체크포인트 및 포크 지원 추가
+
+  ### 버그 수정
+  - Gemini 스트리밍 도구 호출에서 thought_signature 보존
+  - 포크 재개 시 task_started 방출 및 체크포인트 TUI 재설계
+  - dry-run 순서 수정 및 devtools 릴리스에서 체크아웃된 오래된 브랜치 처리
+  - 체크포인트 가지치기 테스트에서 미래 날짜 사용하여 시간 의존성 실패 방지 (#5543)
+
+  ### 문서
+  - v1.14.2에 대한 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @alex-clawd, @greysonlalonde
+
+</Update>
+
+<Update label="2026년 4월 17일">
+  ## v1.14.2
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2)
+
+  ## 변경 사항
+
+  ### 기능
+  - 체크포인트 재개, 차이(diff), 및 가지치기(prune) 명령을 추가하여 가시성을 개선했습니다.
+  - `Agent.kickoff` 및 관련 메서드에 `from_checkpoint` 매개변수를 추가했습니다.
+  - 프로젝트 템플릿을 위한 템플릿 관리 명령을 추가했습니다.
+  - 실패 시 개발 도구 릴리스에 재개 힌트를 추가했습니다.
+  - 배포 검증 CLI를 추가하고 LLM 초기화의 사용 편의성을 향상시켰습니다.
+  - 계보 추적이 가능한 체크포인트 포킹을 추가했습니다.
+  - 추론 토큰 및 캐시 생성 토큰으로 LLM 토큰 추적을 풍부하게 했습니다.
+
+  ### 버그 수정
+  - 개발 도구 릴리스에서 오래된 브랜치 충돌에 대한 프롬프트를 수정했습니다.
+  - `authlib`, `langchain-text-splitters`, 및 `pypdf`의 취약점을 패치했습니다.
+  - 스트리밍 핸들러의 범위를 설정하여 교차 실행 청크 오염을 방지했습니다.
+  - TUI에서 Flow API를 통해 Flow 체크포인트를 전송했습니다.
+  - JSON 체크포인트 발견을 위해 재귀적 글로브를 사용했습니다.
+  - MCP 도구 해상도에서 순환 JSON 스키마를 처리했습니다.
+  - 진리값이 있는 기본값을 제거하여 Bedrock 도구 호출 인수를 보존했습니다.
+  - HITL 재개 후 flow_finished 이벤트를 발생시켰습니다.
+  - `requests`, `cryptography`, 및 `pytest`를 포함한 종속성을 업데이트하여 다양한 취약점을 수정했습니다.
+  - Bedrock Converse API에 엄격 모드를 전달하지 않도록 수정했습니다.
+
+  ### 문서
+  - 누락된 매개변수를 문서화하고 체크포인팅 섹션을 추가했습니다.
+  - v1.14.2 및 이전 릴리스 후보에 대한 변경 로그 및 버전을 업데이트했습니다.
+  - 기업 A2A 기능 문서를 추가하고 OSS A2A 문서를 업데이트했습니다.
+
+  ## 기여자
+
+  @Yanhu007, @alex-clawd, @github-actions[bot], @greysonlalonde, @iris-clawd, @lorenzejay, @lucasgomide
+
+</Update>
+
+<Update label="2026년 4월 16일">
+  ## v1.14.2rc1
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2rc1)
+
+  ## 변경 사항
+
+  ### 버그 수정
+  - MCP 도구 해상도에서 순환 JSON 스키마 처리 수정
+  - python-multipart를 0.0.26으로 업데이트하여 취약점 수정
+  - pypdf를 6.10.1로 업데이트하여 취약점 수정
+
+  ### 문서
+  - v1.14.2a5에 대한 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="2026년 4월 15일">
+  ## v1.14.2a5
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a5)
+
+  ## 변경 사항
+
+  ### 문서
+  - v1.14.2a4의 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="2026년 4월 15일">
+  ## v1.14.2a4
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a4)
+
+  ## 변경 사항
+
+  ### 기능
+  - 실패 시 devtools 릴리스에 이력서 힌트 추가
+
+  ### 버그 수정
+  - Bedrock Converse API로의 엄격 모드 포워딩 수정
+  - 보안 취약점 GHSA-6w46-j5rx-g56g에 대해 pytest 버전을 9.0.3으로 수정
+  - OpenAI 하한을 >=2.0.0으로 상향 조정
+
+  ### 문서
+  - v1.14.2a3에 대한 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="2026년 4월 13일">
+  ## v1.14.2a3
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a3)
+
+  ## 변경 사항
+
+  ### 기능
+  - 배포 검증 CLI 추가
+  - LLM 초기화 사용성 개선
+
+  ### 버그 수정
+  - CVE-2026-40260 및 GHSA-pjjw-68hj-v9mw에 대한 패치된 버전으로 pypdf 및 uv 재정의
+  - CVE 임시 파일 취약점에 대해 requests를 >=2.33.0으로 업그레이드
+  - 진리값 기본값을 제거하여 Bedrock 도구 호출 인수 보존
+  - 엄격 모드를 위한 도구 스키마 정리
+  - MemoryRecord 임베딩 직렬화 테스트의 불안정성 제거
+
+  ### 문서
+  - 기업 A2A 언어 정리
+  - 기업 A2A 기능 문서 추가
+  - OSS A2A 문서 업데이트
+  - v1.14.2a2에 대한 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @Yanhu007, @greysonlalonde
+
+</Update>
+
+<Update label="2026년 4월 10일">
+  ## v1.14.2a2
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a2)
+
+  ## 변경 사항
+
+  ### 기능
+  - 트리 뷰, 포크 지원 및 편집 가능한 입력/출력을 갖춘 체크포인트 TUI 추가
+  - 추론 토큰 및 캐시 생성 토큰으로 LLM 토큰 추적 강화
+  - 킥오프 메서드에 `from_checkpoint` 매개변수 추가
+  - 마이그레이션 프레임워크와 함께 체크포인트에 `crewai_version` 포함
+  - 계보 추적이 가능한 체크포인트 포킹 추가
+
+  ### 버그 수정
+  - Anthropic 및 Bedrock 공급자로의 엄격 모드 포워딩 수정
+  - 읽기 전용 기본값, 쿼리 검증 및 매개변수화된 쿼리로 NL2SQLTool 강화
+
+  ### 문서
+  - v1.14.2a1에 대한 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @alex-clawd, @github-actions[bot], @greysonlalonde, @lucasgomide
+
+</Update>
+
+<Update label="2026년 4월 9일">
+  ## v1.14.2a1
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a1)
+
+  ## 변경 사항
+
+  ### 버그 수정
+  - HITL 재개 후 flow_finished 이벤트 방출 수정
+  - CVE-2026-39892 문제를 해결하기 위해 암호화 버전을 46.0.7로 수정
+
+  ### 리팩토링
+  - 공유 I18N_DEFAULT 싱글톤을 사용하도록 리팩토링
+
+  ### 문서
+  - v1.14.1에 대한 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="2026년 4월 9일">
+  ## v1.14.1
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.1)
+
+  ## 변경 사항
+
+  ### 기능
+  - 비동기 체크포인트 TUI 브라우저 추가
+  - 스트리밍 출력에 aclose()/close() 및 비동기 컨텍스트 관리자 추가
+
+  ### 버그 수정
+  - 템플릿 pyproject.toml 버전 증가를 위한 정규 표현식 수정
+  - 훅 데코레이터 필터에서 도구 이름 정리
+  - CheckpointConfig 생성 시 체크포인트 핸들러 등록 수정
+  - CVE-2026-1839 해결을 위해 transformers를 5.5.0으로 업데이트
+  - FilteredStream stdout/stderr 래퍼 제거
+
+  ### 문서
+  - v1.14.1rc1에 대한 변경 로그 및 버전 업데이트
+
+  ### 리팩토링
+  - 하드코딩된 거부 목록을 동적 BaseTool 필드 제외로 교체
+  - devtools CLI에서 정규 표현식을 tomlkit으로 교체
+  - 공유 PRINTER 싱글톤 사용
+  - BaseProvider를 provider_type 식별자가 있는 BaseModel로 변경
+
+  ## 기여자
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay
+
+</Update>
+
+<Update label="2026년 4월 9일">
+  ## v1.14.1rc1
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.1rc1)
+
+  ## 변경 사항
+
+  ### 기능
+  - 비동기 체크포인트 TUI 브라우저 추가
+  - 스트리밍 출력에 aclose()/close() 및 비동기 컨텍스트 관리자 추가
+
+  ### 버그 수정
+  - 정규 표현식을 사용하여 템플릿 pyproject.toml 버전 증가 수정
+  - 후크 데코레이터 필터에서 도구 이름 정리
+  - CVE-2026-1839 해결을 위해 transformers를 5.5.0으로 업데이트
+  - CheckpointConfig가 생성될 때 체크포인트 핸들러 등록
+
+  ### 리팩토링
+  - 하드코딩된 거부 목록을 동적 BaseTool 필드 제외로 교체
+  - devtools CLI에서 정규 표현식을 tomlkit으로 교체
+  - 공유 PRINTER 싱글톤 사용
+  - BaseProvider를 provider_type 구분자가 있는 BaseModel로 변경
+  - FilteredStream stdout/stderr 래퍼 제거
+  - 사용되지 않는 flow/config.py 제거
+
+  ### 문서
+  - v1.14.0에 대한 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura
+
+</Update>
+
+<Update label="2026년 4월 7일">
+  ## v1.14.0
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.14.0)
+
+  ## 변경 사항
+
+  ### 기능
+  - 체크포인트 목록/정보 CLI 명령 추가
+  - 추적을 구분하기 위한 guardrail_type 및 이름 추가
+  - 체크포인트 저장을 위한 SqliteProvider 추가
+  - 자동 체크포인트 생성을 위한 CheckpointConfig 추가
+  - 런타임 상태 체크포인트, 이벤트 시스템 및 실행기 리팩토링 구현
+
+  ### 버그 수정
+  - SSRF 및 경로 탐색 보호 추가
+  - RAG 도구에 경로 및 URL 유효성 검사 추가
+  - 토큰 절약을 위해 메모리 직렬화에서 임베딩 벡터 제외
+  - 흐름 템플릿에 쓰기 전에 출력 디렉토리가 존재하는지 확인
+  - CVE-2026-35030 문제를 해결하기 위해 litellm을 >=1.83.0으로 업데이트
+  - 아랍어 페이지 렌더링을 유발하는 SEO 인덱싱 필드 제거
+
+  ### 문서
+  - v1.14.0에 대한 변경 로그 및 버전 업데이트
+  - 명확성을 개선하기 위해 빠른 시작 및 설치 가이드 업데이트
+  - 저장소 제공자 섹션 추가, JsonProvider 내보내기
+  - AMP 교육 탭 가이드 추가
+
+  ### 리팩토링
+  - 체크포인트 API 정리
+  - CodeInterpreterTool 제거 및 코드 실행 매개변수 사용 중단
+
+  ## 기여자
+
+  @alex-clawd, @github-actions[bot], @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay, @lucasgomide
+
+</Update>
+
 <Update label="2026년 4월 7일">
   ## v1.14.0a4
 

docs/ko/concepts/agents.mdx

@@ -291,15 +291,13 @@ multimodal_agent = Agent(
 - `max_retry_limit`: 오류 발생 시 재시도 횟수
 
 #### 코드 실행
-- `allow_code_execution`: 코드를 실행하려면 True여야 합니다
-- `code_execution_mode`:
-  - `"safe"`: Docker를 사용합니다 (프로덕션에 권장)
-  - `"unsafe"`: 직접 실행 (신뢰할 수 있는 환경에서만 사용)
 
-<Note>
-  이 옵션은 기본 Docker 이미지를 실행합니다. Docker 이미지를 구성하려면 도구 섹션에 있는 Code Interpreter Tool을 확인하십시오.
-  Code Interpreter Tool을 에이전트의 도구 파라미터로 추가하십시오.
-</Note>
+<Warning>
+  `allow_code_execution` 및 `code_execution_mode`는 더 이상 사용되지 않습니다. `CodeInterpreterTool`이 `crewai-tools`에서 제거되었습니다. 안전한 코드 실행을 위해 [E2B](https://e2b.dev) 또는 [Modal](https://modal.com)과 같은 전용 샌드박스 서비스를 사용하세요.
+</Warning>
+
+- `allow_code_execution` _(지원 중단)_: 이전에 `CodeInterpreterTool`을 통한 내장 코드 실행을 활성화했습니다.
+- `code_execution_mode` _(지원 중단)_: 이전에 실행 모드를 제어했습니다 (Docker의 경우 `"safe"`, 직접 실행의 경우 `"unsafe"`).
 
 #### 고급 기능
 - `multimodal`: 텍스트와 시각적 콘텐츠 처리를 위한 멀티모달 기능 활성화
@@ -627,9 +625,10 @@ asyncio.run(main())
 ## 중요한 고려사항 및 모범 사례
 
 ### 보안 및 코드 실행
-- `allow_code_execution`을 사용할 때는 사용자 입력에 주의하고 항상 입력 값을 검증하세요
-- 운영 환경에서는 `code_execution_mode: "safe"`(Docker)를 사용하세요
-- 무한 루프를 방지하기 위해 적절한 `max_execution_time` 제한을 설정하는 것을 고려하세요
+
+<Warning>
+  `allow_code_execution` 및 `code_execution_mode`는 더 이상 사용되지 않으며 `CodeInterpreterTool`이 제거되었습니다. 안전한 코드 실행을 위해 [E2B](https://e2b.dev) 또는 [Modal](https://modal.com)과 같은 전용 샌드박스 서비스를 사용하세요.
+</Warning>
 
 ### 성능 최적화
 - `respect_context_window: true`를 사용하여 토큰 제한 문제를 방지하세요.

docs/ko/concepts/checkpointing.mdx

@@ -39,7 +39,7 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./my_checkpoints",
+        location="./my_checkpoints",
         on_events=["task_completed", "crew_kickoff_completed"],
         max_checkpoints=5,
     ),
@@ -50,7 +50,7 @@ crew = Crew(
 
 | 필드 | 타입 | 기본값 | 설명 |
 |:-----|:-----|:-------|:-----|
-| `directory` | `str` | `"./.checkpoints"` | 체크포인트 파일 경로 |
+| `location` | `str` | `"./.checkpoints"` | 체크포인트 파일 경로 |
 | `on_events` | `list[str]` | `["task_completed"]` | 체크포인트를 트리거하는 이벤트 타입 |
 | `provider` | `BaseProvider` | `JsonProvider()` | 스토리지 백엔드 |
 | `max_checkpoints` | `int \| None` | `None` | 보관할 최대 파일 수; 오래된 것부터 삭제 |
@@ -95,7 +95,7 @@ result = crew.kickoff()  # 마지막으로 완료된 태스크부터 재개
 crew = Crew(
     agents=[researcher, writer],
     tasks=[research_task, write_task, review_task],
-    checkpoint=CheckpointConfig(directory="./crew_cp"),
+    checkpoint=CheckpointConfig(location="./crew_cp"),
 )
 ```
 
@@ -118,7 +118,7 @@ class MyFlow(Flow):
 
 flow = MyFlow(
     checkpoint=CheckpointConfig(
-        directory="./flow_cp",
+        location="./flow_cp",
         on_events=["method_execution_finished"],
     ),
 )
@@ -137,7 +137,7 @@ agent = Agent(
     goal="Research topics",
     backstory="Expert researcher",
     checkpoint=CheckpointConfig(
-        directory="./agent_cp",
+        location="./agent_cp",
         on_events=["lite_agent_execution_completed"],
     ),
 )
@@ -160,7 +160,7 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./my_checkpoints",
+        location="./my_checkpoints",
         provider=JsonProvider(),
         max_checkpoints=5,
     ),
@@ -179,15 +179,12 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./.checkpoints.db",
-        provider=SqliteProvider(max_checkpoints=50),
+        location="./.checkpoints.db",
+        provider=SqliteProvider(),
     ),
 )
 ```
 
-<Note>
-`SqliteProvider`를 사용할 때 `directory` 필드는 디렉토리가 아닌 데이터베이스 파일 경로입니다.
-</Note>
 
 ## 이벤트 타입
 

docs/ko/installation.mdx

@@ -189,7 +189,7 @@ CrewAI는 의존성 관리와 패키지 처리를 위해 `uv`를 사용합니다
 - 온프레미스 배포를 포함하여 모든 하이퍼스케일러 지원
 - 기존 보안 시스템과의 통합
 
-<Card title="엔터프라이즈 옵션 살펴보기" icon="building" href="https://crewai.com/enterprise">
+<Card title="엔터프라이즈 옵션 살펴보기" icon="building" href="https://share.hsforms.com/1Ooo2UViKQ22UOzdr7i77iwr87kg">
   CrewAI의 엔터프라이즈 서비스에 대해 알아보고 데모를 예약하세요
 </Card>
 </Note>

docs/ko/learn/streaming-crew-execution.mdx

@@ -325,6 +325,34 @@ asyncio.run(interactive_research())
 - **사용자 경험**: 점진적인 결과를 표시하여 체감 지연 시간 감소
 - **라이브 대시보드**: crew 실행 상태를 표시하는 모니터링 인터페이스 구축
 
+## 취소 및 리소스 정리
+
+`CrewStreamingOutput`은 소비자가 연결을 끊을 때 진행 중인 작업을 즉시 중단하는 정상적인 취소를 지원합니다.
+
+### 비동기 컨텍스트 매니저
+
+```python Code
+streaming = await crew.akickoff(inputs={"topic": "AI"})
+
+async with streaming:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+```
+
+### 명시적 취소
+
+```python Code
+streaming = await crew.akickoff(inputs={"topic": "AI"})
+try:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+finally:
+    await streaming.aclose()  # 비동기
+    # streaming.close()       # 동기 버전
+```
+
+취소 후 `streaming.is_cancelled`와 `streaming.is_completed`는 모두 `True`입니다. `aclose()`와 `close()` 모두 멱등성을 가집니다.
+
 ## 중요 사항
 
 - 스트리밍은 crew의 모든 에이전트에 대해 자동으로 LLM 스트리밍을 활성화합니다

docs/ko/skills.mdx

@@ -0,0 +1,50 @@
+---
+title: Skills
+description: skills.sh의 공식 레지스트리에서 crewaiinc/skills를 설치하세요. Claude Code, Cursor, Codex 등을 위한 Flow, Crew, 문서 연동 스킬.
+icon: wand-magic-sparkles
+mode: "wide"
+---
+
+# Skills
+
+**한 번의 명령으로 코딩 에이전트에 CrewAI 컨텍스트를 제공하세요.**
+
+CrewAI **Skills**는 **[skills.sh/crewaiinc/skills](https://skills.sh/crewaiinc/skills)**에 게시됩니다. `crewaiinc/skills`의 공식 레지스트리로, 개별 스킬(예: **design-agent**, **getting-started**, **design-task**, **ask-docs**), 설치 수, 감사 정보를 확인할 수 있습니다. Claude Code, Cursor, Codex 같은 코딩 에이전트에게 Flow 구성, Crew 설정, 도구 사용, CrewAI 패턴을 가르칩니다. 아래를 실행하거나 에이전트에 붙여 넣으세요.
+
+```shell Terminal
+npx skills add crewaiinc/skills
+```
+
+에이전트 워크플로에 스킬 팩이 추가되어 세션마다 프레임워크를 다시 설명하지 않아도 CrewAI 관례를 적용할 수 있습니다. 소스와 이슈는 [GitHub](https://github.com/crewAIInc/skills)에서 관리합니다.
+
+## 에이전트가 얻는 것
+
+- **Flows** — CrewAI 방식의 상태ful 앱, 단계, crew kickoff
+- **Crew & 에이전트** — YAML 우선 패턴, 역할, 작업, 위임
+- **도구 & 통합** — 검색, API, 일반적인 CrewAI 도구 연결
+- **프로젝트 구조** — CLI 스캐폴드 및 저장소 관례와 정렬
+- **최신 패턴** — 스킬이 현재 CrewAI 문서 및 권장 사항을 반영
+
+## 이 사이트에서 더 알아보기
+
+<CardGroup cols={2}>
+  <Card title="코딩 도구 & AGENTS.md" icon="terminal" href="/ko/guides/coding-tools/agents-md">
+    CrewAI와 `AGENTS.md`, 코딩 에이전트 워크플로 사용법.
+  </Card>
+  <Card title="빠른 시작" icon="rocket" href="/ko/quickstart">
+    첫 Flow와 crew를 처음부터 끝까지 구축합니다.
+  </Card>
+  <Card title="설치" icon="download" href="/ko/installation">
+    CrewAI CLI와 Python 패키지를 설치합니다.
+  </Card>
+  <Card title="Skills 레지스트리 (skills.sh)" icon="globe" href="https://skills.sh/crewaiinc/skills">
+    `crewaiinc/skills` 공식 목록—스킬, 설치 수, 감사.
+  </Card>
+  <Card title="GitHub 소스" icon="code-branch" href="https://github.com/crewAIInc/skills">
+    스킬 팩 소스, 업데이트, 이슈.
+  </Card>
+</CardGroup>
+
+### 영상: 코딩 에이전트 스킬과 CrewAI
+
+<iframe src="https://www.loom.com/embed/befb9f68b81f42ad8112bfdd95a780af" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen style={{ width: "100%", height: "400px" }} />

docs/ko/tools/ai-ml/codeinterpretertool.mdx

@@ -7,6 +7,10 @@ mode: "wide"
 
 # `CodeInterpreterTool`
 
+<Warning>
+  **지원 중단:** `CodeInterpreterTool`이 `crewai-tools`에서 제거되었습니다. `Agent`의 `allow_code_execution` 및 `code_execution_mode` 파라미터도 더 이상 사용되지 않습니다. 안전하고 격리된 코드 실행을 위해 전용 샌드박스 서비스 — [E2B](https://e2b.dev) 또는 [Modal](https://modal.com) — 을 사용하세요.
+</Warning>
+
 ## 설명
 
 `CodeInterpreterTool`은 CrewAI 에이전트가 자율적으로 생성한 Python 3 코드를 실행할 수 있도록 합니다. 이 기능은 에이전트가 코드를 생성하고, 실행하며, 결과를 얻고, 그 정보를 활용하여 이후의 결정과 행동에 반영할 수 있다는 점에서 특히 유용합니다.

docs/ko/tools/database-data/nl2sqltool.mdx

@@ -11,7 +11,75 @@ mode: "wide"
 
 이를 통해 에이전트가 데이터베이스에 접근하여 목표에 따라 정보를 가져오고, 해당 정보를 사용해 응답, 보고서 또는 기타 출력물을 생성하는 다양한 워크플로우가 가능해집니다. 또한 에이전트가 자신의 목표에 맞춰 데이터베이스를 업데이트할 수 있는 기능도 제공합니다.
 
-**주의**: 에이전트가 Read-Replica에 접근할 수 있거나, 에이전트가 데이터베이스에 insert/update 쿼리를 실행해도 괜찮은지 반드시 확인하십시오.
+**주의**: 도구는 기본적으로 읽기 전용(SELECT/SHOW/DESCRIBE/EXPLAIN만 허용)으로 동작합니다. 쓰기 작업을 수행하려면 `allow_dml=True` 매개변수 또는 `CREWAI_NL2SQL_ALLOW_DML=true` 환경 변수가 필요합니다. 쓰기 접근이 활성화된 경우, 가능하면 권한이 제한된 데이터베이스 사용자나 읽기 복제본을 사용하십시오.
+
+## 읽기 전용 모드 및 DML 구성
+
+`NL2SQLTool`은 기본적으로 **읽기 전용 모드**로 동작합니다. 추가 구성 없이 허용되는 구문 유형은 다음과 같습니다:
+
+- `SELECT`
+- `SHOW`
+- `DESCRIBE`
+- `EXPLAIN`
+
+DML을 명시적으로 활성화하지 않으면 쓰기 작업(`INSERT`, `UPDATE`, `DELETE`, `DROP`, `CREATE`, `ALTER`, `TRUNCATE` 등)을 실행하려고 할 때 오류가 발생합니다.
+
+읽기 전용 모드에서는 세미콜론이 포함된 다중 구문 쿼리(예: `SELECT 1; DROP TABLE users`)도 인젝션 공격을 방지하기 위해 차단됩니다.
+
+### 쓰기 작업 활성화
+
+DML(데이터 조작 언어)을 활성화하는 방법은 두 가지입니다:
+
+**옵션 1 — 생성자 매개변수:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+nl2sql = NL2SQLTool(
+    db_uri="postgresql://example@localhost:5432/test_db",
+    allow_dml=True,
+)
+```
+
+**옵션 2 — 환경 변수:**
+
+```bash
+CREWAI_NL2SQL_ALLOW_DML=true
+```
+
+```python
+from crewai_tools import NL2SQLTool
+
+# 환경 변수를 통해 DML 활성화
+nl2sql = NL2SQLTool(db_uri="postgresql://example@localhost:5432/test_db")
+```
+
+### 사용 예시
+
+**읽기 전용(기본값) — 분석 및 보고 워크로드에 안전:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+# SELECT/SHOW/DESCRIBE/EXPLAIN만 허용
+nl2sql = NL2SQLTool(db_uri="postgresql://example@localhost:5432/test_db")
+```
+
+**DML 활성화 — 쓰기 워크로드에 필요:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+# INSERT, UPDATE, DELETE, DROP 등이 허용됨
+nl2sql = NL2SQLTool(
+    db_uri="postgresql://example@localhost:5432/test_db",
+    allow_dml=True,
+)
+```
+
+<Warning>
+DML을 활성화하면 에이전트가 데이터를 수정하거나 삭제할 수 있습니다. 사용 사례에서 명시적으로 쓰기 접근이 필요한 경우에만 활성화하고, 데이터베이스 자격 증명이 최소 필요 권한으로 제한되어 있는지 확인하십시오.
+</Warning>
 
 ## 요구 사항
 

docs/ko/tools/file-document/csvsearchtool.mdx

@@ -76,3 +76,19 @@ tool = CSVSearchTool(
     }
 )
 ```
+
+## 보안
+
+### 경로 유효성 검사
+
+이 도구에 제공되는 파일 경로는 현재 작업 디렉터리에 대해 검증됩니다. 작업 디렉터리 외부로 확인되는 경로는 `ValueError`로 거부됩니다.
+
+작업 디렉터리 외부의 경로를 허용하려면 (예: 테스트 또는 신뢰할 수 있는 파이프라인), 다음 환경 변수를 설정하세요:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### URL 유효성 검사
+
+URL 입력도 검증됩니다: `file://` URI와 사설 또는 예약된 IP 범위를 대상으로 하는 요청은 서버 측 요청 위조(SSRF) 공격을 방지하기 위해 차단됩니다.

docs/ko/tools/file-document/directorysearchtool.mdx

@@ -68,3 +68,15 @@ tool = DirectorySearchTool(
     }
 )
 ```
+
+## 보안
+
+### 경로 유효성 검사
+
+이 도구에 제공되는 디렉터리 경로는 현재 작업 디렉터리에 대해 검증됩니다. 작업 디렉터리 외부로 확인되는 경로는 `ValueError`로 거부됩니다.
+
+작업 디렉터리 외부의 경로를 허용하려면 (예: 테스트 또는 신뢰할 수 있는 파이프라인), 다음 환경 변수를 설정하세요:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```

docs/ko/tools/file-document/jsonsearchtool.mdx

@@ -71,3 +71,19 @@ tool = JSONSearchTool(
     }
 )
 ```
+
+## 보안
+
+### 경로 유효성 검사
+
+이 도구에 제공되는 파일 경로는 현재 작업 디렉터리에 대해 검증됩니다. 작업 디렉터리 외부로 확인되는 경로는 `ValueError`로 거부됩니다.
+
+작업 디렉터리 외부의 경로를 허용하려면 (예: 테스트 또는 신뢰할 수 있는 파이프라인), 다음 환경 변수를 설정하세요:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### URL 유효성 검사
+
+URL 입력도 검증됩니다: `file://` URI와 사설 또는 예약된 IP 범위를 대상으로 하는 요청은 서버 측 요청 위조(SSRF) 공격을 방지하기 위해 차단됩니다.

docs/ko/tools/file-document/pdfsearchtool.mdx

@@ -102,3 +102,19 @@ tool = PDFSearchTool(
     }
 )
 ```
+
+## 보안
+
+### 경로 유효성 검사
+
+이 도구에 제공되는 파일 경로는 현재 작업 디렉터리에 대해 검증됩니다. 작업 디렉터리 외부로 확인되는 경로는 `ValueError`로 거부됩니다.
+
+작업 디렉터리 외부의 경로를 허용하려면 (예: 테스트 또는 신뢰할 수 있는 파이프라인), 다음 환경 변수를 설정하세요:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### URL 유효성 검사
+
+URL 입력도 검증됩니다: `file://` URI와 사설 또는 예약된 IP 범위를 대상으로 하는 요청은 서버 측 요청 위조(SSRF) 공격을 방지하기 위해 차단됩니다.

docs/pt-BR/changelog.mdx

@@ -4,6 +4,316 @@ description: "Atualizações de produto, melhorias e correções do CrewAI"
 icon: "clock"
 mode: "wide"
 ---
+<Update label="21 abr 2026">
+  ## v1.14.3a1
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.3a1)
+
+  ## O que Mudou
+
+  ### Funcionalidades
+  - Adicionar suporte a checkpoint e fork para agentes autônomos
+
+  ### Correções de Bugs
+  - Preservar thought_signature nas chamadas da ferramenta de streaming Gemini
+  - Emitir task_started na retomada do fork e redesenhar a TUI de checkpoint
+  - Corrigir a ordem do dry-run e lidar com branch desatualizada em release do devtools
+  - Usar datas futuras nos testes de poda de checkpoint para evitar falhas dependentes do tempo (#5543)
+
+  ### Documentação
+  - Atualizar changelog e versão para v1.14.2
+
+  ## Contribuidores
+
+  @alex-clawd, @greysonlalonde
+
+</Update>
+
+<Update label="17 abr 2026">
+  ## v1.14.2
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2)
+
+  ## O que Mudou
+
+  ### Recursos
+  - Adicionar comandos de retomar, diferenciar e podar checkpoints com melhor descobribilidade.
+  - Adicionar o parâmetro `from_checkpoint` ao `Agent.kickoff` e métodos relacionados.
+  - Adicionar comandos de gerenciamento de templates para templates de projeto.
+  - Adicionar dicas de retomar na liberação de devtools em caso de falha.
+  - Adicionar CLI de validação de implantação e melhorar a ergonomia da inicialização do LLM.
+  - Adicionar bifurcação de checkpoints com rastreamento de linhagem.
+  - Enriquecer o rastreamento de tokens do LLM com tokens de raciocínio e tokens de criação de cache.
+
+  ### Correções de Bugs
+  - Corrigir prompt em conflitos de branch obsoletos na liberação de devtools.
+  - Corrigir vulnerabilidades em `authlib`, `langchain-text-splitters` e `pypdf`.
+  - Restringir manipuladores de streaming para evitar contaminação de chunks entre execuções.
+  - Despachar checkpoints de Flow através das APIs de Flow na TUI.
+  - Usar glob recursivo para descoberta de checkpoints JSON.
+  - Lidar com esquemas JSON cíclicos na resolução de ferramentas MCP.
+  - Preservar os argumentos de chamada da ferramenta Bedrock removendo o padrão truthy.
+  - Emitir evento flow_finished após retomar HITL.
+  - Corrigir várias vulnerabilidades atualizando dependências, incluindo `requests`, `cryptography` e `pytest`.
+  - Corrigir para parar de encaminhar o modo estrito para a API Bedrock Converse.
+
+  ### Documentação
+  - Documentar parâmetros ausentes e adicionar seção de Checkpointing.
+  - Atualizar changelog e versão para v1.14.2 e candidatos a liberação anteriores.
+  - Adicionar documentação da funcionalidade A2A empresarial e atualizar a documentação A2A OSS.
+
+  ## Contribuidores
+
+  @Yanhu007, @alex-clawd, @github-actions[bot], @greysonlalonde, @iris-clawd, @lorenzejay, @lucasgomide
+
+</Update>
+
+<Update label="16 abr 2026">
+  ## v1.14.2rc1
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2rc1)
+
+  ## O que Mudou
+
+  ### Correções de Bugs
+  - Corrigir o manuseio de esquemas JSON cíclicos na resolução da ferramenta MCP
+  - Corrigir vulnerabilidade atualizando python-multipart para 0.0.26
+  - Corrigir vulnerabilidade atualizando pypdf para 6.10.1
+
+  ### Documentação
+  - Atualizar o changelog e a versão para v1.14.2a5
+
+  ## Contribuidores
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="15 abr 2026">
+  ## v1.14.2a5
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a5)
+
+  ## O que Mudou
+
+  ### Documentação
+  - Atualizar changelog e versão para v1.14.2a4
+
+  ## Contribuidores
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="15 abr 2026">
+  ## v1.14.2a4
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a4)
+
+  ## O que Mudou
+
+  ### Recursos
+  - Adicionar dicas de retomar ao release do devtools em caso de falha
+
+  ### Correções de Bugs
+  - Corrigir o encaminhamento do modo estrito para a API Bedrock Converse
+  - Corrigir a versão do pytest para 9.0.3 devido à vulnerabilidade de segurança GHSA-6w46-j5rx-g56g
+  - Aumentar o limite inferior do OpenAI para >=2.0.0
+
+  ### Documentação
+  - Atualizar o changelog e a versão para v1.14.2a3
+
+  ## Contribuidores
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="13 abr 2026">
+  ## v1.14.2a3
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a3)
+
+  ## O que Mudou
+
+  ### Recursos
+  - Adicionar CLI de validação de deploy
+  - Melhorar a ergonomia de inicialização do LLM
+
+  ### Correções de Bugs
+  - Substituir pypdf e uv por versões corrigidas para CVE-2026-40260 e GHSA-pjjw-68hj-v9mw
+  - Atualizar requests para >=2.33.0 devido à vulnerabilidade de arquivo temporário CVE
+  - Preservar os argumentos de chamada da ferramenta Bedrock removendo o padrão truthy
+  - Sanitizar esquemas de ferramentas para modo estrito
+  - Remover flakiness do teste de serialização de embedding MemoryRecord
+
+  ### Documentação
+  - Limpar a linguagem do A2A empresarial
+  - Adicionar documentação de recursos do A2A empresarial
+  - Atualizar documentação do A2A OSS
+  - Atualizar changelog e versão para v1.14.2a2
+
+  ## Contribuidores
+
+  @Yanhu007, @greysonlalonde
+
+</Update>
+
+<Update label="10 abr 2026">
+  ## v1.14.2a2
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a2)
+
+  ## O que Mudou
+
+  ### Funcionalidades
+  - Adicionar TUI de ponto de verificação com visualização em árvore, suporte a bifurcações e entradas/saídas editáveis
+  - Enriquecer o rastreamento de tokens LLM com tokens de raciocínio e tokens de criação de cache
+  - Adicionar parâmetro `from_checkpoint` aos métodos de inicialização
+  - Incorporar `crewai_version` em pontos de verificação com o framework de migração
+  - Adicionar bifurcação de ponto de verificação com rastreamento de linhagem
+
+  ### Correções de Bugs
+  - Corrigir o encaminhamento em modo estrito para os provedores Anthropic e Bedrock
+  - Fortalecer NL2SQLTool com padrão somente leitura, validação de consultas e consultas parametrizadas
+
+  ### Documentação
+  - Atualizar changelog e versão para v1.14.2a1
+
+  ## Contributors
+
+  @alex-clawd, @github-actions[bot], @greysonlalonde, @lucasgomide
+
+</Update>
+
+<Update label="09 abr 2026">
+  ## v1.14.2a1
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.2a1)
+
+  ## O que Mudou
+
+  ### Correções de Bugs
+  - Corrigir a emissão do evento flow_finished após a retomada do HITL
+  - Corrigir a versão da criptografia para 46.0.7 para resolver o CVE-2026-39892
+
+  ### Refatoração
+  - Refatorar para usar o singleton I18N_DEFAULT compartilhado
+
+  ### Documentação
+  - Atualizar o changelog e a versão para v1.14.1
+
+  ## Contribuidores
+
+  @greysonlalonde
+
+</Update>
+
+<Update label="09 abr 2026">
+  ## v1.14.1
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.1)
+
+  ## O que Mudou
+
+  ### Funcionalidades
+  - Adicionar navegador TUI de ponto de verificação assíncrono
+  - Adicionar aclose()/close() e gerenciador de contexto assíncrono para saídas de streaming
+
+  ### Correções de Bugs
+  - Corrigir regex para aumentos de versão do template pyproject.toml
+  - Sanitizar nomes de ferramentas nos filtros do decorador de hook
+  - Corrigir registro de manipuladores de ponto de verificação quando CheckpointConfig é criado
+  - Atualizar transformers para 5.5.0 para resolver CVE-2026-1839
+  - Remover wrapper stdout/stderr de FilteredStream
+
+  ### Documentação
+  - Atualizar changelog e versão para v1.14.1rc1
+
+  ### Refatoração
+  - Substituir lista de negação codificada por exclusão dinâmica de campo BaseTool na geração de especificações
+  - Substituir regex por tomlkit na CLI do devtools
+  - Usar singleton PRINTER compartilhado
+  - Fazer BaseProvider um BaseModel com discriminador provider_type
+
+  ## Contribuidores
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay
+
+</Update>
+
+<Update label="09 abr 2026">
+  ## v1.14.1rc1
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.1rc1)
+
+  ## O que Mudou
+
+  ### Recursos
+  - Adicionar navegador TUI de ponto de verificação assíncrono
+  - Adicionar aclose()/close() e gerenciador de contexto assíncrono para saídas de streaming
+
+  ### Correções de Bugs
+  - Corrigir aumentos de versão do template pyproject.toml usando regex
+  - Sanitizar nomes de ferramentas nos filtros do decorador de hook
+  - Atualizar transformers para 5.5.0 para resolver CVE-2026-1839
+  - Registrar manipuladores de ponto de verificação quando CheckpointConfig é criado
+
+  ### Refatoração
+  - Substituir lista de negação codificada por exclusão dinâmica de campo BaseTool na geração de especificações
+  - Substituir regex por tomlkit na CLI do devtools
+  - Usar singleton PRINTER compartilhado
+  - Tornar BaseProvider um BaseModel com discriminador de tipo de provedor
+  - Remover wrapper stdout/stderr de FilteredStream
+  - Remover flow/config.py não utilizado
+
+  ### Documentação
+  - Atualizar changelog e versão para v1.14.0
+
+  ## Contribuidores
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura
+
+</Update>
+
+<Update label="07 abr 2026">
+  ## v1.14.0
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.14.0)
+
+  ## O que Mudou
+
+  ### Recursos
+  - Adicionar comandos CLI de lista/informações de checkpoint
+  - Adicionar guardrail_type e nome para distinguir rastros
+  - Adicionar SqliteProvider para armazenamento de checkpoints
+  - Adicionar CheckpointConfig para checkpointing automático
+  - Implementar checkpointing de estado em tempo de execução, sistema de eventos e refatoração do executor
+
+  ### Correções de Bugs
+  - Adicionar proteções contra SSRF e travessia de caminho
+  - Adicionar validação de caminho e URL às ferramentas RAG
+  - Excluir vetores de incorporação da serialização de memória para economizar tokens
+  - Garantir que o diretório de saída exista antes de escrever no modelo de fluxo
+  - Atualizar litellm para >=1.83.0 para resolver CVE-2026-35030
+  - Remover campo de indexação SEO que causava renderização de página em árabe
+
+  ### Documentação
+  - Atualizar changelog e versão para v1.14.0
+  - Atualizar guias de início rápido e instalação para maior clareza
+  - Adicionar seção de provedores de armazenamento, exportar JsonProvider
+  - Adicionar guia da aba de Treinamento AMP
+
+  ### Refatoração
+  - Limpar API de checkpoint
+  - Remover CodeInterpreterTool e descontinuar parâmetros de execução de código
+
+  ## Contribuidores
+
+  @alex-clawd, @github-actions[bot], @greysonlalonde, @iris-clawd, @joaomdmoura, @lorenzejay, @lucasgomide
+
+</Update>
+
 <Update label="07 abr 2026">
   ## v1.14.0a4
 

docs/pt-BR/concepts/agents.mdx

@@ -304,17 +304,12 @@ multimodal_agent = Agent(
 
 #### Execução de Código
 
-- `allow_code_execution`: Deve ser True para permitir execução de código
-- `code_execution_mode`:
-  - `"safe"`: Usa Docker (recomendado para produção)
-  - `"unsafe"`: Execução direta (apenas em ambientes confiáveis)
+<Warning>
+  `allow_code_execution` e `code_execution_mode` estão depreciados. O `CodeInterpreterTool` foi removido do `crewai-tools`. Use um serviço de sandbox dedicado como [E2B](https://e2b.dev) ou [Modal](https://modal.com) para execução segura de código.
+</Warning>
 
-<Note>
-  Isso executa uma imagem Docker padrão. Se você deseja configurar a imagem
-  Docker, veja a ferramenta Code Interpreter na seção de ferramentas. Adicione a
-  ferramenta de interpretação de código como um parâmetro em ferramentas no
-  agente.
-</Note>
+- `allow_code_execution` _(depreciado)_: Anteriormente habilitava a execução de código embutida via `CodeInterpreterTool`.
+- `code_execution_mode` _(depreciado)_: Anteriormente controlava o modo de execução (`"safe"` para Docker, `"unsafe"` para execução direta).
 
 #### Funcionalidades Avançadas
 
@@ -565,9 +560,9 @@ agent = Agent(
 
 ### Segurança e Execução de Código
 
-- Ao usar `allow_code_execution`, seja cauteloso com entradas do usuário e sempre as valide
-- Use `code_execution_mode: "safe"` (Docker) em ambientes de produção
-- Considere definir limites adequados de `max_execution_time` para evitar loops infinitos
+<Warning>
+  `allow_code_execution` e `code_execution_mode` estão depreciados e o `CodeInterpreterTool` foi removido. Use um serviço de sandbox dedicado como [E2B](https://e2b.dev) ou [Modal](https://modal.com) para execução segura de código.
+</Warning>
 
 ### Otimização de Performance
 

docs/pt-BR/concepts/checkpointing.mdx

@@ -39,7 +39,7 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./my_checkpoints",
+        location="./my_checkpoints",
         on_events=["task_completed", "crew_kickoff_completed"],
         max_checkpoints=5,
     ),
@@ -50,7 +50,7 @@ crew = Crew(
 
 | Campo | Tipo | Padrao | Descricao |
 |:------|:-----|:-------|:----------|
-| `directory` | `str` | `"./.checkpoints"` | Caminho para os arquivos de checkpoint |
+| `location` | `str` | `"./.checkpoints"` | Caminho para os arquivos de checkpoint |
 | `on_events` | `list[str]` | `["task_completed"]` | Tipos de evento que acionam um checkpoint |
 | `provider` | `BaseProvider` | `JsonProvider()` | Backend de armazenamento |
 | `max_checkpoints` | `int \| None` | `None` | Maximo de arquivos a manter; os mais antigos sao removidos primeiro |
@@ -95,7 +95,7 @@ A crew restaurada pula tarefas ja concluidas e retoma a partir da primeira incom
 crew = Crew(
     agents=[researcher, writer],
     tasks=[research_task, write_task, review_task],
-    checkpoint=CheckpointConfig(directory="./crew_cp"),
+    checkpoint=CheckpointConfig(location="./crew_cp"),
 )
 ```
 
@@ -118,7 +118,7 @@ class MyFlow(Flow):
 
 flow = MyFlow(
     checkpoint=CheckpointConfig(
-        directory="./flow_cp",
+        location="./flow_cp",
         on_events=["method_execution_finished"],
     ),
 )
@@ -137,7 +137,7 @@ agent = Agent(
     goal="Research topics",
     backstory="Expert researcher",
     checkpoint=CheckpointConfig(
-        directory="./agent_cp",
+        location="./agent_cp",
         on_events=["lite_agent_execution_completed"],
     ),
 )
@@ -160,7 +160,7 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./my_checkpoints",
+        location="./my_checkpoints",
         provider=JsonProvider(),
         max_checkpoints=5,
     ),
@@ -179,15 +179,12 @@ crew = Crew(
     agents=[...],
     tasks=[...],
     checkpoint=CheckpointConfig(
-        directory="./.checkpoints.db",
-        provider=SqliteProvider(max_checkpoints=50),
+        location="./.checkpoints.db",
+        provider=SqliteProvider(),
     ),
 )
 ```
 
-<Note>
-Ao usar `SqliteProvider`, o campo `directory` e o caminho do arquivo de banco de dados, nao um diretorio.
-</Note>
 
 ## Tipos de Evento
 

docs/pt-BR/installation.mdx

@@ -191,7 +191,7 @@ Para equipes e organizações, o CrewAI oferece opções de implantação corpor
 - Compatível com qualquer hyperscaler, incluindo ambientes on-premises
 - Integração com seus sistemas de segurança existentes
 
-<Card title="Explore as Opções Enterprise" icon="building" href="https://crewai.com/enterprise">
+<Card title="Explore as Opções Enterprise" icon="building" href="https://share.hsforms.com/1Ooo2UViKQ22UOzdr7i77iwr87kg">
   Saiba mais sobre as soluções enterprise do CrewAI e agende uma demonstração
 </Card>
 </Note>

docs/pt-BR/learn/streaming-crew-execution.mdx

@@ -325,6 +325,34 @@ O streaming é particularmente valioso para:
 - **Experiência do Usuário**: Reduzir latência percebida mostrando resultados incrementais
 - **Dashboards ao Vivo**: Construir interfaces de monitoramento que exibem status de execução da crew
 
+## Cancelamento e Limpeza de Recursos
+
+`CrewStreamingOutput` suporta cancelamento gracioso para que o trabalho em andamento pare imediatamente quando o consumidor desconecta.
+
+### Gerenciador de Contexto Assíncrono
+
+```python Code
+streaming = await crew.akickoff(inputs={"topic": "AI"})
+
+async with streaming:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+```
+
+### Cancelamento Explícito
+
+```python Code
+streaming = await crew.akickoff(inputs={"topic": "AI"})
+try:
+    async for chunk in streaming:
+        print(chunk.content, end="", flush=True)
+finally:
+    await streaming.aclose()  # assíncrono
+    # streaming.close()       # equivalente síncrono
+```
+
+Após o cancelamento, `streaming.is_cancelled` e `streaming.is_completed` são ambos `True`. Tanto `aclose()` quanto `close()` são idempotentes.
+
 ## Notas Importantes
 
 - O streaming ativa automaticamente o streaming do LLM para todos os agentes na crew

docs/pt-BR/skills.mdx

@@ -0,0 +1,50 @@
+---
+title: Skills
+description: Instale crewaiinc/skills pelo registro oficial em skills.sh—Flows, Crews e agentes alinhados à documentação para Claude Code, Cursor, Codex e outros.
+icon: wand-magic-sparkles
+mode: "wide"
+---
+
+# Skills
+
+**Dê ao seu agente de código o contexto do CrewAI em um comando.**
+
+As **Skills** do CrewAI são publicadas em **[skills.sh/crewaiinc/skills](https://skills.sh/crewaiinc/skills)**—o registro oficial de `crewaiinc/skills`, com cada skill (por exemplo **design-agent**, **getting-started**, **design-task** e **ask-docs**), estatísticas de instalação e auditorias. Ensinam agentes de código—como Claude Code, Cursor e Codex—a estruturar Flows, configurar Crews, usar ferramentas e seguir os padrões do CrewAI. Execute o comando abaixo (ou cole no seu agente).
+
+```shell Terminal
+npx skills add crewaiinc/skills
+```
+
+Isso adiciona o pacote de skills ao fluxo do seu agente para aplicar convenções do CrewAI sem precisar reexplicar o framework a cada sessão. Código-fonte e issues ficam no [GitHub](https://github.com/crewAIInc/skills).
+
+## O que seu agente ganha
+
+- **Flows** — apps com estado, passos e kickoffs de crew no estilo CrewAI
+- **Crews e agentes** — padrões YAML-first, papéis, tarefas e delegação
+- **Ferramentas e integrações** — conectar agentes a busca, APIs e ferramentas comuns
+- **Layout de projeto** — alinhar com scaffolds da CLI e convenções do repositório
+- **Padrões atualizados** — skills acompanham a documentação e as práticas recomendadas
+
+## Saiba mais neste site
+
+<CardGroup cols={2}>
+  <Card title="Ferramentas de codificação e AGENTS.md" icon="terminal" href="/pt-BR/guides/coding-tools/agents-md">
+    Como usar `AGENTS.md` e fluxos de agente de código com o CrewAI.
+  </Card>
+  <Card title="Início rápido" icon="rocket" href="/pt-BR/quickstart">
+    Construa seu primeiro Flow e crew ponta a ponta.
+  </Card>
+  <Card title="Instalação" icon="download" href="/pt-BR/installation">
+    Instale a CLI e o pacote Python do CrewAI.
+  </Card>
+  <Card title="Registro de skills (skills.sh)" icon="globe" href="https://skills.sh/crewaiinc/skills">
+    Listagem oficial de `crewaiinc/skills`—skills, instalações e auditorias.
+  </Card>
+  <Card title="Código no GitHub" icon="code-branch" href="https://github.com/crewAIInc/skills">
+    Fonte, atualizações e issues do pacote de skills.
+  </Card>
+</CardGroup>
+
+### Vídeo: CrewAI com coding agent skills
+
+<iframe src="https://www.loom.com/embed/befb9f68b81f42ad8112bfdd95a780af" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen style={{ width: "100%", height: "400px" }} />

docs/pt-BR/tools/ai-ml/codeinterpretertool.mdx

@@ -7,6 +7,10 @@ mode: "wide"
 
 # `CodeInterpreterTool`
 
+<Warning>
+  **Depreciado:** O `CodeInterpreterTool` foi removido do `crewai-tools`. Os parâmetros `allow_code_execution` e `code_execution_mode` do `Agent` também estão depreciados. Use um serviço de sandbox dedicado — [E2B](https://e2b.dev) ou [Modal](https://modal.com) — para execução de código segura e isolada.
+</Warning>
+
 ## Descrição
 
 O `CodeInterpreterTool` permite que agentes CrewAI executem códigos Python 3 gerados autonomamente. Essa funcionalidade é particularmente valiosa, pois permite que os agentes criem códigos, os executem, obtenham os resultados e usem essas informações para orientar decisões e ações subsequentes.

docs/pt-BR/tools/database-data/nl2sqltool.mdx

@@ -11,7 +11,75 @@ Esta ferramenta é utilizada para converter linguagem natural em consultas SQL.
 
