Files
2026-07-13 12:38:34 +08:00

10 KiB

Changelog

All notable changes to the Composio Python SDK will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Versions between 0.8.11 and 0.13.0 were released without CHANGELOG entries. See the Git commit log for changes in that window.

[0.17.1] - 2026-06-28

Added

  • Tool Router session deletion: delete sessions from Python via composio.sessions.delete(session_id) or session.delete(), matching the TypeScript SDK surface.

Changed

  • Bumped the Python SDK and provider packages from 0.17.0 to 0.17.1.

[0.17.0] - 2026-06-26

Added

  • triggers.parse(): parse and optionally verify an incoming webhook request, mirroring the TypeScript SDK. Pass verify_secret to validate the signature; omit it to skip verification explicitly. A present-but-empty verify_secret (e.g. an unset COMPOSIO_WEBHOOK_SECRET) raises rather than silently skipping verification.
  • triggers.set_webhook_subscription(): create or update the project webhook subscription from the Python SDK.
  • connected_accounts.update_acl(): the experimental shared-connection ACL patch helper graduated to connected_accounts; experimental.update_acl() remains as a deprecated alias.

Changed

  • composio.sessions is the canonical sessions entrypoint: use composio.sessions.create(...) (or the composio.create / composio.use shortcuts). composio.tool_router is now a deprecated alias for the same object.
  • MCP is now opt-in for sessions: composio.create() / composio.use() return native-tool sessions by default and select the MCP-typed session only when mcp=True. The runtime object is unchanged.
  • Prefer sandbox for session code-execution config: the sandbox key is now preferred; the existing workbench key is still accepted as an alias.
  • Bumped the Python SDK and provider packages from 0.16.0 to 0.17.0.

[0.16.0] - 2026-06-25

Fixed

  • Auto file upload/download behind $ref/$defs: tool schemas that express their file fields through a $ref/$defs indirection are now resolved before file handling, so file_uploadable inputs and file_downloadable outputs reachable only through a reference are no longer silently skipped when dangerously_allow_auto_upload_download_files=True. GMAIL_GET_ATTACHMENT (whose file_downloadable flag sits two $ref hops deep) is the canonical case. Adds a cycle-safe, depth-capped dereference_json_schema utility with Draft 2020-12 sibling-keyword merge, mirroring the TypeScript SDK's dereferenceJsonSchema.
  • No retries on non-idempotent tool writes: tools.execute() and tools.proxy() are non-idempotent POST writes, but the Stainless-generated client retried them by default (on read timeouts, 429s, and 5xx), which could duplicate side effects — e.g. send an email twice. Both paths now route through a cached client.without_retries clone (max_retries=0); idempotent reads and lists keep the default retries. This is an interim fix ahead of backend idempotency keys.
  • Bounded timeouts on file transfers: session file uploads/downloads and the presigned S3 PUT/GET paths now use bounded (connect, read) timeouts, and timeout or request failures surface as the SDK's typed file errors instead of hanging.
  • Provider-visible tool schema aliasing: centralized aliasing via alias_tool_input_schema / restore_tool_arguments, applied across the Anthropic, Claude Agent SDK, Gemini, Google ADK, and OpenAI Agents providers. Aliases invalid Python parameter names (e.g. $top), preserves the existing fromfrom_rs style, avoids leading-underscore aliases so Pydantic-backed providers can build models, caps aliases at 64 characters for Anthropic-style validators, and dereferences internal $ref/$defs before aliasing. Original backend argument names are restored before execution.
  • OpenAI Agents schema mutation: the tool schema is now deep-copied before its examples/default fields are stripped, so the source schema is no longer mutated in place.

Changed

  • Bumped the composio-client dependency from 1.39.01.41.0.
  • Bumped the Python SDK and provider packages from 0.15.0 to 0.16.0.
  • Refreshed Python core and provider dependency ranges, plus root and provider uv locks, to the newest compatible versions.

[0.15.0] - 2026-06-16

Fixed

  • Forwarded user_id from triggers.create(..., user_id=...) into the trigger upsert request via extra_body, so 2FA-enabled trigger projects can verify the pinned connected account belongs to the caller.

Changed

  • Bumped the Python SDK and provider packages from 0.14.0 to 0.15.0.

[0.14.0] - 2026-06-05

Removed

  • Removed the legacy composio.tools.custom_tool registry path, including core.models.custom_tools, ExecuteRequestFn, the old fallback execution wiring, the old security tests, and the legacy custom-tools example.

Changed

  • Kept custom tools on the 2026 tool-router surface: composio.experimental.tool(), composio.experimental.Toolkit, inline execution, preload/attach/use flows, and session.custom_tools().
  • Bumped the Python SDK and provider packages from 0.13.1 to 0.14.0.

[0.13.1] - 2026-05-13

Added

  • SHARED connected accounts (experimental): Connections can now be marked SHARED at create time and reached from a tool-router session by other user_ids when explicitly pinned and authorised via a per-user ACL. Mirrors the TypeScript SDK's @composio/core@0.10.0 release.
    • composio.connected_accounts.link(..., experimental={"account_type": "SHARED", "acl_config_for_shared": {...}}) to create.
    • composio.experimental.update_acl(nanoid, allow_all_users=..., allowed_user_ids=[...], not_allowed_user_ids=[...]) to update the per-user ACL on an existing SHARED connection. PATCH semantics: omit a field to leave it unchanged; pass [] to clear an allow/deny list.
    • session.authorize(toolkit, experimental={...}) for the same flow inside a tool-router session.
    • composio.connected_accounts.list(account_type='PRIVATE' | 'SHARED' | 'ALL') filter.
    • New typed errors: ComposioAclOnlyForSharedError, ComposioSharedAccessDeniedError, ComposioSharedConnectionNotAccessibleError.
    • Experimental — shape may change in future releases. Pinning a SHARED connection in a session config and direct execute by connected_account_id are unchanged.
  • composio.experimental namespace: new module housing experimental SDK methods that take a client (update_acl) alongside the existing decorators (tool, Toolkit).

Fixed

  • initiate() deprecation warning false-positives: the legacy POST /api/v3/connected_accounts deprecation warning is now gated on the response Deprecation HTTP header (RFC 9745) rather than the auth_scheme of the request. Custom auth configs and non-OAuth schemes no longer trigger a spurious warning. The legacy endpoint's retired-path 400 is also surfaced as a typed ComposioLegacyConnectedAccountsEndpointRetiredError. See https://docs.composio.dev/docs/changelog/2026/04/24.
  • Schema converter nullability: null-only anyOf blocks now preserve nullability instead of dropping to a bare str fallback.

Changed

  • Bumped composio-client dependency from 1.36.01.39.0 so the generated typed client carries the Experimental TypedDicts for the SHARED-connection surface.

[0.8.11] - 2025-09-10

Added

  • Composio Connect Link Support: New link() method for creating external authentication links
    • Added link() method to ConnectedAccounts class for generating user authentication links
    • Support for callback URL redirection after authentication
    • Enhanced user experience with external link-based authentication flow
    • Includes comprehensive documentation and usage examples

Fixed

  • Documentation: Fixed typo in connected account creation function docstring
    • Corrected "coneected" to "connected" in function documentation

[0.8.10] - 2024-12-19

Added

  • LlamaIndex Provider: New LlamaIndex provider for enhanced AI framework integration
    • Complete provider implementation with demo and documentation (python/providers/llamaindex/)
    • Support for LlamaIndex-specific tool execution patterns
    • Includes provider.py, demo script, and proper packaging setup

Changed

  • Schema Parsing: Improved OpenAPI schema parsing with default fallback to 'any' type for invalid schemas
    • Enhanced python/composio/utils/openapi.py to handle malformed schemas gracefully
    • More robust type inference for edge cases where schema type is missing or invalid

Fixed

  • Type Checking: Fixed type checking issues in core validation logic
    • Updated python/composio/core/models/toolkits.py for better type safety
    • Added proper type annotations and validation
  • Sentinel Value Checks: Fixed sentinel value validation in core models
    • Enhanced validation in python/composio/core/models/toolkits.py
    • Improved handling in python/composio/core/models/tools.py and python/composio/core/models/triggers.py
    • Added proper sentinel value checks in python/composio/types.py
  • Build System: Updated noxfile.py for improved development workflow

[0.8.9] - 2024-11-XX

Added

  • Initial stable release with core functionality
  • Support for multiple AI frameworks (OpenAI, Anthropic, Google, etc.)
  • Comprehensive tool execution capabilities
  • Authentication and connected account management
  • File upload and download support
  • Webhook and trigger system
  • Multi-provider support architecture

Features

  • Tool discovery and execution
  • Connected account management
  • Authentication configuration
  • File handling and processing
  • Webhook integration
  • Trigger system for automated workflows
  • Support for custom tools and integrations

Version History

For detailed commit history and technical changes, see the Git commit log.

Support

For questions, issues, or contributions, please visit: