Tools & Integrations
Purpose and Scope
This document describes the tools and integrations system in Automatos AI, which enables agents to interact with external services via the Composio platform. The system provides access to 880+ applications with 12,000+ actions through a unified interface, including OAuth management, metadata caching, action discovery, and execution.
For information about how agents use tools during chat conversations, see Chat Interface. For workspace-specific tools like file operations and shell commands, see Workspace Execution. For knowledge retrieval tools, see Knowledge Base & RAG.
System Architecture
The tools system consists of five main layers: (1) Tool Registry for centralized tool catalogs, (2) Tool Discovery for resolving available actions, (3) Metadata Sync for caching Composio apps/actions locally, (4) Connection Management for OAuth flows, and (5) Tool Execution for routing and validation.
Key Components:
ComposioToolService
Resolves Composio actions for agent steps
ComposioHintService
Generates LLM hints for action selection
UnifiedToolExecutor
Single entry point for tool execution
Sources: modules/tools/services/composio_tool_service.py:1-350, modules/tools/execution/unified_executor.py:1-857, core/composio/client.py:1-878, modules/tools/registry/tool_registry.py:1-1171, services/metadata_sync_service.py:1-551
Tool Registry
The ToolRegistry provides a single source of truth for all platform tools. Tools are defined as ToolSpec objects with metadata, parameters, security levels, and executors.
ToolSpec Structure
Core Methods
register_tool(tool: ToolSpec)
Add tool to registry
None
get_tool(name: str)
Get tool by name
Optional[ToolSpec]
get_all_tools(active_only: bool)
Get all registered tools
List[ToolSpec]
get_tools_by_category(category: ToolCategory)
Get tools in category
List[ToolSpec]
export_openai_functions(categories: List[str])
Export tools in OpenAI format
List[Dict]
validate_tool_access(agent_id, tool_name, db, workspace_id)
Check agent permissions
Tuple[bool, str]
Platform Tools (defined in _register_core_tools()):
Research:
search_knowledge,semantic_search,search_codebase,search_tables,search_images,search_formulas,search_multimodalDatabase:
query_database,smart_query_databaseFile Operations:
read_file,write_file,list_directory,create_directory,delete_fileShell:
execute_commandHTTP:
http_requestSSH:
ssh_executeDocuments:
create_pdf,create_docx,create_xlsx,create_pptx
Sources: modules/tools/registry/tool_registry.py:157-1171
Composio Integration
Composio provides OAuth management and tool execution for 880+ external applications. The ComposioClient wraps the Composio SDK and provides workspace-isolated connections.
Connection Flow
ComposioClient Methods
get_entity(entity_id: str)
Get or validate entity
Dict[str, str]
initiate_connection(entity_id, app, callback_url)
Start OAuth flow
str (redirect URL)
get_connection_status(entity_id, app)
Check connection status
Optional[Dict]
disconnect_app(entity_id, app)
Revoke OAuth
bool
get_available_apps()
List all Composio apps
List[Dict]
get_app_actions(app_name)
Get actions for app
List[Dict]
get_all_actions_bulk(limit, max_pages)
Bulk fetch all actions
List[Dict]
Auth Config Resolution
The ComposioClient automatically resolves or creates auth configs for apps:
Check cache:
_auth_config_cache(1 hour TTL)Query Composio API:
auth_configs.list()to find existing configCreate if missing:
auth_configs.create()with appropriate schemeHandle NO_AUTH apps: Skip auth config (e.g.,
composio_search,tavily)
Sources: core/composio/client.py:54-878, orchestrator/api/tools.py:394-417
Metadata Caching
The MetadataSyncService syncs Composio apps and actions to local PostgreSQL tables to avoid 48+ API calls per marketplace page load.
Sync Process
Cache Tables
composio_apps_cache
App metadata
app_name, display_name, categories, action_count, trigger_count
composio_actions_cache
Action schemas
app_name, action_name, description, parameters
composio_stats_cache
Marketplace stats
stat_key, stat_value (JSONB)
composio_sync_jobs
Sync history
job_type, status, apps_synced, actions_synced
Sync Strategies
Full Sync (POST /api/tools/sync):
Fetch all apps via
get_available_apps()(paginated, 1000/page)Bulk fetch all actions via
get_all_actions_bulk()(1000/page, up to 1000 pages)Upsert apps into
composio_apps_cacheGroup actions by app and upsert into
composio_actions_cacheDelete orphaned actions (in DB but not in bulk response)
Backfill parameter schemas (v3 API doesn't return params, use SDK per-app call)
Update stats cache
Incremental Sync (currently redirects to full sync)
Parameter Backfill Only (POST /api/tools/backfill-params):
Finds apps with empty
parameterscolumnCalls
ComposioClient.get_app_actions()per app (SDK returns full OpenAI schemas)Updates
parameterscolumn for matching actionsCapped at 30 apps by default to avoid long sync times
Sources: services/metadata_sync_service.py:37-551, orchestrator/api/tools.py:610-666
Tool Discovery & Resolution
Tool discovery determines which Composio actions are available to an agent for a given task. The system uses a three-tier resolution strategy.
ComposioToolService Resolution
Resolution Strategies
Tier 1: Explicit Action Names
Extract uppercase patterns like
GITHUB_CREATE_ISSUEfrom promptFilter to only actions whose prefix matches allowed apps
Call
ComposioClient.get_action_schemas_by_name()for exact schemasUse case: Recipe steps with explicit action names
Tier 2: SDK Semantic Search
Call
ComposioClient.search_actions_for_step(query, apps, entity_id)Uses Composio's semantic search (vector embeddings)
Scoped to allowed apps
Use case: Natural language prompts like "send slack message"
Tier 3: Cache Ranked Fallback
Query
ComposioActionCachefor all actions in allowed appsRank by relevance to prompt tokens
Cap at
limit(default 30)Use case: When SDK search returns 0 results
Tool Hint Generation
The ComposioHintService generates system message hints that guide LLM action selection:
Resolution Modes:
recipe_mode=False
3-tier (capability → token → fallback)
Chatbot conversations
recipe_mode=True
Pure token matching (no taxonomy)
Recipe steps with curated prompts
Sources: modules/tools/services/composio_tool_service.py:63-350, modules/tools/services/composio_hint_service.py:89-443
Tool Execution
The UnifiedToolExecutor routes tool calls to appropriate executors and formats results.
Execution Architecture
UnifiedToolExecutor Methods
execute_tool(tool_name, parameters, agent_id, workspace_id)
Route to appropriate executor
Lazy-loaded
_execute_platform_tool()
Research tools (RAG, CodeGraph)
AgentPlatformTools
_execute_database_tool()
NL-to-SQL queries
NL2SQLService
_execute_file_op()
File operations
AgentActionExecutor
_execute_shell()
Shell commands
AgentActionExecutor
_execute_composio_execute()
Composio actions
ComposioToolExecutor
_execute_platform_action()
Platform actions
PlatformActionExecutor
_execute_workspace_action()
Workspace operations
WorkspaceClient
Lazy Loading
The executor uses lazy initialization to avoid loading heavy dependencies at startup:
Result Formatting
The ToolResultFormatter provides three output formats:
Frontend
format_for_frontend()
Artifact viewer widgets
LLM
format_for_llm()
System message injection
Standardized
standardize_result()
Unified schema
Example: Database query result
Sources: modules/tools/execution/unified_executor.py:56-857, modules/tools/tool_router.py:364-492, consumers/chatbot/tool_router.py:54-228
Permission & Validation System
The system implements defense-in-depth validation across three layers:
Multi-Layer Validation
Permission Tables
agent_app_assignments
Per-agent app permissions
agent_id, app_name, app_type, is_active
entity_connections
OAuth tokens per workspace
entity_id, app_name, status, connection_id
workspace_tool_config
Enabled actions per workspace
workspace_id, tool_id, configuration (JSONB with enabled_actions)
agent_tool_permissions
Platform tool permissions
agent_id, tool_id, is_active
Capability-Based Filtering (PRD-37)
The ActionCapabilityFilter prevents agents from calling inappropriate actions:
Example: Prevent SLACK_CREATE_CHANNEL_BASED_CONVERSATION when user intent is "send message"
Validation Points:
Selection time: Filter actions when building tool lists
Execution time: Validate again before executing (defense-in-depth)
Sources: modules/tools/tool_router.py:612-670, modules/tools/execution/unified_executor.py:168-217, modules/tools/registry/tool_registry.py:845-952
Tools API Reference
The /api/tools router provides marketplace browsing, connection management, and configuration.
Marketplace Endpoints
/api/tools/marketplace
GET
List all available apps with filters
/api/tools/stats
GET
Marketplace statistics
/api/tools/connected
GET
List workspace-connected apps
/api/tools/{app_name}/actions
GET
List actions for an app
/api/tools/{app_name}/triggers
GET
List triggers for an app
Example: Marketplace query
Connection Management
/api/tools/add-to-workspace
POST
Add app to workspace (no OAuth yet)
/api/tools/connect
POST
Initiate OAuth connection
/api/tools/disconnect
POST
Revoke OAuth connection
/api/composio/callback
GET
OAuth callback handler
Connection States:
added: App added to workspace, not connectedpending: OAuth flow initiated, waiting for completionactive: OAuth completed, connection active
Configuration Endpoints
/api/tools/{app_name}/actions
POST
Save enabled actions for workspace
/api/tools/workspace
GET
Get all workspace tools
/api/tools/sync
POST
Trigger full metadata sync
/api/tools/backfill-params
POST
Backfill parameter schemas
/api/tools/sync-history
GET
View sync job history
Example: Enable actions
Sources: orchestrator/api/tools.py:1-763
Tool Routing Flow
End-to-end flow from LLM tool call to formatted response:
Key Features:
Workspace isolation: Entity ID scoped to workspace
Validation: Capability check before execution
Formatting: Separate outputs for frontend and LLM
Streaming: Results streamed via SSE as tool-data events
Sources: modules/tools/tool_router.py:302-492, modules/tools/execution/unified_executor.py:281-384
Performance Optimizations
Metadata Caching
Problem: Marketplace page loaded 880+ apps × 48 API calls = 42,240+ API calls per load
Solution: Local cache tables with periodic sync
Marketplace load time
8-12s
150-300ms
40-80x faster
API calls per load
42,240+
0
100% reduction
DB queries
1-2
1-2
Same
Action Schema Caching
Problem: Composio v3 API doesn't return parameter schemas in bulk endpoint
Solution: Two-phase sync
Bulk fetch all actions (fast, no params)
Backfill params for apps with empty schemas (capped at 30 apps)
Auth Config Caching
Problem: Repeated auth_configs.list() calls for connection initiation
Solution: In-memory cache with 1-hour TTL
Tool Hint Generation
Problem: Generating hints for 880+ apps × 12k+ actions is slow
Solution: Three-tier resolution (early exit)
Tier 1: Explicit names → exact lookup (fastest)
Tier 2: Token filtering → ILIKE queries (medium)
Tier 3: Cache fallback → load top N (slowest)
Sources: services/metadata_sync_service.py:42-215, core/composio/client.py:149-240, modules/tools/services/composio_hint_service.py:160-179
Internal vs External Apps
The system distinguishes between platform (internal) and Composio (external) tools:
Platform
search_knowledge, query_database, read_file
ToolRegistry
UnifiedToolExecutor → direct
Composio
SLACK_SEND_MESSAGE, GITHUB_CREATE_ISSUE
ComposioClient
UnifiedToolExecutor → ComposioToolExecutor
Internal Apps (filtered from marketplace):
RAG: Knowledge retrieval (already exposed assearch_knowledge)MEMORY: Mem0 integration (already handled byChatService)NL2SQL: Database queries (already exposed asquery_database)CODEGRAPH: Code search (already exposed assearch_codebase)
These are excluded from the marketplace UI because they're already available as platform tools with better UX.
Sources: orchestrator/api/tools.py:40-41, services/metadata_sync_service.py:34-35
Security Considerations
OAuth Token Storage
Composio-managed: Tokens stored on Composio's servers, referenced by
connection_idLocal tracking:
entity_connectionstable tracks connection status, not tokensWorkspace isolation: Entity ID scoped to workspace prevents cross-tenant access
Command Whitelisting
For workspace tools (workspace_*):
Shell commands validated against
ALLOWED_COMMANDSlistBLOCKED_PATTERNSregex prevents dangerous operationsPath safety checks prevent directory traversal
Capability-Based Security
Intent validation: Actions must match user intent capabilities
Destructive actions: Flagged in metadata, blocked by default
Confirmation required: High-risk actions require explicit confirmation
Rate Limiting
Applied at middleware level (SlowAPI)
Default: 60 requests/minute per IP
Composio API has its own rate limits (handled by SDK)
Sources: services/workspace-worker/executor.py:36-470, modules/tools/execution/unified_executor.py:168-217
Troubleshooting
Common Issues
Marketplace shows 0 apps
Metadata sync not run
POST /api/tools/sync
Actions missing parameters
v3 API doesn't return params
POST /api/tools/backfill-params
OAuth fails with 404
Auth config not found
Delete cached entry in _auth_config_cache
Tool execution fails
Connection not active
Check entity_connections.status
Action not available to agent
Missing app assignment
Add in agent_app_assignments
Debug Endpoints
/api/tools/debug/connections
View all connection records
/api/tools/debug/cache-status
Check cache freshness
/api/tools/sync-history
View sync job history
Logging
Key log patterns:
Sources: modules/tools/services/composio_tool_service.py:160-165, modules/tools/services/composio_hint_service.py:203-207, modules/tools/tool_router.py:346-349
Last updated