Files
crewAI/lib/crewai/tests
Iris Clawd 52c4e4a309 feat: add command allowlist validation for MCP stdio transport
Add an optional allowed_commands parameter to StdioTransport that
validates the command basename against an allowlist before spawning
a subprocess. This provides defense-in-depth against configuration-
driven command injection as MCP server discovery becomes more dynamic.

- DEFAULT_ALLOWED_COMMANDS includes common runtimes: python, python3,
  node, npx, uvx, uv, deno, docker
- Validation checks os.path.basename(command) for cross-platform support
- Users can extend the allowlist, pass a custom set, or set
  allowed_commands=None to disable the check entirely
- No breaking change: all currently documented MCP server examples use
  commands in the default allowlist
- MCPServerStdio config model updated with allowed_commands field
- tool_resolver passes allowed_commands through to StdioTransport

Closes #5080
2026-04-02 13:13:43 -07:00
..
2025-10-20 14:10:19 -07:00
2025-12-04 16:53:19 -05:00
2025-10-20 14:10:19 -07:00
2026-03-24 19:03:35 +08:00
2026-02-13 21:34:37 -03:00
2025-12-04 13:34:29 -08:00
2025-10-20 14:10:19 -07:00
2025-12-01 18:56:56 -05:00
2025-10-20 14:10:19 -07:00
2025-10-20 14:10:19 -07:00