Skip to content

Chore: Add missing documentation for limits in tools.get #2145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
haxzie wants to merge 3 commits into
base: next
Choose a base branch
from
Open

Chore: Add missing documentation for limits in tools.get #2145

haxzie wants to merge 3 commits into from

Conversation

@haxzie
Copy link
Collaborator

@haxzie haxzie commented Nov 4, 2025
edited
Loading

Documents tools.get() with available limits across python and ts SDK and cap the tools to 999 instead of 9999 to match API requirements

Closes #2138

@macroscopeapp
Copy link

macroscopeapp bot commented Nov 4, 2025
edited
Loading

Document limits for Tools.get and set Tools.getRawComposioTools limit to 999 when tool slugs are provided

Update API docs to state a default limit of 20 and a maximum of 999 for tool fetching, and adjust Tools.getRawComposioTools to request limit=999 when tools are specified. Redact Python Tools.get docstrings without changing logic. Add a changeset for a patch release.

📍Where to Start

Start with the limit handling in Tools.getRawComposioTools in Tools.ts, then review the updated limits documentation in tools.md.

Macroscope summarized b13f993.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 23, 2025

⚠️ Security Audit Warning

The pnpm audit --prod check found security vulnerabilities in production dependencies.

Please review and fix the vulnerabilities. You can try running:

pnpm audit --fix --prod
Audit output 
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ critical            │ Next.js is vulnerable to RCE in React flight protocol  │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ next                                                   │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=16.0.0-canary.0 <16.0.7                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=16.0.7                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ ts__examples__llamaindex>@llamaindex/                  │
│                     │ workflow>@llamaindex/workflow-core>next                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-9qr9-h5gf-34mp      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ Next Vulnerable to Denial of Service with Server       │
│                     │ Components                                             │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ next                                                   │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=16.0.0-beta.0 <16.0.9                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=16.0.9                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ ts__examples__llamaindex>@llamaindex/                  │
│                     │ workflow>@llamaindex/workflow-core>next                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-mwv6-3258-q52c      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate            │ Next Server Actions Source Code Exposure               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ next                                                   │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=16.0.0-beta.0 <16.0.9                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=16.0.9                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ ts__examples__llamaindex>@llamaindex/                  │
│                     │ workflow>@llamaindex/workflow-core>next                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-w37m-7fhw-fmv9      │
└─────────────────────┴────────────────────────────────────────────────────────┘
3 vulnerabilities found
Severity: 1 moderate | 1 high | 1 critical

cursor[bot]
cursor bot reviewed Dec 23, 2025
View reviewed changes
python/composio/core/models/tools.py
:param scopes: Optional list of scopes to filter tools by.
:param limit: Optional limit on the number of tools to return. Defaults to 20 if not provided when using toolkits or search filters. Maximum value is 999.
:return: List of tool schemas matching the provided filters.
:raises InvalidParams: If none of `tools`, `search`, or `toolkits` are provided.
Copy link

@cursor cursor bot Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Python SDK missing limit cap for specific tools

The TypeScript SDK enforces a maximum limit of 999 when fetching specific tools by slug (line 351), but the Python SDK doesn't apply this same cap when calling tools.list() with tool_slugs parameter (lines 150-155). This creates inconsistent behavior between SDKs and contradicts the PR's stated goal to "cap the tools to 999." The Python implementation should enforce the same limit override as TypeScript.

Additional Locations (1)

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Undocumented tool list limit

2 participants

@haxzie