Changelog

Removal of label query parameter from connected accounts API

The label query parameter has been removed from the GET /api/v3/connected_accounts endpoint.

What’s changing?

The label query parameter is no longer supported when listing connected accounts. This parameter was previously accepted but had no functional behavior since label ingestion was removed in an earlier update.

Impact

None - This is a cleanup change. The label query parameter was not performing any filtering since the underlying label ingestion functionality was already removed. If your code was passing this parameter, it was being silently ignored.

Migration

No action required. If your code was passing the label query parameter, you can safely remove it from your API calls.

Enhanced Security Masking for Sensitive Fields

We’ve improved the security masking for REDACTED fields in the following APIs:

• Get Connected Account
• List Connected Accounts

What’s Changed: Sensitive fields are now partially masked, revealing only the first 4 characters to help with debugging while maintaining security.

Example:

Before: REDACTED
After:  abcd...

Disabling Masking

If you need to disable masking for your use case, you have two options:

1. Via UI: Navigate to Project Settings → Configuration tab and update the masking settings
2. Via API: Use the Patch Project Config API

Typed Responses Across Toolkits

We’ve updated many toolkits so their outputs are now strongly typed objects instead of a generic response_data blob, meaning tools like Outlook, HubSpot, Notion, etc. now return well-shaped, documented fields you can rely on directly in your code and agents. These improvements apply to the latest toolkit versions—see our toolkit versioning docs for how versions are managed.

Why This Matters

• Better developer experience for direct execute: clear fields and types
• Improved agent performance: flatter output shapes with explicit fields reduce nesting and invalid params
• Clearer docs and type safety: richer metadata for IDEs and autocomplete

Before vs After

Previous (generic, version 20251202_00):

1
{
2
  "data": {
3
    "response_data": { "...": "..." }
4
  },
5
  "successful": true
6
}

Now (typed example – Outlook List Messages, version 20251209_00):

1
{
2
  "data": {
3
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('me')/messages",
4
    "@odata.nextLink": "https://graph.microsoft.com/v1.0/me/messages?$skip=10",
5
    "value": [
6
      {
7
        "id": "abc123",
8
        "subject": "Hi there",
9
        "from": { "emailAddress": { "address": "a@b.com", "name": "Alice" } },
10
        "hasAttachments": true
11
      }
12
    ]
13
  },
14
  "successful": true
15
}

For the exact field mapping per toolkit, open platform.composio.dev → Toolkits → List Messages (or the relevant tool).

Migration Notes

• Breaking change for consumers on the latest version who post-process the old nested response_data shape: outputs are now flattened and explicitly typed.
• New and modified fields include richer descriptions and examples; some legacy placeholders were removed.
• Re-fetch schemas for your tool/version to see the typed definitions. Use the toolkit view in platform.composio.dev for authoritative field details.

Transition to Self-Managed Credentials for Select Applications

What’s Changing?

Starting today, the following applications will require your own developer credentials instead of Composio-managed credentials:

• Auth0
• Blackbaud
• BoldSign
• Deel
• Front
• GoToWebinar
• PagerDuty
• Pipedrive
• Shopify
• Strava
• SurveyMonkey
• Webex

What You Need to Do

To continue using these applications with Composio:

1. Create Developer Accounts: Register for developer accounts on the platforms you need
2. Generate API Credentials: Create OAuth apps following each platform’s documentation
3. Configure in Composio: Add your credentials to Composio using custom auth configs
4. Test Your Integration: Test your integration with the new credentials

Connected Account Expiration for Incomplete Connections

We’re implementing automatic expiration for connected accounts that remain in incomplete states, helping maintain a cleaner and more efficient authentication system.

What’s Changing?

Connected accounts in Initializing and Initiated states will now automatically expire after 10 minutes. This applies to connection attempts that were started but never completed.

Why This Matters

This change provides:

• Better Resource Management: Automatically cleans up incomplete connection attempts
• Improved System Hygiene: Prevents accumulation of stale, unused connection records
• Enhanced User Experience: Reduces clutter from abandoned authentication flows

Questions?

If you have any questions about this change, please reach out to our support team or check our Connected Accounts documentation.

Required API Key Authentication for MCP URLs

We’re strengthening the security of Model Context Protocol (MCP) URLs by making API key authentication mandatory for all requests.

What’s Changing?

Starting December 15th, 2025, all new Composio projects must include the x-api-key header when making requests to MCP URLs. This header authenticates your application and ensures secure communication with the Composio platform.

Why This Matters

This change provides:

• Enhanced Authentication: Ensures only authorized applications can access MCP endpoints
• Industry Best Practices: Aligns with standard API security patterns

Impact on Existing Projects

For existing projects: We value backward compatibility and understand the need for a smooth transition. Your existing MCP URLs will continue to work without the x-api-key header until April 15th, 2026.

Important: After April 15th, 2026, all MCP URL requests without the x-api-key header will be rejected. Please ensure you update your applications before this date to avoid service disruption.

Note: If you’re already passing the x-api-key header in your MCP requests, no action is required—you’re all set!

Migration Guide

To adopt this security enhancement in your existing projects:

1. Locate Your API Key: Find your API key in the Composio dashboard under Project Settings
2. Update Your Code: Add the x-api-key header to all MCP URL requests
3. Test Thoroughly: Verify the updated requests work in your development environment
4. Deploy: Roll out the changes to your production environment

Questions?

If you have any questions about this security enhancement or need assistance with migration, please reach out to our support team or check our MCP documentation.

Toolkit Version Support for Triggers

Summary

Added toolkit version support to trigger operations (create and getType) in both Python and TypeScript SDKs. This allows users to explicitly specify which toolkit version to use when creating trigger instances and retrieving trigger type information, ensuring consistent behavior across different toolkit versions.

Trigger operations now respect the global toolkitVersions configuration set during Composio initialization, providing better control over which trigger versions are used in your applications.

Key Changes

TypeScript SDK (ts/packages/core/)

• Added toolkit_versions parameter to triggers.create() method
  • Passes the global toolkit versions configuration when creating trigger instances
  • Defaults to 'latest' when no version is specified
• Modified triggers.getType() to respect global toolkit versions
  • Now accepts toolkit version configuration to fetch trigger types for specific versions
  • Improved error messages to include version-related fixes
• Updated trigger type documentation with comprehensive examples
• Added behavior documentation explaining version usage patterns

Python SDK (python/composio/core/models/)

• Added toolkit_versions parameter to triggers.create() method
  • Uses global toolkit version configuration when creating trigger instances
  • Converts None to omit for API compatibility
• Modified triggers.get_type() to respect toolkit versions
  • Implemented custom method replacing direct client binding
  • Passes toolkit version configuration to API calls
• Added comprehensive docstrings explaining version behavior

Behavior

Creating Triggers with Toolkit Versions:

1
// TypeScript - Configure versions at initialization
2
const composio = new Composio({
3
  apiKey: 'your-api-key',
4
  toolkitVersions: {
5
    gmail: '12082025_00',
6
    github: '10082025_01'
7
  }
8
});
9
10
// Create trigger - uses version '12082025_00' for Gmail
11
const trigger = await composio.triggers.create('user@example.com', 'GMAIL_NEW_MESSAGE', {
12
  connectedAccountId: 'ca_abc123',
13
  triggerConfig: {
14
    labelIds: 'INBOX',
15
    userId: 'me',
16
    interval: 60,
17
  },
18
});

1
# Python - Configure versions at initialization
2
composio = Composio(
3
    api_key="your-api-key",
4
    toolkit_versions={"gmail": "12082025_00", "github": "10082025_01"}
5
)
6
7
# Create trigger - uses version '12082025_00' for Gmail
8
trigger = composio.triggers.create(
9
    slug="GMAIL_NEW_MESSAGE",
10
    user_id="user@example.com",
11
    trigger_config={"labelIds": "INBOX", "userId": "me", "interval": 60}
12
)

Retrieving Trigger Types with Specific Versions:

1
// TypeScript
2
const composio = new Composio({
3
  apiKey: 'your-api-key',
4
  toolkitVersions: { github: '10082025_01' }
5
});
6
7
// Get trigger type for specific version
8
const triggerType = await composio.triggers.getType('GITHUB_COMMIT_EVENT');
9
// Returns trigger type for version '10082025_01'

1
# Python
2
composio = Composio(
3
    api_key="your-api-key",
4
    toolkit_versions={"github": "10082025_01"}
5
)
6
7
# Get trigger type for specific version
8
trigger_type = composio.triggers.get_type("GITHUB_COMMIT_EVENT")
9
# Returns trigger type for version '10082025_01'

