Fix import sorting in test file according to ruff standards

Co-Authored-By: Joe Moura <joao@crewai.com>
Fix import sorting in test file
2026-04-25 04:13:03 +00:00 · 2025-05-10 16:57:30 +00:00 · 2025-05-10 16:54:41 +00:00 · 2025-05-10 16:50:59 +00:00 · 2025-05-08 13:25:10 -04:00 · 2025-05-08 13:00:03 -04:00
12 changed files with 181 additions and 41 deletions
--- a/.github/security.md
+++ b/.github/security.md
@@ -1,19 +1,27 @@
-CrewAI takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organization.
-If you believe you have found a security vulnerability in any CrewAI product or service, please report it to us as described below.
+## CrewAI Security Vulnerability Reporting Policy

- ## Reporting a Vulnerability
- Please do not report security vulnerabilities through public GitHub issues.
- To report a vulnerability, please email us at security@crewai.com.
- Please include the requested information listed below so that we can triage your report more quickly
+CrewAI prioritizes the security of our software products, services, and GitHub repositories. To promptly address vulnerabilities, follow these steps for reporting security issues:

- - Type of issue (e.g. SQL injection, cross-site scripting, etc.)
- - Full paths of source file(s) related to the manifestation of the issue
- - The location of the affected source code (tag/branch/commit or direct URL)
- - Any special configuration required to reproduce the issue
- - Step-by-step instructions to reproduce the issue (please include screenshots if needed)
- - Proof-of-concept or exploit code (if possible)
- - Impact of the issue, including how an attacker might exploit the issue
+### Reporting Process
+Do **not** report vulnerabilities via public GitHub issues.

- Once we have received your report, we will respond to you at the email address you provide. If the issue is confirmed, we will release a patch as soon as possible depending on the complexity of the issue.
+Email all vulnerability reports directly to:  
+**security@crewai.com**

- At this time, we are not offering a bug bounty program. Any rewards will be at our discretion.
+### Required Information
+To help us quickly validate and remediate the issue, your report must include:
+
+- **Vulnerability Type:** Clearly state the vulnerability type (e.g., SQL injection, XSS, privilege escalation).
+- **Affected Source Code:** Provide full file paths and direct URLs (branch, tag, or commit).
+- **Reproduction Steps:** Include detailed, step-by-step instructions. Screenshots are recommended.
+- **Special Configuration:** Document any special settings or configurations required to reproduce.
+- **Proof-of-Concept (PoC):** Provide exploit or PoC code (if available).
+- **Impact Assessment:** Clearly explain the severity and potential exploitation scenarios.
+
+### Our Response
+- We will acknowledge receipt of your report promptly via your provided email.
+- Confirmed vulnerabilities will receive priority remediation based on severity.
+- Patches will be released as swiftly as possible following verification.
+
+### Reward Notice
+Currently, we do not offer a bug bounty program. Rewards, if issued, are discretionary.
--- a/docs/concepts/llms.mdx
+++ b/docs/concepts/llms.mdx
@@ -169,19 +169,55 @@ In this section, you'll find detailed examples that help you select, configure,
    ```
  </Accordion>

-  <Accordion title="Google">
-    Set the following environment variables in your `.env` file:
+  <Accordion title="Google (Gemini API)">
+    Set your API key in your `.env` file. If you need a key, or need to find an
+    existing key, check [AI Studio](https://aistudio.google.com/apikey).

-    ```toml Code
-    # Option 1: Gemini accessed with an API key.
+    ```toml .env
    # https://ai.google.dev/gemini-api/docs/api-key
    GEMINI_API_KEY=<your-api-key>
-
-    # Option 2: Vertex AI IAM credentials for Gemini, Anthropic, and Model Garden.
-    # https://cloud.google.com/vertex-ai/generative-ai/docs/overview
    ```

-    Get credentials from your Google Cloud Console and save it to a JSON file with the following code:
+    Example usage in your CrewAI project:
+    ```python Code
+    from crewai import LLM
+
+    llm = LLM(
+        model="gemini/gemini-2.0-flash",
+        temperature=0.7,
+    )
+    ```
+
+    ### Gemini models
+
+    Google offers a range of powerful models optimized for different use cases.
+
+    | Model                          | Context Window | Best For                                                          |
+    |--------------------------------|----------------|-------------------------------------------------------------------|
+    | gemini-2.5-flash-preview-04-17 | 1M tokens      | Adaptive thinking, cost efficiency                                |
+    | gemini-2.5-pro-preview-05-06   | 1M tokens      | Enhanced thinking and reasoning, multimodal understanding, advanced coding, and more |
+    | gemini-2.0-flash               | 1M tokens      | Next generation features, speed, thinking, and realtime streaming |
+    | gemini-2.0-flash-lite          | 1M tokens      | Cost efficiency and low latency                                   |
+    | gemini-1.5-flash               | 1M tokens      | Balanced multimodal model, good for most tasks                    |
+    | gemini-1.5-flash-8B            | 1M tokens      | Fastest, most cost-efficient, good for high-frequency tasks       |
+    | gemini-1.5-pro                 | 2M tokens      | Best performing, wide variety of reasoning tasks including logical reasoning, coding, and creative collaboration |
+
+    The full list of models is available in the [Gemini model docs](https://ai.google.dev/gemini-api/docs/models).
+
+    ### Gemma
+
+    The Gemini API also allows you to use your API key to access [Gemma models](https://ai.google.dev/gemma/docs) hosted on Google infrastructure.
+
+    | Model          | Context Window |
+    |----------------|----------------|
+    | gemma-3-1b-it  | 32k tokens     |
+    | gemma-3-4b-it  | 32k tokens     |
+    | gemma-3-12b-it | 32k tokens     |
+    | gemma-3-27b-it | 128k tokens    |
+
+  </Accordion>
+  <Accordion title="Google (Vertex AI)">
+    Get credentials from your Google Cloud Console and save it to a JSON file, then load it with the following code:
    ```python Code
    import json

@@ -205,14 +241,18 @@ In this section, you'll find detailed examples that help you select, configure,
        vertex_credentials=vertex_credentials_json
    )
    ```
+
    Google offers a range of powerful models optimized for different use cases:

-    | Model                  | Context Window | Best For                                                          |
-    |-----------------------|----------------|------------------------------------------------------------------|
-    | gemini-2.0-flash-exp  | 1M tokens      | Higher quality at faster speed, multimodal model, good for most tasks |
-    | gemini-1.5-flash      | 1M tokens      | Balanced multimodal model, good for most tasks                    |
-    | gemini-1.5-flash-8B   | 1M tokens      | Fastest, most cost-efficient, good for high-frequency tasks       |
-    | gemini-1.5-pro        | 2M tokens      | Best performing, wide variety of reasoning tasks including logical reasoning, coding, and creative collaboration |
+    | Model                          | Context Window | Best For                                                          |
+    |--------------------------------|----------------|-------------------------------------------------------------------|
+    | gemini-2.5-flash-preview-04-17 | 1M tokens      | Adaptive thinking, cost efficiency                                |
+    | gemini-2.5-pro-preview-05-06   | 1M tokens      | Enhanced thinking and reasoning, multimodal understanding, advanced coding, and more |
+    | gemini-2.0-flash               | 1M tokens      | Next generation features, speed, thinking, and realtime streaming |
+    | gemini-2.0-flash-lite          | 1M tokens      | Cost efficiency and low latency                                   |
+    | gemini-1.5-flash               | 1M tokens      | Balanced multimodal model, good for most tasks                    |
+    | gemini-1.5-flash-8B            | 1M tokens      | Fastest, most cost-efficient, good for high-frequency tasks       |
+    | gemini-1.5-pro                 | 2M tokens      | Best performing, wide variety of reasoning tasks including logical reasoning, coding, and creative collaboration |
  </Accordion>

