feat: add an option to use custom creds for toolkits with Composio managed auth.

[Uday-sidagana]

The PR includes updated base component and minor bug fixes:
— Custom credentials option added for toolkits with composition-managed authentication. Fixed persistent authentication fields after connection in Tool mode.
Backend changes: src/lfx/src/lfx/base/composio/composio_base.py

Summary by CodeRabbit

• New Features

  • Added a managed authentication option that appears when available.
  • Introduced an Auth Mode pill UI when connected.
  • Expanded support for common auth fields with secure placeholders.

• Improvements

  • More reliable schema retrieval and standardized rendering of required/optional auth fields.
  • Dynamic show/hide and reset of auth fields based on connection state and mode.
  • Consistent field ordering before the primary action and broader protection of critical auth fields.

• Refactor

  • Streamlined internal auth field management for consistency across toolkits.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Adds predefined hidden auth placeholders to the base schema, consolidates toolkit schema retrieval, and expands auth-mode handling. Introduces helpers for inserting fields before action buttons, clearing/hiding dynamic auth fields, and tracking auth field names. Refactors text-field creation and custom auth rendering. Updates build-config logic for connected states and auth-mode pill UI.

Changes

Cohort / File(s)	Summary of changes
Auth placeholders and schema handling src/lfx/src/lfx/base/composio/composio_base.py	Added numerous hidden auth placeholder fields to base inputs; consolidated schema retrieval via composio.toolkits.get(slug=app_slug); auto-prepend "Composio_Managed" auth mode when present; expanded collection and global tracking of auth field names.
Dynamic auth field lifecycle src/lfx/src/lfx/base/composio/composio_base.py	Added helpers: _insert_field_before_action_button, _clear_auth_fields_from_schema; introduced _clear_auth_dynamic_fields; broadened _hide_all_action_fields to protect predefined and discovered auth fields across instances.
UI field rendering and ordering src/lfx/src/lfx/base/composio/composio_base.py	Refactored _add_text_field (new signature with keyword-only required; sensitive fields become SecretStrInput), always inserting before action_button and tracking names; generalized custom auth rendering via process_fields; added auth-mode pill UI conversion in connected state.
Build config updates and visibility logic src/lfx/src/lfx/base/composio/composio_base.py	Tightened update_build_config to conditionally render/hide auth fields based on connection state and mode; clears/resets dynamic fields when switching states; manages dropdown-to-pill and pill-to-dropdown transitions for auth mode.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant UI as Component UI
  participant Comp as ComposioBaseComponent
  participant TK as Toolkit Schema
  participant Auth as Auth State

  User->>UI: Open/Configure tool
  UI->>Comp: build_config update
  Comp->>TK: get(slug=app_slug)
  TK-->>Comp: toolkit schema (auth fields, modes)
  Comp->>Comp: collect auth field names / insert placeholders
  alt Managed auth available
    Comp->>Comp: prepend "Composio_Managed" mode
  end
  alt Not connected
    Comp->>UI: render auth fields before action_button
  else Connected
    Comp->>UI: convert auth_mode dropdown -> pill
    Comp->>Comp: clear/hide dynamic auth fields
  end
  User->>UI: Change auth mode / connect
  UI->>Comp: state change
  Comp->>Comp: reset/rehydrate visibility and values
  Comp->>UI: updated field ordering and visibility

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: updated component with new Auth mode support. #9756 — Similar edits to composio_base.py around dynamic auth-mode UI, helper methods for auth fields, and schema-driven field management.

Suggested labels

enhancement

Suggested reviewers

• edwinjosechittilappilly

Pre-merge checks and finishing touches

❌ Failed checks (1 error, 2 warnings)