 Isso possibilita múltiplos fluxos de trabalho, como por exemplo ter um Agente acessando o banco de dados para buscar informações com base em um objetivo e, então, usar essas informações para gerar uma resposta, relatório ou qualquer outro tipo de saída. Além disso, permite que o Agente atualize o banco de dados de acordo com seu objetivo.
 
-**Atenção**: Certifique-se de que o Agente tenha acesso a um Read-Replica ou que seja permitido que o Agente execute consultas de inserção/atualização no banco de dados.
+**Atenção**: Por padrão, a ferramenta opera em modo somente leitura (apenas SELECT/SHOW/DESCRIBE/EXPLAIN). Operações de escrita exigem `allow_dml=True` ou a variável de ambiente `CREWAI_NL2SQL_ALLOW_DML=true`. Quando o acesso de escrita estiver habilitado, certifique-se de que o Agente use um usuário de banco de dados com privilégios mínimos ou um Read-Replica sempre que possível.
+
+## Modo Somente Leitura e Configuração de DML
+
+O `NL2SQLTool` opera em **modo somente leitura por padrão**. Apenas os seguintes tipos de instrução são permitidos sem configuração adicional:
+
+- `SELECT`
+- `SHOW`
+- `DESCRIBE`
+- `EXPLAIN`
+
+Qualquer tentativa de executar uma operação de escrita (`INSERT`, `UPDATE`, `DELETE`, `DROP`, `CREATE`, `ALTER`, `TRUNCATE`, etc.) resultará em erro, a menos que o DML seja habilitado explicitamente.
+
+Consultas com múltiplas instruções contendo ponto e vírgula (ex.: `SELECT 1; DROP TABLE users`) também são bloqueadas no modo somente leitura para prevenir ataques de injeção.
+
+### Habilitando Operações de Escrita
+
+Você pode habilitar DML (Linguagem de Manipulação de Dados) de duas formas:
+
+**Opção 1 — parâmetro do construtor:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+nl2sql = NL2SQLTool(
+    db_uri="postgresql://example@localhost:5432/test_db",
+    allow_dml=True,
+)
+```
+
+**Opção 2 — variável de ambiente:**
+
+```bash
+CREWAI_NL2SQL_ALLOW_DML=true
+```
+
+```python
+from crewai_tools import NL2SQLTool
+
+# DML habilitado via variável de ambiente
+nl2sql = NL2SQLTool(db_uri="postgresql://example@localhost:5432/test_db")
+```
+
+### Exemplos de Uso
+
+**Somente leitura (padrão) — seguro para análise e relatórios:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+# Apenas SELECT/SHOW/DESCRIBE/EXPLAIN são permitidos
+nl2sql = NL2SQLTool(db_uri="postgresql://example@localhost:5432/test_db")
+```
+
+**Com DML habilitado — necessário para workloads de escrita:**
+
+```python
+from crewai_tools import NL2SQLTool
+
+# INSERT, UPDATE, DELETE, DROP, etc. são permitidos
+nl2sql = NL2SQLTool(
+    db_uri="postgresql://example@localhost:5432/test_db",
+    allow_dml=True,
+)
+```
+
+<Warning>
+Habilitar DML concede ao agente a capacidade de modificar ou destruir dados. Ative apenas quando o seu caso de uso exigir explicitamente acesso de escrita e certifique-se de que as credenciais do banco de dados estejam limitadas aos privilégios mínimos necessários.
+</Warning>
 
 ## Requisitos
 

docs/pt-BR/tools/file-document/csvsearchtool.mdx

@@ -75,4 +75,20 @@ tool = CSVSearchTool(
         ),
     )
 )
+
+## Segurança
+
+### Validação de Caminhos
+
+Os caminhos de arquivo fornecidos a esta ferramenta são validados em relação ao diretório de trabalho atual. Caminhos que resolvem fora do diretório de trabalho são rejeitados com um `ValueError`.
+
+Para permitir caminhos fora do diretório de trabalho (por exemplo, em testes ou pipelines confiáveis), defina a variável de ambiente:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### Validação de URLs
+
+Entradas de URL também são validadas: URIs `file://` e requisições direcionadas a faixas de IP privadas ou reservadas são bloqueadas para prevenir ataques de falsificação de requisições do lado do servidor (SSRF).
 ```

docs/pt-BR/tools/file-document/directorysearchtool.mdx

@@ -67,4 +67,16 @@ tool = DirectorySearchTool(
         },
     }
 )
+```
+
+## Segurança
+
+### Validação de Caminhos
+
+Os caminhos de diretório fornecidos a esta ferramenta são validados em relação ao diretório de trabalho atual. Caminhos que resolvem fora do diretório de trabalho são rejeitados com um `ValueError`.
+
+Para permitir caminhos fora do diretório de trabalho (por exemplo, em testes ou pipelines confiáveis), defina a variável de ambiente:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
 ```

