feat(composio): per-toolkit tool curation, user scopes, and Gmail HTML→markdown (#643)

* feat(composio): add user scope management for toolkits

- Introduced `get_user_scopes` and `set_user_scopes` functions to manage per-toolkit user scope preferences, allowing for read, write, and admin classifications.
- Updated `all_controller_schemas` and `all_registered_controllers` to include new schemas for user scope management.
- Implemented `evaluate_tool_visibility` to determine tool visibility based on user-defined scopes, enhancing security and control over tool actions.
- Added `UserScopePref` struct to store user preferences and integrated it with memory storage for persistence.
- Enhanced existing tools to respect user scope preferences during execution, ensuring actions align with user-defined permissions.

These changes improve the flexibility and security of toolkit interactions, allowing users to customize their access levels for different actions.

* feat(gmail): expand GMAIL_CURATED tools for enhanced email management

- Updated the GMAIL_CURATED constant to include additional tools for reading and writing emails, such as GMAIL_LIST_MESSAGES, GMAIL_LIST_THREADS, GMAIL_GET_ATTACHMENT, and GMAIL_FORWARD_MESSAGE.
- Improved organization of tools by categorizing them under distinct sections for reading messages, managing drafts, and handling labels.
- Enhanced admin tools with new functionalities like GMAIL_BATCH_DELETE_MESSAGES and GMAIL_UNTRASH_THREAD, improving overall email management capabilities.

These changes provide a more comprehensive toolkit for interacting with Gmail, enhancing user experience and functionality.

* refactor(tool_scope, gmail): improve code formatting and organization

- Reformatted the `ADMIN` and `GMAIL_CURATED` constants for better readability by aligning the entries vertically.
- Enhanced the clarity of the `classify_unknown` function by improving the structure of the constants, making it easier to maintain and understand.
- Updated test assertions in `toolkit_from_slug` for consistency in formatting, ensuring clearer test outputs.

These changes improve the overall readability and maintainability of the codebase, aligning with ongoing refactoring efforts.

* feat(github): add GitHub toolkit and curated tools for enhanced integration

- Introduced a new GitHub provider module, including a curated catalog of GitHub actions tailored for common tasks such as repository management, issue tracking, and pull request handling.
- Implemented the `catalog_for_toolkit` function to allow fallback to a static curated list for toolkits without a native provider, ensuring consistent tool visibility and access.
- Updated the `evaluate_tool_visibility` function to prioritize curated tools from registered providers, enhancing the overall user experience and security by enforcing whitelist checks.

These changes expand the capabilities of the Composio toolkit, providing users with a comprehensive set of tools for interacting with GitHub, while maintaining a focus on user-defined permissions and visibility.

* refactor(tools): improve formatting and organization of curated tools

- Reformatted the `GITHUB_CURATED`, `NOTION_CURATED`, and other tool constants for better readability by aligning entries vertically.
- Enhanced the clarity of the code structure, making it easier to maintain and understand.
- Updated related documentation to reflect the changes in formatting and organization.

These changes improve the overall readability and maintainability of the codebase, aligning with ongoing refactoring efforts.

* feat(catalogs): introduce curated catalogs for various toolkits

- Added a new module `catalogs.rs` containing curated tool lists for Slack, Discord, Google Calendar, Google Drive, Google Docs, and more, enhancing the Composio toolkit's integration capabilities.
- Updated the `mod.rs` file to include the new `catalogs` module and modified the `catalog_for_toolkit` function to support these curated lists, allowing for better organization and access to toolkit actions.
- This addition improves the overall functionality and user experience by providing a comprehensive set of tools for interacting with popular platforms.

* feat(post-process): implement HTML to markdown conversion for Gmail responses

- Introduced a new `post_process` module to handle per-toolkit response modifications, specifically for converting HTML content to markdown format.
- Enhanced the `ComposioExecuteTool` to apply post-processing on successful responses, improving the clarity and usability of data returned from Gmail.
- Added tests to ensure the correct functionality of HTML detection and conversion, validating the integrity of the post-processing logic.

These changes enhance the user experience by streamlining the handling of HTML content in responses, making it more suitable for further processing and display.

