clementine-agent 1.12.0 → 1.12.2

package/dist/cli/dashboard.js

@@ -4406,8 +4406,16 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
             // This replaces the hardcoded CURATED_TOOLKITS — slug typos are now
             // impossible because we render directly from Composio's data, and
             // newly-added services appear automatically.
-            const [catalog, connected, configured] = await Promise.all([
-                c.listAllToolkits(),
+            let catalog = [];
+            let catalogError = null;
+            try {
+                catalog = await c.listAllToolkits();
+            }
+            catch (err) {
+                catalogError = err?.message ?? String(err);
+                console.error('[composio] catalog fetch failed:', catalogError);
+            }
+            const [connected, configured] = await Promise.all([
                 c.listConnectedToolkits(),
                 c.listToolkitSlugsWithAuthConfig(),
             ]);
@@ -4475,6 +4483,7 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
                 toolkits,
                 featured: featured.map(t => t.slug),
                 totalCount: toolkits.length,
+                catalogError,
             });
         }
         catch (err) {
@@ -15435,7 +15444,14 @@ function navigateTo(page, opts) {
       if (bt === 'learning' && typeof refreshSelfImprove === 'function') refreshSelfImprove();
       break;
     case 'settings':
-      switchDestTab('settings', opts.tab || 'channels');
+      // Settings tabs use the switchTab() system (id="tab-settings-<tab>"),
+      // not switchDestTab's [data-tab] selector. Default tab name is
+      // 'general' (the "Channels & Env" pane) to match the HTML id.
+      switchTab('settings', opts.tab || 'general');
+      // 'general' has no auto-refresh in switchTab — kick it manually so
+      // the Channels & Env card actually loads from /api/settings instead
+      // of stalling on "Loading settings…".
+      if ((opts.tab || 'general') === 'general' && typeof refreshSettings === 'function') refreshSettings();
       break;
   }
 
@@ -15837,6 +15853,7 @@ function switchTab(group, tab) {
     if (tab === 'learning' && typeof refreshSelfImprove === 'function') refreshSelfImprove();
   }
   if (group === 'settings') {
+    if (tab === 'general' && typeof refreshSettings === 'function') refreshSettings();
     if (tab === 'integrations') { refreshSalesforce(); refreshComposioConnections(); }
     if (tab === 'remote') refreshRemoteAccess();
     if (tab === 'security') refreshAuthSessions();
@@ -25794,7 +25811,18 @@ async function refreshComposioConnections() {
     }
     var toolkits = d.toolkits || [];
     if (toolkits.length === 0) {
-      container.innerHTML = '<div class="empty-state" style="padding:16px">No toolkits available. Check that your Composio API key is valid.</div>';
+      // Distinguish "catalog fetch failed" from "user has nothing connected".
+      // Surfacing d.catalogError tells us if Composio rejected the catalog
+      // call (different permission than connectedAccounts.list, etc.).
+      var msg = d.catalogError
+        ? 'Could not load toolkits from Composio: <code style="color:var(--red);font-size:11px">' + esc(d.catalogError) + '</code>'
+        : 'Composio returned an empty toolkit catalog. This is unusual — try refreshing.';
+      container.innerHTML =
+        '<div style="padding:16px">' +
+        '<div style="margin-bottom:12px;font-size:13px">' + msg + '</div>' +
+        '<div style="font-size:11px;color:var(--text-muted);margin-bottom:12px">If your existing connections (e.g. Outlook) work via the agent, your API key is valid — the catalog endpoint may require a different permission tier or there\\'s a transient API issue.</div>' +
+        '<button class="btn btn-sm btn-primary" onclick="refreshComposioConnections()">Retry</button>' +
+        '</div>';
       return;
     }
     // Stash full catalog in a closure so the search input can re-render
@@ -25916,9 +25944,13 @@ async function saveComposioApiKey() {
 }
 
