fix: persistent auth fields in Tool mode.

[Uday-sidagana]

This is an Immediate subset of 10229

Backend changes: src/lfx/src/lfx/base/composio/composio_base.py
— Persistent Auth fields in Tool mode post a valid connection is fixed in this PR.

Summary by CodeRabbit

• Bug Fixes

  • UI now accurately reflects connection status by clearing or rendering auth fields as needed.
  • Consistent behavior in tool mode: hides managed auth inputs when connected.
  • Reliable handling of API key changes and disconnections, resetting related hints and controls.
  • Smoother connection initiation/validation via links, with proper UI updates.

• Refactor

  • Streamlined build configuration flow to consistently update dynamic auth fields and re-render appropriate controls based on connection state.

[coderabbitai]

Walkthrough

Refactors authentication UI/control flow in composio_base.py to clear and re-render dynamic auth fields based on connection status and mode. Integrates handling for auth_link actions, API key changes, and disconnections. Ensures build_config and tool_mode states are updated consistently. Updates update_build_config method signature.

Changes

Cohort / File(s)

Summary

Auth UI/Flow refactor src/lfx/src/lfx/base/composio/composio_base.py

Centralizes logic to clear/render auth fields based on active connection and tool mode; adjusts handling of auth_link actions (init/validate), API_KEY and non-OAUTH2 modes; resets auth_mode/auth_link/action_button hints on changes/disconnects; ensures consistent build_config updates and tool_mode state; updates method signature to def update_build_config(self, build_config: dict, field_value: Any, field_name: str | None = None) -> dict.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant U as UI
  participant CB as ComposioBase
  participant TS as ToolkitSchema
  participant CS as ConnectionService

  rect rgba(230,240,255,0.4)
  note over CB: Build config update
  U->>CB: update_build_config(build_config, field_value, field_name)
  CB->>CS: Check active connection
  alt Active connection
    CB->>TS: Clear auth fields for current build_config
    CB-->>U: Return config with cleared auth UI
  else No active connection
    alt Tool mode managed
      CB->>TS: Avoid rendering custom auth fields
    else Manual mode
      CB->>TS: Render custom auth fields per schema
    end
    CB-->>U: Return updated config
  end
  end

  rect rgba(235,255,235,0.4)
  note over CB: auth_link actions
  U->>CB: action: init/validate via auth_link
  CB->>TS: Clear previously rendered auth fields
  CB->>CS: Start/validate connection
  alt OAUTH2 flow
    CS-->>CB: Connected/validated
    CB->>TS: Keep auth fields cleared
    CB-->>U: Updated state (connected)
  else API_KEY / non-OAUTH2
    CB->>TS: Render/clear fields as required
    CB-->>U: Updated state with hints/auth_link
  end
  end

  rect rgba(255,240,230,0.4)
  note over CB: Changes/disconnects
  U->>CB: API key change or disconnect
  CB->>TS: Reset auth_mode, auth_link, action_button hints
  CB->>TS: Re-render appropriate controls
  CB-->>U: Consistent build_config and tool_mode state
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: updated component with new Auth mode support. #9756: Overlapping edits to composio_base.py’s auth UI and connection-handling logic, including clearing/rendering fields and auth_mode/auth_link behavior.

Suggested reviewers

• edwinjosechittilappilly

Pre-merge checks and finishing touches

❌ Failed checks (1 error, 2 warnings)

Check name	Status	Explanation	Resolution
Test Coverage For New Implementations	❌ Error	The PR introduces substantial changes to authentication field handling in composio_base.py without adding or updating any corresponding test files, leaving the new logic unverified and lacking regression coverage for the tool mode bug fix.	Add unit tests to cover the new update_build_config behaviors, including scenarios for active connections, tool mode persistence, API key changes, and OAuth2 handling, ensuring tests follow the test_*.py naming convention and concretely assert the expected UI field resets.
Test Quality And Coverage	⚠️ Warning	I inspected the PR branch to find tests covering the updated backend logic in src/lfx/src/lfx/base/composio/composio_base.py, especially around update_build_config and the new behavior for clearing/rendering auth fields in Tool mode and when connections change. I could not locate any new or existing tests that exercise this method or the affected flows, nor tests mentioning composio_base, update_build_config, Tool mode auth-field persistence, or related build_config/auth_link/auth_mode behaviors. There are no async-specific tests, and there are no API endpoint tests tied to these changes, so success/error cases aren’t validated. Given the absence of targeted tests, the implementation appears untested beyond any incidental smoke coverage, and it does not meet the project’s stated testing patterns for backend behavior with pytest.	Add pytest-based unit tests for update_build_config covering: no active connection vs active connection, Tool mode vs non-Tool mode, API_KEY vs OAUTH2 paths, initiating/validating/disconnecting flows, and ensuring auth fields are cleared or rendered as intended. Include tests for changes in auth_mode, auth_link, action_button hints, and re-rendering decisions, plus negative/error scenarios where inputs are malformed. If any async code paths exist, use pytest.mark.asyncio and proper async fixtures. If UI is indirectly affected via build_config, assert on the resulting config dicts to validate behavior rather than smoke-testing call success.
Test File Naming And Structure	⚠️ Warning	I searched the repository for tests and found no backend pytest files matching test_*.py, no frontend *.test.ts or *.test.tsx files, and no clear integration/e2e test directories or markers. There are no conftest.py files or pytest fixtures indicating setup/teardown, and no Playwright usage imports. Because the PR introduces backend logic changes without accompanying tests and the repo currently lacks the expected test structure and files, I cannot verify compliance with the specified naming, structure, and coverage criteria. Consequently, the check fails due to absence of the required test patterns and artifacts.	Add backend pytest files named test_*.py that cover the new composio_base.py behavior, including both positive and negative cases, with descriptive test function names and appropriate setup/teardown via fixtures (place common fixtures in conftest.py). For frontend, add *.test.ts(x) Playwright tests if UI behavior is involved, importing from @playwright/test and organizing e2e/integration tests under a dedicated integration or e2e directory. Clearly mark integration tests (e.g., pytest marks or directory naming) and include edge cases such as switching auth modes, disconnect/reconnect flows, and field reset timing to ensure comprehensive coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly specifies the main change by indicating a fix for persistent authentication fields in Tool mode, which directly matches the code updates for clearing and resetting auth fields after a valid connection.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Excessive Mock Usage Warning	✅ Passed	The repository’s unit tests do employ a high volume of mocks, but these patches predominantly isolate external dependencies—file I/O, HTTP clients, database sessions, CLI entrypoints, and third-party SDKs—while the core business logic is validated via integration tests and real object behavior. The heavy mocking in utility and CLI tests serves to exercise numerous edge cases without reliance on actual infrastructure and does not obscure the underlying functionality being tested. Consequently, mock usage here aligns with good unit-test practices rather than indicating poor test design.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/lfx/src/lfx/base/composio/composio_base.py (1)

