fix: remove unused pytest import in test_hardcoded_secrets.py

Co-Authored-By: João <joao@crewai.com>

.github/workflows/docs-broken-links.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v4
         with:
-          node-version: "latest"
+          node-version: "22"
 
       - name: Install Mintlify CLI
         run: npm i -g mintlify

docs/ar/changelog.mdx

@@ -4,6 +4,50 @@ description: "تحديثات المنتج والتحسينات وإصلاحات
 icon: "clock"
 mode: "wide"
 ---
+<Update label="27 مارس 2026">
+  ## v1.13.0a1
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.13.0a1)
+
+  ## ما الذي تغير
+
+  ### إصلاحات الأخطاء
+  - إصلاح الروابط المعطلة في سير العمل الوثائقي عن طريق تثبيت Node على LTS 22
+  - مسح ذاكرة التخزين المؤقت لـ uv للحزم المنشورة حديثًا في الإصدار المؤسسي
+
+  ### الوثائق
+  - إضافة مصفوفة شاملة لأذونات RBAC ودليل النشر
+  - تحديث سجل التغييرات والإصدار للإصدار v1.12.2
+
+  ## المساهمون
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura
+
+</Update>
+
+<Update label="25 مارس 2026">
+  ## v1.12.2
+
+  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.12.2)
+
+  ## ما الذي تغير
+
+  ### الميزات
+  - إضافة مرحلة إصدار المؤسسات إلى إصدار أدوات المطورين
+
+  ### إصلاحات الأخطاء
+  - الحفاظ على قيمة إرجاع الطريقة كإخراج تدفق لـ @human_feedback مع emit
+
+  ### الوثائق
+  - تحديث سجل التغييرات والإصدار لـ v1.12.1
+  - مراجعة سياسة الأمان وتعليمات الإبلاغ
+
+  ## المساهمون
+
+  @alex-clawd, @greysonlalonde, @joaomdmoura, @theCyberTech
+
+</Update>
+
 <Update label="25 مارس 2026">
   ## v1.12.1
 

docs/en/changelog.mdx

@@ -4,6 +4,50 @@ description: "Product updates, improvements, and bug fixes for CrewAI"
 icon: "clock"
 mode: "wide"
 ---
+<Update label="Mar 27, 2026">
+  ## v1.13.0a1
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.13.0a1)
+
+  ## What's Changed
+
+  ### Bug Fixes
+  - Fix broken links in documentation workflow by pinning Node to LTS 22
+  - Bust the uv cache for freshly published packages in enterprise release
+
+  ### Documentation
+  - Add comprehensive RBAC permissions matrix and deployment guide
+  - Update changelog and version for v1.12.2
+
+  ## Contributors
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura
+
+</Update>
+
+<Update label="Mar 25, 2026">
+  ## v1.12.2
+
+  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.12.2)
+
+  ## What's Changed
+
+  ### Features
+  - Add enterprise release phase to devtools release
+
+  ### Bug Fixes
+  - Preserve method return value as flow output for @human_feedback with emit
+
+  ### Documentation
+  - Update changelog and version for v1.12.1
+  - Revise security policy and reporting instructions
+
+  ## Contributors
+
+  @alex-clawd, @greysonlalonde, @joaomdmoura, @theCyberTech
+
+</Update>
+
 <Update label="Mar 25, 2026">
   ## v1.12.1
 

docs/en/concepts/files.mdx

@@ -134,29 +134,6 @@ result = flow.kickoff(
 )
 ```
 
-You can also define file types directly in your flow state for structured file handling:
-
-```python
-from pydantic import BaseModel
-from crewai.flow.flow import Flow, start
-from crewai_files import ImageFile, PDFFile
-
-class DocumentState(BaseModel):
-    document: PDFFile
-    cover_image: ImageFile
-    title: str = ""
-
-class DocumentFlow(Flow[DocumentState]):
-    @start()
-    def process(self):
-        content = self.state.document.read()
-        return {"processed": True}
-```
-
-<Note type="info" title="CrewAI Platform Integration">
-When deploying flows to the CrewAI Platform (AMP), file fields in your state automatically render as file upload dropzones in the UI. For API usage, you can pass URL strings directly and Pydantic coerces them to file objects automatically. See [Flows - File Inputs](/en/concepts/flows#file-inputs) for details.
-</Note>
-
 ### With Standalone Agents
 
 Pass files directly to agent kickoff:

docs/en/concepts/flows.mdx

@@ -341,69 +341,6 @@ flow.kickoff()
 
 By providing both unstructured and structured state management options, CrewAI Flows empowers developers to build AI workflows that are both flexible and robust, catering to a wide range of application requirements.
 
-## File Inputs
-
-Flows support file inputs through the `crewai-files` package, enabling you to build workflows that process images, PDFs, and other file types. When you use file types like `ImageFile` or `PDFFile` in your flow state, they integrate seamlessly with both local development and the CrewAI Platform.
-
-<Note type="info" title="Optional Dependency">
-File support requires the optional `crewai-files` package. Install it with:
-
-```bash
-uv add 'crewai[file-processing]'
-```
-</Note>
-
-### Using File Types in Flow State
-
-You can include file types directly in your structured flow state:
-
-```python
-from pydantic import BaseModel
-from crewai.flow.flow import Flow, start
-from crewai_files import ImageFile, PDFFile
-
-class DocumentProcessingState(BaseModel):
-    document: PDFFile        # Renders as file upload in CrewAI Platform
-    cover_image: ImageFile   # Renders as image upload
-    title: str = ""          # Renders as text input
-
-class DocumentFlow(Flow[DocumentProcessingState]):
-    @start()
-    def process_document(self):
-        # Access the file - works with URLs, paths, or uploaded files
-        content = self.state.document.read()
-        # Or pass to an agent with VisionTool, etc.
-        return {"processed": True}
-```
-
-### CrewAI Platform Integration
-
-When you deploy a flow to the CrewAI Platform (AMP), file fields in your state automatically render as file upload dropzones in the UI. This makes it easy to build user-facing applications that accept file uploads without any additional frontend work.
-
-| State Field Type | Platform UI Rendering |
-|:-----------------|:----------------------|
-| `ImageFile` | Image upload dropzone |
-| `PDFFile` | PDF upload dropzone |
-| `AudioFile` | Audio upload dropzone |
-| `VideoFile` | Video upload dropzone |
-| `TextFile` | Text file upload dropzone |
-| `str`, `int`, etc. | Standard form inputs |
-
-### API Usage
-
-When calling your flow via API, you can pass URL strings directly for file fields. Pydantic automatically coerces URLs into the appropriate file type:
-
-```python
-# API request body - URLs are automatically converted to file objects
-{
-    "document": "https://example.com/report.pdf",
-    "cover_image": "https://example.com/cover.png",
-    "title": "Q4 Report"
-}
-```
-
-For more details on file types, sources, and provider support, see the [Files documentation](/en/concepts/files).