 async function connectComposio(slug) {
+  // Open a blank popup SYNCHRONOUSLY inside the click handler. Browsers
+  // only let popups through if they're a direct user gesture — once we
+  // hit the await below, the gesture is "consumed" and any later
+  // window.open() gets silently blocked by Chrome/Safari/Firefox.
+  // We'll redirect this blank window to the OAuth URL once we have it.
+  var popup = window.open('about:blank', '_blank');
   try {
-    // Use apiFetch (not raw fetch) so the Authorization: Bearer header is
-    // attached — the /api/* middleware rejects unauth'd POSTs with 401.
     var res = await apiFetch('/api/composio/toolkits/' + encodeURIComponent(slug) + '/authorize', {
       method: 'POST',
       headers: { 'content-type': 'application/json' },
@@ -25927,27 +25959,61 @@ async function connectComposio(slug) {
     var d = await res.json();
     if (res.status === 409 && d.needsAuthConfig) {
       toast('This toolkit needs a BYO OAuth app — opening Composio dashboard.', 'warn');
-      window.open(d.setupUrl, '_blank');
+      if (popup && !popup.closed) popup.location.href = d.setupUrl;
+      else showOAuthLinkPrompt(slug, d.setupUrl);
       return;
     }
     if (!res.ok) {
+      if (popup && !popup.closed) popup.close();
       var reason = d.error || ('HTTP ' + res.status);
       toast('Connect failed: ' + reason, 'error');
       console.error('[composio] connect failed', { slug: slug, status: res.status, body: d });
       return;
     }
     if (d.redirectUrl) {
-      window.open(d.redirectUrl, '_blank');
-      toast('Opened ' + slug + ' authorization in a new tab. Refresh after approving.', 'info');
-      // Soft poll to catch the new connection without forcing a manual refresh.
+      if (popup && !popup.closed) {
+        popup.location.href = d.redirectUrl;
+        toast('Authorize ' + slug + ' in the new tab, then come back here.', 'info');
+      } else {
+        // Popup got blocked even with the synchronous-open trick (some
+        // browsers / extensions block about:blank too). Fall back to a
+        // visible "click to open" dialog — that click is a direct gesture
+        // and reliably bypasses the blocker.
+        showOAuthLinkPrompt(slug, d.redirectUrl);
+      }
       setTimeout(refreshComposioConnections, 5000);
       setTimeout(refreshComposioConnections, 15000);
       setTimeout(refreshComposioConnections, 30000);
     } else {
+      if (popup && !popup.closed) popup.close();
       toast('Connected ' + slug, 'success');
       refreshComposioConnections();
     }
-  } catch (e) { toast('Connect failed: ' + e, 'error'); }
+  } catch (e) {
+    if (popup && !popup.closed) popup.close();
+    toast('Connect failed: ' + e, 'error');
+  }
+}
+
+function showOAuthLinkPrompt(slug, url) {
+  // Renders a modal with a clickable link. User clicking the link is a
+  // direct gesture, so the new tab will open even when popup blockers are
+  // aggressive. Used as the fallback when window.open returns null.
+  var existing = document.getElementById('composio-oauth-prompt');
+  if (existing) existing.remove();
+  var overlay = document.createElement('div');
+  overlay.id = 'composio-oauth-prompt';
+  overlay.style.cssText = 'position:fixed;inset:0;background:rgba(0,0,0,0.5);z-index:9999;display:flex;align-items:center;justify-content:center';
+  overlay.innerHTML =
+    '<div style="background:var(--bg-primary,#1e1e1e);border:1px solid var(--border);border-radius:8px;padding:20px;max-width:480px;width:90%;box-shadow:0 8px 32px rgba(0,0,0,0.4)">' +
+    '<div style="font-size:14px;font-weight:600;margin-bottom:8px">Authorize ' + esc(slug) + '</div>' +
+    '<div style="font-size:12px;color:var(--text-muted);margin-bottom:14px;line-height:1.5">Your browser blocked the popup. Click below to open the authorization page in a new tab — after approving, come back here and the connection will show up within a few seconds.</div>' +
+    '<div style="display:flex;gap:8px;justify-content:flex-end">' +
+    '<button class="btn-sm" onclick="document.getElementById(\\'composio-oauth-prompt\\').remove()" style="padding:6px 12px;background:transparent;border:1px solid var(--border);color:var(--text-primary);border-radius:4px;cursor:pointer;font-size:12px">Cancel</button>' +
+    '<a href="' + esc(url) + '" target="_blank" rel="noopener" onclick="setTimeout(function(){var e=document.getElementById(\\'composio-oauth-prompt\\');if(e)e.remove();},500)" class="btn btn-sm btn-primary" style="text-decoration:none;padding:6px 14px;display:inline-block;font-size:12px">Open authorization</a>' +
+    '</div>' +
+    '</div>';
+  document.body.appendChild(overlay);
 }
 
 async function disconnectComposio(slug, connectionId) {

package/dist/integrations/composio/client.d.ts

@@ -79,8 +79,8 @@ export interface CatalogToolkit {
  * static CURATED_TOOLKITS array as the source of truth for the dashboard
  * Connections panel — slug typos are now impossible because we render from
  * Composio's own data, and new services appear automatically as they're
- * added. Cached at module level for 1 hour; resetComposioClient() clears
- * the cache when the API key changes.
+ * added. Cached at module level for 1 hour on success; failures don't
+ * cache (so the next request retries instead of returning stale empty).
  */
 export declare function listAllToolkits(): Promise<CatalogToolkit[]>;
 export declare function listToolkitMeta(): Promise<Map<string, ToolkitMeta>>;

