clementine-agent 1.12.2 → 1.12.4

package/dist/agent/assistant.js

@@ -1108,7 +1108,7 @@ export class PersonalAssistant {
     }
     // ── System Prompt Builder ─────────────────────────────────────────
     buildSystemPrompt(opts = {}) {
-        const { isHeartbeat = false, cronTier = null, retrievalContext = '', profile = null, sessionKey = null, model = null, verboseLevel, intentClassification = null } = opts;
+        const { isHeartbeat = false, cronTier = null, retrievalContext = '', profile = null, sessionKey = null, model = null, verboseLevel, intentClassification = null, composioConnectedSlugs = [] } = opts;
         const isAutonomous = isHeartbeat || cronTier !== null;
         // `parts` = stable prefix (cacheable across turns). `volatileParts` =
         // suffix that changes per-turn (date/time, live integration status).
@@ -1566,6 +1566,25 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             }
             catch { /* non-fatal */ }
         }
+        // Composio tool preference — when a Composio toolkit has an active
+        // connection AND a Claude Desktop equivalent exists, the agent tends to
+        // default to the Claude Desktop tool (mcp__claude_ai_*) because those
+        // names appear in Claude's training and feel familiar. The Composio
+        // versions (mcp__<slug>__*) usually have broader scope (full inbox vs.
+        // limited preview, write access vs. read-only, etc.), so we explicitly
+        // steer toward them when present. Only emitted when at least one
+        // connection is live — otherwise it's noise.
+        if (composioConnectedSlugs.length > 0) {
+            const slugs = composioConnectedSlugs.slice().sort().join(', ');
+            volatileParts.push(`## Composio Tools (Preferred)\n\n` +
+                `Connected Composio toolkits: ${slugs}.\n\n` +
+                `**Always prefer the Composio tool over the Claude Desktop equivalent** when both are available for the same service:\n` +
+                `- For Outlook/email: use \`mcp__outlook__*\` (NOT \`mcp__claude_ai_Microsoft_365__*\`)\n` +
+                `- For Gmail: use \`mcp__gmail__*\` (NOT \`mcp__claude_ai_Gmail__*\`)\n` +
+                `- For Google Drive: use \`mcp__googledrive__*\` (NOT \`mcp__claude_ai_Google_Drive__*\`)\n` +
+                `- For Google Calendar/Sheets/Docs/Slack/Notion/etc.: same pattern — Composio first.\n\n` +
+                `Why: Composio tools have broader scope (full inbox/file access, write capabilities) and are tied to OAuth tokens you control directly. Use Claude Desktop tools only as fallback when no Composio equivalent is connected.`);
+        }
         // Conversational context — same signals the insight engine surfaces
         // proactively (Phase 10), but injected directly into the agent's prompt
         // so it can adjust its own approach. Scoped to chat sessions because
@@ -1852,8 +1871,28 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
         // (added in @anthropic-ai/claude-agent-sdk 0.2.119) tells the prompt
         // cache exactly where the boundary is, so cross-turn cache hits work
         // even when our per-turn goals/memory block changes.
+        // Composio toolkits — build first so we can pass connected slugs into
+        // buildSystemPrompt for the "prefer Composio over claude.ai" rule.
+        // Each connected toolkit becomes an in-process MCP server
+        // (mcp__gmail__*, mcp__slack__*, …). Profile-level allowlist
+        // (profile.allowedComposioToolkits) constrains which toolkits this
+        // agent sees; omit to surface every active connection.
+        let composioMcpServers = {};
+        if (!disableAllTools && !isPlanStep) {
+            try {
+                const { buildComposioMcpServers } = await import('../integrations/composio/mcp-bridge.js');
+                const allowList = profile?.allowedComposioToolkits;
+                composioMcpServers = await buildComposioMcpServers(allowList);
+            }
+            catch (err) {
+                // Composio is purely additive — never block the agent if it fails.
+                logger.debug({ err }, 'Composio MCP servers unavailable');
+            }
+        }
+        const composioConnectedSlugs = Object.keys(composioMcpServers);
         const { stable, volatile: volatilePromptPart } = this.buildSystemPrompt({
             isHeartbeat, cronTier: isPlanStep ? null : cronTier, retrievalContext, profile, sessionKey, model, verboseLevel, intentClassification,
+            composioConnectedSlugs,
         });
         const stablePrefixParts = [stable, securityPrompt]
             .filter(s => s && s.trim().length > 0);
@@ -1928,22 +1967,6 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             }
         }
         catch { /* non-fatal — run with just Clementine's own server */ }
-        // Composio toolkits — each connected toolkit becomes an in-process MCP
-        // server (mcp__gmail__*, mcp__slack__*, …). Profile-level allowlist
-        // (profile.allowedComposioToolkits) constrains which toolkits this agent
-        // sees; omit it to surface every active connection.
-        let composioMcpServers = {};
-        if (!disableAllTools && !isPlanStep) {
-            try {
-                const { buildComposioMcpServers } = await import('../integrations/composio/mcp-bridge.js');
-                const allowList = profile?.allowedComposioToolkits;
-                composioMcpServers = await buildComposioMcpServers(allowList);
-            }
-            catch (err) {
-                // Composio is purely additive — never block the agent if it fails.
-                logger.debug({ err }, 'Composio MCP servers unavailable');
-            }
-        }
         // Permission mode: always 'bypassPermissions' — this is a daemon/harness with no interactive
         // terminal, so 'auto' mode (which requires plan support + human approval) doesn't apply.
         const effectivePermissionMode = 'bypassPermissions';