  <Accordion title="Azure">
--- a/docs/how-to/arize-phoenix-observability.mdx
+++ b/docs/how-to/arize-phoenix-observability.mdx
@@ -68,7 +68,13 @@ We'll create a CrewAI application where two agents collaborate to research and w
 ```python
 from crewai import Agent, Crew, Process, Task
 from crewai_tools import SerperDevTool
+from openinference.instrumentation.crewai import CrewAIInstrumentor
+from phoenix.otel import register

+# setup monitoring for your crew
+tracer_provider = register(
+    endpoint="http://localhost:6006/v1/traces")
+CrewAIInstrumentor().instrument(skip_dep_check=True, tracer_provider=tracer_provider)
 search_tool = SerperDevTool()

 # Define your agents with roles and goals
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "crewai"
-version = "0.118.0"
+version = "0.119.0"
 description = "Cutting-edge framework for orchestrating role-playing, autonomous AI agents. By fostering collaborative intelligence, CrewAI empowers agents to work together seamlessly, tackling complex tasks."
 readme = "README.md"
 requires-python = ">=3.10,<3.13"
@@ -45,7 +45,7 @@ Documentation = "https://docs.crewai.com"
 Repository = "https://github.com/crewAIInc/crewAI"

 [project.optional-dependencies]
-tools = ["crewai-tools~=0.42.2"]
+tools = ["crewai-tools~=0.44.0"]
 embeddings = [
    "tiktoken~=0.7.0"
 ]
--- a/src/crewai/init.py
+++ b/src/crewai/init.py
@@ -17,7 +17,7 @@ warnings.filterwarnings(
    category=UserWarning,
    module="pydantic.main",
 )
-__version__ = "0.118.0"
+__version__ = "0.119.0"
 __all__ = [
    "Agent",
    "Crew",
--- a/src/crewai/agent.py
+++ b/src/crewai/agent.py
@@ -173,6 +173,7 @@ class Agent(BaseAgent):
                        collection_name=self.role,
                        storage=self.knowledge_storage or None,
                    )
+                    self.knowledge.add_sources()
        except (TypeError, ValueError) as e:
            raise ValueError(f"Invalid Knowledge Configuration: {str(e)}")

@@ -316,6 +317,45 @@ class Agent(BaseAgent):
                        error=str(e),
                    ),
                )
+        elif self.crew and hasattr(self.crew, "knowledge") and self.crew.knowledge:
+            crewai_event_bus.emit(
+                self,
+                event=KnowledgeRetrievalStartedEvent(
+                    agent=self,
+                ),
+            )
+            try:
+                self.knowledge_search_query = self._get_knowledge_search_query(
+                    task_prompt
+                )
+                if self.knowledge_search_query:
+                    knowledge_snippets = self.crew.query_knowledge(
+                        [self.knowledge_search_query], **knowledge_config
+                    )
+                    if knowledge_snippets:
+                        self.crew_knowledge_context = extract_knowledge_context(
+                            knowledge_snippets
+                        )
+                        if self.crew_knowledge_context:
+                            task_prompt += self.crew_knowledge_context
+
+                    crewai_event_bus.emit(
+                        self,
+                        event=KnowledgeRetrievalCompletedEvent(
+                            query=self.knowledge_search_query,
+                            agent=self,
+                            retrieved_knowledge=self.crew_knowledge_context or "",
+                        ),
+                    )
+            except Exception as e:
+                crewai_event_bus.emit(
+                    self,
+                    event=KnowledgeSearchQueryFailedEvent(
+                        query=self.knowledge_search_query or "",
+                        agent=self,
+                        error=str(e),
+                    ),
+                )

        tools = tools or self.tools or []
        self.create_agent_executor(tools=tools, task=task)
--- a/src/crewai/cli/constants.py
+++ b/src/crewai/cli/constants.py
@@ -13,7 +13,7 @@ ENV_VARS = {
    ],
    "gemini": [
        {
-            "prompt": "Enter your GEMINI API key (press Enter to skip)",
+            "prompt": "Enter your GEMINI API key from https://ai.dev/apikey (press Enter to skip)",
            "key_name": "GEMINI_API_KEY",
        }
    ],
--- a/src/crewai/cli/templates/crew/pyproject.toml
+++ b/src/crewai/cli/templates/crew/pyproject.toml
@@ -5,7 +5,7 @@ description = "{{name}} using crewAI"
 authors = [{ name = "Your Name", email = "you@example.com" }]
 requires-python = ">=3.10,<3.13"
 dependencies = [
-    "crewai[tools]>=0.118.0,<1.0.0"
+    "crewai[tools]>=0.119.0,<1.0.0"
 ]

 [project.scripts]
--- a/src/crewai/cli/templates/flow/pyproject.toml
+++ b/src/crewai/cli/templates/flow/pyproject.toml