* refactor(post_process): reorganize HTML detection constants for improved readability

- Moved HTML detection markers in the `looks_like_html` function to a more structured format, enhancing clarity and maintainability.
- This change aligns with ongoing efforts to improve code organization and readability within the post-processing module.

* refactor(catalogs): enhance formatting and organization of curated tool constants

- Reformatted the `SLACK_CURATED`, `DISCORD_CURATED`, and `GOOGLECALENDAR_CURATED` constants for improved readability by aligning entries vertically.
- This change enhances the clarity and maintainability of the code, aligning with ongoing refactoring efforts to improve code organization.

* feat(connect-modal): wire read/write/admin scope toggles to composio prefs

Adds the three scope toggles to the connected-state of the
ComposioConnectModal so users can gate which Composio actions the
agent may invoke per integration. Loads the stored pref via
`composio_get_user_scopes` once the modal lands in the connected
phase and persists changes through `composio_set_user_scopes` with
optimistic updates and rollback on error.

- Adds `getUserScopes` / `setUserScopes` to composioApi.
- Adds `ComposioUserScopePref` type mirror.
- Renders accessible role="switch" toggles with hint text per row.

* refactor(ComposioConnectModal): simplify SCOPE_ROWS definition

- Streamlined the definition of SCOPE_ROWS in ComposioConnectModal by removing unnecessary line breaks, enhancing code readability and maintainability.
- Updated the agent.toml configuration to include "composio_execute" in the tools list, expanding the capabilities of the integrations agent.

* fix(composio): apply curated whitelist + scope pref to integrations_agent prompt

The agent prompt for integrations_agent was rendering every action
returned by the backend's `composio_list_tools` for each connected
toolkit, bypassing the curation/scope filter that the meta-tool layer
applies. Concretely the GitHub integrations_agent prompt was showing
~500 actions including non-curated entries like
GITHUB_ADD_OR_UPDATE_TEAM_REPOSITORY_PERMISSIONS.

Adds `is_action_visible_with_pref(slug, pref)` — a sync helper that
mirrors the meta-tool layer's decision logic — and applies it in:
- `fetch_connected_integrations_uncached` (bulk session-cached path)
- `fetch_toolkit_actions` (per-toolkit spawn-time path)

One pref load per toolkit (not per action) keeps the cost minimal.

* refactor(fetch_connected_integrations): streamline action visibility filter

Simplified the action visibility filter in `fetch_connected_integrations_uncached` by consolidating the filter logic into a single line. This change enhances code readability while maintaining the existing functionality of applying user preferences to the displayed actions.

* fix(prompt): drop duplicate `### Available Tools` listing in text-mode preamble

Text-mode subagent prompts were rendering the tool catalog twice: once
in the prompt template's `## Tools` section (with the richer
`Call as: NAME[arg|arg]` signatures from `prompts::ToolsSection::build`)
and once in `### Available Tools` under `## Tool Use Protocol`
(`Parameters: name:type, ...` format).

For an integrations_agent toolkit spawn (~50 actions) this doubled the
tool listing bytes for no informational gain. Keep only the protocol
preamble (essential for text mode); the catalog stays in `## Tools`.

Removes `summarise_parameters` and `first_line_truncated` which were
the sole consumers, plus the now-unused `std::fmt::Write` import.

* review: address PR feedback (UTF-8 boundary, structured logs, doc, debug)

Real fixes:
- post_process: walk back to UTF-8 char boundary before truncating to
  4096 bytes; previous `&s[..4096]` could panic mid-codepoint. Adds
  regression test that places a 3-byte char straddling the cutoff.
- composioApi: move misplaced `execute` docstring back above `execute`
  (it had drifted above the new `getUserScopes`).
- schemas: include `get_user_scopes` / `set_user_scopes` in the
  `every_known_schema_key_resolves` test.

Diagnosability:
- schemas: structured `[composio:scopes]` debug/error logs at entry,
  exit, and every early-return in `handle_get_user_scopes` /
  `handle_set_user_scopes` (method + toolkit + pref fields). The
  memory-not-ready branch now logs an error before returning.
- composioApi + ConnectModal: grep-friendly `[composio][scopes]` debug
  logs around getUserScopes / setUserScopes RPC round-trips and the
  toggle handler (old → new state, persisted result, errors).
- user_scopes: load_or_default now logs the same normalized `key` that
  `load()` does, so traces correlate across both code paths.

Cleanups:
- tools: replace external `idx` + `Vec::retain` in
  `filter_list_tools_response` with a drain + zip + filter_map pattern.
- tool_scope: document the no-underscore-in-toolkit-name assumption of
  `toolkit_from_slug`, and call out the `microsoft_teams` alias.
- Cargo.toml: comment on the html2md vs htmd choice.

Pushback (no change):
- Reviewer asked to split the type-only import in ConnectModal into a
  separate `import type` line; ESLint's `no-duplicate-imports` rejects
  that, so the inline `type` form (functionally identical) stays.

Author: senamakel

Cargo.lock

@@ -16,6 +16,13 @@ crate-type = ["rlib"]
 [dependencies]
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
+# Used by composio post-processing to convert Gmail HTML bodies to
+# markdown. `html2md` is the canonical pure-Rust crate (no system deps);
+# `htmd` (>0.5) is more actively maintained but our usage is one
+# function call (`parse_html`) and the migration cost outweighs the
+# upside today. Re-evaluate if html2md goes unmaintained or we need
+# GFM/table fidelity beyond what html2md emits.
+html2md = "0.2"
 reqwest = { version = "0.12", default-features = false, features = ["json", "blocking", "rustls-tls", "native-tls", "stream", "http2", "multipart", "socks"] }
 tokio = { version = "1", features = ["full", "sync"] }
 once_cell = "1.19"

Cargo.toml

@@ -16,8 +16,18 @@
 import { useCallback, useEffect, useRef, useState } from 'react';
 import { createPortal } from 'react-dom';
 
-import { authorize, deleteConnection, listConnections } from '../../lib/composio/composioApi';
-import { type ComposioConnection, deriveComposioState } from '../../lib/composio/types';
+import {
+  authorize,
+  deleteConnection,
+  getUserScopes,
+  listConnections,
+  setUserScopes,
+} from '../../lib/composio/composioApi';
+import {
+  type ComposioConnection,
+  type ComposioUserScopePref,
+  deriveComposioState,
+} from '../../lib/composio/types';
 import { openUrl } from '../../utils/openUrl';
 import type { ComposioToolkitMeta } from './toolkitMeta';
 
@@ -58,6 +68,16 @@ export default function ComposioConnectModal({
     connection
   );
 
+  // ── Scope preferences (read/write/admin) ────────────────────────
+  // The pref gates which curated Composio actions the agent may call.
+  // We load it lazily once the toolkit is connected, so the toggles in
+  // the success view always reflect what the core actually has stored.
+  const [scopes, setScopes] = useState<ComposioUserScopePref | null>(null);
+  const [scopeError, setScopeError] = useState<string | null>(null);
+  // Per-key in-flight flag so spamming a single toggle disables only
+  // that row while the RPC round-trips.
+  const [savingScope, setSavingScope] = useState<keyof ComposioUserScopePref | null>(null);
+
   // Escape to close
   useEffect(() => {
     const handleEscape = (e: KeyboardEvent) => {
@@ -175,6 +195,78 @@ export default function ComposioConnectModal({
     }
   }, [startPolling, toolkit.slug]);
 
