chore: bump version to 1.12.1 across all modules

.github/security.md

@@ -1,15 +1,50 @@
 ## CrewAI Security Policy
 
-We are committed to protecting the confidentiality, integrity, and availability of the
-CrewAI ecosystem.
+We are committed to protecting the confidentiality, integrity, and availability of the CrewAI ecosystem. This policy explains how to report potential vulnerabilities and what you can expect from us when you do.
+
+### Scope
+
+We welcome reports for vulnerabilities that could impact:
+
+- CrewAI-maintained source code and repositories
+- CrewAI-operated infrastructure and services
+- Official CrewAI releases, packages, and distributions
+
+Issues affecting clearly unaffiliated third-party services or user-generated content are out of scope, unless you can demonstrate a direct impact on CrewAI systems or customers.
 
 ### How to Report
 
-Please submit reports through one of the following channels:
+- **Please do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media.
+- Email detailed reports to **security@crewai.com** with the subject line `Security Report`.
+- If you need to share large files or sensitive artifacts, mention it in your email and we will coordinate a secure transfer method.
 
-- **crewai-vdp-ess@submit.bugcrowd.com**
-- https://security.crewai.com
+### What to Include
 
-- **Please do not** disclose vulnerabilities via public GitHub issues, pull requests,
-  or social media
-- Reports submitted via channels other than this Bugcrowd submission email will not be reviewed and will be dismissed
+Providing comprehensive information enables us to validate the issue quickly:
+
+- **Vulnerability overview** — a concise description and classification (e.g., RCE, privilege escalation)
+- **Affected components** — repository, branch, tag, or deployed service along with relevant file paths or endpoints
+- **Reproduction steps** — detailed, step-by-step instructions; include logs, screenshots, or screen recordings when helpful
+- **Proof-of-concept** — exploit details or code that demonstrates the impact (if available)
+- **Impact analysis** — severity assessment, potential exploitation scenarios, and any prerequisites or special configurations
+
+### Our Commitment
+
+- **Acknowledgement:** We aim to acknowledge your report within two business days.
+- **Communication:** We will keep you informed about triage results, remediation progress, and planned release timelines.
+- **Resolution:** Confirmed vulnerabilities will be prioritized based on severity and fixed as quickly as possible.
+- **Recognition:** We currently do not run a bug bounty program; any rewards or recognition are issued at CrewAI's discretion.
+
+### Coordinated Disclosure
+
+We ask that you allow us a reasonable window to investigate and remediate confirmed issues before any public disclosure. We will coordinate publication timelines with you whenever possible.
+
+### Safe Harbor
+
+We will not pursue or support legal action against individuals who, in good faith:
+
+- Follow this policy and refrain from violating any applicable laws
+- Avoid privacy violations, data destruction, or service disruption
+- Limit testing to systems in scope and respect rate limits and terms of service
+
+If you are unsure whether your testing is covered, please contact us at **security@crewai.com** before proceeding.

.github/workflows/build-uv-cache.yml

@@ -23,12 +23,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        uses: astral-sh/setup-uv@v6
         with:
-          version: "0.11.3"
+          version: "0.8.4"
           python-version: ${{ matrix.python-version }}
           enable-cache: false
 
@@ -39,7 +39,7 @@ jobs:
           echo "Cache populated successfully"
 
       - name: Save uv caches
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@v4
         with:
           path: |
             ~/.cache/uv

.github/workflows/codeql.yml

@@ -59,7 +59,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
     - name: Checkout repository
-      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      uses: actions/checkout@v4
 
     # Add any setup steps before running the `github/codeql-action/init` action.
     # This includes steps like installing compilers or runtimes (`actions/setup-node`
@@ -69,7 +69,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -98,6 +98,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/docs-broken-links.yml

@@ -18,12 +18,12 @@ jobs:
     name: Check broken links
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
 
       - name: Set up Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
         with:
-          node-version: "22"
+          node-version: "latest"
 
       - name: Install Mintlify CLI
         run: npm i -g mintlify

.github/workflows/generate-tool-specs.yml

@@ -14,7 +14,6 @@ permissions:
 
 jobs:
   generate-specs:
-    if: github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
     env:
       PYTHONUNBUFFERED: 1
@@ -22,21 +21,21 @@ jobs:
     steps:
       - name: Generate GitHub App token
         id: app-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: tibdex/github-app-token@v2
         with:
-          app-id: ${{ secrets.CREWAI_TOOL_SPECS_APP_ID }}
-          private-key: ${{ secrets.CREWAI_TOOL_SPECS_PRIVATE_KEY }}
+          app_id: ${{ secrets.CREWAI_TOOL_SPECS_APP_ID }}
+          private_key: ${{ secrets.CREWAI_TOOL_SPECS_PRIVATE_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.head_ref }}
           token: ${{ steps.app-token.outputs.token }}
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        uses: astral-sh/setup-uv@v6
         with:
-          version: "0.11.3"
+          version: "0.8.4"
           python-version: "3.12"
           enable-cache: true
 

.github/workflows/linter.yml

@@ -6,31 +6,14 @@ permissions:
   contents: read
 
 jobs:
-  changes:
-    name: Detect changes
-    runs-on: ubuntu-latest
-    outputs:
-      code: ${{ steps.filter.outputs.code }}
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-      - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3
-        id: filter
-        with:
-          filters: |
-            code:
-              - '!docs/**'
-              - '!**/*.md'
-
-  lint-run:
-    needs: changes
-    if: needs.changes.outputs.code == 'true'
+  lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
 
       - name: Restore global uv cache
         id: cache-restore
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@v4
         with:
           path: |
             ~/.cache/uv
@@ -41,9 +24,9 @@ jobs:
             uv-main-py3.11-
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        uses: astral-sh/setup-uv@v6
         with:
-          version: "0.11.3"
+          version: "0.8.4"
           python-version: "3.11"
           enable-cache: false
 
@@ -58,30 +41,10 @@ jobs:
 