-
 ## Flow Persistence
 
 The @persist decorator enables automatic state persistence in CrewAI Flows, allowing you to maintain flow state across restarts or different workflow executions. This decorator can be applied at either the class level or method level, providing flexibility in how you manage state persistence.

docs/en/enterprise/features/rbac.mdx

@@ -7,11 +7,13 @@ mode: "wide"
 
 ## Overview
 
-RBAC in CrewAI AMP enables secure, scalable access management through a combination of organization‑level roles and automation‑level visibility controls.
+RBAC in CrewAI AMP enables secure, scalable access management through two layers:
+
+1. **Feature permissions** — control what each role can do across the platform (manage, read, or no access)
+2. **Entity-level permissions** — fine-grained access on individual automations, environment variables, LLM connections, and Git repositories
 
 <Frame>
   <img src="/images/enterprise/users_and_roles.png" alt="RBAC overview in CrewAI AMP" />
-
 </Frame>
 
 ## Users and Roles
@@ -39,6 +41,13 @@ You can configure users and roles in Settings → Roles.
   </Step>
 </Steps>
 
+### Predefined Roles
+
+| Role       | Description                                                                 |
+| :--------- | :-------------------------------------------------------------------------- |
+| **Owner**  | Full access to all features and settings. Cannot be restricted.             |
+| **Member** | Read access to most features, manage access to Studio projects. Cannot modify organization or default settings. |
+
 ### Configuration summary
 
 | Area                  | Where to configure                 | Options                                 |
@@ -46,23 +55,80 @@ You can configure users and roles in Settings → Roles.
 | Users & Roles         | Settings → Roles                   | Predefined: Owner, Member; Custom roles |
 | Automation visibility | Automation → Settings → Visibility | Private; Whitelist users/roles          |
 
-## Automation‑level Access Control
+---
 
-In addition to organization‑wide roles, CrewAI Automations support fine‑grained visibility settings that let you restrict access to specific automations by user or role.
+## Feature Permissions Matrix
 
-This is useful for:
+Every role has a permission level for each feature area. The three levels are:
+
+- **Manage** — full read/write access (create, edit, delete)
+- **Read** — view-only access
+- **No access** — feature is hidden/inaccessible
+
+| Feature                   | Owner   | Member (default) | Description                                                     |
+| :------------------------ | :------ | :--------------- | :-------------------------------------------------------------- |
+| `usage_dashboards`        | Manage  | Read             | View usage metrics and analytics                                |
+| `crews_dashboards`        | Manage  | Read             | View deployment dashboards, access automation details           |
+| `invitations`             | Manage  | Read             | Invite new members to the organization                          |
+| `training_ui`             | Manage  | Read             | Access training/fine-tuning interfaces                          |
+| `tools`                   | Manage  | Read             | Create and manage tools                                         |
+| `agents`                  | Manage  | Read             | Create and manage agents                                        |
+| `environment_variables`   | Manage  | Read             | Create and manage environment variables                         |
+| `llm_connections`         | Manage  | Read             | Configure LLM provider connections                              |
+| `default_settings`        | Manage  | No access        | Modify organization-wide default settings                       |
+| `organization_settings`   | Manage  | No access        | Manage billing, plans, and organization configuration           |
+| `studio_projects`         | Manage  | Manage           | Create and edit projects in Studio                              |
+
+<Tip>
+  When creating a custom role, you can set each feature independently to **Manage**, **Read**, or **No access** to match your team's needs.
+</Tip>
+
+---
+
+## Deploying from GitHub or Zip
+
+One of the most common RBAC questions is: _"What permissions does a team member need to deploy?"_
+
+### Deploy from GitHub
+
+To deploy an automation from a GitHub repository, a user needs:
+
+1. **`crews_dashboards`**: at least `Read` — required to access the automations dashboard where deployments are created
+2. **Git repository access** (if entity-level RBAC for Git repositories is enabled): the user's role must be granted access to the specific Git repository via entity-level permissions
+3. **`studio_projects`: `Manage`** — if building the crew in Studio before deploying
+
+### Deploy from Zip
+
+To deploy an automation from a Zip file upload, a user needs:
+
+1. **`crews_dashboards`**: at least `Read` — required to access the automations dashboard
+2. **Zip deployments enabled**: the organization must not have disabled zip deployments in organization settings
+
+### Quick Reference: Minimum Permissions for Deployment
+
+| Action               | Required feature permissions          | Additional requirements                          |
+| :------------------- | :------------------------------------ | :----------------------------------------------- |
+| Deploy from GitHub   | `crews_dashboards: Read`              | Git repo entity access (if Git RBAC is enabled)  |
+| Deploy from Zip      | `crews_dashboards: Read`              | Zip deployments must be enabled at the org level |
+| Build in Studio      | `studio_projects: Manage`             | —                                                |
+| Configure LLM keys   | `llm_connections: Manage`             | —                                                |
+| Set environment vars  | `environment_variables: Manage`       | Entity-level access (if entity RBAC is enabled)  |
+
+---
+
+## Automation‑level Access Control (Entity Permissions)
+
+In addition to organization‑wide roles, CrewAI supports fine‑grained entity-level permissions that restrict access to individual resources.
+
+### Automation Visibility
+
+Automations support visibility settings that restrict access by user or role. This is useful for:
 
 - Keeping sensitive or experimental automations private
 - Managing visibility across large teams or external collaborators
 - Testing automations in isolated contexts
 
-Deployments can be configured as private, meaning only whitelisted users and roles will be able to:
-
-- View the deployment
-- Run it or interact with its API
-- Access its logs, metrics, and settings
-
-The organization owner always has access, regardless of visibility settings.
+Deployments can be configured as private, meaning only whitelisted users and roles will be able to interact with them.
 
 You can configure automation‑level access control in Automation → Settings → Visibility tab.
 
@@ -99,9 +165,92 @@ You can configure automation‑level access control in Automation → Settings
 
 <Frame>
   <img src="/images/enterprise/visibility.png" alt="Automation Visibility settings in CrewAI AMP" />
-
 </Frame>
 
+### Deployment Permission Types
+
+When granting entity-level access to a specific automation, you can assign these permission types:
+
+| Permission           | What it allows                                      |
+| :------------------- | :-------------------------------------------------- |
+| `run`                | Execute the automation and use its API               |
+| `traces`             | View execution traces and logs                       |
+| `manage_settings`    | Edit, redeploy, rollback, or delete the automation   |
+| `human_in_the_loop`  | Respond to human-in-the-loop (HITL) requests         |
+| `full_access`        | All of the above                                     |
+
+### Entity-level RBAC for Other Resources
+
+When entity-level RBAC is enabled, access to these resources can also be controlled per user or role:
+
+| Resource               | Controlled by                    | Description                                           |
+| :--------------------- | :------------------------------- | :---------------------------------------------------- |
+| Environment variables  | Entity RBAC feature flag         | Restrict which roles/users can view or manage specific env vars |
+| LLM connections        | Entity RBAC feature flag         | Restrict access to specific LLM provider configurations |
+| Git repositories       | Git repositories RBAC org setting | Restrict which roles/users can access specific connected repos |
+
+---
+
+## Common Role Patterns
+
+While CrewAI ships with Owner and Member roles, most teams benefit from creating custom roles. Here are common patterns:
+
+### Developer Role
+
+A role for team members who build and deploy automations but don't manage organization settings.