@@ -5,7 +5,7 @@ description = "{{name}} using crewAI"
 authors = [{ name = "Your Name", email = "you@example.com" }]
 requires-python = ">=3.10,<3.13"
 dependencies = [
-    "crewai[tools]>=0.118.0,<1.0.0",
+    "crewai[tools]>=0.119.0,<1.0.0",
 ]

 [project.scripts]
--- a/src/crewai/cli/templates/tool/pyproject.toml
+++ b/src/crewai/cli/templates/tool/pyproject.toml
@@ -5,7 +5,7 @@ description = "Power up your crews with {{folder_name}}"
 readme = "README.md"
 requires-python = ">=3.10,<3.13"
 dependencies = [
-    "crewai[tools]>=0.118.0"
+    "crewai[tools]>=0.119.0"
 ]

 [tool.crewai]
--- a/tests/test_agent_without_knowledge_uses_crew_knowledge.py
+++ b/tests/test_agent_without_knowledge_uses_crew_knowledge.py
@@ -0,0 +1,46 @@
+from unittest.mock import MagicMock, patch
+
+import pytest
+
+from crewai import LLM, Agent, Crew, Process, Task
+from crewai.knowledge.knowledge import Knowledge
+from crewai.knowledge.source.string_knowledge_source import StringKnowledgeSource
+
+
+def test_agent_without_knowledge_uses_crew_knowledge():
+    """Test that an agent without knowledge sources can use crew knowledge sources."""
+    content = "John is 30 years old and lives in San Francisco."
+    string_source = StringKnowledgeSource(content=content)
+
+    agent = Agent(
+        role="Information Agent",
+        goal="Provide information based on knowledge sources",
+        backstory="You have access to specific knowledge sources.",
+        llm=LLM(model="gpt-4o-mini"),
+    )
+
+    task = Task(
+        description="How old is John and where does he live?",
+        expected_output="John's age and location.",
+        agent=agent,
+    )
+
+    with patch('crewai.knowledge.knowledge.Knowledge.query', return_value=[{"context": content}]) as mock_query:
+        crew = Crew(
+            agents=[agent],
+            tasks=[task],
+            process=Process.sequential,
+            knowledge_sources=[string_source],
+        )
+        
+        agent.crew = crew
+        
+        with patch.object(Agent, '_get_knowledge_search_query', return_value="test query"):
+            with patch.object(Agent, '_execute_without_timeout', return_value="John is 30 years old and lives in San Francisco."):
+                result = agent.execute_task(task)
+                
+                assert mock_query.called
+                
+                assert hasattr(agent, 'crew_knowledge_context')
+                
+                assert "John" in result
--- a/uv.lock
+++ b/uv.lock
@@ -738,7 +738,7 @@ wheels = [

 [[package]]
 name = "crewai"
-version = "0.118.0"
+version = "0.119.0"
 source = { editable = "." }
 dependencies = [
    { name = "appdirs" },
@@ -828,7 +828,7 @@ requires-dist = [
    { name = "blinker", specifier = ">=1.9.0" },
    { name = "chromadb", specifier = ">=0.5.23" },
    { name = "click", specifier = ">=8.1.7" },
-    { name = "crewai-tools", marker = "extra == 'tools'", specifier = "~=0.42.2" },
+    { name = "crewai-tools", marker = "extra == 'tools'", specifier = "~=0.44.0" },
    { name = "docling", marker = "extra == 'docling'", specifier = ">=2.12.0" },
    { name = "fastembed", marker = "extra == 'fastembed'", specifier = ">=0.4.1" },
    { name = "instructor", specifier = ">=1.3.3" },
@@ -879,7 +879,7 @@ dev = [

 [[package]]
 name = "crewai-tools"
-version = "0.42.2"
+version = "0.44.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "chromadb" },
@@ -894,9 +894,9 @@ dependencies = [
    { name = "pytube" },
    { name = "requests" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/17/34/9e63e2db53d8f5c30353f271a3240687a48e55204bbd176a057c0b7658c8/crewai_tools-0.42.2.tar.gz", hash = "sha256:69365ffb168cccfea970e09b308905aa5007cfec60024d731ffac1362a0153c0", size = 754967 }
+sdist = { url = "https://files.pythonhosted.org/packages/b8/1f/2977dc72628c1225bf5788ae22a65e5a53df384d19b197646d2c4760684e/crewai_tools-0.44.0.tar.gz", hash = "sha256:44e0c26079396503a326efdd9ff34bf369d410cbf95c362cc523db65b18f3c3a", size = 892004 }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/4e/43/0f70b95350084e5cb1e1d74e9acb9e18a89ba675b1d579c787c2662baba7/crewai_tools-0.42.2-py3-none-any.whl", hash = "sha256:13727fb68f0efefd21edeb281be3d66ff2f5a3b5029d4e6adef388b11fd5846a", size = 583933 },
+    { url = "https://files.pythonhosted.org/packages/ba/80/b91aa837d06edbb472445ea3c92d7619518894fd3049d480e5fffbf0c21b/crewai_tools-0.44.0-py3-none-any.whl", hash = "sha256:119e2365fe66ee16e18a5e8e222994b19f76bafcc8c1bb87f61609c1e39b2463", size = 583462 },
 ]

 [[package]]
Author	SHA1	Message	Date
Devin AI	789d5f985c	Fix import sorting in test file according to ruff standards Co-Authored-By: Joe Moura <joao@crewai.com>	2025-05-10 16:57:30 +00:00
Devin AI	5deea31ebd	Fix import sorting in test file Co-Authored-By: Joe Moura <joao@crewai.com>	2025-05-10 16:54:41 +00:00
Devin AI	c8ca9d7747	Fix knowledge sources not being added to agents and crews Co-Authored-By: Joe Moura <joao@crewai.com>	2025-05-10 16:50:59 +00:00
Orce MARINKOVSKI	cb1a98cabf	Update arize-phoenix-observability.mdx (#2595 ) Some checks failed Notify Downstream / notify-downstream (push) Has been cancelled Details Mark stale issues and pull requests / stale (push) Has been cancelled Details missing code to kickoff the monitoring for the crew Co-authored-by: Lorenze Jay <63378463+lorenzejay@users.noreply.github.com> Co-authored-by: Tony Kipkemboi <iamtonykipkemboi@gmail.com>	2025-05-08 13:25:10 -04:00
Mark McDonald	369e6d109c	Adds link to AI Studio when entering Gemini key (#2780 ) I used ai.dev as the alternate URL as it takes up less space but if this is likely to confuse users we can use the long form. Co-authored-by: Tony Kipkemboi <iamtonykipkemboi@gmail.com>	2025-05-08 13:00:03 -04:00
Mark McDonald	2c011631f9	Clean up the Google setup section (#2785 ) The Gemini & Vertex sections were conflated and a little hard to distingush, so I have put them in separate sections. Also added the latest 2.5 and 2.0 flash-lite models, and added a note that Gemma models work too. Co-authored-by: Tony Kipkemboi <iamtonykipkemboi@gmail.com>	2025-05-08 12:24:38 -04:00
Rip&Tear	d3fc2b4477	Update security.md (#2779 ) update policy for better readability	2025-05-08 09:00:41 -04:00
Lorenze Jay	516d45deaa	chore: bump version to 0.119.0 and update dependencies (#2778 ) Some checks failed Notify Downstream / notify-downstream (push) Has been cancelled Details Mark stale issues and pull requests / stale (push) Has been cancelled Details This commit updates the project version to 0.119.0 and modifies the required version of the `crewai-tools` dependency to 0.44.0 across various configuration files. Additionally, the version number is reflected in the `__init__.py` file and the CLI templates for crew, flow, and tool projects.	2025-05-07 17:29:41 -07:00
Lorenze Jay	7ad51d9d05	feat: implement knowledge retrieval events in Agent (#2727 ) Some checks failed Notify Downstream / notify-downstream (push) Has been cancelled Details * feat: implement knowledge retrieval events in Agent This commit introduces a series of knowledge retrieval events in the Agent class, enhancing its ability to handle knowledge queries. New events include KnowledgeRetrievalStartedEvent, KnowledgeRetrievalCompletedEvent, KnowledgeQueryGeneratedEvent, KnowledgeQueryFailedEvent, and KnowledgeSearchQueryCompletedEvent. The Agent now emits these events during knowledge retrieval processes, allowing for better tracking and handling of knowledge queries. Additionally, the console formatter has been updated to handle these new events, providing visual feedback during knowledge retrieval operations. * refactor: update knowledge query handling in Agent This commit refines the knowledge query processing in the Agent class by renaming variables for clarity and optimizing the query rewriting logic. The system prompt has been updated in the translation file to enhance clarity and context for the query rewriting process. These changes aim to improve the overall readability and maintainability of the code. * fix: add missing newline at end of en.json file * fix broken tests * refactor: rename knowledge query events and enhance retrieval handling This commit renames the KnowledgeQueryGeneratedEvent to KnowledgeQueryStartedEvent to better reflect its purpose. It also updates the event handling in the EventListener and ConsoleFormatter classes to accommodate the new event structure. Additionally, the retrieval knowledge is now included in the KnowledgeRetrievalCompletedEvent, improving the overall knowledge retrieval process. * docs for transparancy * refactor: improve error handling in knowledge query processing This commit refactors the knowledge query handling in the Agent class by changing the order of checks for LLM compatibility. It now logs a warning and emits a failure event if the LLM is not an instance of BaseLLM before attempting to call the LLM. Additionally, the task_prompt attribute has been removed from the KnowledgeQueryFailedEvent, simplifying the event structure. * test: add unit test for knowledge search query and VCR cassette This commit introduces a new test, `test_get_knowledge_search_query`, to verify that the `_get_knowledge_search_query` method in the Agent class correctly interacts with the LLM using the appropriate prompts. Additionally, a VCR cassette is added to record the interactions with the OpenAI API for this test, ensuring consistent and reliable test results.	2025-05-07 11:55:42 -07:00