fix(tools): support no-auth Composio toolkits + server-owned connection flags

[mmabrouk]

Context

A Composio toolkit that needs no auth (the code interpreter, the composio meta-toolkit) could not be connected. POST /tools/connections/ returned 500: the adapter always POSTs an auth config to Composio, which rejects it for a no-auth toolkit (Auth_Config_NoAuthApp, "use its tools directly without creating a connected account"). Past create, resolve and execute also required a connected_account_id that no-auth toolkits do not have, so the whole no-auth path was unreachable.

Changes

• Detect a no-auth toolkit (every auth_config_details[].mode == "NO_AUTH") and skip the auth-config and connected-account creation. Persist a usable connection with no Composio account.
• Resolve and execute work without a connected_account_id for a no-auth connection. Composio runs those tools with no account (verified directly: print(6*7) returns 42).
• Hardening from review: connection validity is now server-owned. A client can no longer mark a connection valid by sending flags: {is_valid: true}. Auth-backed connections persist is_valid=false until their flow completes; only the server-confirmed no-auth branch sets is_valid=true.
• refresh_connection on a no-auth connection is a no-op instead of ConnectionNotFoundError.

Before: connect codeinterpreter returned 500. After: connect 200, resolve 200, /tools/call runs print(6*7) and returns 42.

Tests

• New api/oss/tests/pytest/unit/tools/test_no_auth_connection.py (11 tests): no-auth detection (empty and mixed-mode edges), adapter skips the auth-config, execute omits and sends the account id correctly, resolve accepts no-auth and still rejects auth-without-id, create server-owns the flags, refresh no-op.
• All 15 tools unit tests pass, ruff format and ruff check clean.
• Reviewed by a second agent and by Codex. Their one blocker (client-settable is_valid) is fixed here.

Notes

• Based on feat/agent-service (the gateway tool-resolution API), not main, because that feature is not on main yet.
• One pre-existing OAuth-callback issue (global activation when the callback state/project_id is missing) was flagged during review and left out of scope.

https://claude.ai/code/session_01KsGSJQwsUdgWcNSEt2P2qD

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agenta-documentation	Ready	Preview, Comment	Jun 20, 2026 11:20pm

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 75f02836-96c1-4149-af84-18fd85b0dc8d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/composio-no-auth-toolkits

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Railway Preview Environment

Preview URL	https://gateway-production-7aa0.up.railway.app/w
Project	agenta-oss-pr-4785
Image tag	pr-4785-f3f7293
Status	Deployed
Railway logs	Open logs
Workflow logs	View workflow run
Updated at 2026-06-20T23:24:36.628Z