+
+| Feature                   | Permission |
+| :------------------------ | :--------- |
+| `usage_dashboards`        | Read       |
+| `crews_dashboards`        | Manage     |
+| `invitations`             | Read       |
+| `training_ui`             | Read       |
+| `tools`                   | Manage     |
+| `agents`                  | Manage     |
+| `environment_variables`   | Manage     |
+| `llm_connections`         | Read       |
+| `default_settings`        | No access  |
+| `organization_settings`   | No access  |
+| `studio_projects`         | Manage     |
+
+### Viewer / Stakeholder Role
+
+A role for non-technical stakeholders who need to monitor automations and view results.
+
+| Feature                   | Permission |
+| :------------------------ | :--------- |
+| `usage_dashboards`        | Read       |
+| `crews_dashboards`        | Read       |
+| `invitations`             | No access  |
+| `training_ui`             | Read       |
+| `tools`                   | Read       |
+| `agents`                  | Read       |
+| `environment_variables`   | No access  |
+| `llm_connections`         | No access  |
+| `default_settings`        | No access  |
+| `organization_settings`   | No access  |
+| `studio_projects`         | Read       |
+
+### Ops / Platform Admin Role
+
+A role for platform operators who manage infrastructure settings but may not build agents.
+
+| Feature                   | Permission |
+| :------------------------ | :--------- |
+| `usage_dashboards`        | Manage     |
+| `crews_dashboards`        | Manage     |
+| `invitations`             | Manage     |
+| `training_ui`             | Read       |
+| `tools`                   | Read       |
+| `agents`                  | Read       |
+| `environment_variables`   | Manage     |
+| `llm_connections`         | Manage     |
+| `default_settings`        | Manage     |
+| `organization_settings`   | Read       |
+| `studio_projects`         | Read       |
+
+---
+
 <Card title="Need Help?" icon="headset" href="mailto:support@crewai.com">
   Contact our support team for assistance with RBAC questions.
 </Card>

docs/ko/changelog.mdx

@@ -4,6 +4,50 @@ description: "CrewAI의 제품 업데이트, 개선 사항 및 버그 수정"
 icon: "clock"
 mode: "wide"
 ---
+<Update label="2026년 3월 27일">
+  ## v1.13.0a1
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.13.0a1)
+
+  ## 변경 사항
+
+  ### 버그 수정
+  - Node를 LTS 22로 고정하여 문서 작업 흐름의 끊어진 링크 수정
+  - 기업 릴리스에서 새로 게시된 패키지의 uv 캐시 초기화
+
+  ### 문서
+  - 포괄적인 RBAC 권한 매트릭스 및 배포 가이드 추가
+  - v1.12.2에 대한 변경 로그 및 버전 업데이트
+
+  ## 기여자
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura
+
+</Update>
+
+<Update label="2026년 3월 25일">
+  ## v1.12.2
+
+  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.12.2)
+
+  ## 변경 사항
+
+  ### 기능
+  - devtools 릴리스에 기업 릴리스 단계 추가
+
+  ### 버그 수정
+  - @human_feedback과 함께 emit을 사용할 때 메서드 반환 값을 흐름 출력으로 유지
+
+  ### 문서
+  - v1.12.1에 대한 변경 로그 및 버전 업데이트
+  - 보안 정책 및 보고 지침 수정
+
+  ## 기여자
+
+  @alex-clawd, @greysonlalonde, @joaomdmoura, @theCyberTech
+
+</Update>
+
 <Update label="2026년 3월 25일">
   ## v1.12.1
 

docs/pt-BR/changelog.mdx

@@ -4,6 +4,50 @@ description: "Atualizações de produto, melhorias e correções do CrewAI"
 icon: "clock"
 mode: "wide"
 ---
+<Update label="27 mar 2026">
+  ## v1.13.0a1
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.13.0a1)
+
+  ## O que Mudou
+
+  ### Correções de Bugs
+  - Corrigir links quebrados no fluxo de documentação fixando o Node na LTS 22
+  - Limpar o cache uv para pacotes recém-publicados na versão empresarial
+
+  ### Documentação
+  - Adicionar uma matriz abrangente de permissões RBAC e guia de implantação
+  - Atualizar o changelog e a versão para v1.12.2
+
+  ## Contributors
+
+  @greysonlalonde, @iris-clawd, @joaomdmoura
+
+</Update>
+
+<Update label="25 mar 2026">
+  ## v1.12.2
+
+  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.12.2)
+
+  ## O que Mudou
+
+  ### Recursos
+  - Adicionar fase de lançamento empresarial ao lançamento do devtools
+
+  ### Correções de Bugs
+  - Preservar o valor de retorno do método como saída de fluxo para @human_feedback com emit
+
+  ### Documentação
+  - Atualizar changelog e versão para v1.12.1
+  - Revisar política de segurança e instruções de relatório
+
+  ## Contributors
+
+  @alex-clawd, @greysonlalonde, @joaomdmoura, @theCyberTech
+
+</Update>
+
 <Update label="25 mar 2026">
   ## v1.12.1
 

lib/crewai-files/src/crewai_files/__init__.py

@@ -152,4 +152,4 @@ __all__ = [
     "wrap_file_source",
 ]
 
-__version__ = "1.12.1"
+__version__ = "1.13.0a1"

lib/crewai-tools/pyproject.toml

@@ -11,7 +11,7 @@ dependencies = [
     "pytube~=15.0.0",
     "requests~=2.32.5",
     "docker~=7.1.0",
-    "crewai==1.12.1",
+    "crewai==1.13.0a1",
     "tiktoken~=0.8.0",
     "beautifulsoup4~=4.13.4",
     "python-docx~=1.2.0",

lib/crewai-tools/src/crewai_tools/__init__.py

@@ -309,4 +309,4 @@ __all__ = [
     "ZapierActionTools",
 ]
 
-__version__ = "1.12.1"
+__version__ = "1.13.0a1"

lib/crewai-tools/src/crewai_tools/tools/invoke_crewai_automation_tool/invoke_crewai_automation_tool.py

@@ -25,7 +25,7 @@ class InvokeCrewAIAutomationTool(BaseTool):
         Basic usage:
         >>> tool = InvokeCrewAIAutomationTool(
         ...     crew_api_url="https://api.example.com",
-        ...     crew_bearer_token="your_token",
+        ...     crew_bearer_token=os.environ["CREWAI_BEARER_TOKEN"],
         ...     crew_name="My Crew",
         ...     crew_description="Description of what the crew does",
         ... )
@@ -39,7 +39,7 @@ class InvokeCrewAIAutomationTool(BaseTool):
         ... }
         >>> tool = InvokeCrewAIAutomationTool(
         ...     crew_api_url="https://api.example.com",
-        ...     crew_bearer_token="your_token",
+        ...     crew_bearer_token=os.environ["CREWAI_BEARER_TOKEN"],
         ...     crew_name="My Crew",
         ...     crew_description="Description of what the crew does",
         ...     crew_inputs=custom_inputs,
@@ -49,7 +49,7 @@ class InvokeCrewAIAutomationTool(BaseTool):
         >>> tools = [
         ...     InvokeCrewAIAutomationTool(
         ...         crew_api_url="https://canary-crew-[...].crewai.com",
-        ...         crew_bearer_token="[Your token: abcdef012345]",
+        ...         crew_bearer_token=os.environ["CREWAI_BEARER_TOKEN"],
         ...         crew_name="State of AI Report",
         ...         crew_description="Retrieves a report on state of AI for a given year.",
         ...         crew_inputs={

lib/crewai-tools/src/crewai_tools/tools/multion_tool/example.py

@@ -4,9 +4,10 @@ from crewai import Agent, Crew, Task
 from multion_tool import MultiOnTool  # type: ignore[import-not-found]
 
 
-os.environ["OPENAI_API_KEY"] = "Your Key"
+if not os.environ.get("OPENAI_API_KEY"):
+    raise ValueError("Please set the OPENAI_API_KEY environment variable")
 
-multion_browse_tool = MultiOnTool(api_key="Your Key")
+multion_browse_tool = MultiOnTool(api_key=os.environ.get("MULTION_API_KEY", ""))
 
 # Create a new agent
 Browser = Agent(

lib/crewai-tools/tool.specs.json

@@ -10317,7 +10317,7 @@
             "type": "object"
           }
         },
-        "description": "A CrewAI tool for invoking external crew/flows APIs.\n\nThis tool provides CrewAI Platform API integration with external crew services, supporting:\n- Dynamic input schema configuration\n- Automatic polling for task completion\n- Bearer token authentication\n- Comprehensive error handling\n\nExample:\n    Basic usage:\n    >>> tool = InvokeCrewAIAutomationTool(\n    ...     crew_api_url=\"https://api.example.com\",\n    ...     crew_bearer_token=\"your_token\",\n    ...     crew_name=\"My Crew\",\n    ...     crew_description=\"Description of what the crew does\",\n    ... )\n\n    With custom inputs:\n    >>> custom_inputs = {\n    ...     \"param1\": Field(..., description=\"Description of param1\"),\n    ...     \"param2\": Field(\n    ...         default=\"default_value\", description=\"Description of param2\"\n    ...     ),\n    ... }\n    >>> tool = InvokeCrewAIAutomationTool(\n    ...     crew_api_url=\"https://api.example.com\",\n    ...     crew_bearer_token=\"your_token\",\n    ...     crew_name=\"My Crew\",\n    ...     crew_description=\"Description of what the crew does\",\n    ...     crew_inputs=custom_inputs,\n    ... )\n\nExample:\n    >>> tools = [\n    ...     InvokeCrewAIAutomationTool(\n    ...         crew_api_url=\"https://canary-crew-[...].crewai.com\",\n    ...         crew_bearer_token=\"[Your token: abcdef012345]\",\n    ...         crew_name=\"State of AI Report\",\n    ...         crew_description=\"Retrieves a report on state of AI for a given year.\",\n    ...         crew_inputs={\n    ...             \"year\": Field(\n    ...                 ..., description=\"Year to retrieve the report for (integer)\"\n    ...             )\n    ...         },\n    ...     )\n    ... ]",
+        "description": "A CrewAI tool for invoking external crew/flows APIs.\n\nThis tool provides CrewAI Platform API integration with external crew services, supporting:\n- Dynamic input schema configuration\n- Automatic polling for task completion\n- Bearer token authentication\n- Comprehensive error handling\n\nExample:\n    Basic usage:\n    >>> tool = InvokeCrewAIAutomationTool(\n    ...     crew_api_url=\"https://api.example.com\",\n    ...     crew_bearer_token=os.environ[\"CREWAI_BEARER_TOKEN\"],\n    ...     crew_name=\"My Crew\",\n    ...     crew_description=\"Description of what the crew does\",\n    ... )\n\n    With custom inputs:\n    >>> custom_inputs = {\n    ...     \"param1\": Field(..., description=\"Description of param1\"),\n    ...     \"param2\": Field(\n    ...         default=\"default_value\", description=\"Description of param2\"\n    ...     ),\n    ... }\n    >>> tool = InvokeCrewAIAutomationTool(\n    ...     crew_api_url=\"https://api.example.com\",\n    ...     crew_bearer_token=os.environ[\"CREWAI_BEARER_TOKEN\"],\n    ...     crew_name=\"My Crew\",\n    ...     crew_description=\"Description of what the crew does\",\n    ...     crew_inputs=custom_inputs,\n    ... )\n\nExample:\n    >>> tools = [\n    ...     InvokeCrewAIAutomationTool(\n    ...         crew_api_url=\"https://canary-crew-[...].crewai.com\",\n    ...         crew_bearer_token=os.environ[\"CREWAI_BEARER_TOKEN\"],\n    ...         crew_name=\"State of AI Report\",\n    ...         crew_description=\"Retrieves a report on state of AI for a given year.\",\n    ...         crew_inputs={\n    ...             \"year\": Field(\n    ...                 ..., description=\"Year to retrieve the report for (integer)\"\n    ...             )\n    ...         },\n    ...     )\n    ... ]",
         "properties": {
           "crew_api_url": {
             "title": "Crew Api Url",

lib/crewai/pyproject.toml

@@ -54,7 +54,7 @@ Repository = "https://github.com/crewAIInc/crewAI"
 
 [project.optional-dependencies]
 tools = [
-    "crewai-tools==1.12.1",
+    "crewai-tools==1.13.0a1",
 ]
 embeddings = [
     "tiktoken~=0.8.0"

lib/crewai/src/crewai/__init__.py

@@ -42,7 +42,7 @@ def _suppress_pydantic_deprecation_warnings() -> None:
 
 _suppress_pydantic_deprecation_warnings()
 
-__version__ = "1.12.1"
+__version__ = "1.13.0a1"
 _telemetry_submitted = False
 
 

lib/crewai/src/crewai/cli/create_flow.py

@@ -28,9 +28,9 @@ def create_flow(name: str) -> None:
     (project_root / "src" / folder_name / "tools").mkdir(parents=True)
     (project_root / "tests").mkdir(exist_ok=True)
 
-    # Create .env file
