mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-04-11 05:22:41 +00:00
52c4e4a309
Add an optional allowed_commands parameter to StdioTransport that validates the command basename against an allowlist before spawning a subprocess. This provides defense-in-depth against configuration- driven command injection as MCP server discovery becomes more dynamic. - DEFAULT_ALLOWED_COMMANDS includes common runtimes: python, python3, node, npx, uvx, uv, deno, docker - Validation checks os.path.basename(command) for cross-platform support - Users can extend the allowlist, pass a custom set, or set allowed_commands=None to disable the check entirely - No breaking change: all currently documented MCP server examples use commands in the default allowlist - MCPServerStdio config model updated with allowed_commands field - tool_resolver passes allowed_commands through to StdioTransport Closes #5080