Check name	Status	Explanation	Resolution
Test Coverage For New Implementations	❌ Error	No new or updated test files accompany the extensive authentication logic changes in src/lfx/src/lfx/base/composio/composio_base.py, and the repository contains no tests covering the ComposioBaseComponent; consequently the new feature lacks both unit and integration regression coverage. Given the scale and risk profile of the changes, this absence of targeted tests violates the custom check requirement for ensuring appropriate test coverage for new implementations.	Please add meaningful unit and, if applicable, integration tests that validate the new custom-credential authentication flows, including scenarios around defaulted schema fields and managed mode transitions, so the updated behavior is exercised and protected.
Docstring Coverage	⚠️ Warning	Docstring coverage is 72.73% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Test Quality And Coverage	⚠️ Warning	No automated tests appear in this pull request: there are no new or updated test files, and the only modified file is the backend implementation src/lfx/src/lfx/base/composio/composio_base.py. Consequently the substantial new logic for managing custom Composio authentication flows—field rendering, hiding, and state transitions—lacks any direct test coverage, leaving the main functionality unverified and the quality of the test suite unchanged.	Add backend pytest coverage that exercises the new custom-auth handling, including rendering fields with defaults, toggling between managed and custom modes, and verifying that hidden or cleared fields behave correctly during connection state changes.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly summarizes the primary change by stating the addition of custom credential support for Composio-managed toolkits, matching the PR’s objectives around authentication enhancements.
Test File Naming And Structure	✅ Passed	No new or modified test files are present in this pull request, so there are no naming, structural, or coverage deviations to evaluate against the specified testing conventions; consequently, the existing code remains compliant with the custom check requirements.
Excessive Mock Usage Warning	✅ Passed	No test files in this pull request introduce or modify mocks, and a repository-wide search did not reveal any new or existing tests whose behavior changed to rely on excessive mocking, so there is no evidence of problematic mock usage tied to the proposed changes.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f24a064 and 871d5f7.

📒 Files selected for processing (1)

• src/lfx/src/lfx/base/composio/composio_base.py (17 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/lfx/src/lfx/base/composio/composio_base.py (3)

src/lfx/src/lfx/inputs/inputs.py (3)

• SecretStrInput (286-341)
• StrInput (126-182)
• TabInput (547-577)

src/lfx/src/lfx/inputs/input_mixin.py (1)

• to_dict (100-101)

src/lfx/src/lfx/components/agents/agent.py (1)

• update_input_types (467-475)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Update Starter Projects

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don't drop schema fields just because they define defaults.

process_fields exits early for every entry where the schema provides a default, so any credential whose schema ships with a placeholder (many Composio toolkits set required fields to "" or preset URLs) never renders. That breaks the new “custom creds” flow because the user cannot override those values, nor satisfy required fields. Show the field and pass the default through instead of skipping it.

-                default_val = field.get("default")
-                if default_val is not None:
-                    continue
+                default_val = field.get("default")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	def process_fields(field_list: list, *, required: bool) -> None:
	for field in field_list:
	name = field.get("name")
	if not name:
	continue
	# Skip Access Token field (bearer_token)
	if name == "bearer_token":
	continue
	# Skip fields with default values for both required and optional fields
	default_val = field.get("default")
	if default_val is not None:
	continue
	disp = field.get("display_name") or field.get("displayName") or name
	desc = field.get("description")
	self._add_text_field(build_config, name, disp, desc, required=required, default_value=default_val)
	def process_fields(field_list: list, *, required: bool) -> None:
	for field in field_list:
	name = field.get("name")
	if not name:
	continue
	# Skip Access Token field (bearer_token)
	if name == "bearer_token":
	continue
	# Skip fields with default values for both required and optional fields
	- default_val = field.get("default")
	- if default_val is not None:
	default_val = field.get("default")
	disp = field.get("display_name") or field.get("displayName") or name
	desc = field.get("description")
	self._add_text_field(build_config, name, disp, desc, required=required, default_value=default_val)

🤖 Prompt for AI Agents

In src/lfx/src/lfx/base/composio/composio_base.py around lines 1331 to 1345, the
current logic skips any schema field that has a default value which causes
fields with placeholders to never render; instead, remove the early "continue"
for default_val and always call self._add_text_field for the field (except when
name is missing or name == "bearer_token"), passing default_val through as the
default_value argument so the UI shows the field and pre-populates the provided
default while still allowing the user to override it.

[edwinjosechittilappilly]

@Uday-sidagana Please fix the conflicts.

[edwinjosechittilappilly]

LGTM

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud