@customclaw/composio 0.0.10 → 0.0.11

package/README.md

@@ -8,6 +8,11 @@ OpenClaw plugin that connects your agent to Gmail, Sentry, and other services th
 openclaw plugins install @customclaw/composio
 ```
 
+## Identifiers
+
+- Install spec: `@customclaw/composio`
+- Plugin id: `composio` (used in `plugins.entries.*` and `plugins update`)
+
 ## Setup
 
 1. Get an API key from [platform.composio.dev/settings](https://platform.composio.dev/settings)
@@ -28,7 +33,6 @@ Or add manually to `~/.openclaw/openclaw.json`:
         "enabled": true,
         "config": {
           "apiKey": "your-api-key",
-          "defaultUserId": "my-app-user-123",
           "allowedToolkits": ["gmail", "sentry"]
         }
       }
@@ -58,7 +62,8 @@ The plugin gives your agent three tools:
 - `composio_execute_tool` — runs a Composio action (e.g. `GMAIL_FETCH_EMAILS`, `SENTRY_LIST_ISSUES`)
 - `composio_manage_connections` — checks connection status and generates OAuth links when a toolkit isn't connected yet
 
-`composio_execute_tool` also accepts optional `user_id` and `connected_account_id` fields for deterministic account selection when multiple accounts exist.
+`composio_search_tools` and `composio_execute_tool` require `user_id` so every action is explicitly scoped.
+`composio_execute_tool` also accepts optional `connected_account_id` for deterministic account selection when multiple accounts exist.
 
 The agent handles the rest. Ask it to "check my latest emails" and it will call the right tool, prompt you to connect Gmail if needed, and fetch the results.
 
@@ -69,6 +74,7 @@ openclaw composio setup                                 # interactive setup for
 openclaw composio list --user-id user-123               # list available toolkits for a user scope
 openclaw composio status [toolkit] --user-id user-123   # check connection status in a user scope
 openclaw composio accounts [toolkit]                    # inspect connected accounts (id/user_id/status)
+openclaw composio accounts [toolkit] --user-id user-123 # optional filter for one user scope
 openclaw composio connect gmail --user-id user-123      # open OAuth link for a specific user scope
 openclaw composio disconnect gmail --user-id user-123   # remove a connection in that user scope
 openclaw composio search "send email" --user-id user-123
@@ -79,7 +85,6 @@ openclaw composio search "send email" --user-id user-123
 | Key | Description |
 |-----|-------------|
 | `apiKey` | Composio API key (required) |
-| `defaultUserId` | Default Composio `user_id` scope when `--user-id` is not provided |
 | `allowedToolkits` | Only allow these toolkits (e.g. `["gmail", "sentry"]`) |
 | `blockedToolkits` | Block specific toolkits |
 | `readOnlyMode` | Blocks likely-destructive actions by token matching (delete/update/create/send/etc.); use `allowedToolSlugs` to override safe exceptions |
@@ -95,14 +100,13 @@ may look disconnected.
 
 Tips:
 
-- Set `defaultUserId` in plugin config for your app's primary identity.
-- Prefer passing `user_id`/`--user-id` explicitly when checking status, connecting, disconnecting, or executing tools.
+- Always pass `user_id`/`--user-id` explicitly when searching, checking status, connecting, disconnecting, or executing tools.
 - Use `openclaw composio accounts <toolkit>` to discover which `user_id` owns active connections.
 
 ## Updating
 
 ```bash
-openclaw plugins update @customclaw/composio
+openclaw plugins update composio
 openclaw gateway restart
 ```
 

package/dist/cli.js

@@ -30,6 +30,13 @@ function normalizePluginIdList(value) {
         .filter(Boolean);
     return Array.from(new Set(normalized));
 }
+function requireUserId(rawUserId, logger, commandUsage) {
+    const userId = String(rawUserId || "").trim();
+    if (userId)
+        return userId;
+    logger.error(`--user-id is required. Usage: ${commandUsage}`);
+    return null;
+}
 async function readOpenClawConfig(configPath) {
     try {
         const raw = await readFile(configPath, "utf8");
@@ -71,7 +78,6 @@ export function registerComposioCli({ program, getClient, config, logger }) {
         .description("Create or update Composio config in ~/.openclaw/openclaw.json")
         .option("-c, --config-path <path>", "OpenClaw config file path", DEFAULT_OPENCLAW_CONFIG_PATH)
         .option("--api-key <apiKey>", "Composio API key")
-        .option("--default-user-id <userId>", "Default user ID for Composio user scoping")
         .option("--allowed-toolkits <toolkits>", "Comma-separated allowed toolkit slugs")
         .option("--blocked-toolkits <toolkits>", "Comma-separated blocked toolkit slugs")
         .option("--read-only <enabled>", "Enable read-only mode (true/false)")
@@ -120,9 +126,6 @@ export function registerComposioCli({ program, getClient, config, logger }) {
                 String(existingComposioConfig.apiKey || "").trim() ||
                 String(config.apiKey || "").trim() ||
                 String(process.env.COMPOSIO_API_KEY || "").trim();
-            let defaultUserId = String(options.defaultUserId || "").trim() ||
-                String(existingComposioConfig.defaultUserId || "").trim() ||
-                String(config.defaultUserId || "").trim();
             let allowedToolkits = parseCsvToolkits(options.allowedToolkits) ||
                 (Array.isArray(existingComposioConfig.allowedToolkits)
                     ? normalizeToolkitList(existingComposioConfig.allowedToolkits)
@@ -148,9 +151,6 @@ export function registerComposioCli({ program, getClient, config, logger }) {
                     const apiKeyPrompt = await rl.question(`Composio API key${apiKey ? " [configured]" : ""}: `);
                     if (apiKeyPrompt.trim())
                         apiKey = apiKeyPrompt.trim();
-                    const defaultUserPrompt = await rl.question(`Default user ID${defaultUserId ? ` [${defaultUserId}]` : " (optional)"}: `);
-                    if (defaultUserPrompt.trim())
-                        defaultUserId = defaultUserPrompt.trim();
                     const allowedDefault = allowedToolkits && allowedToolkits.length > 0
                         ? ` [${allowedToolkits.join(",")}]`
                         : " (optional)";
@@ -187,12 +187,7 @@ export function registerComposioCli({ program, getClient, config, logger }) {
                 apiKey,
                 readOnlyMode,
             };
-            if (defaultUserId) {
-                mergedComposioConfig.defaultUserId = defaultUserId;
-            }
-            else {
-                delete mergedComposioConfig.defaultUserId;
-            }
+            delete mergedComposioConfig.defaultUserId;
             if (allowedToolkits && allowedToolkits.length > 0) {
                 mergedComposioConfig.allowedToolkits = allowedToolkits;
             }
@@ -217,7 +212,6 @@ export function registerComposioCli({ program, getClient, config, logger }) {
             console.log("\nComposio setup saved.");
             console.log("─".repeat(40));
             console.log(`Config: ${configPath}`);
-            console.log(`defaultUserId: ${defaultUserId || "default"}`);
             console.log(`readOnlyMode: ${readOnlyMode ? "enabled" : "disabled"}`);
             if (updatedPluginSystemEnabled) {
                 console.log("plugins.enabled: set to true");
@@ -241,13 +235,16 @@ export function registerComposioCli({ program, getClient, config, logger }) {
     composio
         .command("list")
         .description("List available Composio toolkits")
-        .option("-u, --user-id <userId>", "User ID for session scoping")
+        .option("-u, --user-id <userId>", "Required user ID for session scoping")
         .action(async (options) => {
         const composioClient = requireClient();
         if (!composioClient)
             return;
+        const userId = requireUserId(options.userId, logger, "openclaw composio list --user-id <user-id>");
+        if (!userId)
+            return;
         try {
-            const toolkits = await composioClient.listToolkits(options.userId);
+            const toolkits = await composioClient.listToolkits(userId);
             console.log("\nAvailable Composio Toolkits:");
             console.log("─".repeat(40));
             for (const toolkit of toolkits.sort()) {
@@ -263,19 +260,21 @@ export function registerComposioCli({ program, getClient, config, logger }) {
     composio
         .command("status [toolkit]")
         .description("Check connection status for toolkits")
-        .option("-u, --user-id <userId>", "User ID for session scoping")
+        .option("-u, --user-id <userId>", "Required user ID for session scoping")
         .action(async (toolkit, options) => {
         const composioClient = requireClient();
         if (!composioClient)
             return;
+        const userId = requireUserId(options.userId, logger, "openclaw composio status [toolkit] --user-id <user-id>");
+        if (!userId)
+            return;
         try {
             const toolkitSlug = toolkit ? normalizeToolkitSlug(toolkit) : undefined;
             const toolkits = toolkitSlug ? [toolkitSlug] : undefined;
-            const currentUserId = options.userId || config.defaultUserId || "default";
-            const statuses = await composioClient.getConnectionStatus(toolkits, options.userId);
+            const statuses = await composioClient.getConnectionStatus(toolkits, userId);
             console.log("\nComposio Connection Status:");
             console.log("─".repeat(40));
-            console.log(`  Scope user_id: ${currentUserId}${options.userId ? " (explicit)" : " (default)"}`);
+            console.log(`  Scope user_id: ${userId}`);
             if (statuses.length === 0) {
                 console.log("  No connections found");
             }
@@ -288,7 +287,7 @@ export function registerComposioCli({ program, getClient, config, logger }) {
             }
             if (toolkitSlug && statuses.length === 1 && !statuses[0]?.connected) {
                 const activeUserIds = await composioClient.findActiveUserIdsForToolkit(toolkitSlug);
-                const otherUserIds = activeUserIds.filter((uid) => uid !== currentUserId);
+                const otherUserIds = activeUserIds.filter((uid) => uid !== userId);
                 if (otherUserIds.length > 0) {
                     console.log(`\n  Hint: '${toolkitSlug}' is connected under other user_id(s): ${otherUserIds.join(", ")}`);
                     console.log(`  Try: openclaw composio status ${toolkitSlug} --user-id <user-id>`);
@@ -341,17 +340,19 @@ export function registerComposioCli({ program, getClient, config, logger }) {
     composio
         .command("connect <toolkit>")
         .description("Connect to a Composio toolkit (opens auth URL)")
-        .option("-u, --user-id <userId>", "User ID for session scoping")
+        .option("-u, --user-id <userId>", "Required user ID for session scoping")
         .action(async (toolkit, options) => {
         const composioClient = requireClient();
         if (!composioClient)
             return;
+        const userId = requireUserId(options.userId, logger, "openclaw composio connect <toolkit> --user-id <user-id>");
+        if (!userId)
+            return;
         try {
             const toolkitSlug = normalizeToolkitSlug(toolkit);
-            const currentUserId = options.userId || config.defaultUserId || "default";
             console.log(`\nInitiating connection to ${toolkitSlug}...`);
-            console.log(`Using user_id: ${currentUserId}`);
-            const result = await composioClient.createConnection(toolkitSlug, options.userId);
+            console.log(`Using user_id: ${userId}`);
+            const result = await composioClient.createConnection(toolkitSlug, userId);
             if ("error" in result) {
                 logger.error(`Failed to create connection: ${result.error}`);
                 return;
@@ -360,7 +361,7 @@ export function registerComposioCli({ program, getClient, config, logger }) {
             console.log("─".repeat(40));
             console.log(result.authUrl);
             console.log("\nOpen this URL in your browser to authenticate.");
-            console.log(`After authentication, run 'openclaw composio status ${toolkitSlug} --user-id ${currentUserId}' to verify.\n`);
+            console.log(`After authentication, run 'openclaw composio status ${toolkitSlug} --user-id ${userId}' to verify.\n`);
             // Try to open URL in browser
             try {
                 const { exec } = await import("node:child_process");
@@ -384,15 +385,18 @@ export function registerComposioCli({ program, getClient, config, logger }) {
     composio
         .command("disconnect <toolkit>")
         .description("Disconnect from a Composio toolkit")
-        .option("-u, --user-id <userId>", "User ID for session scoping")
+        .option("-u, --user-id <userId>", "Required user ID for session scoping")
         .action(async (toolkit, options) => {