1618-1633: Avoid “Disconnect” tooltip and storing connection_id on redirect flows; defer until validated

When initiation returns a redirect_url, the connection isn’t validated yet. Setting auth_tooltip="Disconnect" and storing connection_id at this stage is misleading. Prefer “Open link” (or “Connect”) and only store connection_id once the connection is ACTIVE or non‑redirect (immediate validation) cases.

Apply this diff to clarify state and avoid premature id storage:

-                        if redirect_url:
-                            build_config["auth_link"]["value"] = redirect_url
-                            build_config["auth_link"]["auth_tooltip"] = "Disconnect"
-                        else:
-                            build_config["auth_link"]["value"] = "validated"
-                            build_config["auth_link"]["auth_tooltip"] = "Disconnect"
-                            build_config["auth_link"]["connection_id"] = connection_id
+                        if redirect_url:
+                            # Not validated yet → present link action; don't store id until ACTIVE
+                            build_config["auth_link"]["value"] = redirect_url
+                            build_config["auth_link"]["auth_tooltip"] = "Open link"
+                        else:
+                            # Validated without redirect → mark connected and store id
+                            build_config["auth_link"]["value"] = "validated"
+                            build_config["auth_link"]["auth_tooltip"] = "Disconnect"
+                            if connection_id:
+                                build_config["auth_link"]["connection_id"] = connection_id
                         # Clear auth fields when connected
-                        schema = self._get_toolkit_schema()
-                        self._clear_auth_fields_from_schema(build_config, schema)
+                        schema = self._get_toolkit_schema()
+                        self._clear_auth_fields_from_schema(build_config, schema)

🧹 Nitpick comments (2)

src/lfx/src/lfx/base/composio/composio_base.py (2)

1360-1364: Good fix clearing auth fields on ACTIVE connection; also sync auth_mode pill for consistency

Clearing dynamic auth fields here is correct and aligns UI with the connected state. Recommend also updating auth_mode to reflect the connected scheme (like in the earlier branch at Lines 1290-1328) so the dropdown/pill stays consistent.

Apply this diff after clearing fields:

                     # Clear auth fields when connected
                     schema = self._get_toolkit_schema()
                     self._clear_auth_fields_from_schema(build_config, schema)
+
+                    # Reflect connected scheme in auth_mode UI
+                    scheme, _ = self._get_connection_auth_info(connection_id)
+                    if scheme:
+                        build_config.setdefault("auth_link", {})
+                        build_config["auth_link"]["auth_scheme"] = scheme
+                        build_config.setdefault("auth_mode", {})
+                        build_config["auth_mode"]["value"] = scheme
+                        build_config["auth_mode"]["options"] = [scheme]
+                        build_config["auth_mode"]["show"] = False
+                        try:
+                            pill = TabInput(
+                                name="auth_mode",
+                                display_name="Auth Mode",
+                                options=[scheme],
+                                value=scheme,
+                            ).to_dict()
+                            pill["show"] = True
+                            build_config["auth_mode"] = pill
+                        except (TypeError, ValueError, AttributeError):
+                            build_config["auth_mode"] = {
+                                "name": "auth_mode",
+                                "display_name": "Auth Mode",
+                                "type": "tab",
+                                "options": [scheme],
+                                "value": scheme,
+                                "show": True,
+                            }

---

1759-1778: Tool mode logic is correct; avoid duplicate ACTIVE checks to reduce API calls

Rendering/hiding custom auth fields in tool mode is correct. This block re‑queries for an active connection even though a similar check/routine runs earlier (Lines 1653-1714), causing extra API calls.

Use the already computed/stored state when available to skip the extra list/get:

-            active_connection = self._find_active_connection_for_app(self.app_name)
+            # Prefer stored state from earlier checks to avoid duplicate API calls
+            auth_link_cfg = build_config.get("auth_link") or {}
+            if auth_link_cfg.get("value") == "validated" and auth_link_cfg.get("connection_id"):
+                active_connection = (auth_link_cfg["connection_id"], "ACTIVE")
+            else:
+                active_connection = self._find_active_connection_for_app(self.app_name)

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f24a064 and 0eb3a3f.

📒 Files selected for processing (1)

• src/lfx/src/lfx/base/composio/composio_base.py (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Update Starter Projects

[Uday-sidagana]

Closing this PR as it's redundant.