Changelog - Mar 13, 2026 | Composio Changelog

CLI Improvements: Login, Link, and Whoami

This release improves the Composio CLI with a better login flow, a non-blocking link option, and improved security for the whoami command.

CLI Version

Package	Version
@composio/cli	v0.2.2

What's New

composio login now prompts you to select your default organization and project after the browser OAuth flow completes.

Default behavior: After login, you see an interactive picker to choose your org and project. If you have only one org and one project, they are auto-selected.
With -y: Skip the picker and use the session defaults (e.g. for CI or scripts).

composio login           # Login, then pick org/project
composio login -y        # Login, use session defaults (no picker)
composio login --no-browser  # Print URL, don't open browser

Non-Interactive Link with `--no-wait`

composio link now supports a --no-wait flag for non-blocking authorization flows.

Default: Opens the browser and waits until the connected account is ACTIVE.
With --no-wait: Prints link info and JSON to stdout (JQ-parseable) and exits immediately. Useful for scripts and CI.

composio link github              # Opens browser, waits for completion
composio link github --no-wait    # Prints redirect URL and JSON, exits

Whoami No Longer Exposes API Keys

The composio whoami command no longer displays API keys in the output. This improves security and reduces the risk of accidental exposure in logs or screenshots.

API key is removed from both display and JSON output.
Hints for composio orgs switch and composio init are shown instead.

Breaking Changes

The following flags have been removed from composio login and composio init:

--api-key
--org-id
--project-id

Breaking Change

If you previously used composio login --api-key uak_xxx --org-id X --project-id Y for non-interactive login (e.g. in CI), you must use the browser-based flow instead. Use composio login -y to skip the org/project picker and accept session defaults.

For composio init, the --org-id and --project-id flags are removed. Use composio init interactively, or run composio login first and then composio init.

Before:

composio login --api-key uak_xxx --org-id org_123 --project-id proj_456
composio init --org-id org_123 --project-id proj_456

After:

composio login -y        # Login with session defaults (no picker)
composio init            # Interactive project selection

Improvements

Login JSON output: When using the org/project picker, the JSON output now reflects the final selection (not the initial session state).
Picker error handling: If the org/project picker fails (e.g. API error), the CLI shows a warning, emits JSON with session data, and displays hints so you are not left without guidance.
Modularized org/project selection: The selection logic is shared between composio login and composio orgs switch.

Polling Intervals: Transition Period for Existing Customers

We're allowing a transition period before enforcing the new polling interval limits.

Timeline

Until May 1, 2026 — Existing customers continue to get 1-minute polling on all their triggers, including newly created ones.
From May 1, 2026 — All triggers move to a 15-minute default polling interval. App-specific overrides will be available for apps with favorable rate limits.

If any of your triggers were affected by the recent changes, we've restored them to their original intervals.

Why 15 Minutes?

Composio-managed OAuth apps share rate limits across all users. At scale, 1-minute polling causes rate limiting and service degradation. The 15-minute minimum ensures reliability for everyone.

How to Keep 1-Minute Polling

Set up your own OAuth app. With custom auth:

Intervals as low as 1 minute
Your own rate limits
No platform limits, ever

OAuth approval from Google, Microsoft, etc. takes days to weeks. Start now.

→ Set up your own OAuth app