feat(apollo): expose auth_config_override on COMPOSIO_MANAGE_CONNECTIONS

@zen-agentchecks n/achecks…zen/mcp-manage-connections-auth-config-override-zg3319 → master7 files · +359 −2updated 3w ago

GitHub

▸Description· 1 comment · 6 noise

Description

The COMPOSIO_MANAGE_CONNECTIONS MCP tool only advertised three input fields — toolkits, reinitiate_all, and session_id — so MCP clients had no way to specify which auth config to use when initiating a link. Toolkits that lack a Composio-managed default (e.g. Spotify) hit the failure path in getOrCreateRelevantAuthConfig and returned:

Composio does not manage auth for toolkit spotify and no auth config without required fields is available. Please create an auth config manually or specify one in auth_config_override.

The error message already pointed at auth_config_override, but the parameter was never exposed at the MCP layer, so the strict-mode MCP client stripped it before it reached Apollo.

This PR adds auth_config_override: Record<toolkit_slug, auth_config_id> (e.g. {"spotify": "ac_abc123"}) as an optional top-level parameter to both the single-account and multi-account variants of the tool. It threads the override end-to-end:

ToolRouterManageConnectionsRequestSchema + ManageConnectionsRequestSchema (Zod) — new optional auth_config_override field, validated as Record<string, string>.
request_schema.properties in both getManageConnectionsDefinition() and getMultiAccountDefinition() — exposes the field to MCP clients with a description that calls out the Spotify use case.
ManageConnectionsAction.execute() — reads request.auth_config_override, stores it on ActionContext, and forwards it through createConnectionLink() to createLinkForToolRouterSession().
createLinkForToolRouterSession() — accepts the new authConfigOverride param and merges it over session.config.authConfigs before handing the combined map to getOrCreateRelevantAuthConfig(). Per-call override wins over the session-level map, matching the existing priority semantics (override → tool-router-marked config → auto-create).

The deeper validation (auth config must exist in the project, must not be deleted/disabled, must match the toolkit slug) is already implemented in getOrCreateRelevantAuthConfig and now applies to MCP callers for free.

How did I test this PR

Scoped unit tests — vitest run src/lib/composio_actions/actions/toolRouter/__tests__/manageConnections.unit.test.ts → 35 passed (added 2 new tests: one for single-account, one for multi-account, both assert createLinkForToolRouterSession receives authConfigOverride as expected).
Legacy tests — vitest run src/lib/composio_actions/actions/manageConnections.test.ts → 16 passed (no regressions on the non-tool-router path).
Apollo typecheck — pnpm check-types → clean.
Lint — pnpm lint on changed files → no new findings (one pre-existing unrelated warning at schemas.ts:1187).
Apollo health — curl http://localhost:9900/api/healthz → {"status":"ok"} (Zod schema accepts the new field without breaking validation of existing requests).

End-to-end Spotify connect against a live session was not exercised because it requires a project that has a real manually-created Spotify auth config + a session created for it — outside the scope of a sandbox smoke test. The override validation path (InvalidAuthConfigOverrideForLink) is already covered by link_edge_cases.test.ts for the session-level auth_config_override; my request-level field flows into the exact same validator.

Triggered by: uday@composio.dev | Source: slack Session: https://zen-api-production-4c98.up.railway.app/dashboard/#/chat/zen-6cd8fff2b8da

@zen-agent3w ago

Final PR status

CI: All 30 checks ✅ (after one e2e re-run — see notes below)
Codex review: Ran via /codex-review-loop with inline-context (Codex sandbox is broken in zen sandbox). Findings addressed in 1c8f1763 — empty-string override rejection + new merge-precedence tests at createLinkForSession/index.ts
Cursor Bugbot: Both Medium findings addressed in adb93e902a — replied inline
- Removed auth_config_override from the legacy non-router schema (the legacy ManageConnectionsAction doesn't use it, so it would have been silently dropped)
- Added normalizeAuthConfigOverride() so caller keys like {"Spotify": "ac_..."} match the lowercased toolkit slug used by getOrCreateRelevantAuthConfig
Tests: 58 unit tests passed locally (manageConnections action × 35, createLinkForSession × 4, legacy manageConnections × 16, schema snapshot × 2 + the schema-snapshot variants), typecheck clean, lint clean on changed files
E2E: run-vitest-e2e-tests failed once on a known-flaky test (rerouted/v1/triggers > should return valid trigger data for multiple apps, 20 s timeout). Master has a prior "Harden rerouted e2e GET retries" commit. Re-ran the workflow → green
Manual e2e: live Spotify connect against staging requires a manually-created Spotify auth config under a real project, outside sandbox scope. The Apollo health probe + the unit-test coverage of the request → action → link path stand in for it. Documented in the PR description

Ready for review.

▸ 6 bot/status comments hidden

@vercel[bot]3w ago

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
apollo	Ready	Preview, Comment	May 20, 2026 9:11am

Project	Deployment	Actions	Updated (UTC)
debby	Skipped		May 20, 2026 9:11am

@github-actions[bot]3w ago

🔍 Suggested Reviewers

Based on git blame analysis of 5 file(s):

Contributor	Contribution	Files
abir-taheer	59%	5

loading diff…

Description

Composio does not manage auth for toolkit spotify and no auth config without required fields is available. Please create an auth config manually or specify one in auth_config_override.

The error message already pointed at auth_config_override, but the parameter was never exposed at the MCP layer, so the strict-mode MCP client stripped it before it reached Apollo.

ToolRouterManageConnectionsRequestSchema + ManageConnectionsRequestSchema (Zod) — new optional auth_config_override field, validated as Record<string, string>.

request_schema.properties in both getManageConnectionsDefinition() and getMultiAccountDefinition() — exposes the field to MCP clients with a description that calls out the Spotify use case.

ManageConnectionsAction.execute() — reads request.auth_config_override, stores it on ActionContext, and forwards it through createConnectionLink() to createLinkForToolRouterSession().

createLinkForToolRouterSession() — accepts the new authConfigOverride param and merges it over session.config.authConfigs before handing the combined map to getOrCreateRelevantAuthConfig(). Per-call override wins over the session-level map, matching the existing priority semantics (override → tool-router-marked config → auto-create).

How did I test this PR

Scoped unit tests — vitest run src/lib/composio_actions/actions/toolRouter/__tests__/manageConnections.unit.test.ts → 35 passed (added 2 new tests: one for single-account, one for multi-account, both assert createLinkForToolRouterSession receives authConfigOverride as expected).

Legacy tests — vitest run src/lib/composio_actions/actions/manageConnections.test.ts → 16 passed (no regressions on the non-tool-router path).

Apollo typecheck — pnpm check-types → clean.

Lint — pnpm lint on changed files → no new findings (one pre-existing unrelated warning at schemas.ts:1187).

Apollo health — curl http://localhost:9900/api/healthz → {"status":"ok"} (Zod schema accepts the new field without breaking validation of existing requests).

Final PR status

CI: All 30 checks ✅ (after one e2e re-run — see notes below)

Codex review: Ran via /codex-review-loop with inline-context (Codex sandbox is broken in zen sandbox). Findings addressed in 1c8f1763 — empty-string override rejection + new merge-precedence tests at createLinkForSession/index.ts

Cursor Bugbot: Both Medium findings addressed in adb93e902a — replied inline

Removed auth_config_override from the legacy non-router schema (the legacy ManageConnectionsAction doesn't use it, so it would have been silently dropped)
Added normalizeAuthConfigOverride() so caller keys like {"Spotify": "ac_..."} match the lowercased toolkit slug used by getOrCreateRelevantAuthConfig

Tests: 58 unit tests passed locally (manageConnections action × 35, createLinkForSession × 4, legacy manageConnections × 16, schema snapshot × 2 + the schema-snapshot variants), typecheck clean, lint clean on changed files

E2E: run-vitest-e2e-tests failed once on a known-flaky test (rerouted/v1/triggers > should return valid trigger data for multiple apps, 20 s timeout). Master has a prior "Harden rerouted e2e GET retries" commit. Re-ran the workflow → green

Manual e2e: live Spotify connect against staging requires a manually-created Spotify auth config under a real project, outside sandbox scope. The Apollo health probe + the unit-test coverage of the request → action → link path stand in for it. Documented in the PR description

Ready for review.

Project

Deployment

Actions

Updated (UTC)

apollo

Ready

Preview, Comment

May 20, 2026 9:11am

Project

Deployment

Actions

Updated (UTC)

debby

Skipped

May 20, 2026 9:11am

Contributor

Contribution

Files

abir-taheer

59%

Flag	Coverage Δ
e2e-tests	`6.03% <0.00%> (-0.01%)`	:arrow_down:
self-hosted-tests	`5.58% <0.00%> (-0.01%)`	:arrow_down:
thermos-unit-tests	`?`
unit-tests	`58.95% <85.41%> (+0.01%)`	:arrow_up:

Files with missing lines	Coverage Δ
...io_actions/actions/toolRouter/manageConnections.ts	`80.85% <100.00%> (+0.42%)`	:arrow_up:
...s/apollo/src/lib/composio_actions/utils/schemas.ts	`99.71% <100.00%> (+<0.01%)`	:arrow_up:
...features/connections/createLinkForSession/index.ts	`81.06% <100.00%> (+0.59%)`	:arrow_up:
...b/tools/composio/definitions/manage_connections.ts	`53.50% <50.00%> (-0.09%)`	:arrow_down:

feat(apollo): expose auth_config_override on COMPOSIO_MANAGE_CONNECTIONS

Description

How did I test this PR

Final PR status

🔍 Suggested Reviewers

Description

How did I test this PR

Final PR status

🔍 Suggested Reviewers

💡 Recommendation

🧪 Test Results Summary (Self-Hosted Tests)

🧪 Test Results Summary (Unit Tests)

🧪 Test Results Summary (E2E Tests)

Codecov Report