feat(composio): add tags query param to GitHub tool list API

[M3gA-Mind]

Summary

• Adds optional tags query parameter to the composio list_tools operation — passed as ?tags=<csv> to GET /agent-integrations/composio/tools
• Tags are silently dropped for non-GitHub toolkits (GitHub-only feature matching backend behaviour)
• OR semantics: multiple tags broaden the result set (Composio unions all matching tools server-side)
• Wires tags through the full stack: Rust client → ops.rs → RPC schema → agent tools.rs parameter schema

Changes

Layer	Change
src/openhuman/composio/client.rs	list_tools(toolkits, tags) — appends &tags=<csv> when non-empty
src/openhuman/composio/ops.rs	composio_list_tools + fetch_toolkit_actions accept tags; GitHub gate applied
src/openhuman/composio/schemas.rs	tags field added to openhuman.composio_list_tools controller schema
src/openhuman/composio/tools.rs	Agent tool exposes tags in parameters_schema(); same GitHub gate
src/openhuman/composio/client_tests.rs	Tests for tags-only, toolkits+tags, empty-tags cases
scripts/mock-api/routes/integrations.mjs	Mock server handles composioToolsByTag_<tag> knobs with OR union
app/test/e2e/specs/composio-github-tools-tags.spec.ts	New E2E spec GT.1–GT.4 (single tag, OR union, non-GitHub strips tags, full agent turn)
app/test/e2e/helpers/rpc-preflight.ts	Added openhuman.composio_list_tools to required RPC methods

Test plan

• pnpm test:rust — client_tests.rs new cases pass
• pnpm test (Vitest) — no regressions
• E2E GT.1: tags=["stars"] returns only starred tools, mock URL has ?toolkits=github&tags=stars
• E2E GT.2: tags=["stars","repos"] returns the union (5 tools)
• E2E GT.3: gmail + tags=["stars"] → tags stripped, mock URL has no tags=
• E2E GT.4: agent prompt "list my starred GitHub repos" → tool call → reply mentions awesome-rust
• Manual curl against staging: ?toolkits=github&tags=stars returns ~3 tools vs ~50 without tags

Summary by CodeRabbit

• New Features

  • Composio tools can be filtered by tags (tags are forwarded when applicable, e.g., GitHub).

• Tests

  • Added E2E tests covering tag-based tool filtering across multiple scenarios and request/response validation.

• Bug Fixes / Mocks

  • Mock integrations now return tool lists honoring toolkit and tag query parameters.

• Chores

  • E2E preflight now requires the Composio list-tools RPC method to be available.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4ee03505-a79b-4a8c-8aec-063046b2fed3

📥 Commits

Reviewing files that changed from the base of the PR and between 167a765 and 93cfaa9.

📒 Files selected for processing (1)

• src/openhuman/composio/ops_test.rs

---

📝 Walkthrough

Walkthrough

Adds an optional tags filter to Composio tool listing; tags are forwarded only when GitHub is requested (or when no toolkit filter is present). Changes update the HTTP client, RPC schema/handler, ops logic (including tag-routing), tool execution, mock server, call sites, and E2E tests.

Changes

Composio GitHub Tag Filtering

Layer / File(s)	Summary
Composio HTTP client API contract and tests src/openhuman/composio/client.rs, src/openhuman/composio/client_tests.rs	ComposioClient::list_tools() signature extended with optional tags parameter; query URL construction handles both toolkits=<csv> and tags=<csv>. Client tests expanded to validate no-filter, toolkits-only, tags-only, and combined filter scenarios.
RPC schema definition and handler integration src/openhuman/composio/schemas.rs	composio.list_tools RPC schema adds optional tags: Vec<String> input field. handle_list_tools handler parses tags and forwards both toolkits and tags to ops.
Ops implementation with GitHub-scoped tag filtering src/openhuman/composio/ops.rs	composio_list_tools() and fetch_toolkit_actions() now accept optional tags. Compute effective_tags that forward to client only when toolkit includes GitHub (case-insensitive) or when no toolkit filter; suppress tags for other toolkits. Update internal client.list_tools() calls to include tag argument.
Tool definition and execution src/openhuman/composio/tools.rs	Tool schema extended with optional tags array. Execution extracts tags from input and conditionally forwards only when toolkits include GitHub. Update client call with computed tags argument.
Upstream call site updates for fetch_toolkit_actions src/openhuman/agent/debug/mod.rs, src/openhuman/agent/harness/subagent_runner/ops.rs	Update existing callers of fetch_toolkit_actions() to pass new None tags argument, maintaining backward compatibility for internal use cases.
Mock server integration for tag filtering scripts/mock-api/routes/integrations.mjs	/agent-integrations/composio/tools mock endpoint parses toolkits and tags query parameters. Build tools list from tag-specific knobs (union with de-duplication) or from composioTools knob with toolkit filtering.
Comprehensive E2E test suite for GitHub tag filtering app/test/e2e/specs/composio-github-tools-tags.spec.ts, app/test/e2e/helpers/rpc-preflight.ts	Add four test scenarios (GT.1–GT.4) verifying GitHub + tags returns filtered tools with correct request params; multiple tags return union; non-GitHub toolkits ignore tags; and end-to-end agent prompts trigger correct starred-tool calls and produce expected UI responses. Includes fixtures, mock seeding, chat helpers, and request log validation. Register openhuman.composio_list_tools as required RPC method.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• tinyhumansai/openhuman#2454: Touches the Composio integration-population path in src/openhuman/composio/ops.rs, related to connected-integration initialization.

