andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-04 16:52:37 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
Files
856954a3117bef2da2b5e9c7dd5fb9398b79d051
crewAI/pyproject.toml
iris-clawd 3be2fb65dc perf: lazy-load MCP SDK and event types to reduce cold start by ~29% (#5584) 
* perf: defer MCP SDK import by fixing import path in agent/core.py

- Change 'from crewai.mcp import MCPServerConfig' to direct path
  'from crewai.mcp.config import MCPServerConfig' to avoid triggering
  mcp/__init__.py which eagerly loads the full mcp SDK (~300-400ms)
- Move MCPToolResolver import into get_mcp_tools() method body since
  it's only used at runtime, not in type annotations

Saves ~200ms on 'import crewai' cold start.

* perf: lazy-load heavy MCP imports in mcp/__init__.py

MCPClient, MCPToolResolver, BaseTransport, and TransportType now use
__getattr__ lazy loading. These pull in the full mcp SDK (~400ms) but
are only needed at runtime when agents actually connect to MCP servers.

Lightweight config and filter types remain eagerly imported.

* perf: lazy-load all event type modules in events/__init__.py

Previously only agent_events were lazy-loaded; all other event type
modules (crew, flow, knowledge, llm, guardrail, logging, mcp, memory,
reasoning, skill, task, tool_usage) were eagerly imported at package
init time. Since events/__init__.py runs whenever ANY crewai.events.*
submodule is accessed, this loaded ~12 Pydantic model modules
unnecessarily.

Now all event types use the same __getattr__ lazy-loading pattern,
with TYPE_CHECKING imports preserved for IDE/type-checker support.

Saves ~550ms on 'import crewai' cold start.

* chore: remove UNKNOWN.egg-info from version control

* fix: add MCPToolResolver to TYPE_CHECKING imports

Fixes F821 (ruff) and name-defined (mypy) from lazy-loading the
MCP import. The type annotation on _mcp_resolver needs the name
available at type-check time.

* fix: bump lxml to >=5.4.0 for GHSA-vfmq-68hx-4jfw

lxml 5.3.2 has a known vulnerability. Bump to 5.4.0+ which
includes the fix (libxml2 2.13.8). The previous <5.4.0 pin
was for etree import issues that have since been resolved.

* fix: bump exclude-newer to 2026-04-22 for lxml 6.1.0 resolution

lxml 6.1.0 (GHSA fix) was released April 17 but the exclude-newer
date was set to April 17, missing it by timestamp. Bump to April 22.

* perf: add import time benchmark script

scripts/benchmark_import_time.py measures import crewai cold start
in fresh subprocesses. Supports --runs, --json (for CI), and
--threshold (fail if median exceeds N seconds).

The companion GitHub Action workflow needs to be pushed separately
(requires workflow scope).

* new action

* Potential fix for pull request finding 'CodeQL / Workflow does not contain permissions'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: Joao Moura <joaomdmoura@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-04-22 02:17:33 -03:00