package/dist/cli/dashboard.js

@@ -4555,6 +4555,21 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
             res.status(500).json({ error: String(err) });
         }
     });
+    // Force-refresh the Composio caches. Useful when the user just made a
+    // connection in Composio's web UI and wants the agent to pick it up
+    // immediately instead of waiting up to 60s for the user_id cache to
+    // expire. Agents can also call this after surfacing a "needs OAuth"
+    // error to retry cleanly.
+    app.post('/api/composio/refresh', async (_req, res) => {
+        try {
+            const c = await import('../integrations/composio/client.js');
+            c.resetComposioClient();
+            res.json({ ok: true, message: 'Composio caches cleared — next query will re-detect.' });
+        }
+        catch (err) {
+            res.status(500).json({ error: String(err) });
+        }
+    });
     // ── CRON CRUD routes ──────────────────────────────────────────
     app.get('/api/projects', (_req, res) => {
         try {

package/dist/integrations/composio/client.js

@@ -108,13 +108,22 @@ export function clementineUserId() {
     return readComposioEnv('COMPOSIO_USER_ID') || DEFAULT_NEW_CONNECTION_USER_ID;
 }
 // Cached after first detection — avoids extra API calls per authorize.
+// Cache the detected user_id but only briefly. New connections made via
+// Composio's web UI (outside Clementine) need to be picked up without a
+// daemon restart — long-lived caching breaks that. 60s is short enough
+// for "hit dashboard → connect in Composio web → use it from agent" to
+// work without explicit invalidation, and long enough that within-burst
+// queries don't hammer the API.
 let detectedPreferredUserId = null;
+let detectedAt = 0;
+const USER_ID_CACHE_TTL_MS = 60_000;
 async function detectPreferredUserId(composio) {
     const explicit = readComposioEnv('COMPOSIO_USER_ID');
     if (explicit)
         return explicit;
-    if (detectedPreferredUserId !== null)
+    if (detectedPreferredUserId !== null && Date.now() - detectedAt < USER_ID_CACHE_TTL_MS) {
         return detectedPreferredUserId;
+    }
     // The high-level wrapper's list() drops the snake_case `user_id` field
     // during its camelCase transformation, so connections look like they have
     // no user_id. Use the raw client (snake_case shape) to actually read the
@@ -141,6 +150,7 @@ async function detectPreferredUserId(composio) {
             const top = [...counts.entries()].sort((a, b) => b[1] - a[1])[0][0];
             logger.info({ userId: top, candidates: counts.size }, 'Detected Composio user_id from existing connections');
             detectedPreferredUserId = top;
+            detectedAt = Date.now();
             return top;
         }
     }
@@ -151,6 +161,7 @@ async function detectPreferredUserId(composio) {
     // requires a non-empty string, and "default" is the conventional
     // single-tenant value that Composio's quickstart uses.
     detectedPreferredUserId = DEFAULT_NEW_CONNECTION_USER_ID;
+    detectedAt = Date.now();
     return DEFAULT_NEW_CONNECTION_USER_ID;
 }
 export function displayNameFor(slug) {
@@ -517,6 +528,10 @@ _opts) {
     try {
         const conn = await composio.toolkits.authorize(userId, slug);
         logger.info({ slug, userId, connectionId: conn.id }, 'Composio authorize OK');
+        // Force re-detect on the next query so the new connection (and any
+        // others created in parallel via Composio's web UI) get picked up
+        // immediately, even within the 60s TTL window.
+        detectedPreferredUserId = null;
         return { redirectUrl: conn.redirectUrl ?? null, connectionId: conn.id };
     }
     catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.12.2",
+  "version": "1.12.4",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",