       - name: Save uv caches
         if: steps.cache-restore.outputs.cache-hit != 'true'
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@v4
         with:
           path: |
             ~/.cache/uv
             ~/.local/share/uv
             .venv
           key: uv-main-py3.11-${{ hashFiles('uv.lock') }}
-
-  # Summary job to provide single status for branch protection
-  lint:
-    name: lint
-    runs-on: ubuntu-latest
-    needs: [changes, lint-run]
-    if: always()
-    steps:
-      - name: Check results
-        run: |
-          if [ "${{ needs.changes.outputs.code }}" != "true" ]; then
-            echo "Docs-only change, skipping lint"
-            exit 0
-          fi
-          if [ "${{ needs.lint-run.result }}" == "success" ]; then
-            echo "Lint passed"
-          else
-            echo "Lint failed"
-            exit 1
-          fi

.github/workflows/nightly.yml

@@ -5,10 +5,6 @@ on:
     - cron: '0 6 * * *' # daily at 6am UTC
   workflow_dispatch:
 
-concurrency:
-  group: nightly-publish
-  cancel-in-progress: false
-
 jobs:
   check:
     name: Check for new commits
@@ -18,15 +14,14 @@ jobs:
     outputs:
       has_changes: ${{ steps.check.outputs.has_changes }}
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Check for recent commits
+      - name: Check for commits in last 24h
         id: check
         run: |
-          # 25h window absorbs cron-vs-commit timing skew at the boundary.
-          RECENT=$(git log --since="25 hours ago" --oneline | head -1)
+          RECENT=$(git log --since="24 hours ago" --oneline | head -1)
           if [ -n "$RECENT" ]; then
             echo "has_changes=true" >> "$GITHUB_OUTPUT"
           else
@@ -41,44 +36,36 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
-        with:
-          version: "0.11.3"
-          python-version: "3.12"
-          enable-cache: false
+        uses: astral-sh/setup-uv@v4
 
       - name: Stamp nightly versions
         run: |
           DATE=$(date +%Y%m%d)
-
-          # All workspace packages share the same base version and are released together.
-          BASE=$(python -c "
-          import re
-          print(re.search(r'__version__\s*=\s*\"(.*?)\"', open('lib/crewai/src/crewai/__init__.py').read()).group(1))
-          ")
-          NIGHTLY="${BASE}.dev${DATE}"
-          echo "Nightly version: ${NIGHTLY}"
-
           for init_file in \
             lib/crewai/src/crewai/__init__.py \
-            lib/crewai-core/src/crewai_core/__init__.py \
             lib/crewai-tools/src/crewai_tools/__init__.py \
-            lib/crewai-files/src/crewai_files/__init__.py \
-            lib/cli/src/crewai_cli/__init__.py; do
+            lib/crewai-files/src/crewai_files/__init__.py; do
+            CURRENT=$(python -c "
+          import re
+          text = open('$init_file').read()
+          print(re.search(r'__version__\s*=\s*\"(.*?)\"\s*$', text, re.MULTILINE).group(1))
+          ")
+            NIGHTLY="${CURRENT}.dev${DATE}"
             sed -i "s/__version__ = .*/__version__ = \"${NIGHTLY}\"/" "$init_file"
-            echo "Stamped $init_file -> $NIGHTLY"
+            echo "$init_file: $CURRENT -> $NIGHTLY"
           done
 
-          # Update all cross-package dependency pins to the nightly version.
-          sed -i "s/\"crewai==[^\"]*\"/\"crewai==${NIGHTLY}\"/" lib/crewai-tools/pyproject.toml
-          sed -i "s/\"crewai-core==[^\"]*\"/\"crewai-core==${NIGHTLY}\"/" lib/crewai/pyproject.toml
-          sed -i "s/\"crewai-cli==[^\"]*\"/\"crewai-cli==${NIGHTLY}\"/" lib/crewai/pyproject.toml
+          # Update cross-package dependency pins to nightly versions
           sed -i "s/\"crewai-tools==[^\"]*\"/\"crewai-tools==${NIGHTLY}\"/" lib/crewai/pyproject.toml
-          sed -i "s/\"crewai-files==[^\"]*\"/\"crewai-files==${NIGHTLY}\"/" lib/crewai/pyproject.toml
-          sed -i "s/\"crewai-core==[^\"]*\"/\"crewai-core==${NIGHTLY}\"/" lib/cli/pyproject.toml
+          sed -i "s/\"crewai==[^\"]*\"/\"crewai==${NIGHTLY}\"/" lib/crewai-tools/pyproject.toml
           echo "Updated cross-package dependency pins to ${NIGHTLY}"
 
       - name: Build packages
@@ -87,7 +74,7 @@ jobs:
           rm dist/.gitignore
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
         with:
           name: dist
           path: dist/
@@ -98,19 +85,22 @@ jobs:
     runs-on: ubuntu-latest
     environment:
       name: pypi
+      url: https://pypi.org/p/crewai
     permissions:
       id-token: write
       contents: read
     steps:
+      - uses: actions/checkout@v4
+
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        uses: astral-sh/setup-uv@v6
         with:
-          version: "0.11.3"
+          version: "0.8.4"
           python-version: "3.12"
           enable-cache: false
 
       - name: Download artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@v4
         with:
           name: dist
           path: dist
@@ -126,8 +116,7 @@ jobs:
               continue
             fi
             echo "Publishing $package"
-            # --check-url skips files already on PyPI so manual re-runs on the same day are idempotent.
-            if ! uv publish --check-url https://pypi.org/simple/ "$package"; then
+            if ! uv publish "$package"; then
               echo "Failed to publish $package"
               failed=1
             fi

.github/workflows/pr-size.yml

@@ -10,7 +10,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: codelytv/pr-size-labeler@095a41fca88b8764fd9e008ad269bcdb82bb38b9 # v1
+      - uses: codelytv/pr-size-labeler@v1
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           xs_label: "size/XS"
@@ -29,30 +29,4 @@ jobs:
             lib/crewai/src/crewai/cli/templates/**
             **/*.json
             **/test_durations/**
-            **/cassettes/**
-
-  python-diff-size:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-        with:
-          fetch-depth: 0
-      - name: Enforce Python diff size limit
-        env:
-          MAX: "1500"
-          BASE_SHA: ${{ github.event.pull_request.base.sha }}
-          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
-        run: |
-          # Three-dot base...head == merge-base(base, head)..head: matches GitHub's
-          # "Files changed" diff and ignores the synthetic merge commit at HEAD.
-          # Sum added + deleted lines across changed .py files; skip binaries ("-").
-          total=$(git diff --numstat "$BASE_SHA...$HEAD_SHA" -- '*.py' \
-            | awk '$1 != "-" && $2 != "-" { sum += $1 + $2 } END { print sum + 0 }')
-          echo "Python churn: $total lines (limit $MAX)"
-          if [ "$total" -gt "$MAX" ]; then
-            echo "::error::Python changes total $total lines, over the $MAX-line limit. Split into smaller PRs."
-            git diff --numstat "$BASE_SHA...$HEAD_SHA" -- '*.py' | sort -rn
-            exit 1
-          fi
+            **/cassettes/**

.github/workflows/pr-title.yml

@@ -12,7 +12,7 @@ jobs:
   pr-title:
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@e32d7e603df1aa1ba07e981f2a23455dee596825 # v5
+      - uses: amannn/action-semantic-pull-request@v5
         continue-on-error: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yml

@@ -24,17 +24,17 @@ jobs:
             echo "tag=" >> $GITHUB_OUTPUT
           fi
 
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
         with:
           ref: ${{ steps.release.outputs.tag || github.ref }}
 
       - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
         with:
           python-version: "3.12"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4
+        uses: astral-sh/setup-uv@v4
 
       - name: Build packages
         run: |
@@ -42,7 +42,7 @@ jobs:
           rm dist/.gitignore
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
         with:
           name: dist
           path: dist/
@@ -58,19 +58,19 @@ jobs:
       id-token: write
       contents: read
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.release_tag || github.ref }}
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        uses: astral-sh/setup-uv@v6
         with:
-          version: "0.11.3"
+          version: "0.8.4"
           python-version: "3.12"
           enable-cache: false
 
       - name: Download artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@v4
         with:
           name: dist
           path: dist
@@ -159,7 +159,7 @@ jobs:
 
       - name: Notify Slack
         if: success()
-        uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0
+        uses: slackapi/slack-github-action@v2.1.0
         with:
           webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
           webhook-type: incoming-webhook

.github/workflows/stale.yml

@@ -14,7 +14,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+    - uses: actions/stale@v9
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-label: 'no-issue-activity'

.github/workflows/tests.yml

@@ -6,25 +6,8 @@ permissions:
   contents: read
 
 jobs:
-  changes:
-    name: Detect changes
-    runs-on: ubuntu-latest
-    outputs:
-      code: ${{ steps.filter.outputs.code }}
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-      - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3
-        id: filter
-        with:
-          filters: |
-            code:
-              - '!docs/**'
-              - '!**/*.md'
-
-  tests-matrix:
+  tests:
     name: tests (${{ matrix.python-version }})
-    needs: changes
-    if: needs.changes.outputs.code == 'true'
     runs-on: ubuntu-latest
     timeout-minutes: 15
     strategy:
@@ -34,13 +17,13 @@ jobs:
         group: [1, 2, 3, 4, 5, 6, 7, 8]
     steps:
       - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Fetch all history for proper diff
 
       - name: Restore global uv cache
         id: cache-restore
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@v4
         with:
           path: |
             ~/.cache/uv
@@ -51,9 +34,9 @@ jobs:
             uv-main-py${{ matrix.python-version }}-
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        uses: astral-sh/setup-uv@v6
         with:
-          version: "0.11.3"
+          version: "0.8.4"
           python-version: ${{ matrix.python-version }}
           enable-cache: false
 
@@ -61,7 +44,7 @@ jobs:
         run: uv sync --all-groups --all-extras
 
       - name: Restore test durations
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@v4
         with:
           path: .test_durations_py*
           key: test-durations-py${{ matrix.python-version }}
@@ -108,30 +91,10 @@ jobs:
 
       - name: Save uv caches
         if: steps.cache-restore.outputs.cache-hit != 'true'
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@v4
         with:
           path: |
             ~/.cache/uv
             ~/.local/share/uv
             .venv
           key: uv-main-py${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
-
-  # Summary job to provide single status for branch protection
-  tests:
-    name: tests
-    runs-on: ubuntu-latest
-    needs: [changes, tests-matrix]
-    if: always()
-    steps:
-      - name: Check results
-        run: |
-          if [ "${{ needs.changes.outputs.code }}" != "true" ]; then
-            echo "Docs-only change, skipping tests"
-            exit 0
-          fi
-          if [ "${{ needs.tests-matrix.result }}" == "success" ]; then
-            echo "All tests passed"
-          else
-            echo "Tests failed"
-            exit 1
-          fi

.github/workflows/type-checker.yml

@@ -6,25 +6,8 @@ permissions:
   contents: read
 
 jobs:
-  changes:
-    name: Detect changes
-    runs-on: ubuntu-latest
-    outputs:
-      code: ${{ steps.filter.outputs.code }}
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-      - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3
-        id: filter
-        with:
-          filters: |
-            code:
-              - '!docs/**'
-              - '!**/*.md'
-
   type-checker-matrix:
     name: type-checker (${{ matrix.python-version }})
-    needs: changes
-    if: needs.changes.outputs.code == 'true'
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -33,11 +16,11 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
 
       - name: Restore global uv cache
         id: cache-restore
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@v4
         with:
           path: |
             ~/.cache/uv
@@ -48,9 +31,9 @@ jobs:
             uv-main-py${{ matrix.python-version }}-
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        uses: astral-sh/setup-uv@v6
         with:
-          version: "0.11.3"
+          version: "0.8.4"
           python-version: ${{ matrix.python-version }}
           enable-cache: false
 
@@ -62,7 +45,7 @@ jobs:
 
       - name: Save uv caches
         if: steps.cache-restore.outputs.cache-hit != 'true'
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@v4
         with:
           path: |
             ~/.cache/uv
@@ -74,18 +57,14 @@ jobs:
   type-checker:
     name: type-checker
     runs-on: ubuntu-latest
-    needs: [changes, type-checker-matrix]
+    needs: type-checker-matrix
     if: always()
     steps:
-      - name: Check results
+      - name: Check matrix results
         run: |
-          if [ "${{ needs.changes.outputs.code }}" != "true" ]; then
-            echo "Docs-only change, skipping type checks"
-            exit 0
-          fi
-          if [ "${{ needs.type-checker-matrix.result }}" == "success" ]; then
-            echo "All type checks passed"
+          if [ "${{ needs.type-checker-matrix.result }}" == "success" ] || [ "${{ needs.type-checker-matrix.result }}" == "skipped" ]; then
+            echo "✅ All type checks passed"
           else
-            echo "Type checks failed"
+            echo "❌ Type checks failed"
             exit 1
           fi

.github/workflows/update-test-durations.yml

@@ -23,11 +23,11 @@ jobs:
     
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
 
       - name: Restore global uv cache
         id: cache-restore
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@v4
         with:
           path: |
             ~/.cache/uv
@@ -38,9 +38,9 @@ jobs:
             uv-main-py${{ matrix.python-version }}-
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        uses: astral-sh/setup-uv@v6
         with:
-          version: "0.11.3"
+          version: "0.8.4"
           python-version: ${{ matrix.python-version }}
           enable-cache: false
 
@@ -55,14 +55,14 @@ jobs:
 
       - name: Save durations to cache
         if: always()
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@v4
         with:
           path: .test_durations_py*
           key: test-durations-py${{ matrix.python-version }}
 
       - name: Save uv caches
         if: steps.cache-restore.outputs.cache-hit != 'true'
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@v4
         with:
           path: |
             ~/.cache/uv

.github/workflows/vulnerability-scan.yml

@@ -1,135 +0,0 @@
-name: Vulnerability Scan
-
-on:
-  pull_request:
-  push:
-    branches: [main]
-  schedule:
-    # Run weekly on Monday at 9:00 UTC
-    - cron: '0 9 * * 1'
-
-permissions:
-  contents: read
-
-jobs:
-  pip-audit:
-    name: pip-audit
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-        with:
-          persist-credentials: false
-
-      - name: Restore global uv cache
-        id: cache-restore
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-        with:
-          path: |
-            ~/.cache/uv
-            ~/.local/share/uv
-            .venv
-          key: uv-main-py3.11-${{ hashFiles('uv.lock') }}
-          restore-keys: |
-            uv-main-py3.11-
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
-        with:
-          version: "0.11.3"
-          python-version: "3.11"
-          enable-cache: false
-
-      - name: Install dependencies
-        run: uv sync --all-groups --all-extras --no-install-project
-
-      - name: Install pip-audit
-        run: uv pip install pip-audit
-
-      - name: Run pip-audit
-        run: |
-          uv run pip-audit --desc --aliases --skip-editable --format json --output pip-audit-report.json \
-            --ignore-vuln PYSEC-2024-277 \
-            --ignore-vuln PYSEC-2026-89 \
-            --ignore-vuln PYSEC-2026-97 \
-            --ignore-vuln PYSEC-2025-148 \
-            --ignore-vuln PYSEC-2025-183 \
-            --ignore-vuln PYSEC-2025-189 \
-            --ignore-vuln PYSEC-2025-190 \
-            --ignore-vuln PYSEC-2025-191 \
-            --ignore-vuln PYSEC-2025-192 \
-            --ignore-vuln PYSEC-2025-193 \
-            --ignore-vuln PYSEC-2025-194 \
-            --ignore-vuln PYSEC-2025-195 \
-            --ignore-vuln PYSEC-2025-196 \
-            --ignore-vuln PYSEC-2025-197 \
-            --ignore-vuln PYSEC-2025-210 \
-            --ignore-vuln PYSEC-2026-139 \
-            --ignore-vuln GHSA-rrmf-rvhw-rf47 \
-            --ignore-vuln PYSEC-2025-211 \
-            --ignore-vuln PYSEC-2025-212 \
-            --ignore-vuln PYSEC-2025-213 \
-            --ignore-vuln PYSEC-2025-214 \
-            --ignore-vuln PYSEC-2025-215 \
-            --ignore-vuln PYSEC-2025-216 \
-            --ignore-vuln PYSEC-2025-217 \
-            --ignore-vuln PYSEC-2025-218 \
-            --ignore-vuln GHSA-f4j7-r4q5-qw2c
-        # Ignored CVEs:
-        #   PYSEC-2024-277      - joblib 1.5.3: disputed; NumpyArrayWrapper only used with trusted caches
-        #   PYSEC-2026-89       - markdown 3.10.2: DoS via malformed HTML; fix 3.8.1 — already past, advisory range is stale
-        #   PYSEC-2026-97       - nltk 3.9.4: arbitrary file read in filestring(); no fix available
-        #   PYSEC-2025-148      - onnx 1.21.0: path traversal in save_external_data; no fix available
-        #   PYSEC-2025-183      - pyjwt 2.12.1: disputed weak-encryption claim; key length is application-chosen
-        #   PYSEC-2025-189..197 - torch 2.11.0: memory-corruption/DoS in functions only reachable via untrusted models; no fix available
-        #   PYSEC-2025-210, PYSEC-2026-139 - torch 2.11.0: profiler/deserialization issues; no fix available
-        #   GHSA-rrmf-rvhw-rf47 - torch 2.11.0 (CVE-2025-3000, alias of PYSEC-2025-194): memory corruption in torch.jit.script, CVSS 1.9, local-only; affected <=2.12.0, no fix available. pip-audit reports it under the GHSA id so the PYSEC ignore above does not catch it.
-        #   PYSEC-2025-211..218 - transformers 5.5.4: deserialization/code injection via malicious model checkpoints; no fix available
-        #   GHSA-f4j7-r4q5-qw2c - chromadb 1.1.1 (CVE-2026-45829): pre-auth RCE via /api/v2/tenants/{tenant}/databases/{db}/collections when trust_remote_code=true.
-        #                         Advisory: vulnerable >=1.0.0,<=1.5.9, firstPatchedVersion=none. We only use chromadb.PersistentClient (lib/crewai/src/crewai/rag/chromadb/factory.py)
-        #                         and chromadb.utils.embedding_functions; the chromadb HTTP server is never started, so the vulnerable route is not exposed.
-        continue-on-error: true
-
-      - name: Display results
-        if: always()
-        run: |
-          if [ -f pip-audit-report.json ]; then
-            echo "## pip-audit Results" >> $GITHUB_STEP_SUMMARY
-            echo '```json' >> $GITHUB_STEP_SUMMARY
-            cat pip-audit-report.json | python3 -m json.tool >> $GITHUB_STEP_SUMMARY
-            echo '```' >> $GITHUB_STEP_SUMMARY
-            # Fail if vulnerabilities found
-            python3 -c "
-          import json, sys
-          with open('pip-audit-report.json') as f:
-              data = json.load(f)
-          vulns = [d for d in data.get('dependencies', []) if d.get('vulns')]
-          if vulns:
-              print(f'::error::Found vulnerabilities in {len(vulns)} package(s)')
-              for v in vulns:
-                  for vuln in v['vulns']:
-                      print(f'  - {v[\"name\"]}=={v[\"version\"]}: {vuln[\"id\"]}')
-              sys.exit(1)
-          print('No known vulnerabilities found')
-          "
-          else
-            echo "::error::pip-audit failed to produce a report. Check the pip-audit step logs."
-            exit 1
-          fi
-
-      - name: Upload pip-audit report
-        if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: pip-audit-report
-          path: pip-audit-report.json
-
-      - name: Save uv caches
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-        with:
-          path: |
-            ~/.cache/uv
-            ~/.local/share/uv
-            .venv
-          key: uv-main-py3.11-${{ hashFiles('uv.lock') }}
-