+    # Create .env file with placeholder
     with open(project_root / ".env", "w") as file:
-        file.write("OPENAI_API_KEY=YOUR_API_KEY")
+        file.write("OPENAI_API_KEY=\n")
 
     package_dir = Path(__file__).parent
     templates_dir = package_dir / "templates" / "flow"

lib/crewai/src/crewai/cli/templates/crew/pyproject.toml

@@ -5,7 +5,7 @@ description = "{{name}} using crewAI"
 authors = [{ name = "Your Name", email = "you@example.com" }]
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.12.1"
+    "crewai[tools]==1.13.0a1"
 ]
 
 [project.scripts]

lib/crewai/src/crewai/cli/templates/flow/pyproject.toml

@@ -5,7 +5,7 @@ description = "{{name}} using crewAI"
 authors = [{ name = "Your Name", email = "you@example.com" }]
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.12.1"
+    "crewai[tools]==1.13.0a1"
 ]
 
 [project.scripts]

lib/crewai/src/crewai/cli/templates/tool/pyproject.toml

@@ -5,7 +5,7 @@ description = "Power up your crews with {{folder_name}}"
 readme = "README.md"
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.12.1"
+    "crewai[tools]==1.13.0a1"
 ]
 
 [tool.crewai]

lib/crewai/src/crewai/flow/flow.py

@@ -883,7 +883,9 @@ class Flow(Generic[T], metaclass=FlowMeta):
         self.human_feedback_history: list[HumanFeedbackResult] = []
         self.last_human_feedback: HumanFeedbackResult | None = None
         self._pending_feedback_context: PendingFeedbackContext | None = None
-        self._human_feedback_method_output: Any = None  # Stashed real output from @human_feedback with emit
+        # Per-method stash for real @human_feedback output (keyed by method name)
+        # Used to decouple routing outcome from method return value when emit is set
+        self._human_feedback_method_outputs: dict[str, Any] = {}
         self.suppress_flow_events: bool = suppress_flow_events
 
         # User input history (for self.ask())
@@ -2295,10 +2297,12 @@ class Flow(Generic[T], metaclass=FlowMeta):
             # For @human_feedback methods with emit, the result is the collapsed outcome
             # (e.g., "approved") used for routing. But we want the actual method output
             # to be the stored result (for final flow output). Replace the last entry
-            # if a stashed output exists.
-            if self._human_feedback_method_output is not None:
-                self._method_outputs[-1] = self._human_feedback_method_output
-                self._human_feedback_method_output = None
+            # if a stashed output exists. Dict-based stash is concurrency-safe and
+            # handles None return values (presence in dict = stashed, not value).
+            if method_name in self._human_feedback_method_outputs:
+                self._method_outputs[-1] = self._human_feedback_method_outputs.pop(
+                    method_name
+                )
 
             self._method_execution_counts[method_name] = (
                 self._method_execution_counts.get(method_name, 0) + 1

lib/crewai/src/crewai/flow/human_feedback.py

@@ -594,8 +594,9 @@ def human_feedback(
                 # Stash the real method output for final flow result when emit is set
                 # (result is the collapsed outcome string for routing, but we want to
                 # preserve the actual method output as the flow's final result)
+                # Uses per-method dict for concurrency safety and to handle None returns
                 if emit:
-                    self._human_feedback_method_output = method_output
+                    self._human_feedback_method_outputs[func.__name__] = method_output
 
                 return result
 
@@ -624,8 +625,9 @@ def human_feedback(
                 # Stash the real method output for final flow result when emit is set
                 # (result is the collapsed outcome string for routing, but we want to
                 # preserve the actual method output as the flow's final result)
+                # Uses per-method dict for concurrency safety and to handle None returns
                 if emit:
-                    self._human_feedback_method_output = method_output
+                    self._human_feedback_method_outputs[func.__name__] = method_output
 
                 return result
 

lib/crewai/src/crewai/llms/providers/openai_compatible/completion.py

@@ -59,21 +59,21 @@ OPENAI_COMPATIBLE_PROVIDERS: dict[str, ProviderConfig] = {
         api_key_env="OLLAMA_API_KEY",
         base_url_env="OLLAMA_HOST",
         api_key_required=False,
-        default_api_key="ollama",
+        default_api_key=os.getenv("OLLAMA_DEFAULT_API_KEY", "ollama"),
     ),
     "ollama_chat": ProviderConfig(
         base_url="http://localhost:11434/v1",
         api_key_env="OLLAMA_API_KEY",
         base_url_env="OLLAMA_HOST",
         api_key_required=False,
-        default_api_key="ollama",
+        default_api_key=os.getenv("OLLAMA_DEFAULT_API_KEY", "ollama"),
     ),
     "hosted_vllm": ProviderConfig(
         base_url="http://localhost:8000/v1",
         api_key_env="VLLM_API_KEY",
         base_url_env="VLLM_BASE_URL",
         api_key_required=False,
-        default_api_key="dummy",
+        default_api_key=os.getenv("VLLM_DEFAULT_API_KEY", "no-key-required"),
     ),
     "cerebras": ProviderConfig(
         base_url="https://api.cerebras.ai/v1",

lib/crewai/src/crewai/rag/embeddings/factory.py

@@ -363,11 +363,11 @@ def build_embedder(spec):  # type: ignore[no-untyped-def]
         # From dictionary specification
         embedder = build_embedder({
             "provider": "openai",
-            "config": {"api_key": "sk-..."}
+            "config": {"api_key": os.environ["OPENAI_API_KEY"]}
         })
 
         # From provider instance
-        provider = OpenAIProvider(api_key="sk-...")