211 lines
7.1 KiB
TOML
Raw Blame History

name = "crewai-workspace"
description = "Cutting-edge framework for orchestrating role-playing, autonomous AI agents. By fostering collaborative intelligence, CrewAI empowers agents to work together seamlessly, tackling complex tasks."
readme = "README.md"
requires-python = ">=3.10,<3.14"
authors = [
{ name = "Joao Moura", email = "joao@crewai.com" }
]
[dependency-groups]
dev = [
"ruff==0.15.1",
"mypy==1.19.1",
"pre-commit==4.5.1",
"bandit==1.9.2",
"pytest==9.0.3",
"pytest-asyncio==1.3.0",
"pytest-subprocess==1.5.3",
"vcrpy==7.0.0", # pinned, less versions break pytest-recording
"pytest-recording==0.13.4",
"pytest-randomly==4.0.1",
"pytest-timeout==2.4.0",
"pytest-xdist==3.8.0",
"pytest-split==0.11.0",
"types-requests~=2.31.0.6",
"types-pyyaml==6.0.*",
"types-regex==2026.1.15.*",
"types-appdirs==1.4.*",
"boto3-stubs[bedrock-runtime]==1.42.40",
"types-psycopg2==2.9.21.20251012",
"types-pymysql==1.1.0.20250916",
"types-aiofiles~=25.1.0",
"commitizen>=4.13.9",
"pip-audit==2.9.0",
]
[tool.ruff]
src = ["lib/*"]
extend-exclude = [
"lib/crewai/src/crewai/cli/templates",
"lib/crewai/tests/",
"lib/crewai-tools/tests/",
]
respect-gitignore = true
force-exclude = true
fix = true
target-version = "py310"
[tool.ruff.format]
docstring-code-format = true
[tool.ruff.lint]
future-annotations = true
extend-select = [
"E", # pycodestyle errors (style issues)
"F", # Pyflakes (code errors)
"B", # flake8-bugbear (bug prevention)
"S", # bandit (security issues)
"RUF", # ruff-specific rules
"N", # pep8-naming (naming conventions)
"W", # pycodestyle warnings
"I", # isort (import formatting)
"T", # flake8-print (print statements)
# "D", # pydocstyle (docstring conventions) disabled until
"PERF", # performance issues
"PIE", # flake8-pie (unnecessary code)
"TID", # flake8-tidy-imports (import best practices)
"ASYNC", # async/await best practices
"RET", # flake8-return (return improvements)
"UP006", # use collections.abc
"UP007", # use X | Y for unions
"UP035", # use dict/list instead of typing.Dict/List
"UP037", # remove quotes from type annotations
"UP045", # use X | None instead of Optional[X]
"UP004", # use isinstance instead of type
"UP008", # use super() instead of super(Class, self)
"UP010", # use isinstance for type checks
"UP018", # use str() instead of "string"
"UP031", # use f-strings for .format()
"UP032", # use f-strings for .format() with positional
"I001", # sort imports
"I002", # remove unused imports
]
ignore = ["E501"] # ignore line too long globally
[tool.ruff.lint.flake8-tidy-imports]
ban-relative-imports = "all"
[tool.ruff.lint.flake8-type-checking]
runtime-evaluated-base-classes = ["pydantic.BaseModel"]
[tool.ruff.lint.isort]
no-sections = false
case-sensitive = true
combine-as-imports = true
force-single-line = false
force-sort-within-sections = true
known-first-party = []
section-order = ["future", "standard-library", "third-party", "first-party", "local-folder"]
lines-after-imports = 2
split-on-trailing-comma = true
[tool.ruff.lint.pydocstyle]
convention = "google"
ignore-decorators = ["typing.overload"]
[tool.ruff.lint.per-file-ignores]
"lib/crewai/tests/**/*.py" = ["S101", "RET504", "S105", "S106"] # Allow assert statements, unnecessary assignments, and hardcoded passwords in tests
"lib/crewai-tools/tests/**/*.py" = ["S101", "RET504", "S105", "S106", "RUF012", "N818", "E402", "RUF043", "S110", "B017"] # Allow various test-specific patterns
"lib/crewai-files/tests/**/*.py" = ["S101", "RET504", "S105", "S106", "B017", "F841"] # Allow assert statements and blind exception assertions in tests
"lib/devtools/tests/**/*.py" = ["S101"]
[tool.mypy]
strict = true
disallow_untyped_defs = true
disallow_any_unimported = true
no_implicit_optional = true
check_untyped_defs = true
warn_return_any = true
show_error_codes = true
warn_unused_ignores = true
python_version = "3.12"
exclude = "(?x)(^lib/crewai/src/crewai/cli/templates/|^lib/crewai/tests/|^lib/crewai-tools/tests/|^lib/crewai-files/tests/)"
plugins = ["pydantic.mypy"]
[tool.bandit]
exclude_dirs = ["lib/crewai/src/crewai/cli/templates"]
[tool.pytest.ini_options]
markers = [
"telemetry: mark test as a telemetry test (don't mock telemetry)",
]
testpaths = [
"lib/crewai/tests",
"lib/crewai-tools/tests",
"lib/crewai-files/tests",
]
asyncio_mode = "strict"
asyncio_default_fixture_loop_scope = "function"
addopts = "--tb=short -n auto --timeout=60 --dist=loadfile --max-worker-restart=2 --block-network --import-mode=importlib"
python_files = "test_*.py"
python_classes = "Test*"
python_functions = "test_*"
[tool.commitizen]
name = "cz_customize"
version_provider = "scm"
tag_format = "$version"
allowed_prefixes = ["Merge", "Revert"]
changelog_incremental = true
update_changelog_on_bump = false
[tool.commitizen.customize]
schema = "<type>(<scope>): <description>"
schema_pattern = "^(feat|fix|refactor|perf|test|docs|chore|ci|style|revert)(\\(.+\\))?!?: .{1,72}"
bump_pattern = "^(feat|fix|perf|refactor|revert)"
bump_map = { feat = "MINOR", fix = "PATCH", perf = "PATCH", refactor = "PATCH", revert = "PATCH" }
info = "Commits must follow Conventional Commits 1.0.0."
[tool.uv]
# Pinned to include the security patch releases (authlib 1.6.11,
# langchain-text-splitters 1.1.2) uploaded on 2026-04-16.
exclude-newer = "2026-04-22"
# composio-core pins rich<14 but textual requires rich>=14.
# onnxruntime 1.24+ dropped Python 3.10 wheels; cap it so qdrant[fastembed] resolves on 3.10.
# fastembed 0.7.x and docling 2.63 cap pillow<12; the removed APIs don't affect them.
# langchain-core <1.2.31 has GHSA-926x-3r5x-gfhw and is required by langchain-text-splitters 1.1.2+.
# langchain-text-splitters <1.1.2 has GHSA-fv5p-p927-qmxr (SSRF bypass in split_text_from_url).
# transformers 4.57.6 has CVE-2026-1839; force 5.4+ (docling 2.84 allows huggingface-hub>=1).
# cryptography 46.0.6 has CVE-2026-39892; force 46.0.7+.
# pypdf <6.10.2 has GHSA-4pxv-j86v-mhcw, GHSA-7gw9-cf7v-778f, GHSA-x284-j5p8-9c5p; force 6.10.2+.
# uv <0.11.6 has GHSA-pjjw-68hj-v9mw; force 0.11.6+.
# python-multipart <0.0.26 has GHSA-mj87-hwqh-73pj; force 0.0.26+.
# langsmith <0.7.31 has GHSA-rr7j-v2q5-chgv (streaming token redaction bypass); force 0.7.31+.
# authlib <1.6.11 has GHSA-jj8c-mmj3-mmgv (CSRF bypass in cache-based state storage).
override-dependencies = [
"rich>=13.7.1",
"onnxruntime<1.24; python_version < '3.11'",
"pillow>=12.1.1",
"langchain-core>=1.2.31,<2",
"langchain-text-splitters>=1.1.2,<2",
"urllib3>=2.6.3",
"transformers>=5.4.0; python_version >= '3.10'",
"cryptography>=46.0.7",
"pypdf>=6.10.2,<7",
"uv>=0.11.6,<1",
"python-multipart>=0.0.26,<1",
"langsmith>=0.7.31,<0.8",
"authlib>=1.6.11",
]
[tool.uv.workspace]
members = [
"lib/crewai",
"lib/crewai-tools",
"lib/devtools",
"lib/crewai-files",
]
[tool.uv.sources]
crewai = { workspace = true }
crewai-tools = { workspace = true }
crewai-devtools = { workspace = true }
crewai-files = { workspace = true }
Reference in New Issue View Git Blame Copy Permalink