Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions plugins/composio-direct/GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,14 @@ Use `composio-direct` when a user asks Teleton to work with an external app supp

## Required Setup

The plugin requires the Teleton secret `composio_api_key`. It can also be supplied through `COMPOSIO_DIRECT_COMPOSIO_API_KEY`, with `COMPOSIO_API_KEY` kept as a legacy fallback. If the key is missing, stop and ask the operator to configure it before attempting Composio calls.
The plugin requires the Teleton secret `composio_api_key`, using either a Composio project API key or user API key. It can also be supplied through `COMPOSIO_DIRECT_COMPOSIO_API_KEY`, with `COMPOSIO_API_KEY` kept as a legacy fallback. If the key is missing, stop and ask the operator to configure it before attempting Composio calls.

Default runtime settings:

| Setting | Default | Use |
|---|---:|---|
| `base_url` | `https://backend.composio.dev/api/v3.1` | Composio API endpoint |
| `api_key_auth_scheme` | `auto` | API key header mode: `auto`, `project`, or `user` |
| `timeout_ms` | `30000` | Default request timeout |
| `max_parallel_executions` | `10` | Batch execution concurrency |
| `tool_version` | `latest` | Tool execution/schema version |
Expand Down Expand Up @@ -185,7 +186,7 @@ The plugin returns structured results:

For `auth_required`, do not retry blindly. Generate or surface a connection link, wait for user confirmation, then retry. For validation errors, fetch the schema again and correct the parameters. For transient network or 5xx failures, the plugin already retries three times with exponential backoff.

HTTP 401/403 from Composio indicates API key authentication or permission failure, not a missing external app connection. Do not call `composio_auth_link` for those errors; verify the `composio_api_key` project key, its endpoint permissions, and any Composio IP allowlist.
HTTP 401/403 from Composio indicates API key authentication or permission failure, not a missing external app connection. Do not call `composio_auth_link` for those errors; verify the `composio_api_key` key type, `api_key_auth_scheme`, endpoint permissions, and any Composio IP allowlist.

## Security Rules

Expand Down
7 changes: 5 additions & 2 deletions plugins/composio-direct/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Direct integration with **1000+ Composio automation tools** — no MCP transport

## Setup

1. Get your Composio API key at <https://app.composio.dev/settings>
1. Get your Composio project or user API key at <https://app.composio.dev/settings>
2. Set the `composio_api_key` secret in Teleton:

```text
Expand All @@ -27,11 +27,14 @@ Direct integration with **1000+ Composio automation tools** — no MCP transport

For container and CI deployments, Teleton also resolves the secret from `COMPOSIO_DIRECT_COMPOSIO_API_KEY`. The plugin keeps `COMPOSIO_API_KEY` as a direct fallback for older deployments.

By default `api_key_auth_scheme` is `auto`: the plugin sends the key as a project key (`x-api-key`) first and, for endpoints that accept user API keys, retries as `x-user-api-key` on Composio 401/403 responses. Set it to `project` or `user` only when you want to force a specific header.

```yaml
# config.yaml example
plugins:
composio_direct:
base_url: "https://backend.composio.dev/api/v3.1" # optional
api_key_auth_scheme: "auto" # optional (auto/project/user)
timeout_ms: 30000 # optional (default: 30s)
max_parallel_executions: 10 # optional (default: 10)
tool_version: "latest" # optional
Expand Down Expand Up @@ -470,4 +473,4 @@ node --test plugins/composio-direct/test/unit/composio-direct.test.js \
- Added Triggers API coverage through trigger type discovery, active trigger listing, trigger upsert, enable/disable, and delete endpoints.
- Added Webhooks API coverage through event type discovery and webhook subscription CRUD/secret rotation endpoints.
- Meta-tool alignment: `composio_search_tools`, `composio_get_tool_schemas`, `composio_multi_execute`, connection/auth tools, `composio_manage_connections`, `composio_remote_bash`, and `composio_remote_workbench` cover the practical `search_tools`, `get_tool_schemas`, `multi_execute_tool`, `manage_connections`, `remote_bash_tool`, and `remote_workbench` flows for Teleton.
- HTTP 401/403 responses are reported as Composio API key access failures, not as `auth_required` service authorization. Check the project API key permissions and any Composio IP allowlist before retrying.
- HTTP 401/403 responses are reported as Composio API key access failures, not as `auth_required` service authorization. Check the project/user key type, `api_key_auth_scheme`, endpoint permissions, and any Composio IP allowlist before retrying.
Loading
Loading