Suggested reviewers

• senamakel

Poem

🐰 Tag your tools with gentle care,
GitHub stars now float through air,
Filters whisper, GitHub hears,
While other toolkits stay clear—
Tests confirm the magic here! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a tags query parameter to the GitHub tool list API in the Composio module.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[M3gA-Mind]

PR #2714 — feat(composio): add tags query param to GitHub tool list API

Walkthrough

This PR threads an optional tags query parameter from the RPC surface all the way through to the backend GET /agent-integrations/composio/tools?tags=<csv> call. Tags are silently discarded for non-GitHub toolkits (matching a backend-only constraint), applied with OR semantics by the backend (multiple tags broaden the result), and exposed both at the RPC controller level and in the agent-facing composio_list_tools tool. The change is well-contained and comes with solid unit tests in client_tests.rs and a new four-scenario E2E spec. Two call sites in the agent harness (subagent_runner/ops.rs, debug/mod.rs) were mechanically updated to pass the new None default.

Overall the implementation is correct and the test coverage is good. There are two issues worth addressing before merge: (1) tag/toolkit values are concatenated into the query string without URL encoding, which is a latent correctness hazard, and (2) the "GitHub-only" gate predicate is triplicated across three files with no central definition.

Changes

File	Summary
src/openhuman/composio/client.rs	list_tools gains tags: Option<&[String]> — appends &tags=<csv> when non-empty
src/openhuman/composio/ops.rs	composio_list_tools + fetch_toolkit_actions accept tags; GitHub-only gate applied before forwarding
src/openhuman/composio/schemas.rs	tags field wired into openhuman.composio_list_tools controller schema
src/openhuman/composio/tools.rs	Agent tool exposes tags in parameters_schema(); same GitHub gate duplicated here
src/openhuman/composio/client_tests.rs	Comprehensive mock-server tests: tags-only, toolkits+tags, empty-tags, whitespace trimming
scripts/mock-api/routes/integrations.mjs	composioToolsByTag_<tag> knobs + OR-union logic for E2E tag filtering
app/test/e2e/specs/composio-github-tools-tags.spec.ts	New E2E spec GT.1–GT.4 covering the full tags flow
app/test/e2e/helpers/rpc-preflight.ts	Adds openhuman.composio_list_tools to the required-methods allowlist
src/openhuman/agent/debug/mod.rs	Mechanical None added to updated fetch_toolkit_actions signature
src/openhuman/agent/harness/subagent_runner/ops.rs	Same mechanical None for fetch_toolkit_actions

Actionable comments (3)

⚠️ Major

1. src/openhuman/composio/client.rs:159-168 — Tag values not URL-encoded before query-string concatenation

Tag values are joined with commas and appended verbatim into the URL. If a future tag ever contains &, =, +, or non-ASCII characters, it will silently corrupt the query string or open a query-injection path. The toolkit parameter added earlier in the same function has the same gap, but adding a second unencoded parameter compounds it. list_available_triggers on line 374 of the same file correctly uses urlencoding::encode for its parameters.

Suggested change:

// before
if let Some(list) = tags {
    let joined = list
        .iter()
        .map(|t| t.trim())
        .filter(|t| !t.is_empty())
        .collect::<Vec<_>>()
        .join(",");
    if !joined.is_empty() {
        params.push(format!("tags={joined}"));
    }
}

// after
if let Some(list) = tags {
    let joined = list
        .iter()
        .map(|t| t.trim())
        .filter(|t| !t.is_empty())
        .map(urlencoding::encode)
        .collect::<Vec<_>>()
        .join(",");
    if !joined.is_empty() {
        params.push(format!("tags={joined}"));
    }
}

Apply the same fix to the toolkits block on lines 148-157.

2. src/openhuman/composio/ops.rs:687-692 + tools.rs:754-761 + ops.rs:2190-2194 — GitHub-only gate predicate triplicated

The identical check kits.iter().any(|k| k.trim().eq_ignore_ascii_case("github")) (plus the fetch_toolkit_actions variant at line 2190) appears in three separate files. When tag support expands to additional toolkits this gate will need to be updated in all three places. A central constant or helper eliminates that risk.

Suggested change:

// In src/openhuman/composio/mod.rs or a new helper at the top of ops.rs:
/// Toolkits whose Composio tag catalog is queryable via ?tags=<csv>.
/// Tags are silently dropped for every other toolkit — the backend
/// only honours this param for toolkits listed here.
const TAG_QUERYABLE_TOOLKITS: &[&str] = &["github"];

pub(super) fn toolkit_supports_tags(toolkit: &str) -> bool {
    TAG_QUERYABLE_TOOLKITS
        .iter()
        .any(|t| toolkit.trim().eq_ignore_ascii_case(t))
}

Then replace the three inline checks with calls to toolkit_supports_tags(k).

💡 Refactor / suggestion

3. app/test/e2e/specs/composio-github-tools-tags.spec.ts:321-334 — GT.4 composio-execute assertion is non-failing

The check for the composio execute call is wrapped in if (execHit) ... else console.warn(...). This means GT.4 passes even if the mock never received the execute request — the test proves the LLM replied correctly but not that the Composio action was actually dispatched through the mock backend.

Suggested change:

// before (soft check, passes even when execute wasn't mocked)
const execHit = log.find(
  r => r.method === 'POST' && r.url.includes('/agent-integrations/composio/execute')
);
if (execHit) {
  console.log(`${LOG_PREFIX} GT.4: composio execute confirmed`);
} else {
  console.warn(`${LOG_PREFIX} GT.4: composio execute not in mock log...`);
}

// after (hard assertion)
const execHit = log.find(
  r => r.method === 'POST' && r.url.includes('/agent-integrations/composio/execute')
);
expect(execHit).toBeDefined();
console.log(`${LOG_PREFIX} GT.4: composio execute confirmed`);

Nitpicks (3)

• app/test/e2e/specs/composio-github-tools-tags.spec.ts:1 — // @ts-nocheck suppresses all type-checking across a 340-line test file. Add a comment explaining why it is needed (WDIO global injection, browser driver types, etc.) so a future reader doesn't strip it accidentally.
• src/openhuman/composio/schemas.rs:331 — The field comment says "Case-insensitive" but case normalisation happens server-side; the Rust layer passes tags verbatim. Consider "Tags are matched case-insensitively by the backend" to avoid misleading callers.
• src/openhuman/composio/ops.rs:2182 — fetch_toolkit_actions now accepts tags but all current callers pass None. A brief doc comment on the parameter (// Currently only honored for GitHub; future callers may pass tags for other tag-queryable toolkits.) prevents the next reviewer from wondering why the param exists.

Questions for the author (1)

• src/openhuman/composio/ops.rs:2179-2182 — Is there a plan to surface tags through the subagent runner's per-toolkit action discovery (run_typed_mode / render_integrations_agent)? A // TODO would help if yes. If not, accepting tags in fetch_toolkit_actions without ever using it creates dead API surface.

Verified / looks good

• client_tests.rs:305-380 — The new list_tools_filters_pass_through_as_csv_query_param test covers tags-only, toolkits+tags, empty-tags slice, and whitespace trimming through a real Axum mock server — solid coverage.
• ops.rs:687-692 — The GitHub gate in composio_list_tools correctly handles the toolkits == None case (tags never forwarded) and mixed toolkit lists.
• schemas.rs:326-333 — tags is correctly typed as Option<Array<String>> / required: false in the controller schema.
• rpc-preflight.ts:30 — Adding openhuman.composio_list_tools to the required-methods allowlist is the right thing; the method was callable before but not guarded at the contract level.
• The debug/subagent call-site changes are purely mechanical None additions with no behaviour change.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

app/test/e2e/specs/composio-github-tools-tags.spec.ts (1)

95-104: ⚡ Quick win

Use shared E2E helpers instead of DOM probing for the New-thread fallback.

At Line 97, browser.execute with manual button scanning bypasses the shared cross-platform helpers and is more brittle across webview/native surfaces.

