Tighten Composio tool validation

Author: jahooma

common/src/constants/composio.ts

@@ -8,3 +8,11 @@ export const COMPOSIO_META_TOOL_NAMES = [
 ] as const
 
 export type ComposioMetaToolName = (typeof COMPOSIO_META_TOOL_NAMES)[number]
+
+const COMPOSIO_META_TOOL_NAME_SET = new Set<string>(COMPOSIO_META_TOOL_NAMES)
+
+export function isComposioMetaToolName(
+  toolName: string,
+): toolName is ComposioMetaToolName {
+  return COMPOSIO_META_TOOL_NAME_SET.has(toolName)
+}

sdk/src/__tests__/composio.test.ts

@@ -3,10 +3,7 @@ import { afterEach, describe, expect, mock, test } from 'bun:test'
 import { COMPOSIO_META_TOOL_NAMES } from '@codebuff/common/constants/composio'
 import { clientToolNames, toolParams } from '@codebuff/common/tools/list'
 
-import {
-  executeComposioToolViaServer,
-  normalizeComposioInput,
-} from '../composio'
+import { executeComposioToolViaServer } from '../composio'
 
 describe('Composio SDK tools', () => {
   const originalFetch = globalThis.fetch
@@ -64,7 +61,27 @@ describe('Composio SDK tools', () => {
     expect(fetchMock).toHaveBeenCalledTimes(1)
   })
 
-  test('normalizes non-object Composio inputs for server execution', () => {
-    expect(normalizeComposioInput('gmail')).toEqual({ value: 'gmail' })
+  test('returns a tool error when the server response is malformed', async () => {
+    globalThis.fetch = mock(
+      async () => new Response(JSON.stringify({ ok: true }), { status: 200 }),
+    ) as unknown as typeof fetch
+
+    const output = await executeComposioToolViaServer({
+      apiKey: 'codebuff-api-key',
+      toolName: 'COMPOSIO_SEARCH_TOOLS',
+      input: {
+        queries: ['find gmail tools'],
+        session: { generate_id: true },
+      },
+    })
+
+    expect(output).toEqual([
+      {
+        type: 'json',
+        value: {
+          errorMessage: 'Invalid Composio execute response from server',
+        },
+      },
+    ])
   })
 })

sdk/src/composio.ts

@@ -1,21 +1,12 @@
 import { WEBSITE_URL } from './constants'
 
 import type { ComposioMetaToolName } from '@codebuff/common/constants/composio'
-import type { JSONValue } from '@codebuff/common/types/json'
 import type { ToolResultOutput } from '@codebuff/common/types/messages/content-part'
 
 type ComposioExecuteResponse = {
   output: ToolResultOutput[]
 }
 
-function toJsonValue(value: unknown): JSONValue {
-  try {
-    return JSON.parse(JSON.stringify(value ?? null)) as JSONValue
-  } catch {
-    return String(value) as JSONValue
-  }
-}
-
 async function readErrorMessage(response: Response): Promise<string> {
   try {
     const body = (await response.json()) as {
@@ -62,6 +53,16 @@ export async function executeComposioToolViaServer(params: {
     }
 
     const body = (await response.json()) as ComposioExecuteResponse
+    if (!Array.isArray(body.output)) {
+      return [
+        {
+          type: 'json',
+          value: {
+            errorMessage: 'Invalid Composio execute response from server',
+          },
+        },
+      ]
+    }
     return body.output
   } catch (error) {
     return [
@@ -74,11 +75,3 @@ export async function executeComposioToolViaServer(params: {
     ]
   }
 }
-
-export function normalizeComposioInput(
-  input: unknown,
-): Record<string, unknown> {
-  return input && typeof input === 'object'
-    ? (input as Record<string, unknown>)
-    : { value: toJsonValue(input) }
-}

sdk/src/run.ts

@@ -14,18 +14,15 @@ import {
 } from '@codebuff/common/mcp/client'
 import {
   COMPOSIO_META_TOOL_NAMES,
-  type ComposioMetaToolName,
+  isComposioMetaToolName,
 } from '@codebuff/common/constants/composio'
 import { toolNames } from '@codebuff/common/tools/constants'
 import { clientToolCallSchema } from '@codebuff/common/tools/list'
 import { AgentOutputSchema } from '@codebuff/common/types/session-state'
 import { extractApiErrorDetails } from '@codebuff/common/util/error'
 import { cloneDeep } from 'lodash'
 
-import {
-  executeComposioToolViaServer,
-  normalizeComposioInput,
-} from './composio'
+import { executeComposioToolViaServer } from './composio'
 import { getErrorStatusCode } from './error-utils'
 import { getAgentRuntimeImpl } from './impl/agent-runtime'
 import { getUserInfoFromApiKey } from './impl/database'
@@ -740,13 +737,11 @@ async function handleToolCall({
           },
         },
       ]
-    } else if (
-      COMPOSIO_META_TOOL_NAMES.includes(toolName as ComposioMetaToolName)
-    ) {
+    } else if (isComposioMetaToolName(toolName)) {
       result = await executeComposioToolViaServer({
         apiKey,
-        toolName: toolName as ComposioMetaToolName,
-        input: normalizeComposioInput(input),
+        toolName,
+        input,
       })
     } else {
       throw new Error(

web/src/app/api/v1/composio/__tests__/composio.test.ts

@@ -169,6 +169,34 @@ describe('/api/v1/composio', () => {
     expect(executeTool).not.toHaveBeenCalled()
   })
 
+  test('rejects unsupported Composio tool names before execution', async () => {
+    const executeTool = mock(async () => [
+      { type: 'json' as const, value: { ok: true } },
+    ])
+    const req = new NextRequest('http://localhost/api/v1/composio/execute', {
+      method: 'POST',
+      headers: { Authorization: 'Bearer valid-key' },
+      body: JSON.stringify({
+        toolName: 'COMPOSIO_REMOTE_WORKBENCH',
+        input: {},
+      }),
+    })
+
+    const response = await postComposioExecute({
+      req,
+      getUserInfoFromApiKey,
+      db: mockDb,
+      logger,
+      loggerWithContext,
+      executeTool,
+      checkRateLimit: mock(() => ({ limited: false as const })),
+      isConfigured: () => true,
+    })
+
+    expect(response.status).toBe(400)
+    expect(executeTool).not.toHaveBeenCalled()
+  })
+
   test('rejects unauthenticated Composio requests', async () => {
     const req = new NextRequest('http://localhost/api/v1/composio/execute', {
       method: 'POST',

web/src/app/api/v1/composio/execute/_post.ts

@@ -1,4 +1,5 @@
 import { getErrorObject } from '@codebuff/common/util/error'
+import { COMPOSIO_META_TOOL_NAMES } from '@codebuff/common/constants/composio'
 import { NextResponse } from 'next/server'
 import { z } from 'zod/v4'
 
@@ -20,7 +21,7 @@ type CheckComposioRateLimitFn = typeof checkComposioRateLimit
 type IsComposioConfiguredFn = typeof isComposioConfigured
 
 const composioExecuteBodySchema = z.object({
-  toolName: z.string().min(1),
+  toolName: z.enum(COMPOSIO_META_TOOL_NAMES),
   input: z.record(z.string(), z.unknown()).default({}),
 })
 

web/src/server/composio.ts

@@ -4,10 +4,7 @@ import { existsSync, readFileSync } from 'fs'
 import { homedir } from 'os'
 import path from 'path'
 
-import {
-  COMPOSIO_API_KEY_ENV_VAR,
-  COMPOSIO_META_TOOL_NAMES,
-} from '@codebuff/common/constants/composio'
+import { COMPOSIO_API_KEY_ENV_VAR } from '@codebuff/common/constants/composio'
 import { getErrorObject } from '@codebuff/common/util/error'
 import { env } from '@codebuff/internal/env'
 import * as schema from '@codebuff/internal/db/schema'
@@ -18,9 +15,9 @@ import type { Logger } from '@codebuff/common/types/contracts/logger'
 import type { JSONValue } from '@codebuff/common/types/json'
 import type { ToolResultOutput } from '@codebuff/common/types/messages/content-part'
 import type { CodebuffPgDatabase } from '@codebuff/internal/db/types'
+import type { ComposioMetaToolName } from '@codebuff/common/constants/composio'
 
 const COMPOSIO_HOME_ENV_PATH = path.join(homedir(), 'codebuff', '.env.local')
-const allowedToolNames = new Set<string>(COMPOSIO_META_TOOL_NAMES)
 
 type ComposioSession = Awaited<ReturnType<Composio['create']>>
 type ComposioClient = Composio
@@ -297,22 +294,11 @@ async function getSessionForUser(params: {
 export async function executeComposioTool(params: {
   db: CodebuffPgDatabase
   userId: string
-  toolName: string
+  toolName: ComposioMetaToolName
   input: Record<string, unknown>
   logger: Logger
   apiKey?: string
 }): Promise<ToolResultOutput[] | null> {
-  if (!allowedToolNames.has(params.toolName)) {
-    return [
-      {
-        type: 'json',
-        value: {
-          errorMessage: `Unsupported Composio tool: ${params.toolName}`,
-        },
-      },
-    ]
-  }
-
   const apiKey = params.apiKey ?? getComposioApiKey()
   if (!apiKey) return null