Benefits

• Version Control: Explicitly specify which toolkit version to use for triggers
• Consistency: Ensure trigger behavior remains consistent across toolkit updates
• Testing: Test trigger integrations with specific versions before updating
• Debugging: Easier to debug issues by pinning to specific toolkit versions
• Production Safety: Avoid unexpected changes from automatic version updates

Migration Guide

This is a non-breaking change. Existing code will continue to work with default behavior:

Before (still works):

1
// Uses 'latest' version by default
2
const trigger = await composio.triggers.create('user', 'GITHUB_COMMIT_EVENT', {...});

After (recommended for production):

1
// Explicitly configure versions for better control
2
const composio = new Composio({
3
  apiKey: 'your-api-key',
4
  toolkitVersions: { github: '10082025_01' }
5
});
6
7
const trigger = await composio.triggers.create('user', 'GITHUB_COMMIT_EVENT', {...});

For more details on toolkit versioning, see the Toolkit Versioning documentation.

Enhanced MCP URL Security Requirements

We’re introducing improved security requirements for Model Context Protocol (MCP) URLs to ensure better isolation between user connections and prevent unauthorized access.

What’s Changing?

Starting today, all new Composio projects must include at least one of the following parameters in their MCP URLs:

• user_id - Identifies the specific user
• connected_account_id - Identifies the specific connected account

Why This Matters

This change ensures that:

• User Isolation: Each user’s connections remain completely separate from others
• Enhanced Security: Prevents potential cross-user data access scenarios
• Better Multi-Tenancy: Enables safer multi-tenant application architectures
• Explicit Access Control: Forces developers to explicitly specify which user or account context they’re operating in

Impact on Existing Projects

For existing projects: We understand the importance of backward compatibility. While we’ve sent email notifications to project owners about upgrading their MCP URLs, your existing integrations will continue to work until January 15th, 2026.

Important: After January 15th, 2026, MCP URLs without user_id or connected_account_id query parameters will no longer be supported. Please ensure you update your MCP URLs before this date to avoid service disruption.

Note: If your MCP URLs already include either user_id or connected_account_id query parameters, no action is required—you can safely ignore this notice.

Implementation Example

Before:

https://platform.composio.dev/v3/mcp/{id}

After (with user_id):

https://platform.composio.dev/v3/mcp/{id}?user_id=user_123

After (with connected_account_id):

https://platform.composio.dev/v3/mcp/{id}?connected_account_id=ca_xyz

Migration Guide

If you’re using an existing project and want to adopt this security enhancement:

1. Review your current MCP URL configuration
2. Add either user_id or connected_account_id parameter to your URLs
3. Update your application code to pass the appropriate identifier
4. Test the updated URLs in your development environment

For more details on choosing the right user identifiers for your application, see our User Management documentation.

Questions?

If you have any questions about this security enhancement or need assistance with migration, please reach out to our support team or check our MCP documentation.

Adds Version Checks for Tool Execution and Improved Execution Speed in TS SDK

Summary

Added version validation for manual tool execution to prevent unexpected behavior when using latest toolkit versions. This ensures users explicitly specify toolkit versions when executing tools manually, while allowing flexibility through a skip flag.

This release also eliminates a lot of redundant API calls made to check connected account during tool execution, effectively increasing the performance of tool execution.

Key Changes

Python SDK (python/)

• ✅ Added ToolVersionRequiredError exception with detailed error messages and fix suggestions
• ✅ Added dangerously_skip_version_check parameter to execute() method
• ✅ Modified _execute_tool() to validate version is not latest unless skip flag is set
• ✅ Automatically passes dangerously_skip_version_check=True for agentic provider flows
• ✅ Added comprehensive test coverage (19 test methods) in test_tool_execution.py

TypeScript SDK (ts/packages/core/)

• ✅ Added ComposioToolVersionRequiredError error class with possible fixes
• ✅ Added dangerouslySkipVersionCheck parameter to execute flow
• ✅ Modified tool execution to validate version before API calls
• ✅ Updated execution type definitions in tool.types.ts and modifiers.types.ts
• ✅ Updated test files with date-based version format (20251201_xx)
• ✅ Improved tool execution by eliminating redundant API calls

Behavior

Before: Tools could be executed with latest version, risking unexpected behavior on toolkit updates

After: Manual execution requires specific version or explicit skip flag:

1
# ❌ Raises ToolVersionRequiredError
2
tools.execute("GITHUB_CREATE_ISSUE", {...})
3
4
# ✅ Works - explicit version
5
tools.execute("GITHUB_CREATE_ISSUE", {...}, version="20251201_01")
6
7
# ✅ Works - configured toolkit versions
8
tools = Tools(client, provider, toolkit_versions={"github": "20251201_01"})
9
10
# ✅ Works - with skip flag (use cautiously)
11
tools.execute("GITHUB_CREATE_ISSUE", {...}, dangerously_skip_version_check=True)

Breaking Changes

⚠️ Manual tool execution without version specification now throws an error. Users must either:

1. Pass explicit version parameter
2. Configure toolkit versions in SDK initialization
3. Set environment variable COMPOSIO_TOOLKIT_VERSION_<TOOLKIT_SLUG>
4. Use dangerously_skip_version_check=True flag

MCP (Model Control Protocol) & Experimental ToolRouter

Composio now introduces comprehensive MCP (Model Control Protocol) support and an experimental ToolRouter for creating isolated, scoped sessions with advanced toolkit management. These features enable seamless integration with modern AI frameworks and provide powerful session-based tool routing capabilities.

Why Use MCP & ToolRouter?

• Framework Integration: Native MCP support for Vercel AI, Mastra, OpenAI Agents, and LangChain
• Session Isolation: Create isolated sessions with specific toolkit configurations
• Advanced Authentication: Flexible auth config management per toolkit
• Scoped Access: Control which tools are available within each session
• Multi-Service Workflows: Route tool calls efficiently across different services
• Development & Testing: Perfect for testing and development with scoped MCP server access

TypeScript SDK (v0.1.53)

Added: MCP API

Core MCP Features:

• MCP Server Creation: Create and manage MCP server configurations
• User-Specific URLs: Generate unique MCP server URLs for individual users
• Toolkit Configuration: Support for multiple toolkits with custom auth configs
• Tool Filtering: Specify allowed tools per configuration
• Connection Management: Choose between manual and automatic account management

Basic Usage:

1
import { Composio } from '@composio/core';
2
3
const composio = new Composio({
4
  apiKey: process.env.COMPOSIO_API_KEY,
5
});
6
7
// Create MCP configuration
8
const mcpConfig = await composio.mcp.create('my-server-name', {
9
  toolkits: [
10
    { toolkit: 'github', authConfigId: 'ac_233434343' },
11
    { toolkit: 'gmail', authConfigId: 'ac_567890123' }
12
  ],
13
  allowedTools: ['GITHUB_CREATE_ISSUE', 'GMAIL_SEND_EMAIL'],
14
  manuallyManageConnections: false,
15
});
16
17
// Generate server instance for a user
18
const serverInstance = await composio.mcp.generate('user123', mcpConfig.id);
19
console.log('MCP URL:', serverInstance.url);

Framework Integration Examples:

1
// Vercel AI Integration
2
import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
3
import { experimental_createMCPClient as createMCPClient } from 'ai';
4
5
const mcpClient = await createMCPClient({
6
  name: 'composio-mcp-client',
7
  transport: new SSEClientTransport(new URL(serverInstance.url)),
8
});
9
10
// Mastra Integration
11
import { MCPClient as MastraMCPClient } from '@mastra/mcp';
12
13
const mcpClient = new MastraMCPClient({
14
  servers: {
15
    composio: { url: new URL(mcpSession.url) },
16
  },
17
});
18
19
// OpenAI Agents Integration
20
import { hostedMcpTool } from '@openai/agents';
21
22
const tools = [
23
  hostedMcpTool({
24
    serverLabel: 'composio',
25
    serverUrl: mcpSession.url,
26
  }),
27
];

Added: Experimental ToolRouter

Core ToolRouter Features:

• Session-Based Routing: Create isolated sessions for specific users and toolkit combinations
• Dynamic Configuration: Configure toolkits and auth configs per session
• MCP Server URLs: Each session gets a unique MCP server endpoint
• Flexible Toolkit Management: Support for string names or detailed toolkit configurations
• Connection Control: Manual or automatic connection management per session

Basic Usage:

1
// Create session with simple toolkit names
2
const session = await composio.experimental.toolRouter.createSession('user_123', {
3
  toolkits: ['gmail', 'slack', 'github'],
4
});
5
6
// Create session with auth configs
7
const session = await composio.experimental.toolRouter.createSession('user_456', {
8
  toolkits: [
9
    { toolkit: 'gmail', authConfigId: 'ac_gmail_work' },
10
    { toolkit: 'slack', authConfigId: 'ac_slack_team' },
11
    { toolkit: 'github', authConfigId: 'ac_github_personal' },
12
  ],
13
  manuallyManageConnections: true,
14
});
15
16
console.log('Session ID:', session.sessionId);
17
console.log('MCP URL:', session.url);

Advanced Multi-Service Integration:

1
// Complex workflow session
2
const integrationSession = await composio.experimental.toolRouter.createSession('user_789', {
3
  toolkits: [
4
    { toolkit: 'gmail', authConfigId: 'ac_gmail_work' },
5
    { toolkit: 'slack', authConfigId: 'ac_slack_team' },
6
    { toolkit: 'github', authConfigId: 'ac_github_personal' },
7
    { toolkit: 'notion', authConfigId: 'ac_notion_workspace' },
8
    { toolkit: 'calendar', authConfigId: 'ac_gcal_primary' },
9
  ],
10
});
11
12
// Use with any MCP client
13
const mcpClient = new MCPClient(integrationSession.url);

Framework-Specific Examples:

1
// Mastra Integration
2
const mcpSession = await composio.experimental.toolRouter.createSession(userId, {
3
  toolkits: ["gmail"],
4
  manuallyManageConnections: true,
5
});
6
7
const agent = new MastraAgent({
8
  name: 'Gmail Assistant',
9
  model: openai('gpt-4o-mini'),
10
  tools: await mcpClient.getTools(),
11
});
12
13
// OpenAI Agents Integration
14
const tools = [
15
  hostedMcpTool({
16
    serverLabel: 'composio tool router',
17
    serverUrl: mcpSession.url,
18
    requireApproval: {
19
      never: { toolNames: ['GMAIL_FETCH_EMAILS'] },
20
    },
21
  }),
22
];

Python SDK (v0.8.17)

Added: MCP Support

Core MCP Features:

• Server Configuration: Create and manage MCP server configurations
• Toolkit Management: Support for both simple toolkit names and detailed configurations
• Authentication Control: Per-toolkit auth config specification
• Tool Filtering: Specify allowed tools across all toolkits
• User Instance Generation: Generate user-specific MCP server instances

Basic Usage:

1
from composio import Composio
2
3
composio = Composio()
4
5
# Create MCP server with toolkit configurations
6
server = composio.mcp.create(
7
    'personal-mcp-server',
8
    toolkits=[
9
        {
10
            'toolkit': 'github',
11
            'auth_config_id': 'ac_xyz',
12
        },
13
        {
14
            'toolkit': 'slack', 
15
            'auth_config_id': 'ac_abc',
16
        },
17
    ],
18
    allowed_tools=['GITHUB_CREATE_ISSUE', 'SLACK_SEND_MESSAGE'],
19
    manually_manage_connections=False
20
)
21
22
# Generate server instance for a user
23
mcp_instance = server.generate('user_12345')
24
print(f"MCP URL: {mcp_instance['url']}")

Simple Toolkit Usage:

1
# Using simple toolkit names
2
server = composio.mcp.create(
3
    'simple-mcp-server',
4
    toolkits=['composio_search', 'text_to_pdf'],
5
    allowed_tools=['COMPOSIO_SEARCH_DUCK_DUCK_GO_SEARCH', 'TEXT_TO_PDF_CONVERT_TEXT_TO_PDF']
6
)
7
8
# All tools from toolkits (default behavior)
9
server = composio.mcp.create(
10
    'all-tools-server',
11
    toolkits=['composio_search', 'text_to_pdf']
12
    # allowed_tools=None means all tools from these toolkits
13
)

LangChain Integration:

1
import asyncio
2
from composio import Composio
3
from langchain_mcp_adapters.client import MultiServerMCPClient
4
from langgraph.prebuilt import create_react_agent
5
6
composio = Composio()
7
8
mcp_config = composio.mcp.create(
9
    name="langchain-slack-mcp",
10
    toolkits=[{"toolkit": "slack", "auth_config_id": "<auth-config-id>"}],
11
)
12
13
mcp_server = mcp_config.generate(user_id='<user-id>')
14
15
client = MultiServerMCPClient({
16
    "composio": {
17
        "url": mcp_server["url"],
18
        "transport": "streamable_http",
19
    }
20
})
21
22
async def langchain_mcp(message: str):
23
    tools = await client.get_tools()
24
    agent = create_react_agent("openai:gpt-4.1", tools)
25
    response = await agent.ainvoke({"messages": message})
26
    return response
27
28
response = asyncio.run(langchain_mcp("Show me 20 most used slack channels"))