package/dist/integrations/composio/client.js

@@ -342,57 +342,88 @@ const CATALOG_TTL_MS = 60 * 60 * 1000; // 1h — catalog drifts very slowly
  * static CURATED_TOOLKITS array as the source of truth for the dashboard
  * Connections panel — slug typos are now impossible because we render from
  * Composio's own data, and new services appear automatically as they're
- * added. Cached at module level for 1 hour; resetComposioClient() clears
- * the cache when the API key changes.
+ * added. Cached at module level for 1 hour on success; failures don't
+ * cache (so the next request retries instead of returning stale empty).
  */
 export async function listAllToolkits() {
     const now = Date.now();
-    if (catalogCache && now - catalogCache.at < CATALOG_TTL_MS) {
+    if (catalogCache && catalogCache.data.length > 0 && now - catalogCache.at < CATALOG_TTL_MS) {
         return catalogCache.data;
     }
     const composio = getComposio();
     if (!composio)
         return [];
-    const out = [];
-    let cursor;
-    // Bounded loop — 30 pages × 500 items = 15K ceiling, far more than any
-    // realistic catalog. Composio currently returns ~1.5K items across 3
-    // pages, but the cap makes a runaway impossible.
-    for (let page = 0; page < 30; page++) {
+    // Try the raw client first — supports cursor pagination so we get the full
+    // 1000+ catalog. If that errors (some API keys / plans restrict it), fall
+    // back to the high-level wrapper which returns up to 500 in one shot.
+    let result = [];
+    let lastError = null;
+    try {
+        result = await fetchCatalogViaRawClient(composio);
+    }
+    catch (err) {
+        lastError = err;
+        logger.warn({ err }, 'Raw-client toolkit list failed — falling back to high-level wrapper');
+    }
+    if (result.length === 0) {
         try {
-            const rawClient = composio.client;
-            const resp = await rawClient.toolkits.list({
-                limit: 500,
-                ...(cursor ? { cursor } : {}),
-            });
-            const items = (resp?.items ?? []);
-            for (const it of items) {
-                const managed = (it.composioManagedAuthSchemes ?? it.composio_managed_auth_schemes ?? []);
-                const schemes = (it.authSchemes ?? it.auth_schemes ?? []);
-                const noAuth = it.noAuth ?? it.no_auth ?? false;
-                out.push({
-                    slug: it.slug,
-                    name: it.name,
-                    logoUrl: it.meta?.logo,
-                    description: it.meta?.description,
-                    toolsCount: it.meta?.toolsCount ?? it.meta?.tools_count,
-                    authMode: noAuth ? 'none' : (managed.length > 0 ? 'managed' : (schemes.length > 0 ? 'byo' : 'none')),
-                    categories: it.meta?.categories ?? [],
-                });
-            }
-            cursor = resp?.next_cursor ?? resp?.nextCursor;
-            if (!cursor || items.length === 0)
-                break;
+            result = await fetchCatalogViaWrapper(composio);
         }
         catch (err) {
-            logger.warn({ err, page }, 'listAllToolkits page failed — stopping pagination');
-            break;
+            lastError = err;
+            logger.error({ err }, 'High-level toolkit list also failed');
         }
     }
-    catalogCache = { at: now, data: out };
-    logger.info({ count: out.length }, 'Composio catalog fetched');
+    if (result.length === 0) {
+        // Surface whichever error we hit so the dashboard can render something
+        // actionable instead of "no toolkits available".
+        const detail = lastError?.message ?? 'Unknown error';
+        throw new Error(`Composio catalog fetch failed: ${detail}`);
+    }
+    catalogCache = { at: now, data: result };
+    logger.info({ count: result.length }, 'Composio catalog fetched');
+    return result;
+}
+function normalizeCatalogItem(it) {
+    const managed = (it.composioManagedAuthSchemes ?? it.composio_managed_auth_schemes ?? []);
+    const schemes = (it.authSchemes ?? it.auth_schemes ?? []);
+    const noAuth = it.noAuth ?? it.no_auth ?? false;
+    return {
+        slug: it.slug,
+        name: it.name,
+        logoUrl: it.meta?.logo,
+        description: it.meta?.description,
+        toolsCount: it.meta?.toolsCount ?? it.meta?.tools_count,
+        authMode: noAuth ? 'none' : (managed.length > 0 ? 'managed' : (schemes.length > 0 ? 'byo' : 'none')),
+        categories: it.meta?.categories ?? [],
+    };
+}
+async function fetchCatalogViaRawClient(composio) {
+    const out = [];
+    let cursor;
+    // Bounded loop — 30 pages × 500 items = 15K ceiling.
+    for (let page = 0; page < 30; page++) {
+        const rawClient = composio.client;
+        const resp = await rawClient.toolkits.list({
+            limit: 500,
+            ...(cursor ? { cursor } : {}),
+        });
+        const items = (resp?.items ?? []);
+        for (const it of items)
+            out.push(normalizeCatalogItem(it));
+        cursor = resp?.next_cursor ?? resp?.nextCursor;
+        if (!cursor || items.length === 0)
+            break;
+    }
     return out;
 }
+async function fetchCatalogViaWrapper(composio) {
+    // High-level wrapper returns an array (up to limit). No cursor support
+    // through this path, so we cap at the documented max. Better than zero.
+    const resp = await composio.toolkits.get({ limit: 500 });
+    const items = (Array.isArray(resp) ? resp : (resp?.items ?? []));
+    return items.map(normalizeCatalogItem);
+}
 async function fetchAllToolkitMeta() {
     const composio = getComposio();
     if (!composio)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.12.0",
+  "version": "1.12.2",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",