.gitignore

@@ -30,6 +30,3 @@ chromadb-*.lock
 .crewai/memory
 blogs/*
 secrets/*
-UNKNOWN.egg-info/
-demos/*
-.crewai/*

.pre-commit-config.yaml

@@ -19,47 +19,11 @@ repos:
         language: system
         pass_filenames: true
         types: [python]
-        exclude: ^(lib/crewai/src/crewai/cli/templates/|lib/cli/src/crewai_cli/templates/|lib/cli/tests/|lib/crewai/tests/|lib/crewai-tools/tests/|lib/crewai-files/tests/|lib/devtools/tests/)
+        exclude: ^(lib/crewai/src/crewai/cli/templates/|lib/crewai/tests/|lib/crewai-tools/tests/|lib/crewai-files/tests/)
   - repo: https://github.com/astral-sh/uv-pre-commit
-    rev: 0.11.3
+    rev: 0.9.3
     hooks:
       - id: uv-lock
-  - repo: local
-    hooks:
-      - id: pip-audit
-        name: pip-audit
-        # Keep this ignore list in sync with .github/workflows/vulnerability-scan.yml.
-        entry: >-
-          bash -c 'source .venv/bin/activate && uv run pip-audit --skip-editable
-          --ignore-vuln PYSEC-2024-277
-          --ignore-vuln PYSEC-2026-89
-          --ignore-vuln PYSEC-2026-97
-          --ignore-vuln PYSEC-2025-148
-          --ignore-vuln PYSEC-2025-183
-          --ignore-vuln PYSEC-2025-189
-          --ignore-vuln PYSEC-2025-190
-          --ignore-vuln PYSEC-2025-191
-          --ignore-vuln PYSEC-2025-192
-          --ignore-vuln PYSEC-2025-193
-          --ignore-vuln PYSEC-2025-194
-          --ignore-vuln PYSEC-2025-195
-          --ignore-vuln PYSEC-2025-196
-          --ignore-vuln PYSEC-2025-197
-          --ignore-vuln PYSEC-2025-210
-          --ignore-vuln PYSEC-2026-139
-          --ignore-vuln GHSA-rrmf-rvhw-rf47
-          --ignore-vuln PYSEC-2025-211
-          --ignore-vuln PYSEC-2025-212
-          --ignore-vuln PYSEC-2025-213
-          --ignore-vuln PYSEC-2025-214
-          --ignore-vuln PYSEC-2025-215
-          --ignore-vuln PYSEC-2025-216
-          --ignore-vuln PYSEC-2025-217
-          --ignore-vuln PYSEC-2025-218
-          --ignore-vuln GHSA-f4j7-r4q5-qw2c' --
-        language: system
-        pass_filenames: false
-        stages: [pre-push, manual]
   - repo: https://github.com/commitizen-tools/commitizen
     rev: v4.10.1
     hooks:

AGENTS.md

@@ -1,142 +0,0 @@
-# Docs contributor guide
-
-The `docs/` directory is published at [docs.crewai.com](https://docs.crewai.com)
-by [Mintlify](https://www.mintlify.com/). Mintlify watches `docs/docs.json`
-and the MDX files referenced from it.
-
-## TL;DR for editing docs
-
-- Edit MDX under `docs/edge/<lang>/...` (e.g. `docs/edge/en/concepts/agents.mdx`).
-- Your change ships under the **Edge** version selector the moment it merges
-  to `main`. Edge follows `main` and is the channel for unreleased work.
-- On release cut, the current Edge state is frozen into `docs/v<X.Y.Z>/` and
-  that snapshot becomes the new default version in the selector (tag:
-  `Latest`). Canonical URLs (`/<lang>/...`) auto-redirect to the new default.
-- Never modify files under `docs/v*/`. Those are frozen release snapshots
-  and the `docs-snapshots` CI guard rejects writes. The only exception is a
-  release-cut PR (auto-generated by `devtools release` or the manual
-  `scripts/docs/freeze_current_edge.py` wrapper), which uses a
-  `[docs-freeze]` title prefix to opt out.
-- Never delete or rename files under `docs/images/`. Images are append-only.
-  See [Images](#images) below.
-
-## The version model
-
-The site has one rolling channel (Edge) plus one frozen snapshot per
-release.
-
-```
-docs/
-  edge/                  <-- Edge sources (you edit here)
-    en/...
-    pt-BR/  ko/  ar/
-    enterprise-api.*.yaml
-
-  v1.14.7/               <-- frozen snapshot of v1.14.7
-    en/...
-    pt-BR/  ko/  ar/
-    enterprise-api.*.yaml
-  v1.14.6/...
-  ...
-
-  images/                <-- shared, append-only
-  docs.json              <-- Mintlify config: navigation + redirects
-```
-
-`docs/docs.json` lists one navigation block per version per language. Edge
-points at `docs/edge/<lang>/...`; every other version points at its own
-`docs/v<X.Y.Z>/<lang>/...` subtree. Mintlify scopes both the sidebar and the
-in-site search to whichever version the reader selects, so picking
-`v1.10.0` genuinely shows the v1.10.0 docs (and only those).
-
-### URLs and canonical redirects
-
-Each Mintlify version corresponds to its own URL prefix:
-
-- Edge: `/edge/<lang>/<page>` (e.g. `/edge/en/concepts/agents`)
-- Frozen: `/v<X.Y.Z>/<lang>/<page>` (e.g. `/v1.14.7/en/concepts/agents`)
-
-External links to the old, unversioned `/<lang>/<page>` URLs would 404 under
-this layout. To keep them working, `docs.json` ships wildcard redirects:
-
-```jsonc
-{ "source": "/en/:slug*", "destination": "/v1.14.7/en/:slug*", "permanent": false }
-```
-
-The release-cut step rewrites the destination on every release so canonical
-`/<lang>/...` URLs always resolve to the latest stable docs.
-
-## Lifecycle
-
-1. **During development.** You add or edit pages under
-   `docs/edge/<lang>/...` in normal PRs. They land in Edge as soon as the PR
-   merges. Both `/edge/<lang>/<page>` and the version selector's `Edge` entry
-   reflect the change immediately.
-2. **Release cut.** The release engineer runs `devtools release X.Y.Z`. As
-   part of that flow the CLI opens a `[docs-freeze]` PR that copies Edge into
-   `docs/v<X.Y.Z>/`, rewrites internal OpenAPI references, updates
-   `docs/docs.json` to make `v<X.Y.Z>` the new default + `Latest`, and rewires
-   the canonical-URL redirects to the new default. The PR must merge before
-   the tag and PyPI publish run.
-3. **After release.** Edge keeps rolling. Patch fixes to the just-released
-   docs go into Edge and ship with the next release. We do not back-edit
-   frozen snapshots.
-
-See [`RELEASING.md`](RELEASING.md) for the full release runbook.
-
-## Images
-
-Snapshots share a single `docs/images/` directory. If an image is deleted
-or renamed, every frozen snapshot that referenced it breaks. So the rule
-is:
-
-- Adding new images is always fine.
-- Deleting or renaming an existing image fails CI unless the PR is a
-  `[docs-freeze]` release-cut PR.
-- If an asset is wrong, add a new file with a new name and reference the
-  new name in the Edge MDX (`docs/edge/<lang>/...`). Leave the old file
-  alone.
-
-## Local preview
-
-Install the Mintlify CLI and run from `docs/`:
-
-```bash
-npm i -g mintlify
-mintlify dev
-```
-
-Use the version selector at the top of the rendered page to switch between
-Edge and frozen versions.
-
-To check links across every version:
-
-```bash
-mintlify broken-links
-```
-
-CI runs the broken-links check on every PR that touches `docs/**` via
-[`.github/workflows/docs-broken-links.yml`](.github/workflows/docs-broken-links.yml).
-
-## Scripts
-
-- `scripts/docs/freeze_historical_versions.py` — one-time migration that
-  reconstructed `docs/v1.10.0/` through `docs/v1.14.7/` from git tags. You
-  should not need to run this again.
-- `scripts/docs/prefix_version_paths.py` — one-time migration that switched
-  `docs/docs.json` to directory-based versioning, inserted Edge, and added
-  the canonical-URL redirects. You should not need to run this again.
-- `scripts/docs/freeze_current_edge.py` — thin CLI wrapper around
-  `crewai_devtools.docs_versioning.freeze`. `devtools release` calls the
-  same module during its docs PR step; this script is the manual escape
-  hatch (e.g. retroactively freezing a forgotten release).
-
-## CI guards
-
-- [`.github/workflows/docs-snapshots.yml`](.github/workflows/docs-snapshots.yml)
-  enforces the two rules above (frozen snapshots immutable, images
-  append-only). Both checks accept the `[docs-freeze]` PR-title escape
-  hatch.
-- [`.github/workflows/docs-broken-links.yml`](.github/workflows/docs-broken-links.yml)
-  runs `mintlify broken-links` against the whole site, so adding a new
-  page or moving a snapshot file that breaks a link will fail CI.

README.md

@@ -83,7 +83,6 @@ intelligent automations.
 
 ## Table of contents
 
-- [Build with AI](#build-with-ai)
 - [Why CrewAI?](#why-crewai)
 - [Getting Started](#getting-started)
 - [Key Features](#key-features)
@@ -102,32 +101,6 @@ intelligent automations.
 - [Telemetry](#telemetry)
 - [License](#license)
 
-## Build with AI
-
-Using an AI coding agent? Teach it CrewAI best practices in one command:
-
-**Claude Code:**
-```shell
-/plugin marketplace add crewAIInc/skills
-/plugin install crewai-skills@crewai-plugins
-/reload-plugins
-```
-Four skills that activate automatically when you ask relevant CrewAI questions:
-
-| Skill | When it runs |
-|-------|--------------|
-| `getting-started` | Scaffolding new projects, choosing between `LLM.call()` / `Agent` / `Crew` / `Flow`, wiring `crew.py` / `main.py` |
-| `design-agent` | Configuring agents — role, goal, backstory, tools, LLMs, memory, guardrails |
-| `design-task` | Writing task descriptions, dependencies, structured output (`output_pydantic`, `output_json`), human review |
-| `ask-docs` | Querying the live [CrewAI docs MCP server](https://docs.crewai.com/mcp) for up-to-date API details |
-
-**Cursor, Codex, Windsurf, and others ([skills.sh](https://skills.sh/crewaiinc/skills)):**
-```shell
-npx skills add crewaiinc/skills
-```
-
-This installs the official [CrewAI Skills](https://github.com/crewAIInc/skills) — structured instructions that teach coding agents how to scaffold Flows, configure Crews, design agents and tasks, and follow CrewAI patterns.
-
 ## Why CrewAI?
 
 <div align="center" style="margin-bottom: 30px;">
@@ -601,19 +574,6 @@ CrewAI is open-source and we welcome contributions. If you're looking to contrib
 - Send a pull request.
 - We appreciate your input!
 
-### Contributing to the docs
-
-The site at [docs.crewai.com](https://docs.crewai.com) is published from
-`docs/` by [Mintlify](https://www.mintlify.com/). The docs use directory-based
-versioning: edits to `docs/edge/<lang>/...` (e.g.
-`docs/edge/en/concepts/agents.mdx`) land under the **Edge** version selector
-immediately and are frozen into a new versioned snapshot under
-`docs/v<X.Y.Z>/` at the next release cut. Frozen snapshots are immutable — CI
-rejects PRs that modify them without a `[docs-freeze]` title prefix. The
-release CLI (`devtools release`) handles the freeze automatically; see
-[`AGENTS.md`](AGENTS.md) for the full contributor guide and
-[`RELEASING.md`](RELEASING.md) for the release-cut runbook.
-
 ### Installing Dependencies
 
 ```bash

conftest.py

@@ -5,105 +5,12 @@ from collections.abc import Generator
 import gzip
 import os
 from pathlib import Path
-import re
 import tempfile
 from typing import Any
 
 from dotenv import load_dotenv
 import pytest
-
-
-def _patch_vcrpy_aiohttp_compat() -> None:
-    """Keep vcrpy's aiohttp stub working under aiohttp 3.14.0.
-
-    aiohttp 3.14.0 (pulled in to fix GHSA-jg22-mg44-37j8 and GHSA-hg6j-4rv6-33pg):
-      * removed ``aiohttp.streams.AsyncStreamReaderMixin`` (folded into ``StreamReader``),
-        which vcrpy's ``MockStream`` still subclasses -- vcr's patch machinery then raises
-        ``AttributeError`` at collection time; and
-      * added a required ``stream_writer`` keyword-only arg to ``ClientResponse.__init__``,
-        which vcrpy's ``MockClientResponse`` does not pass -- raising ``TypeError`` at
-        cassette playback.
-
-    Restore the mixin, then rebuild ``MockClientResponse``'s ``super().__init__`` call from
-    the live ``ClientResponse`` signature (defaulting every required keyword-only arg to
-    ``None``, mirroring vcrpy's original call) so it also survives future aiohttp additions.
-    """
-    import asyncio
-    import inspect
-
-    from aiohttp import streams
-    from aiohttp.client_reqrep import ClientResponse
-
-    if not hasattr(streams, "AsyncStreamReaderMixin"):
-
-        class AsyncStreamReaderMixin:
-            __slots__ = ()
-
-            def __aiter__(self) -> streams.AsyncStreamIterator[bytes]:
-                return streams.AsyncStreamIterator(self.readline)  # type: ignore[attr-defined]
-
-            def iter_chunked(self, n: int) -> streams.AsyncStreamIterator[bytes]:
-                return streams.AsyncStreamIterator(lambda: self.read(n))  # type: ignore[attr-defined]
-
-            def iter_any(self) -> streams.AsyncStreamIterator[bytes]:
-                return streams.AsyncStreamIterator(self.readany)  # type: ignore[attr-defined]
-
-            def iter_chunks(self) -> streams.ChunkTupleAsyncStreamIterator:
-                return streams.ChunkTupleAsyncStreamIterator(self)  # type: ignore[arg-type]
-
-        streams.AsyncStreamReaderMixin = AsyncStreamReaderMixin  # type: ignore[attr-defined]
-
-    # Importing the stub builds MockStream/MockClientResponse, so it must run after the
-    # mixin is restored above.
-    import vcr.stubs.aiohttp_stubs as aiohttp_stubs  # type: ignore[import-untyped]
-
-    if getattr(aiohttp_stubs.MockClientResponse, "_crewai_aiohttp_patched", False):
-        return
-
-    keyword_only = [
-        name
-        for name, param in inspect.signature(ClientResponse.__init__).parameters.items()
-        if param.kind is inspect.Parameter.KEYWORD_ONLY
-    ]
-
-    class _NullStreamWriter:
-        # aiohttp 3.14.0 reads stream_writer.output_size in the "request already
-        # sent" branch (writer is None), so None is not enough -- supply a stub.
-        output_size = 0
-
-    fallback_loop: list[asyncio.AbstractEventLoop] = []
-
-    def _resolve_loop() -> asyncio.AbstractEventLoop:
-        # MockClientResponse is normally built inside aiohttp's running loop, so
-        # prefer that. In a sync context there is no running loop; avoid
-        # asyncio.get_event_loop(), which on 3.12+ emits a DeprecationWarning
-        # (and can RuntimeError) when no current loop is set. Use one cached
-        # loop instead -- the mock only stores it and calls loop.get_debug().
-        try:
-            return asyncio.get_running_loop()
-        except RuntimeError:
-            if not fallback_loop:
-                fallback_loop.append(asyncio.new_event_loop())
-            return fallback_loop[0]
-
-    def _mock_client_response_init(
-        self: Any, method: str, url: Any, request_info: Any = None
-    ) -> None:
-        kwargs: dict[str, Any] = dict.fromkeys(keyword_only)
-        kwargs["request_info"] = request_info
-        if "loop" in kwargs:
-            kwargs["loop"] = _resolve_loop()
-        if "stream_writer" in kwargs:
-            kwargs["stream_writer"] = _NullStreamWriter()
-        ClientResponse.__init__(self, method, url, **kwargs)
-
-    aiohttp_stubs.MockClientResponse.__init__ = _mock_client_response_init
-    aiohttp_stubs.MockClientResponse._crewai_aiohttp_patched = True
-
-
-_patch_vcrpy_aiohttp_compat()
-
-from vcr.request import Request  # type: ignore[import-untyped]  # noqa: E402
+from vcr.request import Request  # type: ignore[import-untyped]
 
 
 try:
@@ -113,25 +20,8 @@ except ModuleNotFoundError:
 
 
 env_test_path = Path(__file__).parent / ".env.test"
-
-load_dotenv(env_test_path, override=False)
-load_dotenv(override=False)
-
-BEDROCK_HOST_PLACEHOLDER = "bedrock-runtime.vcr.amazonaws.com"
-_BEDROCK_HOST_RE = re.compile(r"^bedrock-runtime\.[a-z0-9-]+\.amazonaws\.com$")
-
-
-def _normalize_bedrock_host(host: str) -> str:
-    if _BEDROCK_HOST_RE.match(host):
-        return BEDROCK_HOST_PLACEHOLDER
-    return host
-
-
-def bedrock_host_matcher(r1: Request, r2: Request) -> bool:  # type: ignore[no-any-unimported]
-    """Match Bedrock requests across AWS regions (CI uses us-east-1, local may use us-west-2)."""
-    return _normalize_bedrock_host(r1.host or "") == _normalize_bedrock_host(
-        r2.host or ""
-    )
+load_dotenv(env_test_path, override=True)
+load_dotenv(override=True)
 
 
 def _patched_make_vcr_request(httpx_request: Any, **kwargs: Any) -> Any:
@@ -164,13 +54,12 @@ _original_from_serialized_response = getattr(
 )
 
 if _original_from_serialized_response is not None:
-    _from_serialized: Any = _original_from_serialized_response
 
     def _patched_from_serialized_response(
         request: Any, serialized_response: Any, history: Any = None
     ) -> Any:
         """Patched version that ensures response._content is properly set."""
-        response = _from_serialized(request, serialized_response, history)
+        response = _original_from_serialized_response(request, serialized_response, history)
         # Explicitly set _content to avoid ResponseNotRead errors
         # The content was passed to the constructor but the mocked read() prevents
         # proper initialization of the internal state
@@ -298,7 +187,6 @@ HEADERS_TO_FILTER = {
     "anthropic-ratelimit-tokens-remaining": "ANTHROPIC-RATELIMIT-TOKENS-REMAINING-XXX",
     "anthropic-ratelimit-tokens-reset": "ANTHROPIC-RATELIMIT-TOKENS-RESET-XXX",
     "x-amz-date": "X-AMZ-DATE-XXX",
-    "x-amz-security-token": "X-AMZ-SECURITY-TOKEN-XXX",
     "amz-sdk-invocation-id": "AMZ-SDK-INVOCATION-ID-XXX",
     "accept-encoding": "ACCEPT-ENCODING-XXX",
     "x-amzn-requestid": "X-AMZN-REQUESTID-XXX",
@@ -323,10 +211,6 @@ def _filter_request_headers(request: Request) -> Request:  # type: ignore[no-any
         placeholder_host = "fake-azure-endpoint.openai.azure.com"
         request.uri = request.uri.replace(original_host, placeholder_host)
 
-    # Normalize Bedrock regional endpoints so cassettes work in any AWS region.
-    if request.host and _BEDROCK_HOST_RE.match(request.host):
-        request.uri = request.uri.replace(request.host, BEDROCK_HOST_PLACEHOLDER)
-
     return request
 
 
@@ -344,11 +228,6 @@ def _filter_response_headers(response: dict[str, Any]) -> dict[str, Any] | None:
     if body == "" or body == b"" or content_length == ["0"]:
         return None
 
-    status_code = response.get("status", {}).get("code")
-    if isinstance(status_code, int) and status_code >= 400:
-        # Avoid persisting auth/model errors when re-recording without valid AWS creds.
-        return None
-
     for encoding_header in ["Content-Encoding", "content-encoding"]:
         if encoding_header in headers:
             encoding = headers.pop(encoding_header)
@@ -376,8 +255,7 @@ def vcr_cassette_dir(request: Any) -> str:
 
     for parent in test_file.parents:
         if (
-            parent.name
-            in ("crewai", "crewai-tools", "crewai-files", "cli", "crewai-core")
+            parent.name in ("crewai", "crewai-tools", "crewai-files")
             and parent.parent.name == "lib"
         ):
             package_root = parent
@@ -399,11 +277,6 @@ def vcr_cassette_dir(request: Any) -> str:
     return str(cassette_dir)
 
 
-def pytest_recording_configure(vcr: Any, config: Any) -> None:
-    """Register custom VCR matchers for each test cassette session."""
-    vcr.register_matcher("bedrock_host", bedrock_host_matcher)
-
-
 @pytest.fixture(scope="module")
 def vcr_config(vcr_cassette_dir: str) -> dict[str, Any]:
     """Configure VCR with organized cassette storage."""

docs/ar/api-reference/status.mdx

@@ -0,0 +1,6 @@
+---
+title: "GET /{kickoff_id}/status"
+description: "الحصول على حالة التنفيذ"
+openapi: "/enterprise-api.en.yaml GET /{kickoff_id}/status"
+mode: "wide"
+---