Added: Experimental ToolRouter

Core ToolRouter Features:

• Session Management: Create isolated tool routing sessions for users
• Toolkit Configuration: Support for both simple toolkit names and detailed configurations
• Session Isolation: Each session gets its own MCP URL and session ID
• Flexible Authentication: Per-session auth config management
• Scoped Tool Access: Control which tools are available within each session

Basic Usage:

1
from composio import Composio
2
3
composio = Composio()
4
5
# Create a tool router session
6
session = composio.experimental.tool_router.create_session(
7
    user_id='user_123',
8
    toolkits=['github', 'slack'],
9
    manually_manage_connections=False
10
)
11
12
print(f"Session ID: {session['session_id']}")
13
print(f"MCP URL: {session['url']}")

Advanced Configuration:

1
# Create session with detailed toolkit configurations
2
session = composio.experimental.tool_router.create_session(
3
    user_id='user_456',
4
    toolkits=[
5
        {
6
            'toolkit': 'github',
7
            'auth_config_id': 'ac_github_123'
8
        },
9
        {
10
            'toolkit': 'slack', 
11
            'auth_config_id': 'ac_slack_456'
12
        }
13
    ],
14
    manually_manage_connections=True
15
)
16
17
# Minimal session (no specific toolkits)
18
session = composio.experimental.tool_router.create_session(
19
    user_id='user_789'
20
)

Integration with AI Frameworks:

1
import asyncio
2
from composio import Composio
3
from langchain_mcp_adapters.client import MultiServerMCPClient
4
5
composio = Composio()
6
7
# Create tool router session
8
session = composio.experimental.tool_router.create_session(
9
    user_id='ai_user',
10
    toolkits=['composio_search', 'text_to_pdf']
11
)
12
13
# Use with LangChain MCP client
14
client = MultiServerMCPClient({
15
    "composio": {
16
        "url": session["url"],
17
        "transport": "streamable_http",
18
    }
19
})
20
21
async def use_tool_router():
22
    tools = await client.get_tools()
23
    # Use tools in your AI workflow
24
    return tools
25
26
tools = asyncio.run(use_tool_router())

Migration Guide

TypeScript SDK: Migrating to New MCP API

The new MCP API provides enhanced functionality and better integration patterns. Here’s how to migrate from the previous MCP implementation:

Before (Legacy MCP)

1
// Legacy MCP approach (still accessible via deprecated.mcp)
2
import { Composio } from '@composio/core';
3
4
const composio = new Composio();
5
6
// Old MCP server creation
7
const legacyMCP = await composio.deprecated.mcp.createServer({
8
  name: 'my-server',
9
  toolkits: ['github', 'gmail'],
10
});
11
12
// Direct URL usage
13
const mcpUrl = legacyMCP.url;

After (New MCP API)

1
// New MCP API approach
2
import { Composio } from '@composio/core';
3
4
const composio = new Composio({
5
  apiKey: process.env.COMPOSIO_API_KEY,
6
});
7
8
// Step 1: Create MCP configuration
9
const mcpConfig = await composio.mcp.create('my-server', {
10
  toolkits: [
11
    { toolkit: 'github', authConfigId: 'ac_github_123' },
12
    { toolkit: 'gmail', authConfigId: 'ac_gmail_456' }
13
  ],
14
  allowedTools: ['GITHUB_CREATE_ISSUE', 'GMAIL_SEND_EMAIL'],
15
  manuallyManageConnections: false,
16
});
17
18
// Step 2: Generate user-specific server instance
19
const serverInstance = await composio.mcp.generate('user_123', mcpConfig.id);
20
const mcpUrl = serverInstance.url;

Key Migration Changes

1. Two-Step Process:

   • Before: Single step server creation
   • After: Create configuration, then generate user instances

2. Enhanced Configuration:

   • Before: Simple toolkit names only
   • After: Detailed toolkit configs with auth, tool filtering, connection management

3. User-Specific URLs:

   • Before: Single server URL for all users
   • After: Unique URLs per user for better isolation

4. Backward Compatibility:

   • Legacy Access: Old MCP functionality remains available via composio.deprecated.mcp
   • Gradual Migration: Migrate at your own pace without breaking existing implementations

Migration Benefits

• Better Security: User-specific sessions with isolated access
• Enhanced Control: Fine-grained toolkit and tool management
• Framework Integration: Native support for modern AI frameworks
• Scalability: Better resource management and user isolation

Migration Timeline

• Phase 1: New MCP API available alongside legacy implementation
• Phase 2: Legacy MCP accessible via deprecated.mcp namespace
• Phase 3: Full deprecation (timeline to be announced)

Recommendation: Start new projects with the new MCP API and gradually migrate existing implementations to benefit from enhanced features and better framework integration.

Key Benefits & Use Cases

Development & Testing

• Isolated Environments: Test different toolkit combinations without affecting production
• Scoped Access: Limit tool access for security and testing purposes
• Framework Flexibility: Works with any MCP-compatible client or framework

Production Workflows

• Multi-Service Integration: Seamlessly combine tools from different services
• User-Specific Sessions: Each user gets their own isolated session with appropriate permissions
• Authentication Management: Fine-grained control over authentication per toolkit

Framework Compatibility

• Vercel AI: Native integration with Vercel AI SDK
• Mastra: Full support for Mastra agents and workflows
• OpenAI Agents: Direct integration with OpenAI’s agent framework
• LangChain: Complete LangGraph and LangChain compatibility
• Custom Clients: Works with any MCP-compatible client

Enterprise Features

• Session Management: Track and manage multiple user sessions
• Resource Control: Limit concurrent sessions and resource usage
• Audit Trail: Full logging and monitoring of tool usage
• Security: Isolated sessions prevent cross-user data access

Migration & Compatibility

Both MCP and ToolRouter features are designed to complement existing Composio functionality:

1
// Can be used alongside regular tool management
2
const regularTools = await composio.tools.get({ toolkits: ['github'] });
3
const mcpSession = await composio.experimental.toolRouter.createSession(userId, {
4
  toolkits: ['gmail', 'slack']
5
});
6
7
// Both approaches can coexist and serve different purposes

The experimental ToolRouter API provides a preview of advanced session management capabilities, while the MCP API offers production-ready Model Control Protocol support for modern AI frameworks.

Bug Fixes

Fixed: ToolRouter Dependency Issue

Python SDK (v0.8.19)

Issue Fixed:

• ToolRouter Functionality: Fixed ToolRouter tests that were failing due to missing tool_router attribute in HttpClient
• Dependency Update: Updated composio-client dependency from version 1.9.1 to 1.10.0+ to include ToolRouter functionality
• Version Compatibility: Resolved compatibility issues between ToolRouter implementation and client library

Details: ToolRouter functionality was briefly broken in versions 0.8.15 to 0.8.18 due to a dependency version mismatch. The composio-client library version 1.9.1 did not include the tool_router attribute, causing all ToolRouter integration tests to fail with AttributeError: 'HttpClient' object has no attribute 'tool_router'.

This has been fixed in version 0.8.19 by:

• Updating the composio-client dependency to version 1.10.0+
• Ensuring all ToolRouter functionality is now available
• All ToolRouter integration tests now pass successfully

Previous Issue:

1
# This would fail in versions 0.8.15-0.8.18
2
session = composio.experimental.tool_router.create_session(user_id='test')
3
# AttributeError: 'HttpClient' object has no attribute 'tool_router'

Fixed in 0.8.19:

1
# This now works correctly
2
session = composio.experimental.tool_router.create_session(user_id='test')
3
# Returns: {'session_id': '...', 'url': '...'}

Fixed: Missing Descriptions in Auth Config Fields

Python SDK (v0.8.17) & TypeScript SDK (v0.1.53)

Issue Fixed:

• Auth Config Connection Fields: Added missing descriptions to toolkit auth configuration connection fields
• Auth Config Creation Fields: Added missing descriptions to toolkit auth configuration creation fields
• Field Documentation: Improved field documentation and help text for better developer experience

Details: Previously, when developers were setting up auth configurations for toolkits, many fields lacked proper descriptions, making it difficult to understand what information was required. This fix ensures all auth config fields now include:

• Clear, descriptive field labels
• Helpful placeholder text where appropriate
• Detailed explanations of field requirements

This improvement affects all toolkits and makes the authentication setup process more intuitive and error-free.