+        provider = OpenAIProvider(api_key=os.environ["OPENAI_API_KEY"])
         embedder = build_embedder(provider)
     """
     if isinstance(spec, BaseEmbeddingsProvider):

lib/crewai/src/crewai/rag/embeddings/providers/google/genai_vertex_embedding.py

@@ -45,9 +45,9 @@ class GoogleGenAIVertexEmbeddingFunction(EmbeddingFunction[Documents]):
             model_name="gemini-embedding-001"
         )
 
-        # Using API key (new SDK only)
+        # Using API key from environment variable (new SDK only)
         embedder = GoogleGenAIVertexEmbeddingFunction(
-            api_key="your-api-key",
+            api_key=os.environ["GOOGLE_API_KEY"],
             model_name="gemini-embedding-001"
         )
     """

lib/crewai/src/crewai/rag/embeddings/providers/google/vertex.py

@@ -49,9 +49,9 @@ class VertexAIProvider(BaseEmbeddingsProvider[GoogleGenAIVertexEmbeddingFunction
             model_name="gemini-embedding-001"
         )
 
-        # New model with API key
+        # New model with API key (from environment variable)
         provider = VertexAIProvider(
-            api_key="your-api-key",
+            api_key=os.environ["GOOGLE_API_KEY"],
             model_name="gemini-embedding-001"
         )
     """

lib/crewai/tests/llms/openai_compatible/test_openai_compatible.py

@@ -79,7 +79,7 @@ class TestProviderRegistry:
         assert config.base_url == "http://localhost:8000/v1"
         assert config.api_key_env == "VLLM_API_KEY"
         assert config.api_key_required is False
-        assert config.default_api_key == "dummy"
+        assert config.default_api_key == "no-key-required"
 
     def test_cerebras_config(self):
         """Test Cerebras provider configuration."""

lib/crewai/tests/security/test_hardcoded_secrets.py

@@ -0,0 +1,184 @@
+"""Tests to detect and prevent hardcoded secrets in the codebase.
+
+These tests scan source files for patterns that look like hardcoded secrets
+(API keys, tokens, passwords) to prevent accidental credential leaks.
+"""
+
+import os
+import re
+import tempfile
+from pathlib import Path
+from unittest.mock import patch
+
+from crewai.cli.create_flow import create_flow
+from crewai.llms.providers.openai_compatible.completion import (
+    OPENAI_COMPATIBLE_PROVIDERS,
+)
+
+# Root of the workspace
+WORKSPACE_ROOT = Path(__file__).resolve().parents[4]
+CREWAI_SRC = WORKSPACE_ROOT / "lib" / "crewai" / "src"
+CREWAI_TOOLS_SRC = WORKSPACE_ROOT / "lib" / "crewai-tools" / "src"
+
+# Patterns that indicate hardcoded secrets in source code (not docs/tests)
+SECRET_PATTERNS = [
+    # Actual API key formats
+    re.compile(r'''["']sk-proj-[a-zA-Z0-9_-]{20,}["']'''),
+    re.compile(r'''["']sk-ant-api[a-zA-Z0-9_-]{20,}["']'''),
+    re.compile(r'''["']ghp_[a-zA-Z0-9]{36}["']'''),
+    re.compile(r'''["']gho_[a-zA-Z0-9]{36}["']'''),
+    re.compile(r'''["']xox[bpas]-[a-zA-Z0-9-]{10,}["']'''),
+    re.compile(r'''["']AKIA[A-Z0-9]{16}["']'''),
+    # os.environ assignment with hardcoded non-empty value
+    re.compile(r'''os\.environ\[["'][A-Z_]*(?:KEY|TOKEN|SECRET|PASSWORD)["']\]\s*=\s*["'][^"']+["']'''),
+]
+
+# Files/directories to skip (tests, docs, examples patterns in docstrings are OK)
+SKIP_DIRS = {
+    "tests",
+    "test",
+    "__pycache__",
+    ".git",
+    "cassettes",
+    "node_modules",
+    ".venv",
+}
+
+
+def _get_python_source_files(root: Path) -> list[Path]:
+    """Get all Python source files, excluding test directories."""
+    files = []
+    for path in root.rglob("*.py"):
+        parts = set(path.parts)
+        if parts & SKIP_DIRS:
+            continue
+        files.append(path)
+    return files
+
+
+class TestNoHardcodedSecrets:
+    """Test that source code does not contain hardcoded secrets."""
+
+    def test_no_real_api_keys_in_source(self):
+        """Verify no real API key patterns exist in source code."""
+        violations = []
+
+        for src_root in [CREWAI_SRC, CREWAI_TOOLS_SRC]:
+            if not src_root.exists():
+                continue
+            for filepath in _get_python_source_files(src_root):
+                content = filepath.read_text(errors="ignore")
+                for pattern in SECRET_PATTERNS:
+                    for match in pattern.finditer(content):
+                        # Get the line number
+                        line_num = content[: match.start()].count("\n") + 1
+                        violations.append(
+                            f"{filepath.relative_to(WORKSPACE_ROOT)}:{line_num}: {match.group()}"
+                        )
+
+        assert not violations, (
+            f"Found {len(violations)} potential hardcoded secret(s):\n"
+            + "\n".join(violations)
+        )
+
+    def test_no_env_assignment_with_hardcoded_keys(self):
+        """Verify no os.environ['KEY'] = 'hardcoded-value' patterns in source (non-test) code."""
+        pattern = re.compile(
+            r'''os\.environ\[["'](\w*(?:KEY|TOKEN|SECRET|PASSWORD)\w*)["']\]\s*=\s*["']([^"']+)["']'''
+        )
+        # Config flags that are not secrets
+        ALLOWED_ENV_ASSIGNMENTS = {
+            "TOKENIZERS_PARALLELISM",
+        }
+
+        violations = []
+        for src_root in [CREWAI_SRC, CREWAI_TOOLS_SRC]:
+            if not src_root.exists():
+                continue
+            for filepath in _get_python_source_files(src_root):
+                content = filepath.read_text(errors="ignore")
+                for match in pattern.finditer(content):
+                    env_var_name = match.group(1)
+                    if env_var_name in ALLOWED_ENV_ASSIGNMENTS:
+                        continue
+                    line_num = content[: match.start()].count("\n") + 1
+                    violations.append(
+                        f"{filepath.relative_to(WORKSPACE_ROOT)}:{line_num}: "
+                        f"os.environ['{match.group(1)}'] = '{match.group(2)}'"
+                    )
+
+        assert not violations, (
+            f"Found {len(violations)} hardcoded environment variable assignment(s):\n"
+            + "\n".join(violations)
+            + "\n\nUse os.environ.get() or read from .env files instead."
+        )
+
+
+class TestCreateFlowEnvFile:
+    """Test that create_flow generates .env files without hardcoded secret values."""
+
+    def test_create_flow_env_file_has_no_hardcoded_api_key(self):
+        """Verify create_flow does not write a hardcoded API key value."""
+        with tempfile.TemporaryDirectory() as temp_dir:
+            original_cwd = os.getcwd()
+            try:
+                os.chdir(temp_dir)
+                create_flow("test_flow")
+
+                env_file = Path(temp_dir) / "test_flow" / ".env"
+                assert env_file.exists(), ".env file should be created"
+
+                content = env_file.read_text()
+                assert "YOUR_API_KEY" not in content, (
+                    ".env should not contain hardcoded placeholder 'YOUR_API_KEY'"
+                )
+                # The key name should be present but without a hardcoded value
+                assert "OPENAI_API_KEY" in content, (
+                    ".env should contain the OPENAI_API_KEY variable name"
+                )
+            finally:
+                os.chdir(original_cwd)
+
+
+class TestProviderDefaultApiKeys:
+    """Test that provider default API keys use environment variable lookups."""
+
+    def test_ollama_default_api_key_from_env(self):
+        """Verify Ollama default API key can be overridden via environment variable."""
+        with patch.dict(os.environ, {"OLLAMA_DEFAULT_API_KEY": "custom-ollama-key"}, clear=False):
+            # Re-import to pick up new env var - but since module-level dict is already
+            # evaluated, we test the env var pattern is used in the config
+            config = OPENAI_COMPATIBLE_PROVIDERS["ollama"]
+            # The default_api_key should be set (either from env or fallback)
+            assert config.default_api_key is not None
+
+    def test_vllm_default_api_key_not_dummy(self):
+        """Verify hosted_vllm default API key is not the literal string 'dummy'."""
+        config = OPENAI_COMPATIBLE_PROVIDERS["hosted_vllm"]
+        assert config.default_api_key != "dummy", (
+            "hosted_vllm should not use 'dummy' as a hardcoded default API key"
+        )
+        assert config.default_api_key is not None
+
+    def test_ollama_default_api_key_fallback(self):
+        """Verify Ollama uses 'ollama' as fallback when env var is not set."""
+        # When OLLAMA_DEFAULT_API_KEY is not set, should fall back to "ollama"
+        env = os.environ.copy()
+        env.pop("OLLAMA_DEFAULT_API_KEY", None)
+        with patch.dict(os.environ, env, clear=True):
+            # The config was already created at module load time, so we check
+            # the current value
+            config = OPENAI_COMPATIBLE_PROVIDERS["ollama"]
+            assert config.default_api_key is not None
+
+    def test_all_providers_have_valid_config(self):
+        """Verify all providers have properly configured API key settings."""
+        for provider_name, config in OPENAI_COMPATIBLE_PROVIDERS.items():
+            assert config.api_key_env, (
+                f"Provider '{provider_name}' must have api_key_env configured"
+            )
+            if not config.api_key_required:
+                assert config.default_api_key is not None, (
+                    f"Provider '{provider_name}' with api_key_required=False "
+                    "must have a default_api_key"
+                )

lib/crewai/tests/test_human_feedback_decorator.py

@@ -726,3 +726,31 @@ class TestHumanFeedbackFinalOutputPreservation:
         # _method_outputs should contain the real output
         assert len(flow._method_outputs) == 1
         assert flow._method_outputs[0] == {"data": "real output"}
+
+    @patch("builtins.input", return_value="looks good")
+    @patch("builtins.print")
+    def test_none_return_value_is_preserved(self, mock_print, mock_input):
+        """A method returning None should preserve None as flow output, not the outcome string."""
+
+        class NoneReturnFlow(Flow):
+            @start()
+            @human_feedback(
+                message="Review:",
+                emit=["approved", "rejected"],
+                llm="gpt-4o-mini",
+            )
+            def process(self):
+                # Method does work but returns None (implicit)
+                pass
+
+        flow = NoneReturnFlow()
+
+        with (
+            patch.object(flow, "_request_human_feedback", return_value=""),
+            patch.object(flow, "_collapse_to_outcome", return_value="approved"),
+        ):
+            result = flow.kickoff()
+
+        # Final output should be None (the method's real return), not "approved"
+        assert result is None, f"Expected None, got {result!r}"
+        assert flow.last_human_feedback.outcome == "approved"

lib/devtools/src/crewai_devtools/__init__.py

@@ -1,3 +1,3 @@
 """CrewAI development tools."""
 
-__version__ = "1.12.1"
+__version__ = "1.13.0a1"

lib/devtools/src/crewai_devtools/cli.py

@@ -156,6 +156,33 @@ def update_version_in_file(file_path: Path, new_version: str) -> bool:
     return False
 
 
+def update_pyproject_version(file_path: Path, new_version: str) -> bool:
+    """Update the [project] version field in a pyproject.toml file.
+
+    Args:
+        file_path: Path to pyproject.toml file.
+        new_version: New version string.
+
+    Returns:
+        True if version was updated, False otherwise.
+    """
+    if not file_path.exists():
+        return False
+
+    content = file_path.read_text()
+    new_content = re.sub(
+        r'^(version\s*=\s*")[^"]+(")',
+        rf"\g<1>{new_version}\2",
+        content,
+        count=1,
+        flags=re.MULTILINE,
+    )
+    if new_content != content:
+        file_path.write_text(new_content)
+        return True
+    return False
+
+
 _DEFAULT_WORKSPACE_PACKAGES: Final[list[str]] = [
     "crewai",
     "crewai-tools",
@@ -1045,10 +1072,84 @@ def _update_enterprise_crewai_dep(pyproject_path: Path, version: str) -> bool:
     return False
 
 
+_DEPLOYMENT_TEST_REPO: Final[str] = "crewAIInc/crew_deployment_test"
+
 _PYPI_POLL_INTERVAL: Final[int] = 15
 _PYPI_POLL_TIMEOUT: Final[int] = 600
 
 
+def _update_deployment_test_repo(version: str, is_prerelease: bool) -> None:
+    """Update the deployment test repo to pin the new crewai version.
+
+    Clones the repo, updates the crewai[tools] pin in pyproject.toml,
+    regenerates the lockfile, commits, and pushes directly to main.
+
+    Args:
+        version: New crewai version string.
+        is_prerelease: Whether this is a pre-release version.
+    """
+    console.print(
+        f"\n[bold cyan]Updating {_DEPLOYMENT_TEST_REPO} to {version}[/bold cyan]"
+    )
+
+    with tempfile.TemporaryDirectory() as tmp:
+        repo_dir = Path(tmp) / "crew_deployment_test"
+        run_command(["gh", "repo", "clone", _DEPLOYMENT_TEST_REPO, str(repo_dir)])
+        console.print(f"[green]✓[/green] Cloned {_DEPLOYMENT_TEST_REPO}")
+
+        pyproject = repo_dir / "pyproject.toml"
+        content = pyproject.read_text()
+        new_content = re.sub(
+            r'"crewai\[tools\]==[^"]+"',
+            f'"crewai[tools]=={version}"',
+            content,
+        )
+        if new_content == content:
+            console.print(
+                "[yellow]Warning:[/yellow] No crewai[tools] pin found to update"
+            )
+            return
+        pyproject.write_text(new_content)
+        console.print(f"[green]✓[/green] Updated crewai[tools] pin to {version}")
+
+        lock_cmd = [
+            "uv",
+            "lock",
+            "--refresh-package",
+            "crewai",
+            "--refresh-package",
+            "crewai-tools",
+        ]
+        if is_prerelease:
+            lock_cmd.append("--prerelease=allow")
+
+        max_retries = 10
+        for attempt in range(1, max_retries + 1):
+            try:
+                run_command(lock_cmd, cwd=repo_dir)
+                break
+            except subprocess.CalledProcessError:
+                if attempt == max_retries:
+                    console.print(
+                        f"[red]Error:[/red] uv lock failed after {max_retries} attempts"
+                    )
+                    raise
+                console.print(
+                    f"[yellow]uv lock failed (attempt {attempt}/{max_retries}),"
+                    f" retrying in {_PYPI_POLL_INTERVAL}s...[/yellow]"
+                )
+                time.sleep(_PYPI_POLL_INTERVAL)
+        console.print("[green]✓[/green] Lockfile updated")
+
+        run_command(["git", "add", "pyproject.toml", "uv.lock"], cwd=repo_dir)
+        run_command(
+            ["git", "commit", "-m", f"chore: bump crewai to {version}"],
+            cwd=repo_dir,
+        )
+        run_command(["git", "push"], cwd=repo_dir)
+        console.print(f"[green]✓[/green] Pushed to {_DEPLOYMENT_TEST_REPO}")
+
+
 def _wait_for_pypi(package: str, version: str) -> None:
     """Poll PyPI until a specific package version is available.
 
@@ -1141,6 +1242,11 @@ def _release_enterprise(version: str, is_prerelease: bool, dry_run: bool) -> Non
 
             pyproject = pkg_dir / "pyproject.toml"
             if pyproject.exists():
+                if update_pyproject_version(pyproject, version):
+                    console.print(
+                        f"[green]✓[/green] Updated version in: "
+                        f"{pyproject.relative_to(repo_dir)}"
+                    )
                 if update_pyproject_dependencies(
                     pyproject, version, extra_packages=list(_ENTERPRISE_EXTRA_PACKAGES)
                 ):
@@ -1159,7 +1265,35 @@ def _release_enterprise(version: str, is_prerelease: bool, dry_run: bool) -> Non
         _wait_for_pypi("crewai", version)
 
         console.print("\nSyncing workspace...")
-        run_command(["uv", "sync"], cwd=repo_dir)
+        sync_cmd = [
+            "uv",
+            "sync",
+            "--refresh-package",
+            "crewai",
+            "--refresh-package",
+            "crewai-tools",
+            "--refresh-package",
+            "crewai-files",
+        ]
+        if is_prerelease:
+            sync_cmd.append("--prerelease=allow")
+
+        max_retries = 10
+        for attempt in range(1, max_retries + 1):
+            try:
+                run_command(sync_cmd, cwd=repo_dir)
+                break
+            except subprocess.CalledProcessError:
+                if attempt == max_retries:
+                    console.print(
+                        f"[red]Error:[/red] uv sync failed after {max_retries} attempts"
+                    )
+                    raise
+                console.print(
+                    f"[yellow]uv sync failed (attempt {attempt}/{max_retries}),"
+                    f" retrying in {_PYPI_POLL_INTERVAL}s...[/yellow]"
+                )
+                time.sleep(_PYPI_POLL_INTERVAL)
         console.print("[green]✓[/green] Workspace synced")
 
         # --- branch, commit, push, PR ---
@@ -1175,7 +1309,7 @@ def _release_enterprise(version: str, is_prerelease: bool, dry_run: bool) -> Non
         run_command(["git", "push", "-u", "origin", branch_name], cwd=repo_dir)
         console.print("[green]✓[/green] Branch pushed")
 
-        run_command(
+        pr_url = run_command(
             [
                 "gh",
                 "pr",
@@ -1192,6 +1326,7 @@ def _release_enterprise(version: str, is_prerelease: bool, dry_run: bool) -> Non
             cwd=repo_dir,
         )
         console.print("[green]✓[/green] Enterprise bump PR created")
+        console.print(f"[cyan]PR URL:[/cyan] {pr_url}")
 
         _poll_pr_until_merged(branch_name, "enterprise bump PR", repo=enterprise_repo)
 
@@ -1558,7 +1693,18 @@ def tag(dry_run: bool, no_edit: bool) -> None:
     is_flag=True,
     help="Skip the enterprise release phase",
 )
-def release(version: str, dry_run: bool, no_edit: bool, skip_enterprise: bool) -> None:
+@click.option(
+    "--skip-to-enterprise",
+    is_flag=True,
+    help="Skip phases 1 & 2, run only the enterprise release phase",
+)
+def release(
+    version: str,
+    dry_run: bool,
+    no_edit: bool,
+    skip_enterprise: bool,
+    skip_to_enterprise: bool,
+) -> None:
     """Full release: bump versions, tag, and publish a GitHub release.
 
     Combines bump and tag into a single workflow. Creates a version bump PR,
@@ -1571,11 +1717,19 @@ def release(version: str, dry_run: bool, no_edit: bool, skip_enterprise: bool) -
         dry_run: Show what would be done without making changes.
         no_edit: Skip editing release notes.
         skip_enterprise: Skip the enterprise release phase.
+        skip_to_enterprise: Skip phases 1 & 2, run only the enterprise release phase.
     """
     try:
         check_gh_installed()
 
-        if not skip_enterprise:
+        if skip_enterprise and skip_to_enterprise:
+            console.print(
+                "[red]Error:[/red] Cannot use both --skip-enterprise "
+                "and --skip-to-enterprise"
+            )
+            sys.exit(1)
+
+        if not skip_enterprise or skip_to_enterprise:
             missing: list[str] = []
             if not _ENTERPRISE_REPO:
                 missing.append("ENTERPRISE_REPO")
@@ -1594,6 +1748,15 @@ def release(version: str, dry_run: bool, no_edit: bool, skip_enterprise: bool) -
         cwd = Path.cwd()
         lib_dir = cwd / "lib"
 
+        is_prerelease = _is_prerelease(version)
+
+        if skip_to_enterprise:
+            _release_enterprise(version, is_prerelease, dry_run)
+            console.print(
+                f"\n[green]✓[/green] Enterprise release [bold]{version}[/bold] complete!"
+            )
+            return
+
         if not dry_run:
             console.print("Checking git status...")
             check_git_clean()
@@ -1687,7 +1850,8 @@ def release(version: str, dry_run: bool, no_edit: bool, skip_enterprise: bool) -
 
         if not dry_run:
             _create_tag_and_release(tag_name, release_notes, is_prerelease)
-            _trigger_pypi_publish(tag_name, wait=not skip_enterprise)
+            _trigger_pypi_publish(tag_name, wait=True)
+            _update_deployment_test_repo(version, is_prerelease)
 
         if not skip_enterprise:
             _release_enterprise(version, is_prerelease, dry_run)