Suggested refactor

-import { textExists } from '../helpers/element-helpers';
+import { clickNativeButton, textExists } from '../helpers/element-helpers';

     const clicked =
       (await clickByTitle('New thread', 8_000)) ||
       (await clickByTitle('New thread (/new)', 3_000)) ||
-      (await browser.execute(() => {
-        const btn = Array.from(document.querySelectorAll('button')).find(
-          b => (b.textContent ?? '').trim() === 'New'
-        ) as HTMLButtonElement | undefined;
-        if (!btn) return false;
-        btn.click();
-        return true;
-      }));
+      (await clickNativeButton('New'));

As per coding guidelines: "Use helpers from app/test/e2e/helpers/element-helpers.ts in E2E specs ... for cross-platform element interaction."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@app/test/e2e/specs/composio-github-tools-tags.spec.ts` around lines 95 - 104,
The inline browser.execute DOM probe is brittle; replace that fallback with the
shared E2E helper from app/test/e2e/helpers/element-helpers.ts (instead of
manual DOM scanning) so cross-platform surfaces work. Concretely, remove the
browser.execute(...) block and call the appropriate helper (e.g.,
clickByText('New', timeout) or the project’s equivalent helper) as a third OR
branch after the existing clickByTitle('New thread', ...) and clickByTitle('New
thread (/new)', ...), keeping the same timeouts and preserving the OR chaining.
Ensure you reference and import the helper from element-helpers.ts and remove
the manual button lookup in the test.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/test/e2e/specs/composio-github-tools-tags.spec.ts`:
- Around line 324-335: The test currently only warns when the Composio execute
mock is missing (the execHit check using log, LOG_PREFIX and the
'/agent-integrations/composio/execute' URL) which allows GT.4 to pass silently;
change this to a hard assertion so the spec fails if the side effect is absent —
replace the console.warn branch with a failing assertion (e.g., assert/expect
that execHit is truthy) and include a clear message referencing LOG_PREFIX and
the missing composio execute entry so the failure points to the backend/mock
effect.

In `@scripts/mock-api/routes/integrations.mjs`:
- Around line 349-375: The current branch applies requestedTags unconditionally
which bypasses the toolkit gate; change the initial if to only run tag-based
selection when tags were requested AND either no toolkit filter was provided or
the toolkit filter permits GitHub-style tools (e.g. requestedToolkits is empty
or requestedToolkits.some(tk => tk.toUpperCase() === 'GITHUB')). If that check
fails, fall back to the else path (parseBehaviorJson("composioTools", [])) and
then apply the existing toolkit filter on tools; update the condition that
checks requestedTags.length and reference variables/functions: requestedTags,
requestedToolkits, parseBehaviorJson, tools, knobKey.

In `@src/openhuman/composio/client.rs`:
- Around line 147-167: When building the query params in client.rs (the params
Vec created from the toolkits and tags Option lists), percent-encode each token
before joining into a CSV so reserved characters (spaces, &, =) won't corrupt
the query; in the mapping for toolkits and tags (the closures used to
trim/filter tokens) replace the direct token use with a percent-encoding call
(e.g., via url::form_urlencoded or percent_encoding) so you push
"toolkits={encoded_csv}" and "tags={encoded_csv}" and also apply the same
encoding where the final path/query is constructed (the later path assembly
around the same block).

In `@src/openhuman/composio/ops.rs`:
- Around line 687-692: The current effective_tags computation incorrectly drops
tags unless toolkits explicitly contains "github"; update the logic that sets
effective_tags so tags are preserved for tag-only requests by returning
Some(tags) when toolkits is None or when toolkits is an empty list, while still
gating tags when toolkits is present and does not include "github". Modify the
match handling around effective_tags (the variable and the tuple of &toolkits
and tags) to cover these cases: (None, Some(t)) and (Some(kits), Some(t)) if
kits.is_empty() should yield Some(t), keep the existing Some(kits) with any ==
"github" branch, and otherwise return None.

---

Nitpick comments:
In `@app/test/e2e/specs/composio-github-tools-tags.spec.ts`:
- Around line 95-104: The inline browser.execute DOM probe is brittle; replace
that fallback with the shared E2E helper from
app/test/e2e/helpers/element-helpers.ts (instead of manual DOM scanning) so
cross-platform surfaces work. Concretely, remove the browser.execute(...) block
and call the appropriate helper (e.g., clickByText('New', timeout) or the
project’s equivalent helper) as a third OR branch after the existing
clickByTitle('New thread', ...) and clickByTitle('New thread (/new)', ...),
keeping the same timeouts and preserving the OR chaining. Ensure you reference
and import the helper from element-helpers.ts and remove the manual button
lookup in the test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cc9fb965-6de1-4ea5-9833-00ba77fe7753

📥 Commits

Reviewing files that changed from the base of the PR and between 5c035d8 and e157efc.

📒 Files selected for processing (10)

• app/test/e2e/helpers/rpc-preflight.ts
• app/test/e2e/specs/composio-github-tools-tags.spec.ts
• scripts/mock-api/routes/integrations.mjs
• src/openhuman/agent/debug/mod.rs
• src/openhuman/agent/harness/subagent_runner/ops.rs
• src/openhuman/composio/client.rs
• src/openhuman/composio/client_tests.rs
• src/openhuman/composio/ops.rs
• src/openhuman/composio/schemas.rs
• src/openhuman/composio/tools.rs