docs/pt-BR/tools/file-document/jsonsearchtool.mdx

@@ -73,4 +73,20 @@ tool = JSONSearchTool(
         },
     }
 )
+
+## Segurança
+
+### Validação de Caminhos
+
+Os caminhos de arquivo fornecidos a esta ferramenta são validados em relação ao diretório de trabalho atual. Caminhos que resolvem fora do diretório de trabalho são rejeitados com um `ValueError`.
+
+Para permitir caminhos fora do diretório de trabalho (por exemplo, em testes ou pipelines confiáveis), defina a variável de ambiente:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### Validação de URLs
+
+Entradas de URL também são validadas: URIs `file://` e requisições direcionadas a faixas de IP privadas ou reservadas são bloqueadas para prevenir ataques de falsificação de requisições do lado do servidor (SSRF).
 ```

docs/pt-BR/tools/file-document/pdfsearchtool.mdx

@@ -101,4 +101,20 @@ tool = PDFSearchTool(
         },
     }
 )
-```
+```
+
+## Segurança
+
+### Validação de Caminhos
+
+Os caminhos de arquivo fornecidos a esta ferramenta são validados em relação ao diretório de trabalho atual. Caminhos que resolvem fora do diretório de trabalho são rejeitados com um `ValueError`.
+
+Para permitir caminhos fora do diretório de trabalho (por exemplo, em testes ou pipelines confiáveis), defina a variável de ambiente:
+
+```shell
+CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
+```
+
+### Validação de URLs
+
+Entradas de URL também são validadas: URIs `file://` e requisições direcionadas a faixas de IP privadas ou reservadas são bloqueadas para prevenir ataques de falsificação de requisições do lado do servidor (SSRF).

lib/crewai-files/pyproject.toml

@@ -9,7 +9,7 @@ authors = [
 requires-python = ">=3.10, <3.14"
 dependencies = [
     "Pillow~=12.1.1",
-    "pypdf~=6.9.1",
+    "pypdf~=6.10.0",
     "python-magic>=0.4.27",
     "aiocache~=0.12.3",
     "aiofiles~=24.1.0",

lib/crewai-files/src/crewai_files/__init__.py

@@ -152,4 +152,4 @@ __all__ = [
     "wrap_file_source",
 ]
 
-__version__ = "1.14.0a4"
+__version__ = "1.14.3a1"

lib/crewai-tools/pyproject.toml

@@ -9,8 +9,8 @@ authors = [
 requires-python = ">=3.10, <3.14"
 dependencies = [
     "pytube~=15.0.0",
-    "requests~=2.32.5",
-    "crewai==1.14.0a4",
+    "requests>=2.33.0,<3",
+    "crewai==1.14.3a1",
     "tiktoken~=0.8.0",
     "beautifulsoup4~=4.13.4",
     "python-docx~=1.2.0",
@@ -139,6 +139,9 @@ contextual = [
     "contextual-client>=0.1.0",
     "nest-asyncio>=1.6.0",
 ]
+daytona = [
+    "daytona~=0.140.0",
+]
 
 
 [tool.uv]

lib/crewai-tools/src/crewai_tools/__init__.py

@@ -59,6 +59,11 @@ from crewai_tools.tools.dalle_tool.dalle_tool import DallETool
 from crewai_tools.tools.databricks_query_tool.databricks_query_tool import (
     DatabricksQueryTool,
 )
+from crewai_tools.tools.daytona_sandbox_tool import (
+    DaytonaExecTool,
+    DaytonaFileTool,
+    DaytonaPythonTool,
+)
 from crewai_tools.tools.directory_read_tool.directory_read_tool import (
     DirectoryReadTool,
 )
@@ -232,6 +237,9 @@ __all__ = [
     "DOCXSearchTool",
     "DallETool",
     "DatabricksQueryTool",
+    "DaytonaExecTool",
+    "DaytonaFileTool",
+    "DaytonaPythonTool",
     "DirectoryReadTool",
     "DirectorySearchTool",
     "EXASearchTool",
@@ -305,4 +313,4 @@ __all__ = [
     "ZapierActionTools",
 ]
 
-__version__ = "1.14.0a4"
+__version__ = "1.14.3a1"

lib/crewai-tools/src/crewai_tools/generate_tool_specs.py

@@ -154,21 +154,19 @@ class ToolSpecExtractor:
 
         return default_value
 
+    # Dynamically computed from BaseTool so that any future fields or
+    # computed_fields added to BaseTool are automatically excluded from
+    # the generated spec — no hardcoded denylist to maintain.
+    # ``package_dependencies`` is not a BaseTool field but is extracted
+    # into its own top-level key, so it's also excluded from init_params.
+    _BASE_TOOL_FIELDS: set[str] = (
+        set(BaseTool.model_fields)
+        | set(BaseTool.model_computed_fields)
+        | {"package_dependencies"}
+    )
+
     @staticmethod
     def _extract_init_params(tool_class: type[BaseTool]) -> dict[str, Any]:
-        ignored_init_params = [
-            "name",
-            "description",
-            "env_vars",
-            "args_schema",
-            "description_updated",
-            "cache_function",
-            "result_as_answer",
-            "max_usage_count",
-            "current_usage_count",
-            "package_dependencies",
-        ]
-
         json_schema = tool_class.model_json_schema(
             schema_generator=SchemaGenerator, mode="serialization"
         )
@@ -176,8 +174,14 @@ class ToolSpecExtractor:
         json_schema["properties"] = {
             key: value
             for key, value in json_schema["properties"].items()
-            if key not in ignored_init_params
+            if key not in ToolSpecExtractor._BASE_TOOL_FIELDS
         }
+        if "required" in json_schema:
+            json_schema["required"] = [
+                key
+                for key in json_schema["required"]
+                if key not in ToolSpecExtractor._BASE_TOOL_FIELDS
+            ]
         return json_schema
 
     def save_to_json(self, output_path: str) -> None:

lib/crewai-tools/src/crewai_tools/rag/data_types.py

@@ -109,7 +109,7 @@ class DataTypes:
         if isinstance(content, str):
             try:
                 url = urlparse(content)
-                is_url = bool(url.scheme and url.netloc) or url.scheme == "file"
+                is_url = bool(url.scheme in ("http", "https") and url.netloc)
             except Exception:  # noqa: S110
                 pass
 

lib/crewai-tools/src/crewai_tools/security/safe_path.py

@@ -0,0 +1,205 @@
+"""Path and URL validation utilities for crewai-tools.
+
+Provides validation for file paths and URLs to prevent unauthorized
+file access and server-side request forgery (SSRF) when tools accept
+user-controlled or LLM-controlled inputs at runtime.
+
+Set CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true to bypass validation (not
+recommended for production).
+"""
+
+from __future__ import annotations
+
+import ipaddress
+import logging
+import os
+import socket
+from urllib.parse import urlparse
+
+
+logger = logging.getLogger(__name__)
+
+_UNSAFE_PATHS_ENV = "CREWAI_TOOLS_ALLOW_UNSAFE_PATHS"
+
+
+def _is_escape_hatch_enabled() -> bool:
+    """Check if the unsafe paths escape hatch is enabled."""
+    return os.environ.get(_UNSAFE_PATHS_ENV, "").lower() in ("true", "1", "yes")
+
+
+# ---------------------------------------------------------------------------
+# File path validation
+# ---------------------------------------------------------------------------
+
+
+def validate_file_path(path: str, base_dir: str | None = None) -> str:
+    """Validate that a file path is safe to read.
+
+    Resolves symlinks and ``..`` components, then checks that the resolved
+    path falls within *base_dir* (defaults to the current working directory).
+
+    Args:
+        path: The file path to validate.
+        base_dir: Allowed root directory. Defaults to ``os.getcwd()``.
+
+    Returns:
+        The resolved, validated absolute path.
+
+    Raises:
+        ValueError: If the path escapes the allowed directory.
+    """
+    if _is_escape_hatch_enabled():
+        logger.warning(
+            "%s is enabled — skipping file path validation for: %s",
+            _UNSAFE_PATHS_ENV,
+            path,
+        )
+        return os.path.realpath(path)
+
+    if base_dir is None:
+        base_dir = os.getcwd()
+
+    resolved_base = os.path.realpath(base_dir)
+    resolved_path = os.path.realpath(
+        os.path.join(resolved_base, path) if not os.path.isabs(path) else path
+    )
+
+    # Ensure the resolved path is within the base directory.
+    # When resolved_base already ends with a separator (e.g. the filesystem
+    # root "/"), appending os.sep would double it ("//"), so use the base
+    # as-is in that case.
+    prefix = resolved_base if resolved_base.endswith(os.sep) else resolved_base + os.sep
+    if not resolved_path.startswith(prefix) and resolved_path != resolved_base:
+        raise ValueError(
+            f"Path '{path}' resolves to '{resolved_path}' which is outside "
+            f"the allowed directory '{resolved_base}'. "
+            f"Set {_UNSAFE_PATHS_ENV}=true to bypass this check."
+        )
+
+    return resolved_path
+
+
+def validate_directory_path(path: str, base_dir: str | None = None) -> str:
+    """Validate that a directory path is safe to read.
+
+    Same as :func:`validate_file_path` but also checks that the path
+    is an existing directory.
+
+    Args:
+        path: The directory path to validate.
+        base_dir: Allowed root directory. Defaults to ``os.getcwd()``.
+
+    Returns:
+        The resolved, validated absolute path.
+
+    Raises:
+        ValueError: If the path escapes the allowed directory or is not a directory.
+    """
+    validated = validate_file_path(path, base_dir)
+    if not os.path.isdir(validated):
+        raise ValueError(f"Path '{validated}' is not a directory.")
+    return validated
+
+
+# ---------------------------------------------------------------------------
+# URL validation
+# ---------------------------------------------------------------------------
+
+# Private and reserved IP ranges that should not be accessed
+_BLOCKED_IPV4_NETWORKS = [
+    ipaddress.ip_network("10.0.0.0/8"),
+    ipaddress.ip_network("172.16.0.0/12"),
+    ipaddress.ip_network("192.168.0.0/16"),
+    ipaddress.ip_network("127.0.0.0/8"),
+    ipaddress.ip_network("169.254.0.0/16"),  # Link-local / cloud metadata
+    ipaddress.ip_network("0.0.0.0/32"),
+]
+
+_BLOCKED_IPV6_NETWORKS = [
+    ipaddress.ip_network("::1/128"),
+    ipaddress.ip_network("::/128"),
+    ipaddress.ip_network("fc00::/7"),  # Unique local addresses
+    ipaddress.ip_network("fe80::/10"),  # Link-local IPv6
+]
+
+
+def _is_private_or_reserved(ip_str: str) -> bool:
+    """Check if an IP address is private, reserved, or otherwise unsafe."""
+    try:
+        addr = ipaddress.ip_address(ip_str)
+        # Unwrap IPv4-mapped IPv6 addresses (e.g., ::ffff:127.0.0.1) to IPv4
+        # so they are only checked against IPv4 networks (avoids TypeError when
+        # an IPv4Address is compared against an IPv6Network).
+        if isinstance(addr, ipaddress.IPv6Address) and addr.ipv4_mapped:
+            addr = addr.ipv4_mapped
+        networks = (
+            _BLOCKED_IPV4_NETWORKS
+            if isinstance(addr, ipaddress.IPv4Address)
+            else _BLOCKED_IPV6_NETWORKS
+        )
+        return any(addr in network for network in networks)
+    except ValueError:
+        return True  # If we can't parse, block it
+
+
+def validate_url(url: str) -> str:
+    """Validate that a URL is safe to fetch.
+
+    Blocks ``file://`` scheme entirely. For ``http``/``https``, resolves
+    DNS and checks that the target IP is not private or reserved (prevents
+    SSRF to internal services and cloud metadata endpoints).
+
+    Args:
+        url: The URL to validate.
+
+    Returns:
+        The validated URL string.
+
+    Raises:
+        ValueError: If the URL uses a blocked scheme or resolves to a
+            private/reserved IP address.
+    """
+    if _is_escape_hatch_enabled():
+        logger.warning(
+            "%s is enabled — skipping URL validation for: %s",
+            _UNSAFE_PATHS_ENV,
+            url,
+        )
+        return url
+
+    parsed = urlparse(url)
+
+    # Block file:// scheme
+    if parsed.scheme == "file":
+        raise ValueError(
+            f"file:// URLs are not allowed: '{url}'. "
+            f"Use a file path instead, or set {_UNSAFE_PATHS_ENV}=true to bypass."
+        )
+
+    # Only allow http and https
+    if parsed.scheme not in ("http", "https"):
+        raise ValueError(
+            f"URL scheme '{parsed.scheme}' is not allowed. Only http and https are supported."
+        )
+
+    if not parsed.hostname:
+        raise ValueError(f"URL has no hostname: '{url}'")
+
+    # Resolve DNS and check IPs
+    try:
+        addrinfos = socket.getaddrinfo(
+            parsed.hostname, parsed.port or (443 if parsed.scheme == "https" else 80)
+        )
+    except socket.gaierror as exc:
+        raise ValueError(f"Could not resolve hostname: '{parsed.hostname}'") from exc
+
+    for _family, _, _, _, sockaddr in addrinfos:
+        ip_str = str(sockaddr[0])
+        if _is_private_or_reserved(ip_str):
+            raise ValueError(
+                f"URL '{url}' resolves to private/reserved IP {ip_str}. "
+                f"Access to internal networks is not allowed. "
+                f"Set {_UNSAFE_PATHS_ENV}=true to bypass."
+            )
+
+    return url

lib/crewai-tools/src/crewai_tools/tools/__init__.py

@@ -48,6 +48,11 @@ from crewai_tools.tools.dalle_tool.dalle_tool import DallETool
 from crewai_tools.tools.databricks_query_tool.databricks_query_tool import (
     DatabricksQueryTool,
 )
+from crewai_tools.tools.daytona_sandbox_tool import (
+    DaytonaExecTool,
+    DaytonaFileTool,
+    DaytonaPythonTool,
+)
 from crewai_tools.tools.directory_read_tool.directory_read_tool import (
     DirectoryReadTool,
 )
@@ -217,6 +222,9 @@ __all__ = [
     "DOCXSearchTool",
     "DallETool",
     "DatabricksQueryTool",
+    "DaytonaExecTool",
+    "DaytonaFileTool",
+    "DaytonaPythonTool",
     "DirectoryReadTool",
     "DirectorySearchTool",
     "EXASearchTool",

lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py

@@ -7,6 +7,8 @@ from crewai.tools import BaseTool, EnvVar
 from pydantic import BaseModel, Field
 import requests
 
+from crewai_tools.security.safe_path import validate_url
+
 
 class BrightDataConfig(BaseModel):
     API_URL: str = "https://api.brightdata.com/request"
@@ -134,6 +136,7 @@ class BrightDataWebUnlockerTool(BaseTool):
             "Content-Type": "application/json",
         }
 
+        validate_url(url)
         try:
             response = requests.post(
                 self.base_url, json=payload, headers=headers, timeout=30

lib/crewai-tools/src/crewai_tools/tools/contextualai_create_agent_tool/contextual_create_agent_tool.py

@@ -3,6 +3,8 @@ from typing import Any
 from crewai.tools import BaseTool
 from pydantic import BaseModel, Field
 
+from crewai_tools.security.safe_path import validate_file_path
+
 
 class ContextualAICreateAgentSchema(BaseModel):
     """Schema for contextual create agent tool."""
@@ -47,6 +49,7 @@ class ContextualAICreateAgentTool(BaseTool):
         document_paths: list[str],
     ) -> str:
         """Create a complete RAG pipeline with documents."""
+        resolved_paths = [validate_file_path(doc_path) for doc_path in document_paths]
         try:
             import os
 
@@ -56,7 +59,7 @@ class ContextualAICreateAgentTool(BaseTool):
 
             # Upload documents
             document_ids = []
-            for doc_path in document_paths:
+            for doc_path in resolved_paths:
                 if not os.path.exists(doc_path):
                     raise FileNotFoundError(f"Document not found: {doc_path}")
 

lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py

@@ -1,6 +1,8 @@
 from crewai.tools import BaseTool
 from pydantic import BaseModel, Field
 
+from crewai_tools.security.safe_path import validate_file_path
+
 
 class ContextualAIParseSchema(BaseModel):
     """Schema for contextual parse tool."""
@@ -45,6 +47,7 @@ class ContextualAIParseTool(BaseTool):
         """Parse a document using Contextual AI's parser."""
         if output_types is None:
             output_types = ["markdown-per-page"]
+        file_path = validate_file_path(file_path)
         try:
             import json
             import os

lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/README.md

@@ -0,0 +1,107 @@
+# Daytona Sandbox Tools
+
+Run shell commands, execute Python, and manage files inside a [Daytona](https://www.daytona.io/) sandbox. Daytona provides isolated, ephemeral compute environments suitable for agent-driven code execution.
+
+Three tools are provided so you can pick what the agent actually needs:
+
+- **`DaytonaExecTool`** — run a shell command (`sandbox.process.exec`).
+- **`DaytonaPythonTool`** — run a Python script (`sandbox.process.code_run`).
+- **`DaytonaFileTool`** — read / write / list / delete files (`sandbox.fs.*`).
+
+## Installation
+
+```shell
+uv add "crewai-tools[daytona]"
+# or
+pip install "crewai-tools[daytona]"
+```
+
+Set the API key:
+
+```shell
+export DAYTONA_API_KEY="..."
+```
+
+`DAYTONA_API_URL` and `DAYTONA_TARGET` are also respected if set.
+
+## Sandbox lifecycle
+
+All three tools share the same lifecycle controls from `DaytonaBaseTool`:
+
+| Mode | When the sandbox is created | When it is deleted |
+| --- | --- | --- |
+| **Ephemeral** (default, `persistent=False`) | On every `_run` call | At the end of that same call |
+| **Persistent** (`persistent=True`) | Lazily on first use | At process exit (via `atexit`), or manually via `tool.close()` |
+| **Attach** (`sandbox_id="…"`) | Never — the tool attaches to an existing sandbox | Never — the tool will not delete a sandbox it did not create |
+
+Ephemeral mode is the safe default: nothing leaks if the agent forgets to clean up. Use persistent mode when you want filesystem state or installed packages to carry across steps — this is typical when pairing `DaytonaFileTool` with `DaytonaExecTool`.
+
+## Examples
+
+### One-shot Python execution (ephemeral)
+
+```python
+from crewai_tools import DaytonaPythonTool
+
+tool = DaytonaPythonTool()
+result = tool.run(code="print(sum(range(10)))")
+```
+
+### Multi-step shell session (persistent)
+
+```python
+from crewai_tools import DaytonaExecTool, DaytonaFileTool
+
+exec_tool = DaytonaExecTool(persistent=True)
+file_tool = DaytonaFileTool(persistent=True)
+
+# Agent writes a script, then runs it — both share the same sandbox instance
+# because they each keep their own persistent sandbox. If you need the *same*
+# sandbox across two tools, create one tool, grab the sandbox id via
+# `tool._persistent_sandbox.id`, and pass it to the other via `sandbox_id=...`.
+```
+
+### Attach to an existing sandbox
+
+```python
+from crewai_tools import DaytonaExecTool
+
+tool = DaytonaExecTool(sandbox_id="my-long-lived-sandbox")
+```
+
+### Custom create params
+
+Pass Daytona's `CreateSandboxFromSnapshotParams` kwargs via `create_params`:
+
+```python
+tool = DaytonaExecTool(
+    persistent=True,
+    create_params={
+        "language": "python",
+        "env_vars": {"MY_FLAG": "1"},
+        "labels": {"owner": "crewai-agent"},
+    },
+)
+```
+
+## Tool arguments
+
+### `DaytonaExecTool`
+- `command: str` — shell command to run.
+- `cwd: str | None` — working directory.
+- `env: dict[str, str] | None` — extra env vars for this command.
+- `timeout: int | None` — seconds.
+
+### `DaytonaPythonTool`
+- `code: str` — Python source to execute.
+- `argv: list[str] | None` — argv forwarded via `CodeRunParams`.
+- `env: dict[str, str] | None` — env vars forwarded via `CodeRunParams`.
+- `timeout: int | None` — seconds.
+
+### `DaytonaFileTool`
+- `action: "read" | "write" | "list" | "delete" | "mkdir" | "info"`
+- `path: str` — absolute path inside the sandbox.
+- `content: str | None` — required for `write`.
+- `binary: bool` — if `True`, `content` is base64 on write / returned as base64 on read.
+- `recursive: bool` — for `delete`, removes directories recursively.
+- `mode: str` — for `mkdir`, octal permission string (default `"0755"`).

lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/__init__.py

@@ -0,0 +1,13 @@
+from crewai_tools.tools.daytona_sandbox_tool.daytona_base_tool import DaytonaBaseTool
+from crewai_tools.tools.daytona_sandbox_tool.daytona_exec_tool import DaytonaExecTool
+from crewai_tools.tools.daytona_sandbox_tool.daytona_file_tool import DaytonaFileTool
+from crewai_tools.tools.daytona_sandbox_tool.daytona_python_tool import (
+    DaytonaPythonTool,
+)
+
+__all__ = [
+    "DaytonaBaseTool",
+    "DaytonaExecTool",
+    "DaytonaFileTool",
+    "DaytonaPythonTool",
+]

lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py

@@ -0,0 +1,198 @@
+from __future__ import annotations
+
+import atexit
+import logging
+import os
+import threading
+from typing import Any, ClassVar
+
+from crewai.tools import BaseTool, EnvVar
+from pydantic import ConfigDict, Field, PrivateAttr
+
+
+logger = logging.getLogger(__name__)
+
+
+class DaytonaBaseTool(BaseTool):
+    """Shared base for tools that act on a Daytona sandbox.
+
+    Lifecycle modes:
+      - persistent=False (default): create a fresh sandbox per `_run` call and
+        delete it when the call returns. Safer and stateless — nothing leaks if
+        the agent forgets cleanup.
+      - persistent=True: lazily create a single sandbox on first use, cache it
+        on the instance, and register an atexit hook to delete it at process
+        exit. Cheaper across many calls and lets files/state carry over.
+      - sandbox_id=<existing>: attach to a sandbox the caller already owns.
+        Never deleted by the tool.
+    """
+
+    model_config = ConfigDict(arbitrary_types_allowed=True)
+
+    package_dependencies: list[str] = Field(default_factory=lambda: ["daytona"])
+
+    api_key: str | None = Field(
+        default_factory=lambda: os.getenv("DAYTONA_API_KEY"),
+        description="Daytona API key. Falls back to DAYTONA_API_KEY env var.",
+        json_schema_extra={"required": False},
+    )
+    api_url: str | None = Field(
+        default_factory=lambda: os.getenv("DAYTONA_API_URL"),
+        description="Daytona API URL override. Falls back to DAYTONA_API_URL env var.",
+        json_schema_extra={"required": False},
+    )
+    target: str | None = Field(
+        default_factory=lambda: os.getenv("DAYTONA_TARGET"),
+        description="Daytona target region. Falls back to DAYTONA_TARGET env var.",
+        json_schema_extra={"required": False},
+    )
+
+    persistent: bool = Field(
+        default=False,
+        description=(
+            "If True, reuse one sandbox across all calls to this tool instance "
+            "and delete it at process exit. Default False creates and deletes a "
+            "fresh sandbox per call."
+        ),
+    )
+    sandbox_id: str | None = Field(
+        default=None,
+        description=(
+            "Attach to an existing sandbox by id or name instead of creating a "
+            "new one. The tool will never delete a sandbox it did not create."
+        ),
+    )
+    create_params: dict[str, Any] | None = Field(
+        default=None,
+        description=(
+            "Optional kwargs forwarded to CreateSandboxFromSnapshotParams when "
+            "creating a sandbox (e.g. language, snapshot, env_vars, labels)."
+        ),
+    )
+    sandbox_timeout: float = Field(
+        default=60.0,
+        description="Timeout in seconds for sandbox create/delete operations.",
+    )
+
+    env_vars: list[EnvVar] = Field(
+        default_factory=lambda: [
+            EnvVar(
+                name="DAYTONA_API_KEY",
+                description="API key for Daytona sandbox service",
+                required=False,
+            ),
+            EnvVar(
+                name="DAYTONA_API_URL",
+                description="Daytona API base URL (optional)",
+                required=False,
+            ),
+            EnvVar(
+                name="DAYTONA_TARGET",
+                description="Daytona target region (optional)",
+                required=False,
+            ),
+        ]
+    )
+
+    _client: Any | None = PrivateAttr(default=None)
+    _persistent_sandbox: Any | None = PrivateAttr(default=None)
+    _lock: threading.Lock = PrivateAttr(default_factory=threading.Lock)
+    _cleanup_registered: bool = PrivateAttr(default=False)
+
+    _sdk_cache: ClassVar[dict[str, Any]] = {}
+
+    @classmethod
+    def _import_sdk(cls) -> dict[str, Any]:
+        if cls._sdk_cache:
+            return cls._sdk_cache
+        try:
+            from daytona import (
+                CreateSandboxFromSnapshotParams,
+                Daytona,
+                DaytonaConfig,
+            )
+        except ImportError as exc:
+            raise ImportError(
+                "The 'daytona' package is required for Daytona sandbox tools. "
+                "Install it with: uv add daytona  (or) pip install daytona"
+            ) from exc
+        cls._sdk_cache = {
+            "Daytona": Daytona,
+            "DaytonaConfig": DaytonaConfig,
+            "CreateSandboxFromSnapshotParams": CreateSandboxFromSnapshotParams,
+        }
+        return cls._sdk_cache
+
+    def _get_client(self) -> Any:
+        if self._client is not None:
+            return self._client
+        sdk = self._import_sdk()
+        config_kwargs: dict[str, Any] = {}
+        if self.api_key:
+            config_kwargs["api_key"] = self.api_key
+        if self.api_url:
+            config_kwargs["api_url"] = self.api_url
+        if self.target:
+            config_kwargs["target"] = self.target
+        config = sdk["DaytonaConfig"](**config_kwargs) if config_kwargs else None
+        self._client = sdk["Daytona"](config) if config else sdk["Daytona"]()
+        return self._client
+
+    def _build_create_params(self) -> Any | None:
+        if not self.create_params:
+            return None
+        sdk = self._import_sdk()
+        return sdk["CreateSandboxFromSnapshotParams"](**self.create_params)
+
+    def _acquire_sandbox(self) -> tuple[Any, bool]:
+        """Return (sandbox, should_delete_after_use)."""
+        client = self._get_client()
+
+        if self.sandbox_id:
+            return client.get(self.sandbox_id), False
+
+        if self.persistent:
+            with self._lock:
+                if self._persistent_sandbox is None:
+                    self._persistent_sandbox = client.create(
+                        self._build_create_params(),
+                        timeout=self.sandbox_timeout,
+                    )
+                    if not self._cleanup_registered:
+                        atexit.register(self.close)
+                        self._cleanup_registered = True
+                return self._persistent_sandbox, False
+
+        sandbox = client.create(
+            self._build_create_params(),
+            timeout=self.sandbox_timeout,
+        )
+        return sandbox, True
+
+    def _release_sandbox(self, sandbox: Any, should_delete: bool) -> None:
+        if not should_delete:
+            return
+        try:
+            sandbox.delete(timeout=self.sandbox_timeout)
+        except Exception:
+            logger.debug(
+                "Best-effort sandbox cleanup failed after ephemeral use; "
+                "the sandbox may need manual deletion.",
+                exc_info=True,
+            )
+
+    def close(self) -> None:
+        """Delete the cached persistent sandbox if one exists."""
+        with self._lock:
+            sandbox = self._persistent_sandbox
+            self._persistent_sandbox = None
+        if sandbox is None:
+            return
+        try:
+            sandbox.delete(timeout=self.sandbox_timeout)
+        except Exception:
+            logger.debug(
+                "Best-effort persistent sandbox cleanup failed at close(); "
+                "the sandbox may need manual deletion.",
+                exc_info=True,
+            )

lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_exec_tool.py

@@ -0,0 +1,59 @@
+from __future__ import annotations
+
+from builtins import type as type_
+from typing import Any
+
+from pydantic import BaseModel, Field
+
+from crewai_tools.tools.daytona_sandbox_tool.daytona_base_tool import DaytonaBaseTool
+
+
+class DaytonaExecToolSchema(BaseModel):
+    command: str = Field(..., description="Shell command to execute in the sandbox.")
+    cwd: str | None = Field(
+        default=None,
+        description="Working directory to run the command in. Defaults to the sandbox work dir.",
+    )
+    env: dict[str, str] | None = Field(
+        default=None,
+        description="Optional environment variables to set for this command.",
+    )
+    timeout: int | None = Field(
+        default=None,
+        description="Maximum seconds to wait for the command to finish.",
+    )
+
+
+class DaytonaExecTool(DaytonaBaseTool):
+    """Run a shell command inside a Daytona sandbox."""
+
+    name: str = "Daytona Sandbox Exec"
+    description: str = (
+        "Execute a shell command inside a Daytona sandbox and return the exit "
+        "code and combined output. Use this to run builds, package installs, "
+        "git operations, or any one-off shell command."
+    )
+    args_schema: type_[BaseModel] = DaytonaExecToolSchema
+
+    def _run(
+        self,
+        command: str,
+        cwd: str | None = None,
+        env: dict[str, str] | None = None,
+        timeout: int | None = None,
+    ) -> Any:
+        sandbox, should_delete = self._acquire_sandbox()
+        try:
+            response = sandbox.process.exec(
+                command,
+                cwd=cwd,
+                env=env,
+                timeout=timeout,
+            )
+            return {
+                "exit_code": getattr(response, "exit_code", None),
+                "result": getattr(response, "result", None),
+                "artifacts": getattr(response, "artifacts", None),
+            }
+        finally:
+            self._release_sandbox(sandbox, should_delete)

lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_file_tool.py

@@ -0,0 +1,205 @@
+from __future__ import annotations
+
+import base64
+from builtins import type as type_
+import logging
+import posixpath
+from typing import Any, Literal
+
+from pydantic import BaseModel, Field, model_validator
+
+from crewai_tools.tools.daytona_sandbox_tool.daytona_base_tool import DaytonaBaseTool
+
+
+logger = logging.getLogger(__name__)
+
+
+FileAction = Literal["read", "write", "append", "list", "delete", "mkdir", "info"]
+
+
+class DaytonaFileToolSchema(BaseModel):
+    action: FileAction = Field(
+        ...,
+        description=(
+            "The filesystem action to perform: 'read' (returns file contents), "
+            "'write' (create or replace a file with content), 'append' (append "
+            "content to an existing file — use this for writing large files in "
+            "chunks to avoid hitting tool-call size limits), 'list' (lists a "
+            "directory), 'delete' (removes a file/dir), 'mkdir' (creates a "
+            "directory), 'info' (returns file metadata)."
+        ),
+    )
+    path: str = Field(..., description="Absolute path inside the sandbox.")
+    content: str | None = Field(
+        default=None,
+        description=(
+            "Content to write or append. If omitted for 'write', an empty file "
+            "is created. For files larger than a few KB, prefer one 'write' "
+            "with empty content followed by multiple 'append' calls of ~4KB "
+            "each to stay within tool-call payload limits."
+        ),
+    )
+    binary: bool = Field(
+        default=False,
+        description=(
+            "For 'write': treat content as base64 and upload raw bytes. "
+            "For 'read': return contents as base64 instead of decoded utf-8."
+        ),
+    )
+    recursive: bool = Field(
+        default=False,
+        description="For action='delete': remove directories recursively.",
+    )
+    mode: str = Field(
+        default="0755",
+        description="For action='mkdir': octal permission string (default 0755).",
+    )
+
+    @model_validator(mode="after")
+    def _validate_action_args(self) -> DaytonaFileToolSchema:
+        if self.action == "append" and self.content is None:
+            raise ValueError(
+                "action='append' requires 'content'. Pass the chunk to append "
+                "in the 'content' field."
+            )
+        return self
+
+
+class DaytonaFileTool(DaytonaBaseTool):
+    """Read, write, and manage files inside a Daytona sandbox.
+
+    Notes:
+      - Most useful with `persistent=True` or an explicit `sandbox_id`. With the
+        default ephemeral mode, files disappear when this tool call finishes.
+    """
+
+    name: str = "Daytona Sandbox Files"
+    description: str = (
+        "Perform filesystem operations inside a Daytona sandbox: read a file, "
+        "write content to a path, append content to an existing file, list a "
+        "directory, delete a path, make a directory, or fetch file metadata. "
+        "For files larger than a few KB, create the file with action='write' "
+        "and empty content, then send the body via multiple 'append' calls of "
+        "~4KB each to stay within tool-call payload limits."
+    )
+    args_schema: type_[BaseModel] = DaytonaFileToolSchema
+
+    def _run(
+        self,
+        action: FileAction,
+        path: str,
+        content: str | None = None,
+        binary: bool = False,
+        recursive: bool = False,
+        mode: str = "0755",
+    ) -> Any:
+        sandbox, should_delete = self._acquire_sandbox()
+        try:
+            if action == "read":
+                return self._read(sandbox, path, binary=binary)
+            if action == "write":
+                return self._write(sandbox, path, content or "", binary=binary)
+            if action == "append":
+                return self._append(sandbox, path, content or "", binary=binary)
+            if action == "list":
+                return self._list(sandbox, path)
+            if action == "delete":
+                sandbox.fs.delete_file(path, recursive=recursive)
+                return {"status": "deleted", "path": path}
+            if action == "mkdir":
+                sandbox.fs.create_folder(path, mode)
+                return {"status": "created", "path": path, "mode": mode}
+            if action == "info":
+                return self._info(sandbox, path)
+            raise ValueError(f"Unknown action: {action}")
+        finally:
+            self._release_sandbox(sandbox, should_delete)
+
+    def _read(self, sandbox: Any, path: str, *, binary: bool) -> dict[str, Any]:
+        data: bytes = sandbox.fs.download_file(path)
+        if binary:
+            return {
+                "path": path,
+                "encoding": "base64",
+                "content": base64.b64encode(data).decode("ascii"),
+            }
+        try:
+            return {"path": path, "encoding": "utf-8", "content": data.decode("utf-8")}
+        except UnicodeDecodeError:
+            return {
+                "path": path,
+                "encoding": "base64",
+                "content": base64.b64encode(data).decode("ascii"),
+                "note": "File was not valid utf-8; returned as base64.",
+            }
+
+    def _write(
+        self, sandbox: Any, path: str, content: str, *, binary: bool
+    ) -> dict[str, Any]:
+        payload = base64.b64decode(content) if binary else content.encode("utf-8")
+        self._ensure_parent_dir(sandbox, path)
+        sandbox.fs.upload_file(payload, path)
+        return {"status": "written", "path": path, "bytes": len(payload)}
+
+    def _append(
+        self, sandbox: Any, path: str, content: str, *, binary: bool
+    ) -> dict[str, Any]:
+        chunk = base64.b64decode(content) if binary else content.encode("utf-8")
+        self._ensure_parent_dir(sandbox, path)
+        try:
+            existing: bytes = sandbox.fs.download_file(path)
+        except Exception:
+            existing = b""
+        payload = existing + chunk
+        sandbox.fs.upload_file(payload, path)
+        return {
+            "status": "appended",
+            "path": path,
+            "appended_bytes": len(chunk),
+            "total_bytes": len(payload),
+        }
+
+    @staticmethod
+    def _ensure_parent_dir(sandbox: Any, path: str) -> None:
+        """Make sure the parent directory of `path` exists.
+
+        Daytona's upload returns 400 if the parent directory is missing. We
+        best-effort mkdir the parent; any error (e.g. already exists) is
+        swallowed because `create_folder` is not idempotent on the server.
+        """
+        parent = posixpath.dirname(path)
+        if not parent or parent in ("/", "."):
+            return
+        try:
+            sandbox.fs.create_folder(parent, "0755")
+        except Exception:
+            logger.debug(
+                "Best-effort parent-directory create failed for %s; "
+                "assuming it already exists and proceeding with the write.",
+                parent,
+                exc_info=True,
+            )
+
+    def _list(self, sandbox: Any, path: str) -> dict[str, Any]:
+        entries = sandbox.fs.list_files(path)
+        return {
+            "path": path,
+            "entries": [self._file_info_to_dict(entry) for entry in entries],
+        }
+
+    def _info(self, sandbox: Any, path: str) -> dict[str, Any]:
+        return self._file_info_to_dict(sandbox.fs.get_file_info(path))
+
+    @staticmethod
+    def _file_info_to_dict(info: Any) -> dict[str, Any]:
+        fields = (
+            "name",
+            "size",
+            "mode",
+            "permissions",
+            "is_dir",
+            "mod_time",
+            "owner",
+            "group",
+        )
+        return {field: getattr(info, field, None) for field in fields}

lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_python_tool.py

@@ -0,0 +1,82 @@
+from __future__ import annotations
+
+from builtins import type as type_
+from typing import Any
+
+from pydantic import BaseModel, Field
+
+from crewai_tools.tools.daytona_sandbox_tool.daytona_base_tool import DaytonaBaseTool
+
+
+class DaytonaPythonToolSchema(BaseModel):
+    code: str = Field(
+        ...,
+        description="Python source to execute inside the sandbox.",
+    )
+    argv: list[str] | None = Field(
+        default=None,
+        description="Optional argv passed to the script (forwarded as params.argv).",
+    )
+    env: dict[str, str] | None = Field(
+        default=None,
+        description="Optional environment variables for the run (forwarded as params.env).",
+    )
+    timeout: int | None = Field(
+        default=None,
+        description="Maximum seconds to wait for the code to finish.",
+    )
+
+
+class DaytonaPythonTool(DaytonaBaseTool):
+    """Run Python source inside a Daytona sandbox."""
+
+    name: str = "Daytona Sandbox Python"
+    description: str = (
+        "Execute a block of Python code inside a Daytona sandbox and return the "
+        "exit code, captured stdout, and any produced artifacts. Use this for "
+        "data processing, quick scripts, or analysis that should run in an "
+        "isolated environment."
+    )
+    args_schema: type_[BaseModel] = DaytonaPythonToolSchema
+
+    def _run(
+        self,
+        code: str,
+        argv: list[str] | None = None,
+        env: dict[str, str] | None = None,
+        timeout: int | None = None,
+    ) -> Any:
+        sandbox, should_delete = self._acquire_sandbox()
+        try:
+            params = self._build_code_run_params(argv=argv, env=env)
+            response = sandbox.process.code_run(code, params=params, timeout=timeout)
+            return {
+                "exit_code": getattr(response, "exit_code", None),
+                "result": getattr(response, "result", None),
+                "artifacts": getattr(response, "artifacts", None),
+            }
+        finally:
+            self._release_sandbox(sandbox, should_delete)
+
+    def _build_code_run_params(
+        self,
+        argv: list[str] | None,
+        env: dict[str, str] | None,
+    ) -> Any | None:
+        if argv is None and env is None:
+            return None
+        try:
+            from daytona import CodeRunParams
+        except ImportError as exc:
+            raise ImportError(
+                "Could not import daytona.CodeRunParams while building "
+                "argv/env for sandbox.process.code_run. This usually means the "
+                "installed 'daytona' SDK is too old or incompatible. Upgrade "
+                "with: pip install -U 'crewai-tools[daytona]'"
+            ) from exc
+        kwargs: dict[str, Any] = {}
+        if argv is not None:
+            kwargs["argv"] = argv
+        if env is not None:
+            kwargs["env"] = env
+        return CodeRunParams(**kwargs)

lib/crewai-tools/src/crewai_tools/tools/directory_read_tool/directory_read_tool.py

@@ -4,6 +4,8 @@ from typing import Any
 from crewai.tools import BaseTool
 from pydantic import BaseModel, Field
 
+from crewai_tools.security.safe_path import validate_directory_path
+
 
 class FixedDirectoryReadToolSchema(BaseModel):
     """Input for DirectoryReadTool."""
@@ -39,6 +41,7 @@ class DirectoryReadTool(BaseTool):
         if directory is None:
             raise ValueError("Directory must be provided.")
 
+        directory = validate_directory_path(directory)
         if directory[-1] == "/":
             directory = directory[:-1]
         files_list = [

lib/crewai-tools/src/crewai_tools/tools/directory_search_tool/directory_search_tool.py

@@ -3,6 +3,7 @@ from typing import Any
 from pydantic import BaseModel, Field
 
 from crewai_tools.rag.data_types import DataType
+from crewai_tools.security.safe_path import validate_directory_path
 from crewai_tools.tools.rag.rag_tool import RagTool
 
 
@@ -37,6 +38,7 @@ class DirectorySearchTool(RagTool):
             self._generate_description()
 
     def add(self, directory: str) -> None:  # type: ignore[override]
+        directory = validate_directory_path(directory)
         super().add(directory, data_type=DataType.DIRECTORY)
 
     def _run(  # type: ignore[override]

lib/crewai-tools/src/crewai_tools/tools/file_read_tool/file_read_tool.py

@@ -3,6 +3,8 @@ from typing import Any
 from crewai.tools import BaseTool
 from pydantic import BaseModel, Field
 
+from crewai_tools.security.safe_path import validate_file_path
+
 
 class FileReadToolSchema(BaseModel):
     """Input for FileReadTool."""
@@ -76,6 +78,7 @@ class FileReadTool(BaseTool):
         if file_path is None:
             return "Error: No file path provided. Please provide a file path either in the constructor or as an argument."
 
+        file_path = validate_file_path(file_path)
         try:
             with open(file_path, "r") as file:
                 if start_line == 1 and line_count is None:

lib/crewai-tools/src/crewai_tools/tools/files_compressor_tool/files_compressor_tool.py

@@ -5,6 +5,8 @@ import zipfile
 from crewai.tools import BaseTool
 from pydantic import BaseModel, Field
 
+from crewai_tools.security.safe_path import validate_file_path
+
 
 class FileCompressorToolInput(BaseModel):
     """Input schema for FileCompressorTool."""
@@ -40,12 +42,15 @@ class FileCompressorTool(BaseTool):
         overwrite: bool = False,
         format: str = "zip",
     ) -> str:
+        input_path = validate_file_path(input_path)
         if not os.path.exists(input_path):
             return f"Input path '{input_path}' does not exist."
 
         if not output_path:
             output_path = self._generate_output_path(input_path, format)
 
+        output_path = validate_file_path(output_path)
+
         format_extension = {
             "zip": ".zip",
             "tar": ".tar",

lib/crewai-tools/src/crewai_tools/tools/firecrawl_crawl_website_tool/firecrawl_crawl_website_tool.py

@@ -5,6 +5,8 @@ from typing import Any
 from crewai.tools import BaseTool, EnvVar
 from pydantic import BaseModel, ConfigDict, Field, PrivateAttr
 
+from crewai_tools.security.safe_path import validate_url
+
 
 try:
     from firecrawl import FirecrawlApp  # type: ignore[import-untyped]
@@ -106,6 +108,7 @@ class FirecrawlCrawlWebsiteTool(BaseTool):
         if not self._firecrawl:
             raise RuntimeError("FirecrawlApp not properly initialized")
 
+        url = validate_url(url)
         return self._firecrawl.crawl(url=url, poll_interval=2, **self.config)
 
 

lib/crewai-tools/src/crewai_tools/tools/firecrawl_scrape_website_tool/firecrawl_scrape_website_tool.py

@@ -5,6 +5,8 @@ from typing import Any
 from crewai.tools import BaseTool, EnvVar
 from pydantic import BaseModel, ConfigDict, Field, PrivateAttr
 
+from crewai_tools.security.safe_path import validate_url
+
 
 try:
     from firecrawl import FirecrawlApp  # type: ignore[import-untyped]
@@ -106,6 +108,7 @@ class FirecrawlScrapeWebsiteTool(BaseTool):
         if not self._firecrawl:
             raise RuntimeError("FirecrawlApp not properly initialized")
 
+        url = validate_url(url)
         return self._firecrawl.scrape(url=url, **self.config)
 
 

lib/crewai-tools/src/crewai_tools/tools/hyperbrowser_load_tool/hyperbrowser_load_tool.py

@@ -4,6 +4,8 @@ from typing import Any, Literal
 from crewai.tools import BaseTool, EnvVar
 from pydantic import BaseModel, Field
 
+from crewai_tools.security.safe_path import validate_url
+
 
 class HyperbrowserLoadToolSchema(BaseModel):
     url: str = Field(description="Website URL")
@@ -119,6 +121,7 @@ class HyperbrowserLoadTool(BaseTool):
             ) from e
 
         params = self._prepare_params(params)
+        url = validate_url(url)
 
         if operation == "scrape":
             scrape_params = StartScrapeJobParams(url=url, **params)

lib/crewai-tools/src/crewai_tools/tools/jina_scrape_website_tool/jina_scrape_website_tool.py

@@ -4,6 +4,8 @@ from crewai.tools import BaseTool
 from pydantic import BaseModel, Field
 import requests
 
+from crewai_tools.security.safe_path import validate_url
+
 
 class JinaScrapeWebsiteToolInput(BaseModel):
     """Input schema for JinaScrapeWebsiteTool."""
@@ -45,6 +47,7 @@ class JinaScrapeWebsiteTool(BaseTool):
                 "Website URL must be provided either during initialization or execution"
             )
 
+        url = validate_url(url)
         response = requests.get(
             f"https://r.jina.ai/{url}", headers=self.headers, timeout=15
         )

lib/crewai-tools/src/crewai_tools/tools/nl2sql/nl2sql_tool.py

@@ -1,7 +1,17 @@
+from collections.abc import Iterator
+import logging
+import os
+import re
 from typing import Any
 
+
+try:
+    from typing import Self
+except ImportError:
+    from typing_extensions import Self
+
 from crewai.tools import BaseTool
-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, model_validator
 
 
 try:
@@ -12,6 +22,186 @@ try:
 except ImportError:
     SQLALCHEMY_AVAILABLE = False
 
+logger = logging.getLogger(__name__)
+
+# Commands allowed in read-only mode
+# NOTE: WITH is intentionally excluded — writable CTEs start with WITH, so the
+# CTE body must be inspected separately (see _validate_statement).
+_READ_ONLY_COMMANDS = {"SELECT", "SHOW", "DESCRIBE", "DESC", "EXPLAIN"}
+
+# Commands that mutate state and are blocked by default
+_WRITE_COMMANDS = {
+    "INSERT",
+    "UPDATE",
+    "DELETE",
+    "DROP",
+    "ALTER",
+    "CREATE",
+    "TRUNCATE",
+    "GRANT",
+    "REVOKE",
+    "EXEC",
+    "EXECUTE",
+    "CALL",
+    "MERGE",
+    "REPLACE",
+    "UPSERT",
+    "LOAD",
+    "COPY",
+    "VACUUM",
+    "ANALYZE",
+    "ANALYSE",
+    "REINDEX",
+    "CLUSTER",
+    "REFRESH",
+    "COMMENT",
+    "SET",
+    "RESET",
+}
+
+
+# Subset of write commands that can realistically appear *inside* a CTE body.
+# Narrower than _WRITE_COMMANDS to avoid false positives on identifiers like
+# ``comment``, ``set``, or ``reset`` which are common column/table names.
+_CTE_WRITE_INDICATORS = {
+    "INSERT",
+    "UPDATE",
+    "DELETE",
+    "DROP",
+    "ALTER",
+    "CREATE",
+    "TRUNCATE",
+    "MERGE",
+}
+
+
+_AS_PAREN_RE = re.compile(r"\bAS\s*\(", re.IGNORECASE)
+
+
+def _iter_as_paren_matches(stmt: str) -> Iterator[re.Match[str]]:
+    """Yield regex matches for ``AS\\s*(`` outside of string literals."""
+    # Build a set of character positions that are inside string literals.
+    in_string: set[int] = set()
+    i = 0
+    while i < len(stmt):
+        if stmt[i] == "'":
+            start = i
+            end = _skip_string_literal(stmt, i)
+            in_string.update(range(start, end))
+            i = end
+        else:
+            i += 1
+
+    for m in _AS_PAREN_RE.finditer(stmt):
+        if m.start() not in in_string:
+            yield m
+
+
+def _detect_writable_cte(stmt: str) -> str | None:
+    """Return the first write command inside a CTE body, or None.
+
+    Instead of tokenizing the whole statement (which falsely matches column
+    names like ``comment``), this walks through parenthesized CTE bodies and
+    checks only the *first keyword after* an opening ``AS (`` for a write
+    command.  Uses a regex to handle any whitespace (spaces, tabs, newlines)
+    between ``AS`` and ``(``.  Skips matches inside string literals.
+    """
+    for m in _iter_as_paren_matches(stmt):
+        body = stmt[m.end() :].lstrip()
+        first_word = body.split()[0].upper().strip("()") if body.split() else ""
+        if first_word in _CTE_WRITE_INDICATORS:
+            return first_word
+    return None
+
+
+def _skip_string_literal(stmt: str, pos: int) -> int:
+    """Skip past a string literal starting at pos (single-quoted).
+
+    Handles escaped quotes ('') inside the literal.
+    Returns the index after the closing quote.
+    """
+    quote_char = stmt[pos]
+    i = pos + 1
+    while i < len(stmt):
+        if stmt[i] == quote_char:
+            # Check for escaped quote ('')
+            if i + 1 < len(stmt) and stmt[i + 1] == quote_char:
+                i += 2
+                continue
+            return i + 1
+        i += 1
+    return i  # Unterminated literal — return end
+
+
+def _find_matching_close_paren(stmt: str, start: int) -> int:
+    """Find the matching close paren, skipping string literals."""
+    depth = 1
+    i = start
+    while i < len(stmt) and depth > 0:
+        ch = stmt[i]
+        if ch == "'":
+            i = _skip_string_literal(stmt, i)
+            continue
+        if ch == "(":
+            depth += 1
+        elif ch == ")":
+            depth -= 1
+        i += 1
+    return i
+
+
+def _extract_main_query_after_cte(stmt: str) -> str | None:
+    """Extract the main (outer) query that follows all CTE definitions.
+
+    For ``WITH cte AS (SELECT 1) DELETE FROM users``, returns ``DELETE FROM users``.
+    Returns None if no main query is found after the last CTE body.
+    Handles parentheses inside string literals (e.g., ``SELECT '(' FROM t``).
+    """
+    last_cte_end = 0
+    for m in _iter_as_paren_matches(stmt):
+        last_cte_end = _find_matching_close_paren(stmt, m.end())
+
+    if last_cte_end > 0:
+        remainder = stmt[last_cte_end:].strip().lstrip(",").strip()
+        if remainder:
+            return remainder
+    return None
+
+
+def _resolve_explain_command(stmt: str) -> str | None:
+    """Resolve the underlying command from an EXPLAIN [ANALYZE] [VERBOSE] statement.
+
+    Returns the real command (e.g., 'DELETE') if ANALYZE is present, else None.
+    Handles both space-separated and parenthesized syntax.
+    """
+    rest = stmt.strip()[len("EXPLAIN") :].strip()
+    if not rest:
+        return None
+
+    analyze_found = False
+    explain_opts = {"ANALYZE", "ANALYSE", "VERBOSE"}
+
+    if rest.startswith("("):
+        close = rest.find(")")
+        if close != -1:
+            options_str = rest[1:close].upper()
+            analyze_found = any(
+                opt.strip() in ("ANALYZE", "ANALYSE") for opt in options_str.split(",")
+            )
+            rest = rest[close + 1 :].strip()
+    else:
+        while rest:
+            first_opt = rest.split()[0].upper().rstrip(";") if rest.split() else ""
+            if first_opt in ("ANALYZE", "ANALYSE"):
+                analyze_found = True
+            if first_opt not in explain_opts:
+                break
+            rest = rest[len(first_opt) :].strip()
+
+    if analyze_found and rest:
+        return rest.split()[0].upper().rstrip(";")
+    return None
+
 
 class NL2SQLToolInput(BaseModel):
     sql_query: str = Field(
@@ -21,20 +211,70 @@ class NL2SQLToolInput(BaseModel):
 
 
 class NL2SQLTool(BaseTool):
+    """Tool that converts natural language to SQL and executes it against a database.
+
+    By default the tool operates in **read-only mode**: only SELECT, SHOW,
+    DESCRIBE, EXPLAIN, and read-only CTEs (WITH … SELECT) are permitted.  Write
+    operations (INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, TRUNCATE, …) are
+    blocked unless ``allow_dml=True`` is set explicitly or the environment
+    variable ``CREWAI_NL2SQL_ALLOW_DML=true`` is present.
+
+    Writable CTEs (``WITH d AS (DELETE …) SELECT …``) and
+    ``EXPLAIN ANALYZE <write-stmt>`` are treated as write operations and are
+    blocked in read-only mode.
+
+    The ``_fetch_all_available_columns`` helper uses parameterised queries so
+    that table names coming from the database catalogue cannot be used as an
+    injection vector.
+    """
+
     name: str = "NL2SQLTool"
-    description: str = "Converts natural language to SQL queries and executes them."
+    description: str = (
+        "Converts natural language to SQL queries and executes them against a "
+        "database. Read-only by default — only SELECT/SHOW/DESCRIBE/EXPLAIN "
+        "queries (and read-only CTEs) are allowed unless configured with "
+        "allow_dml=True."
+    )
     db_uri: str = Field(
         title="Database URI",
         description="The URI of the database to connect to.",
     )
+    allow_dml: bool = Field(
+        default=False,
+        title="Allow DML",
+        description=(
+            "When False (default) only read statements are permitted. "
+            "Set to True to allow INSERT/UPDATE/DELETE/DROP and other "
+            "write operations."
+        ),
+    )
     tables: list[dict[str, Any]] = Field(default_factory=list)
     columns: dict[str, list[dict[str, Any]] | str] = Field(default_factory=dict)
     args_schema: type[BaseModel] = NL2SQLToolInput
 
+    @model_validator(mode="after")
+    def _apply_env_override(self) -> Self:
+        """Allow CREWAI_NL2SQL_ALLOW_DML=true to override allow_dml at runtime."""
+        if os.environ.get("CREWAI_NL2SQL_ALLOW_DML", "").strip().lower() == "true":
+            if not self.allow_dml:
+                logger.warning(
+                    "NL2SQLTool: CREWAI_NL2SQL_ALLOW_DML env var is set — "
+                    "DML/DDL operations are enabled. Ensure this is intentional."
+                )
+            self.allow_dml = True
+        return self
+
     def model_post_init(self, __context: Any) -> None:
         if not SQLALCHEMY_AVAILABLE:
             raise ImportError(
-                "sqlalchemy is not installed. Please install it with `pip install crewai-tools[sqlalchemy]`"
+                "sqlalchemy is not installed. Please install it with "
+                "`pip install crewai-tools[sqlalchemy]`"
+            )
+
+        if self.allow_dml:
+            logger.warning(
+                "NL2SQLTool: allow_dml=True — write operations (INSERT/UPDATE/"
+                "DELETE/DROP/…) are permitted. Use with caution."
             )
 
         data: dict[str, list[dict[str, Any]] | str] = {}
@@ -50,42 +290,216 @@ class NL2SQLTool(BaseTool):
         self.tables = tables
         self.columns = data
 
+    # ------------------------------------------------------------------
+    # Query validation
+    # ------------------------------------------------------------------
+
+    def _validate_query(self, sql_query: str) -> None:
+        """Raise ValueError if *sql_query* is not permitted under the current config.
+
+        Splits the query on semicolons and validates each statement
+        independently.  When ``allow_dml=False`` (the default), multi-statement
+        queries are rejected outright to prevent ``SELECT 1; DROP TABLE users``
+        style bypasses.  When ``allow_dml=True`` every statement is checked and
+        a warning is emitted for write operations.
+        """
+        statements = [s.strip() for s in sql_query.split(";") if s.strip()]
+
+        if not statements:
+            raise ValueError("NL2SQLTool received an empty SQL query.")
+
+        if not self.allow_dml and len(statements) > 1:
+            raise ValueError(
+                "NL2SQLTool blocked a multi-statement query in read-only mode. "
+                "Semicolons are not permitted when allow_dml=False."
+            )
+
+        for stmt in statements:
+            self._validate_statement(stmt)
+
+    def _validate_statement(self, stmt: str) -> None:
+        """Validate a single SQL statement (no semicolons)."""
+        command = self._extract_command(stmt)
+
+        # EXPLAIN ANALYZE / EXPLAIN ANALYSE actually *executes* the underlying
+        # query.  Resolve the real command so write operations are caught.
+        # Handles both space-separated ("EXPLAIN ANALYZE DELETE …") and
+        # parenthesized ("EXPLAIN (ANALYZE) DELETE …", "EXPLAIN (ANALYZE, VERBOSE) DELETE …").
+        # EXPLAIN ANALYZE actually executes the underlying query — resolve the
+        # real command so write operations are caught.
+        if command == "EXPLAIN":
+            resolved = _resolve_explain_command(stmt)
+            if resolved:
+                command = resolved
+
+        # WITH starts a CTE.  Read-only CTEs are fine; writable CTEs
+        # (e.g. WITH d AS (DELETE …) SELECT …) must be blocked in read-only mode.
+        if command == "WITH":
+            # Check for write commands inside CTE bodies.
+            write_found = _detect_writable_cte(stmt)
+            if write_found:
+                found = write_found
+                if not self.allow_dml:
+                    raise ValueError(
+                        f"NL2SQLTool is configured in read-only mode and blocked a "
+                        f"writable CTE containing a '{found}' statement. To allow "
+                        f"write operations set allow_dml=True or "
+                        f"CREWAI_NL2SQL_ALLOW_DML=true."
+                    )
+                logger.warning(
+                    "NL2SQLTool: executing writable CTE with '%s' because allow_dml=True.",
+                    found,
+                )
+                return
+
+            # Check the main query after the CTE definitions.
+            main_query = _extract_main_query_after_cte(stmt)
+            if main_query:
+                main_cmd = main_query.split()[0].upper().rstrip(";")
+                if main_cmd in _WRITE_COMMANDS:
+                    if not self.allow_dml:
+                        raise ValueError(
+                            f"NL2SQLTool is configured in read-only mode and blocked a "
+                            f"'{main_cmd}' statement after a CTE. To allow write "
+                            f"operations set allow_dml=True or "
+                            f"CREWAI_NL2SQL_ALLOW_DML=true."
+                        )
+                    logger.warning(
+                        "NL2SQLTool: executing '%s' after CTE because allow_dml=True.",
+                        main_cmd,
+                    )
+                elif main_cmd not in _READ_ONLY_COMMANDS:
+                    if not self.allow_dml:
+                        raise ValueError(
+                            f"NL2SQLTool blocked an unrecognised SQL command '{main_cmd}' "
+                            f"after a CTE. Only {sorted(_READ_ONLY_COMMANDS)} are allowed "
+                            f"in read-only mode."
+                        )
+            return
+
+        if command in _WRITE_COMMANDS:
+            if not self.allow_dml:
+                raise ValueError(
+                    f"NL2SQLTool is configured in read-only mode and blocked a "
+                    f"'{command}' statement. To allow write operations set "
+                    f"allow_dml=True or CREWAI_NL2SQL_ALLOW_DML=true."
+                )
+            logger.warning(
+                "NL2SQLTool: executing write statement '%s' because allow_dml=True.",
+                command,
+            )
+        elif command not in _READ_ONLY_COMMANDS:
+            # Unknown command — block by default unless DML is explicitly enabled
+            if not self.allow_dml:
+                raise ValueError(
+                    f"NL2SQLTool blocked an unrecognised SQL command '{command}'. "
+                    f"Only {sorted(_READ_ONLY_COMMANDS)} are allowed in read-only "
+                    f"mode."
+                )
+
+    @staticmethod
+    def _extract_command(sql_query: str) -> str:
+        """Return the uppercased first keyword of *sql_query*."""
+        stripped = sql_query.strip().lstrip("(")
+        first_token = stripped.split()[0] if stripped.split() else ""
+        return first_token.upper().rstrip(";")
+
+    # ------------------------------------------------------------------
+    # Schema introspection helpers
+    # ------------------------------------------------------------------
+
     def _fetch_available_tables(self) -> list[dict[str, Any]] | str:
         return self.execute_sql(
-            "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';"
+            "SELECT table_name FROM information_schema.tables "
+            "WHERE table_schema = 'public';"
         )
 
     def _fetch_all_available_columns(
         self, table_name: str
     ) -> list[dict[str, Any]] | str:
+        """Fetch columns for *table_name* using a parameterised query.
+
+        The table name is bound via SQLAlchemy's ``:param`` syntax to prevent
+        SQL injection from catalogue values.
+        """
         return self.execute_sql(
-            f"SELECT column_name, data_type FROM information_schema.columns WHERE table_name = '{table_name}';"  # noqa: S608
+            "SELECT column_name, data_type FROM information_schema.columns "
+            "WHERE table_name = :table_name",
+            params={"table_name": table_name},
         )
 
+    # ------------------------------------------------------------------
+    # Core execution
+    # ------------------------------------------------------------------
+
     def _run(self, sql_query: str) -> list[dict[str, Any]] | str:
         try:
+            self._validate_query(sql_query)
             data = self.execute_sql(sql_query)
+        except ValueError:
+            raise
         except Exception as exc:
             data = (
                 f"Based on these tables {self.tables} and columns {self.columns}, "
-                "you can create SQL queries to retrieve data from the database."
-                f"Get the original request {sql_query} and the error {exc} and create the correct SQL query."
+                "you can create SQL queries to retrieve data from the database. "
+                f"Get the original request {sql_query} and the error {exc} and "
+                "create the correct SQL query."
             )
 
         return data
 
-    def execute_sql(self, sql_query: str) -> list[dict[str, Any]] | str:
+    def execute_sql(
+        self,
+        sql_query: str,
+        params: dict[str, Any] | None = None,
+    ) -> list[dict[str, Any]] | str:
+        """Execute *sql_query* and return the results as a list of dicts.
+
+        Parameters
+        ----------
+        sql_query:
+            The SQL statement to run.
+        params:
+            Optional mapping of bind parameters (e.g. ``{"table_name": "users"}``).
+        """
         if not SQLALCHEMY_AVAILABLE:
             raise ImportError(
-                "sqlalchemy is not installed. Please install it with `pip install crewai-tools[sqlalchemy]`"
+                "sqlalchemy is not installed. Please install it with "
+                "`pip install crewai-tools[sqlalchemy]`"
             )
 
+        # Check ALL statements so that e.g. "SELECT 1; DROP TABLE t" triggers a
+        # commit when allow_dml=True, regardless of statement order.
+        _stmts = [s.strip() for s in sql_query.split(";") if s.strip()]
+
+        def _is_write_stmt(s: str) -> bool:
+            cmd = self._extract_command(s)
+            if cmd in _WRITE_COMMANDS:
+                return True
+            if cmd == "EXPLAIN":
+                # Resolve the underlying command for EXPLAIN ANALYZE
+                resolved = _resolve_explain_command(s)
+                if resolved and resolved in _WRITE_COMMANDS:
+                    return True
+            if cmd == "WITH":
+                if _detect_writable_cte(s):
+                    return True
+                main_q = _extract_main_query_after_cte(s)
+                if main_q:
+                    return main_q.split()[0].upper().rstrip(";") in _WRITE_COMMANDS
+            return False
+
+        is_write = any(_is_write_stmt(s) for s in _stmts)
+
         engine = create_engine(self.db_uri)
         Session = sessionmaker(bind=engine)  # noqa: N806
         session = Session()
         try:
-            result = session.execute(text(sql_query))
-            session.commit()
+            result = session.execute(text(sql_query), params or {})
+
+            # Only commit when the operation actually mutates state
+            if self.allow_dml and is_write:
+                session.commit()
 
             if result.returns_rows:  # type: ignore[attr-defined]
                 columns = result.keys()

lib/crewai-tools/src/crewai_tools/tools/ocr_tool/ocr_tool.py

@@ -11,6 +11,8 @@ from crewai.tools.base_tool import BaseTool
 from crewai.utilities.types import LLMMessage
 from pydantic import BaseModel, Field
 
+from crewai_tools.security.safe_path import validate_file_path
+
 
 class OCRToolSchema(BaseModel):
     """Input schema for Optical Character Recognition Tool.
@@ -98,5 +100,6 @@ class OCRTool(BaseTool):
         Returns:
             str: Base64-encoded image data as a UTF-8 string.
         """
+        image_path = validate_file_path(image_path)
         with open(image_path, "rb") as image_file:
             return base64.b64encode(image_file.read()).decode()

lib/crewai-tools/src/crewai_tools/tools/rag/rag_tool.py

@@ -1,4 +1,5 @@
 from abc import ABC, abstractmethod
+import os
 from typing import Any, Literal, cast
 
 from crewai.rag.core.base_embeddings_callable import EmbeddingFunction
@@ -246,7 +247,94 @@ class RagTool(BaseTool):
             # Auto-detect type from extension
             rag_tool.add("path/to/document.pdf")  # auto-detects PDF
         """
-        self.adapter.add(*args, **kwargs)
+        # Validate file paths and URLs before adding to prevent
+        # unauthorized file reads and SSRF.
+        from urllib.parse import urlparse
+
+        from crewai_tools.security.safe_path import validate_file_path, validate_url
+
+        def _check_url(value: str, label: str) -> None:
+            try:
+                validate_url(value)
+            except ValueError as e:
+                raise ValueError(f"Blocked unsafe {label}: {e}") from e
+
+        def _check_path(value: str, label: str) -> str:
+            try:
+                return validate_file_path(value)
+            except ValueError as e:
+                raise ValueError(f"Blocked unsafe {label}: {e}") from e
+
+        validated_args: list[ContentItem] = []
+        for arg in args:
+            source_ref = (
+                str(arg.get("source", arg.get("content", "")))
+                if isinstance(arg, dict)
+                else str(arg)
+            )
+
+            # Check if it's a URL — only catch urlparse-specific errors here;
+            # validate_url's ValueError must propagate so it is never silently bypassed.
+            try:
+                parsed = urlparse(source_ref)
+            except (ValueError, AttributeError):
+                parsed = None
+
+            if parsed is not None and parsed.scheme in ("http", "https", "file"):
+                try:
+                    validate_url(source_ref)
+                except ValueError as e:
+                    raise ValueError(f"Blocked unsafe URL: {e}") from e
+                validated_args.append(arg)
+                continue
+
+            # Check if it looks like a file path (not a plain text string).
+            # Check both os.sep (backslash on Windows) and "/" so that
+            # forward-slash paths like "sub/file.txt" are caught on all platforms.
+            if (
+                os.path.sep in source_ref
+                or "/" in source_ref
+                or source_ref.startswith(".")
+                or os.path.isabs(source_ref)
+            ):
+                try:
+                    resolved_ref = validate_file_path(source_ref)
+                except ValueError as e:
+                    raise ValueError(f"Blocked unsafe file path: {e}") from e
+                # Use the resolved path to prevent symlink TOCTOU
+                if isinstance(arg, dict):
+                    arg = {**arg}
+                    if "source" in arg:
+                        arg["source"] = resolved_ref
+                    elif "content" in arg:
+                        arg["content"] = resolved_ref
+                else:
+                    arg = resolved_ref
+
+            validated_args.append(arg)
+
+        # Validate keyword path/URL arguments — these are equally user-controlled
+        # and must not bypass the checks applied to positional args.
+        if "path" in kwargs and kwargs.get("path") is not None:
+            kwargs["path"] = _check_path(str(kwargs["path"]), "path")
+        if "file_path" in kwargs and kwargs.get("file_path") is not None:
+            kwargs["file_path"] = _check_path(str(kwargs["file_path"]), "file_path")
+
+        if "directory_path" in kwargs and kwargs.get("directory_path") is not None:
+            kwargs["directory_path"] = _check_path(
+                str(kwargs["directory_path"]), "directory_path"
+            )
+
+        if "url" in kwargs and kwargs.get("url") is not None:
+            _check_url(str(kwargs["url"]), "url")
+        if "website" in kwargs and kwargs.get("website") is not None:
+            _check_url(str(kwargs["website"]), "website")
+        if "github_url" in kwargs and kwargs.get("github_url") is not None:
+            _check_url(str(kwargs["github_url"]), "github_url")
+        if "youtube_url" in kwargs and kwargs.get("youtube_url") is not None:
+            _check_url(str(kwargs["youtube_url"]), "youtube_url")
+
+        self.adapter.add(*validated_args, **kwargs)
 
     def _run(
         self,

lib/crewai-tools/src/crewai_tools/tools/scrape_element_from_website/scrape_element_from_website.py

@@ -5,6 +5,8 @@ from crewai.tools import BaseTool
 from pydantic import BaseModel, Field
 import requests
 
+from crewai_tools.security.safe_path import validate_url
+
 
 try:
     from bs4 import BeautifulSoup
@@ -81,6 +83,7 @@ class ScrapeElementFromWebsiteTool(BaseTool):
         if website_url is None or css_element is None:
             raise ValueError("Both website_url and css_element must be provided.")
 
+        website_url = validate_url(website_url)
         page = requests.get(
             website_url,
             headers=self.headers,

lib/crewai-tools/src/crewai_tools/tools/scrape_website_tool/scrape_website_tool.py

@@ -5,6 +5,8 @@ from typing import Any
 from pydantic import Field
 import requests
 
+from crewai_tools.security.safe_path import validate_url
+
 
 try:
     from bs4 import BeautifulSoup
@@ -73,6 +75,7 @@ class ScrapeWebsiteTool(BaseTool):
         if website_url is None:
             raise ValueError("Website URL must be provided.")
 
+        website_url = validate_url(website_url)
         page = requests.get(
             website_url,
             timeout=15,

lib/crewai-tools/src/crewai_tools/tools/scrapfly_scrape_website_tool/scrapfly_scrape_website_tool.py

@@ -5,6 +5,8 @@ from typing import Any, Literal
 from crewai.tools import BaseTool, EnvVar
 from pydantic import BaseModel, Field
 
+from crewai_tools.security.safe_path import validate_url
+
 
 logger = logging.getLogger(__file__)
 
@@ -72,6 +74,7 @@ class ScrapflyScrapeWebsiteTool(BaseTool):
     ) -> str | None:
         from scrapfly import ScrapeConfig
 
+        url = validate_url(url)
         scrape_config = scrape_config if scrape_config is not None else {}
         try:
             response = self.scrapfly.scrape(  # type: ignore[union-attr]

lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py

@@ -5,6 +5,8 @@ from crewai.tools import BaseTool, EnvVar
 from pydantic import BaseModel, Field
 import requests
 
+from crewai_tools.security.safe_path import validate_url
+
 
 class SerperScrapeWebsiteInput(BaseModel):
     """Input schema for SerperScrapeWebsite."""
@@ -42,6 +44,7 @@ class SerperScrapeWebsiteTool(BaseTool):
         Returns:
             Scraped website content as a string
         """
+        validate_url(url)
         try:
             # Serper API endpoint
             api_url = "https://scrape.serper.dev"

lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_webpage_to_markdown_tool.py

@@ -5,6 +5,7 @@ from crewai.tools import EnvVar
 from pydantic import BaseModel, Field
 import requests
 
+from crewai_tools.security.safe_path import validate_url
 from crewai_tools.tools.rag.rag_tool import RagTool
 
 
@@ -48,6 +49,7 @@ class SerplyWebpageToMarkdownTool(RagTool):
         if self.proxy_location and not self.headers.get("X-Proxy-Location"):
             self.headers["X-Proxy-Location"] = self.proxy_location
 
+        validate_url(url)
         data = {"url": url, "method": "GET", "response_type": "markdown"}
         response = requests.request(
             "POST",

lib/crewai-tools/src/crewai_tools/tools/vision_tool/vision_tool.py

@@ -7,6 +7,8 @@ from crewai.tools import BaseTool, EnvVar
 from crewai.utilities.types import LLMMessage
 from pydantic import BaseModel, Field, PrivateAttr, field_validator
 
+from crewai_tools.security.safe_path import validate_file_path
+
 
 class ImagePromptSchema(BaseModel):
     """Input for Vision Tool."""
@@ -135,5 +137,6 @@ class VisionTool(BaseTool):
         Returns:
             Base64-encoded image data
         """
+        image_path = validate_file_path(image_path)
         with open(image_path, "rb") as image_file:
             return base64.b64encode(image_file.read()).decode()

lib/crewai-tools/src/crewai_tools/tools/website_search/website_search_tool.py

@@ -3,6 +3,7 @@ from typing import Any
 from pydantic import BaseModel, Field
 
 from crewai_tools.rag.data_types import DataType
+from crewai_tools.security.safe_path import validate_url
 from crewai_tools.tools.rag.rag_tool import RagTool
 
 
@@ -37,6 +38,7 @@ class WebsiteSearchTool(RagTool):
             self._generate_description()
 
     def add(self, website: str) -> None:  # type: ignore[override]
+        website = validate_url(website)
         super().add(website, data_type=DataType.WEBSITE)
 
     def _run(  # type: ignore[override]

lib/crewai-tools/src/crewai_tools/utilities/safe_path.py

@@ -0,0 +1,10 @@
+"""Backward-compatible re-export from crewai_tools.security.safe_path."""
+
+from crewai_tools.security.safe_path import (
+    validate_directory_path,
+    validate_file_path,
+    validate_url,
+)
+
+
+__all__ = ["validate_directory_path", "validate_file_path", "validate_url"]

lib/crewai-tools/tests/test_generate_tool_specs.py

@@ -45,6 +45,26 @@ class MockTool(BaseTool):
     )
 
 
+# --- Intermediate base class (like RagTool, BraveSearchToolBase) ---
+class MockIntermediateBase(BaseTool):
+    """Simulates an intermediate tool base class (e.g. RagTool, BraveSearchToolBase)."""
+
+    name: str = "Intermediate Base"
+    description: str = "An intermediate tool base"
+    shared_config: str = Field("default_config", description="Config from intermediate base")
+
+    def _run(self, query: str) -> str:
+        return query
+
+
+class MockDerivedTool(MockIntermediateBase):
+    """A tool inheriting from an intermediate base, like CodeDocsSearchTool(RagTool)."""
+
+    name: str = "Derived Tool"
+    description: str = "A tool that inherits from intermediate base"
+    derived_param: str = Field("derived_default", description="Param specific to derived tool")
+
+
 @pytest.fixture
 def extractor():
     ext = ToolSpecExtractor()
@@ -169,6 +189,87 @@ def test_extract_package_dependencies(mock_tool_extractor):
     ]
 
 
+def test_base_tool_fields_excluded_from_init_params(mock_tool_extractor):
+    """BaseTool internal fields (including computed_field like tool_type) must
+    never appear in init_params_schema. Studio reads this schema to render
+    the tool config UI — internal fields confuse users."""
+    init_schema = mock_tool_extractor["init_params_schema"]
+    props = set(init_schema.get("properties", {}).keys())
+    required = set(init_schema.get("required", []))
+
+    # These are all BaseTool's own fields — none should leak
+    base_fields = {"name", "description", "env_vars", "args_schema",
+                   "description_updated", "cache_function", "result_as_answer",
+                   "max_usage_count", "current_usage_count", "tool_type",
+                   "package_dependencies"}
+
+    leaked_props = base_fields & props
+    assert not leaked_props, (
+        f"BaseTool fields leaked into init_params_schema properties: {leaked_props}"
+    )
+    leaked_required = base_fields & required
+    assert not leaked_required, (
+        f"BaseTool fields leaked into init_params_schema required: {leaked_required}"
+    )
+
+
+def test_intermediate_base_fields_preserved_for_derived_tool(extractor):
+    """When a tool inherits from an intermediate base (e.g. RagTool),
+    the intermediate's fields should be included — only BaseTool's own
+    fields are excluded."""
+    with (
+        mock.patch(
+            "crewai_tools.generate_tool_specs.dir",
+            return_value=["MockDerivedTool"],
+        ),
+        mock.patch(
+            "crewai_tools.generate_tool_specs.getattr",
+            return_value=MockDerivedTool,
+        ),
+    ):
+        extractor.extract_all_tools()
+        assert len(extractor.tools_spec) == 1
+        tool_info = extractor.tools_spec[0]
+
+    props = set(tool_info["init_params_schema"].get("properties", {}).keys())
+
+    # Intermediate base's field should be preserved
+    assert "shared_config" in props, (
+        "Intermediate base class fields should be preserved in init_params_schema"
+    )
+    # Derived tool's own field should be preserved
+    assert "derived_param" in props, (
+        "Derived tool's own fields should be preserved in init_params_schema"
+    )
+    # BaseTool internals should still be excluded
+    assert "tool_type" not in props
+    assert "cache_function" not in props
+    assert "result_as_answer" not in props
+
+
+def test_future_base_tool_field_auto_excluded(extractor):
+    """If a new field is added to BaseTool in the future, it should be
+    automatically excluded from spec generation without needing to update
+    the ignored list. This test verifies the allowlist approach works
+    by checking that ONLY non-BaseTool fields appear."""
+    with (
+        mock.patch("crewai_tools.generate_tool_specs.dir", return_value=["MockTool"]),
+        mock.patch("crewai_tools.generate_tool_specs.getattr", return_value=MockTool),
+    ):
+        extractor.extract_all_tools()
+        tool_info = extractor.tools_spec[0]
+
+    props = set(tool_info["init_params_schema"].get("properties", {}).keys())
+    base_all = set(BaseTool.model_fields) | set(BaseTool.model_computed_fields)
+
+    leaked = base_all & props
+    assert not leaked, (
+        f"BaseTool fields should be auto-excluded but found: {leaked}. "
+        "The spec generator should dynamically compute BaseTool's fields "
+        "instead of using a hardcoded denylist."
+    )
+
+
 def test_save_to_json(extractor, tmp_path):
     extractor.tools_spec = [
         {

lib/crewai-tools/tests/tools/rag/rag_tool_test.py

@@ -3,10 +3,21 @@ from tempfile import TemporaryDirectory
 from typing import cast
 from unittest.mock import MagicMock, Mock, patch
 
+import pytest
+
 from crewai_tools.adapters.crewai_rag_adapter import CrewAIRagAdapter
 from crewai_tools.tools.rag.rag_tool import RagTool
 
 
+@pytest.fixture(autouse=True)
+def allow_tmp_paths(monkeypatch: pytest.MonkeyPatch) -> None:
+    """Allow absolute paths outside CWD (e.g. /tmp/) for these RagTool tests.
+
+    Path validation is tested separately in test_rag_tool_path_validation.py.
+    """
+    monkeypatch.setenv("CREWAI_TOOLS_ALLOW_UNSAFE_PATHS", "true")
+
+
 @patch("crewai_tools.adapters.crewai_rag_adapter.get_rag_client")
 @patch("crewai_tools.adapters.crewai_rag_adapter.create_client")
 def test_rag_tool_initialization(