         const composioClient = requireClient();
         if (!composioClient)
             return;
+        const userId = requireUserId(options.userId, logger, "openclaw composio disconnect <toolkit> --user-id <user-id>");
+        if (!userId)
+            return;
         try {
             const toolkitSlug = normalizeToolkitSlug(toolkit);
             console.log(`\nDisconnecting from ${toolkitSlug}...`);
-            const result = await composioClient.disconnectToolkit(toolkitSlug, options.userId);
+            const result = await composioClient.disconnectToolkit(toolkitSlug, userId);
             if (result.success) {
                 console.log(`Successfully disconnected from ${toolkitSlug}\n`);
             }
@@ -410,18 +414,21 @@ export function registerComposioCli({ program, getClient, config, logger }) {
         .description("Search for tools matching a query")
         .option("-t, --toolkit <toolkit>", "Limit search to a specific toolkit")
         .option("-l, --limit <limit>", "Maximum results", "10")
-        .option("-u, --user-id <userId>", "User ID for session scoping")
+        .option("-u, --user-id <userId>", "Required user ID for session scoping")
         .action(async (query, options) => {
         const composioClient = requireClient();
         if (!composioClient)
             return;
+        const userId = requireUserId(options.userId, logger, "openclaw composio search <query> --user-id <user-id>");
+        if (!userId)
+            return;
         try {
             const limit = parseInt(options.limit, 10) || 10;
             const toolkits = options.toolkit ? [normalizeToolkitSlug(options.toolkit)] : undefined;
             const results = await composioClient.searchTools(query, {
                 toolkits,
                 limit,
-                userId: options.userId,
+                userId,
             });
             console.log(`\nSearch results for "${query}":`);
             console.log("─".repeat(60));

package/dist/client.d.ts

@@ -8,7 +8,8 @@ export declare class ComposioClient {
     private sessionCache;
     constructor(config: ComposioConfig);
     /**
-     * Get the user ID to use for API calls
+     * Resolve user ID for API calls.
+     * This plugin requires explicit user_id scoping to avoid accidental cross-user access.
      */
     private getUserId;
     /**
@@ -19,7 +20,6 @@ export declare class ComposioClient {
     private buildToolRouterBlockedToolsConfig;
     private buildSessionConfig;
     private getSession;
-    private shouldRetrySessionWithoutToolkitFilters;
     private clearUserSessionCache;
     /**
      * Check if a toolkit is allowed based on config
@@ -43,18 +43,8 @@ export declare class ComposioClient {
      * Execute a single tool using COMPOSIO_MULTI_EXECUTE_TOOL
      */
     executeTool(toolSlug: string, args: Record<string, unknown>, userId?: string, connectedAccountId?: string): Promise<ToolExecutionResult>;
-    private tryExecutionRecovery;
-    private tryDirectExecutionFallback;
-    private executeDirectTool;
-    private tryHintedIdentifierRetry;
-    private shouldFallbackToDirectExecution;
-    private shouldRetryFromServerHint;
-    private extractServerHintLiteral;
-    private buildRetryArgsFromHint;
-    private extractSingleMissingField;
-    private buildCombinedErrorText;
-    private extractNestedMetaError;
     private resolveConnectedAccountForExecution;
+    private isConnectedAccountActiveForUser;
     /**
      * Get connection status for toolkits using session.toolkits()
      */

package/dist/client.js

@@ -58,10 +58,15 @@ export class ComposioClient {
         this.client = new Composio({ apiKey: config.apiKey });
     }
     /**
-     * Get the user ID to use for API calls
+     * Resolve user ID for API calls.
+     * This plugin requires explicit user_id scoping to avoid accidental cross-user access.
      */
     getUserId(overrideUserId) {
-        return overrideUserId || this.config.defaultUserId || "default";
+        const userId = String(overrideUserId || "").trim();
+        if (!userId) {
+            throw new Error("user_id is required. Pass user_id explicitly.");
+        }
+        return userId;
     }
     /**
      * Get or create a Tool Router session for a user
@@ -141,32 +146,10 @@ export class ComposioClient {
             return this.sessionCache.get(key);
         }
         const sessionConfig = this.buildSessionConfig(normalizedConnectedAccounts);
-        let session;
-        try {
-            session = await this.client.toolRouter.create(userId, sessionConfig);
-        }
-        catch (err) {
-            if (!this.shouldRetrySessionWithoutToolkitFilters(err, sessionConfig)) {
-                throw err;
-            }
-            const { toolkits: _removedToolkits, ...retryWithoutToolkits } = sessionConfig ?? {};
-            const retryConfig = Object.keys(retryWithoutToolkits).length > 0
-                ? retryWithoutToolkits
-                : undefined;
-            session = await this.client.toolRouter.create(userId, retryConfig);
-        }
+        const session = await this.client.toolRouter.create(userId, sessionConfig);
         this.sessionCache.set(key, session);
         return session;
     }
-    shouldRetrySessionWithoutToolkitFilters(err, sessionConfig) {
-        const enabledToolkits = sessionConfig?.toolkits?.enable;
-        if (!Array.isArray(enabledToolkits) || enabledToolkits.length === 0) {
-            return false;
-        }
-        const message = String(err instanceof Error ? err.message : err || "").toLowerCase();
-        return (message.includes("require auth configs but none exist") &&
-            message.includes("please specify them in auth_configs"));
-    }
     clearUserSessionCache(userId) {
         const prefix = `uid:${userId}`;
         for (const key of this.sessionCache.keys()) {
@@ -322,16 +305,6 @@ export class ComposioClient {
                 sync_response_to_workbench: false,
             });
             if (!response.successful) {
-                const recovered = await this.tryExecutionRecovery({
-                    uid: effectiveUid,
-                    toolSlug: normalizedToolSlug,
-                    args,
-                    connectedAccountId: accountResolution.connectedAccountId,
-                    metaError: response.error,
-                    metaData: response.data,
-                });
-                if (recovered)
-                    return recovered;
                 return { success: false, error: response.error || "Execution failed" };
             }
             const results = response.data?.results || [];
@@ -341,21 +314,10 @@ export class ComposioClient {
             }
             // Response data is nested under result.response
             const toolResponse = result.response;
-            if (!toolResponse.successful) {
-                const recovered = await this.tryExecutionRecovery({
-                    uid: effectiveUid,
-                    toolSlug: normalizedToolSlug,
-                    args,
-                    connectedAccountId: accountResolution.connectedAccountId,
-                    metaError: toolResponse.error ?? undefined,
-                    metaData: response.data,
-                });
-                if (recovered)
-                    return recovered;
-            }
+            const toolData = toolResponse.data ?? toolResponse.data_preview;
             return {
                 success: toolResponse.successful,
-                data: toolResponse.data,
+                data: toolData,
                 error: toolResponse.error ?? undefined,
             };
         }
@@ -366,139 +328,13 @@ export class ComposioClient {
             };
         }
     }
-    async tryExecutionRecovery(params) {
-        const directFallback = await this.tryDirectExecutionFallback(params);
-        if (directFallback?.success)
-            return directFallback;
-        const hintedRetry = await this.tryHintedIdentifierRetry({
-            ...params,
-            additionalError: directFallback?.error,
-        });
-        if (hintedRetry)
-            return hintedRetry;
-        return directFallback;
-    }
-    async tryDirectExecutionFallback(params) {
-        if (!this.shouldFallbackToDirectExecution(params.uid, params.metaError, params.metaData)) {
-            return null;
-        }
-        return this.executeDirectTool(params.toolSlug, params.uid, params.args, params.connectedAccountId);
-    }
-    async executeDirectTool(toolSlug, userId, args, connectedAccountId) {
-        try {
-            const response = await this.client.tools.execute(toolSlug, {
-                userId,
-                connectedAccountId,
-                arguments: args,
-                dangerouslySkipVersionCheck: true,
-            });
-            return {
-                success: Boolean(response?.successful),
-                data: response?.data,
-                error: response?.error ?? undefined,
-            };
-        }
-        catch (err) {
-            return {
-                success: false,
-                error: err instanceof Error ? err.message : String(err),
-            };
-        }
-    }
-    async tryHintedIdentifierRetry(params) {
-        const combined = this.buildCombinedErrorText(params.metaError, params.metaData, params.additionalError);
-        if (!this.shouldRetryFromServerHint(combined))
-            return null;
-        const hint = this.extractServerHintLiteral(combined);
-        if (!hint)
-            return null;
-        const retryArgs = this.buildRetryArgsFromHint(params.args, combined, hint);
-        if (!retryArgs)
-            return null;
-        return this.executeDirectTool(params.toolSlug, params.uid, retryArgs, params.connectedAccountId);
-    }
-    shouldFallbackToDirectExecution(uid, metaError, metaData) {
-        if (uid === "default")
-            return false;
-        const combined = this.buildCombinedErrorText(metaError, metaData).toLowerCase();
-        return combined.includes("no connected account found for entity id default");
-    }
-    shouldRetryFromServerHint(errorText) {
-        const lower = errorText.toLowerCase();
-        return (lower.includes("only allowed to access") ||
-            lower.includes("allowed to access the"));
-    }
-    extractServerHintLiteral(errorText) {
-        const matches = errorText.match(/`([^`]+)`/);
-        if (!matches?.[1])
-            return undefined;
-        const literal = matches[1].trim();
-        if (!literal)
-            return undefined;
-        if (literal.length > 64)
-            return undefined;
-        if (/\s/.test(literal))
-            return undefined;
-        return literal;
-    }
-    buildRetryArgsFromHint(args, errorText, hint) {
-        const stringEntries = Object.entries(args).filter(([, value]) => typeof value === "string");
-        if (stringEntries.length === 1) {
-            const [field, current] = stringEntries[0];
-            if (current === hint)
-                return null;
-            return { ...args, [field]: hint };
-        }
-        if (stringEntries.length === 0) {
-            const missing = this.extractSingleMissingField(errorText);
-            if (!missing)
-                return null;
-            return { ...args, [missing]: hint };
-        }
-        return null;
-    }
-    extractSingleMissingField(errorText) {
-        const match = errorText.match(/following fields are missing:\s*\{([^}]+)\}/i);
-        const raw = match?.[1];
-        if (!raw)
-            return undefined;
-        const fields = raw
-            .split(",")
-            .map(part => part.trim().replace(/^['"]|['"]$/g, ""))
-            .filter(Boolean);
-        return fields.length === 1 ? fields[0] : undefined;
-    }
-    buildCombinedErrorText(metaError, metaData, additionalError) {
-        return [metaError, this.extractNestedMetaError(metaData), additionalError]
-            .map(v => String(v || "").trim())
-            .filter(Boolean)
-            .join("\n");
-    }
-    extractNestedMetaError(metaData) {
-        const results = metaData?.results || [];
-        const first = results[0];
-        return String(first?.error || "");
-    }
     async resolveConnectedAccountForExecution(params) {
         const toolkit = normalizeToolkitSlug(params.toolkit);
         const { userId } = params;
         const explicitId = params.connectedAccountId?.trim();
         if (explicitId) {
             try {
-                let rawAccount;
-                const retrieve = this.client?.client?.connectedAccounts?.retrieve;
-                if (typeof retrieve === "function") {
-                    try {
-                        rawAccount = await retrieve.call(this.client.client.connectedAccounts, explicitId);
-                    }
-                    catch {
-                        // Best-effort: fall through to SDK get() which may omit user_id.
-                    }
-                }
-                if (!rawAccount) {
-                    rawAccount = await this.client.connectedAccounts.get(explicitId);
-                }
-                const account = rawAccount;
+                const account = await this.client.connectedAccounts.get(explicitId);
                 const accountToolkit = normalizeToolkitSlug(String(account?.toolkit?.slug || ""));
                 const accountStatus = String(account?.status || "").toUpperCase();
                 const accountUserId = String(account?.user_id || account?.userId || "").trim();
@@ -518,7 +354,18 @@ export class ComposioClient {
                             `but '${userId}' was requested. Use matching user_id or omit user_id when providing connected_account_id.`,
                     };
                 }
-                return { connectedAccountId: explicitId, userId: accountUserId || undefined };
+                if (!accountUserId) {
+                    // Fail closed: when owner is omitted by API, verify this account is ACTIVE in requested user scope.
+                    const accountMatchesRequestedUser = await this.isConnectedAccountActiveForUser(toolkit, userId, explicitId);
+                    if (!accountMatchesRequestedUser) {
+                        return {
+                            error: `Connected account '${explicitId}' ownership could not be verified for user_id '${userId}'. ` +
+                                "Use a connected_account_id that belongs to this user_id and is ACTIVE.",
+                        };
+                    }
+                    return { connectedAccountId: explicitId, userId };
+                }
+                return { connectedAccountId: explicitId, userId: accountUserId };
             }
             catch (err) {
                 return {
@@ -540,6 +387,14 @@ export class ComposioClient {
                 "Please provide connected_account_id to choose one explicitly.",
         };
     }
+    async isConnectedAccountActiveForUser(toolkit, userId, connectedAccountId) {
+        const activeAccounts = await this.listConnectedAccounts({
+            toolkits: [toolkit],
+            userIds: [userId],
+            statuses: ["ACTIVE"],
+        });
+        return activeAccounts.some((account) => account.id === connectedAccountId);
+    }
     /**
      * Get connection status for toolkits using session.toolkits()
      */
@@ -708,11 +563,15 @@ export class ComposioClient {
         return Array.from(userIds).sort();
     }
     async listConnectedAccountsRaw(options) {
+        const rawList = this.client?.client?.connectedAccounts?.list;
+        if (typeof rawList !== "function") {
+            throw new Error("Raw connected accounts list API unavailable");
+        }
         const accounts = [];
         let cursor;
         const seenCursors = new Set();
         do {
-            const response = await this.client.client.connectedAccounts.list({
+            const response = await rawList.call(this.client.client.connectedAccounts, {
                 ...(options?.toolkits && options.toolkits.length > 0 ? { toolkit_slugs: options.toolkits } : {}),
                 ...(options?.userIds && options.userIds.length > 0 ? { user_ids: options.userIds } : {}),
                 ...(options?.statuses && options.statuses.length > 0 ? { statuses: options.statuses } : {}),
@@ -731,19 +590,31 @@ export class ComposioClient {
                 accounts.push({
                     id: String(item.id || ""),
                     toolkit: toolkitSlug,
-                    userId: typeof item.user_id === "string" ? item.user_id : undefined,
+                    userId: typeof item.user_id === "string"
+                        ? item.user_id
+                        : (typeof item.userId === "string" ? item.userId : undefined),
                     status: typeof item.status === "string" ? item.status : undefined,
                     authConfigId: typeof item.auth_config?.id === "string"
                         ? item.auth_config.id
-                        : undefined,
-                    isDisabled: typeof item.is_disabled === "boolean" ? item.is_disabled : undefined,
-                    createdAt: typeof item.created_at === "string" ? item.created_at : undefined,
-                    updatedAt: typeof item.updated_at === "string" ? item.updated_at : undefined,
+                        : (typeof item.authConfig?.id === "string"
+                            ? item.authConfig.id
+                            : undefined),
+                    isDisabled: typeof item.is_disabled === "boolean"
+                        ? item.is_disabled
+                        : (typeof item.isDisabled === "boolean" ? item.isDisabled : undefined),
+                    createdAt: typeof item.created_at === "string"
+                        ? item.created_at
+                        : (typeof item.createdAt === "string" ? item.createdAt : undefined),
+                    updatedAt: typeof item.updated_at === "string"
+                        ? item.updated_at
+                        : (typeof item.updatedAt === "string" ? item.updatedAt : undefined),
                 });
             }
             cursor = Array.isArray(response)
                 ? null
-                : (response?.next_cursor ?? null);
+                : ((response?.next_cursor)
+                    ?? (response?.nextCursor)
+                    ?? null);
             if (!cursor)
                 break;
             if (seenCursors.has(cursor))
@@ -776,6 +647,9 @@ export class ComposioClient {
                 accounts.push({
                     id: String(item.id || ""),
                     toolkit: toolkitSlug,
+                    userId: typeof item.userId === "string"
+                        ? item.userId
+                        : (typeof item.user_id === "string" ? item.user_id : undefined),
                     status: typeof item.status === "string" ? item.status : undefined,
                     authConfigId: typeof item.authConfig?.id === "string"
                         ? item.authConfig.id
@@ -811,7 +685,11 @@ export class ComposioClient {
         try {
             const session = await this.getSession(uid);
             const result = await session.authorize(toolkitSlug);
-            return { authUrl: result.redirectUrl || result.url || "" };
+            const authUrl = String(result.redirectUrl || result.url || "").trim();
+            if (!authUrl) {
+                return { error: "Auth URL was not returned by provider" };
+            }
+            return { authUrl };
         }
         catch (err) {
             return {

package/dist/config.d.ts

@@ -6,7 +6,6 @@ import type { ComposioConfig } from "./types.js";
 export declare const ComposioConfigSchema: z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
     apiKey: z.ZodOptional<z.ZodString>;
-    defaultUserId: z.ZodOptional<z.ZodString>;
     allowedToolkits: z.ZodOptional<z.ZodArray<z.ZodString>>;
     blockedToolkits: z.ZodOptional<z.ZodArray<z.ZodString>>;
     readOnlyMode: z.ZodDefault<z.ZodBoolean>;
@@ -36,10 +35,6 @@ export declare const composioConfigUiHints: {
         help: string;
         sensitive: boolean;
     };
-    defaultUserId: {
-        label: string;
-        help: string;
-    };
     allowedToolkits: {
         label: string;
         help: string;
@@ -86,10 +81,6 @@ export declare const composioPluginConfigSchema: {
             help: string;
             sensitive: boolean;
         };
-        defaultUserId: {
-            label: string;
-            help: string;
-        };
         allowedToolkits: {
             label: string;
             help: string;

package/dist/config.js

@@ -6,7 +6,6 @@ import { LEGACY_ENTRY_FLAT_CONFIG_KEYS, LEGACY_SHAPE_ERROR, SESSION_TAGS, isReco
 export const ComposioConfigSchema = z.object({
     enabled: z.boolean().default(true),
     apiKey: z.string().optional(),
-    defaultUserId: z.string().optional(),
     allowedToolkits: z.array(z.string()).optional(),
     blockedToolkits: z.array(z.string()).optional(),
     readOnlyMode: z.boolean().default(false),
@@ -35,7 +34,6 @@ export function parseComposioConfig(value) {
     return ComposioConfigSchema.parse({
         enabled,
         apiKey,
-        defaultUserId: typeof source.defaultUserId === "string" ? source.defaultUserId : undefined,
         allowedToolkits: normalizeToolkitList(Array.isArray(source.allowedToolkits) ? source.allowedToolkits : undefined),
         blockedToolkits: normalizeToolkitList(Array.isArray(source.blockedToolkits) ? source.blockedToolkits : undefined),
         readOnlyMode,
@@ -57,10 +55,6 @@ export const composioConfigUiHints = {
         help: "Composio API key from platform.composio.dev/settings",
         sensitive: true,
     },
-    defaultUserId: {
-        label: "Default User ID",
-        help: "Default user ID for session scoping (optional)",
-    },
     allowedToolkits: {
         label: "Allowed Toolkits",
         help: "Restrict to specific toolkits (e.g., github, gmail)",

package/dist/index.d.ts

@@ -35,10 +35,6 @@ declare const composioPlugin: {
                 help: string;
                 sensitive: boolean;
             };
-            defaultUserId: {
-                label: string;
-                help: string;
-            };
             allowedToolkits: {
                 label: string;
                 help: string;

package/dist/tools/connections.d.ts

@@ -1,15 +1,24 @@
 import type { ComposioClient } from "../client.js";
 import type { ComposioConfig } from "../types.js";
-/**
- * Tool parameters for composio_manage_connections
- */
-export declare const ComposioManageConnectionsToolSchema: import("@sinclair/typebox").TObject<{
-    action: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"status">, import("@sinclair/typebox").TLiteral<"create">, import("@sinclair/typebox").TLiteral<"list">, import("@sinclair/typebox").TLiteral<"accounts">]>;
+export declare const ComposioManageConnectionsToolSchema: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
+    action: import("@sinclair/typebox").TLiteral<"list">;
+    user_id: import("@sinclair/typebox").TString;
+}>, import("@sinclair/typebox").TObject<{
+    action: import("@sinclair/typebox").TLiteral<"create">;
+    toolkit: import("@sinclair/typebox").TString;
+    user_id: import("@sinclair/typebox").TString;
+}>, import("@sinclair/typebox").TObject<{
+    action: import("@sinclair/typebox").TLiteral<"status">;
+    toolkit: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+    toolkits: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
+    user_id: import("@sinclair/typebox").TString;
+}>, import("@sinclair/typebox").TObject<{
+    action: import("@sinclair/typebox").TLiteral<"accounts">;
     toolkit: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
     toolkits: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
     user_id: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
     statuses: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
-}>;
+}>]>;
 /**
  * Create the composio_manage_connections tool
  */
@@ -17,14 +26,35 @@ export declare function createComposioConnectionsTool(client: ComposioClient, _c
     name: string;
     label: string;
     description: string;
-    parameters: import("@sinclair/typebox").TObject<{
-        action: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"status">, import("@sinclair/typebox").TLiteral<"create">, import("@sinclair/typebox").TLiteral<"list">, import("@sinclair/typebox").TLiteral<"accounts">]>;
+    parameters: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
+        action: import("@sinclair/typebox").TLiteral<"list">;
+        user_id: import("@sinclair/typebox").TString;
+    }>, import("@sinclair/typebox").TObject<{
+        action: import("@sinclair/typebox").TLiteral<"create">;
+        toolkit: import("@sinclair/typebox").TString;
+        user_id: import("@sinclair/typebox").TString;
+    }>, import("@sinclair/typebox").TObject<{
+        action: import("@sinclair/typebox").TLiteral<"status">;
+        toolkit: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+        toolkits: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
+        user_id: import("@sinclair/typebox").TString;
+    }>, import("@sinclair/typebox").TObject<{
+        action: import("@sinclair/typebox").TLiteral<"accounts">;
         toolkit: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
         toolkits: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
         user_id: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
         statuses: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
-    }>;
+    }>]>;
     execute(_toolCallId: string, params: Record<string, unknown>): Promise<{
+        content: {
+            type: string;
+            text: string;
+        }[];
+        details: {
+            action: string;
+            error: string;
+        };
+    } | {
         content: {
             type: string;
             text: string;
@@ -93,22 +123,12 @@ export declare function createComposioConnectionsTool(client: ComposioClient, _c
                 message: string;
             }[] | undefined;
             action: string;
-            checked_user_id: string | undefined;
-            user_id_explicit: boolean;
+            checked_user_id: string;
             count: number;
             connections: {
                 toolkit: string;
                 connected: boolean;
             }[];
         };
-    } | {
-        content: {
-            type: string;
-            text: string;
-        }[];
-        details: {
-            action: string;
-            error: string;
-        };
     }>;
 };

package/dist/tools/connections.js

@@ -2,23 +2,48 @@ import { Type } from "@sinclair/typebox";
 /**
  * Tool parameters for composio_manage_connections
  */
-export const ComposioManageConnectionsToolSchema = Type.Object({
-    action: Type.Union([Type.Literal("status"), Type.Literal("create"), Type.Literal("list"), Type.Literal("accounts")], {
-        description: "Action to perform: 'status' to check connections, 'create' to initiate auth, 'list' to list toolkits, 'accounts' to inspect connected accounts",
-    }),
-    toolkit: Type.Optional(Type.String({
-        description: "Toolkit name for 'status' or 'create' actions (e.g., 'github', 'gmail')",
-    })),
-    toolkits: Type.Optional(Type.Array(Type.String(), {
-        description: "Multiple toolkits to check status for",
-    })),
-    user_id: Type.Optional(Type.String({
-        description: "User ID for session scoping. Strongly recommended to avoid checking the wrong scope.",
-    })),
-    statuses: Type.Optional(Type.Array(Type.String(), {
-        description: "Optional connection statuses filter for 'accounts' (e.g., ['ACTIVE'])",
-    })),
+const ActionDescription = "Action to perform: 'status' to check connections, 'create' to initiate auth, " +
+    "'list' to list toolkits, 'accounts' to inspect connected accounts";
+const UserIdRequiredField = Type.String({
+    description: "Required user ID for session scoping.",
 });
+const UserIdOptionalField = Type.Optional(Type.String({
+    description: "Optional user ID filter for accounts lookup.",
+}));
+const ToolkitField = Type.Optional(Type.String({
+    description: "Toolkit name (e.g., 'github', 'gmail')",
+}));
+const ToolkitsField = Type.Optional(Type.Array(Type.String(), {
+    description: "Multiple toolkits to check status for",
+}));
+export const ComposioManageConnectionsToolSchema = Type.Union([
+    Type.Object({
+        action: Type.Literal("list", { description: ActionDescription }),
+        user_id: UserIdRequiredField,
+    }),
+    Type.Object({
+        action: Type.Literal("create", { description: ActionDescription }),
+        toolkit: Type.String({
+            description: "Toolkit name for 'create' action (e.g., 'github', 'gmail')",
+        }),
+        user_id: UserIdRequiredField,
+    }),
+    Type.Object({
+        action: Type.Literal("status", { description: ActionDescription }),
+        toolkit: ToolkitField,
+        toolkits: ToolkitsField,
+        user_id: UserIdRequiredField,
+    }),
+    Type.Object({
+        action: Type.Literal("accounts", { description: ActionDescription }),
+        toolkit: ToolkitField,
+        toolkits: ToolkitsField,
+        user_id: UserIdOptionalField,
+        statuses: Type.Optional(Type.Array(Type.String(), {
+            description: "Optional connection statuses filter for 'accounts' (e.g., ['ACTIVE'])",
+        })),
+    }),
+]);
 /**
  * Create the composio_manage_connections tool
  */
@@ -33,8 +58,18 @@ export function createComposioConnectionsTool(client, _config) {
         parameters: ComposioManageConnectionsToolSchema,
         async execute(_toolCallId, params) {
             const action = String(params.action || "status");
-            const userId = typeof params.user_id === "string" ? params.user_id : undefined;
-            const userIdWasExplicit = typeof params.user_id === "string" && params.user_id.trim().length > 0;
+            const userId = typeof params.user_id === "string" ? params.user_id.trim() : "";
+            const requiresUserId = action === "list" || action === "status" || action === "create";
+            if (requiresUserId && !userId) {
+                const errorResponse = {
+                    action,
+                    error: "user_id is required for this action",
+                };
+                return {
+                    content: [{ type: "text", text: JSON.stringify(errorResponse, null, 2) }],
+                    details: errorResponse,
+                };
+            }
             try {
                 switch (action) {
                     case "list": {
@@ -122,24 +157,21 @@ export function createComposioConnectionsTool(client, _config) {
                         const statuses = await client.getConnectionStatus(toolkitsToCheck, userId);
                         const disconnectedToolkits = statuses.filter((s) => !s.connected).map((s) => s.toolkit);
                         const hints = [];
-                        if (!userIdWasExplicit) {
-                            for (const toolkit of disconnectedToolkits) {
-                                const activeUserIds = await client.findActiveUserIdsForToolkit(toolkit);
-                                if (activeUserIds.length === 0)
-                                    continue;
-                                hints.push({
-                                    toolkit,
-                                    connected_user_ids: activeUserIds,
-                                    message: `No user_id was provided, so status checked the default scope. ` +
-                                        `'${toolkit}' has ACTIVE accounts under: ${activeUserIds.join(", ")}. ` +
-                                        "Pass user_id explicitly for deterministic results.",
-                                });
-                            }
+                        for (const toolkit of disconnectedToolkits) {
+                            const activeUserIds = await client.findActiveUserIdsForToolkit(toolkit);
+                            const otherUserIds = activeUserIds.filter((uid) => uid !== userId);
+                            if (otherUserIds.length === 0)
+                                continue;
+                            hints.push({
+                                toolkit,
+                                connected_user_ids: otherUserIds,
+                                message: `'${toolkit}' has ACTIVE accounts under other user_id(s): ${otherUserIds.join(", ")}. ` +
+                                    "Use a matching user_id to check that scope.",
+                            });
                         }
                         const response = {
                             action: "status",
                             checked_user_id: statuses[0]?.userId,
-                            user_id_explicit: userIdWasExplicit,
                             count: statuses.length,
                             connections: statuses.map((s) => ({
                                 toolkit: s.toolkit,

package/dist/tools/execute.d.ts

@@ -6,7 +6,7 @@ import type { ComposioConfig } from "../types.js";
 export declare const ComposioExecuteToolSchema: import("@sinclair/typebox").TObject<{
     tool_slug: import("@sinclair/typebox").TString;
     arguments: import("@sinclair/typebox").TUnknown;
-    user_id: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+    user_id: import("@sinclair/typebox").TString;
     connected_account_id: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
 }>;
 /**
@@ -19,7 +19,7 @@ export declare function createComposioExecuteTool(client: ComposioClient, _confi
     parameters: import("@sinclair/typebox").TObject<{
         tool_slug: import("@sinclair/typebox").TString;
         arguments: import("@sinclair/typebox").TUnknown;
-        user_id: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+        user_id: import("@sinclair/typebox").TString;
         connected_account_id: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
     }>;
     execute(_toolCallId: string, params: Record<string, unknown>): Promise<{

package/dist/tools/execute.js

@@ -9,9 +9,9 @@ export const ComposioExecuteToolSchema = Type.Object({
     arguments: Type.Unknown({
         description: "Tool arguments matching the tool's parameter schema",
     }),
-    user_id: Type.Optional(Type.String({
-        description: "User ID for session scoping. Strongly recommended to avoid executing in the wrong scope.",
-    })),
+    user_id: Type.String({
+        description: "Required user ID for session scoping.",
+    }),
     connected_account_id: Type.Optional(Type.String({
         description: "Optional connected account ID to pin execution to a specific account when multiple are connected",
     })),
@@ -45,7 +45,13 @@ export function createComposioExecuteTool(client, _config) {
             const args = rawArgs && typeof rawArgs === "object" && !Array.isArray(rawArgs)
                 ? rawArgs
                 : {};
-            const userId = typeof params.user_id === "string" ? params.user_id : undefined;
+            const userId = typeof params.user_id === "string" ? params.user_id.trim() : "";
+            if (!userId) {
+                return {
+                    content: [{ type: "text", text: JSON.stringify({ error: "user_id is required" }, null, 2) }],
+                    details: { error: "user_id is required" },
+                };
+            }
             const connectedAccountId = typeof params.connected_account_id === "string" ? params.connected_account_id : undefined;
             try {
                 const result = await client.executeTool(toolSlug, args, userId, connectedAccountId);

package/dist/tools/search.d.ts

@@ -7,7 +7,7 @@ export declare const ComposioSearchToolSchema: import("@sinclair/typebox").TObje
     query: import("@sinclair/typebox").TString;
     toolkits: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
     limit: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TNumber>;
-    user_id: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+    user_id: import("@sinclair/typebox").TString;
 }>;
 /**
  * Create the composio_search_tools tool
@@ -20,7 +20,7 @@ export declare function createComposioSearchTool(client: ComposioClient, _config
         query: import("@sinclair/typebox").TString;
         toolkits: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
         limit: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TNumber>;
-        user_id: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+        user_id: import("@sinclair/typebox").TString;
     }>;
     execute(_toolCallId: string, params: Record<string, unknown>): Promise<{
         content: {

package/dist/tools/search.js

@@ -12,9 +12,9 @@ export const ComposioSearchToolSchema = Type.Object({
     limit: Type.Optional(Type.Number({
         description: "Maximum number of results to return (default: 10, max: 50)",
     })),
-    user_id: Type.Optional(Type.String({
-        description: "User ID for session scoping (uses default if not provided)",
-    })),
+    user_id: Type.String({
+        description: "Required user ID for session scoping.",
+    }),
 });
 /**
  * Create the composio_search_tools tool
@@ -39,7 +39,13 @@ export function createComposioSearchTool(client, _config) {
                 ? params.toolkits.filter((t) => typeof t === "string")
                 : undefined;
             const limit = Math.min(typeof params.limit === "number" && params.limit > 0 ? params.limit : 10, 50);
-            const userId = typeof params.user_id === "string" ? params.user_id : undefined;
+            const userId = typeof params.user_id === "string" ? params.user_id.trim() : "";
+            if (!userId) {
+                return {
+                    content: [{ type: "text", text: JSON.stringify({ error: "user_id is required" }, null, 2) }],
+                    details: { error: "user_id is required" },
+                };
+            }
             try {
                 const results = await client.searchTools(query, { toolkits, limit, userId });
                 const response = {

package/dist/types.d.ts

@@ -5,7 +5,6 @@ export type ComposioSessionTag = "readOnlyHint" | "destructiveHint" | "idempoten
 export interface ComposioConfig {
     enabled: boolean;
     apiKey?: string;
-    defaultUserId?: string;
     allowedToolkits?: string[];
     blockedToolkits?: string[];
     readOnlyMode?: boolean;
@@ -28,7 +27,7 @@ export interface ToolExecutionResult {
 export interface ConnectionStatus {
     toolkit: string;
     connected: boolean;
-    userId?: string;
+    userId: string;
     authUrl?: string;
 }
 export interface ConnectedAccountSummary {

package/openclaw.plugin.json

@@ -14,10 +14,6 @@
         "type": "string",
         "description": "Composio API key (or set COMPOSIO_API_KEY env var)"
       },
-      "defaultUserId": {
-        "type": "string",
-        "description": "Default user ID for session scoping"
-      },
       "allowedToolkits": {
         "type": "array",
         "items": { "type": "string" },
@@ -59,10 +55,6 @@
       "help": "Composio API key from platform.composio.dev/settings",
       "sensitive": true
     },
-    "defaultUserId": {
-      "label": "Default User ID",
-      "help": "Default user ID for session scoping (optional)"
-    },
     "allowedToolkits": {
       "label": "Allowed Toolkits",
       "help": "Restrict to specific toolkits (e.g., github, gmail)",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@customclaw/composio",
-  "version": "0.0.10",
+  "version": "0.0.11",
   "type": "module",
   "description": "Composio Tool Router plugin for OpenClaw — access 1000+ third-party integrations",
   "main": "dist/index.js",