+  // Fetch the stored scope pref whenever the modal lands in the
+  // 'connected' phase. Re-fetching each time we transition (rather
+  // than once on mount) keeps the toggles correct after a fresh OAuth
+  // handoff completes inside this modal.
+  useEffect(() => {
+    if (phase !== 'connected') return;
+    let cancelled = false;
+    void (async () => {
+      try {
+        const pref = await getUserScopes(toolkit.slug);
+        if (!cancelled) setScopes(pref);
+      } catch (err) {
+        if (!cancelled) {
+          const msg = err instanceof Error ? err.message : String(err);
+          setScopeError(`Couldn't load scope preferences: ${msg}`);
+        }
+      }
+    })();
+    return () => {
+      cancelled = true;
+    };
+  }, [phase, toolkit.slug]);
+
+  const handleToggleScope = useCallback(
+    async (key: keyof ComposioUserScopePref) => {
+      if (!scopes || savingScope) {
+        console.debug(
+          '[composio][scopes] toggle ignored toolkit=%s key=%s reason=%s',
+          toolkit.slug,
+          key,
+          !scopes ? 'pref-not-loaded' : 'another-save-in-flight'
+        );
+        return;
+      }
+      const optimistic: ComposioUserScopePref = { ...scopes, [key]: !scopes[key] };
+      console.debug(
+        '[composio][scopes] toggle toolkit=%s key=%s old=%s new=%s',
+        toolkit.slug,
+        key,
+        scopes[key],
+        optimistic[key]
+      );
+      setScopes(optimistic);
+      setSavingScope(key);
+      setScopeError(null);
+      try {
+        const persisted = await setUserScopes(toolkit.slug, optimistic);
+        console.debug(
+          '[composio][scopes] toggle persisted toolkit=%s key=%s pref=%o',
+          toolkit.slug,
+          key,
+          persisted
+        );
+        setScopes(persisted);
+      } catch (err) {
+        // Roll back on failure so the toggle reflects reality.
+        const msg = err instanceof Error ? err.message : String(err);
+        console.error(
+          '[composio][scopes] toggle failed toolkit=%s key=%s error=%o',
+          toolkit.slug,
+          key,
+          err
+        );
+        setScopes(scopes);
+        setScopeError(`Couldn't save ${key} scope: ${msg}`);
+      } finally {
+        setSavingScope(null);
+      }
+    },
+    [savingScope, scopes, toolkit.slug]
+  );
+
   const handleDisconnect = useCallback(async () => {
     if (!activeConnection) return;
     setPhase('disconnecting');
@@ -299,6 +391,12 @@ export default function ComposioConnectModal({
                   id: {activeConnection.id}
                 </p>
               )}
+              <ScopeToggles
+                scopes={scopes}
+                savingScope={savingScope}
+                onToggle={handleToggleScope}
+                error={scopeError}
+              />
               <button
                 type="button"
                 onClick={() => void handleDisconnect()}
@@ -333,3 +431,80 @@ export default function ComposioConnectModal({
 
   return createPortal(modalContent, document.body);
 }
+
+// ── Scope toggles ───────────────────────────────────────────────────
+
+const SCOPE_ROWS: Array<{ key: keyof ComposioUserScopePref; label: string; hint: string }> = [
+  {
+    key: 'read',
+    label: 'Read',
+    hint: 'Allow listing, fetching, searching (e.g. read emails / pages).',
+  },
+  {
+    key: 'write',
+    label: 'Write',
+    hint: 'Allow sending, creating, updating (e.g. send emails, create pages).',
+  },
+  {
+    key: 'admin',
+    label: 'Admin',
+    hint: 'Allow destructive or permission-changing actions (delete, share, etc.).',
+  },
+];
+
+interface ScopeTogglesProps {
+  scopes: ComposioUserScopePref | null;
+  savingScope: keyof ComposioUserScopePref | null;
+  onToggle: (key: keyof ComposioUserScopePref) => void;
+  error: string | null;
+}
+
+function ScopeToggles({ scopes, savingScope, onToggle, error }: ScopeTogglesProps) {
+  // Render skeleton placeholders while we wait on the initial load so
+  // the modal layout doesn't jump when the pref arrives.
+  const loading = scopes === null;
+
+  return (
+    <div className="border-t border-stone-100 pt-3 mt-1 space-y-2">
+      <div className="flex items-baseline justify-between">
+        <h3 className="text-xs font-semibold text-stone-700 uppercase tracking-wide">
+          Agent permissions
+        </h3>
+        <p className="text-[10px] text-stone-400">Read+Write enabled by default</p>
+      </div>
+      <ul className="space-y-1.5">
+        {SCOPE_ROWS.map(row => {
+          const enabled = scopes?.[row.key] ?? false;
+          const isSaving = savingScope === row.key;
+          return (
+            <li
+              key={row.key}
+              className="flex items-start justify-between gap-3 rounded-lg px-2 py-1.5 hover:bg-stone-50">
+              <div className="min-w-0 flex-1">
+                <span className="text-sm font-medium text-stone-900">{row.label}</span>
+                <p className="text-[11px] text-stone-400 leading-snug">{row.hint}</p>
+              </div>
+              <button
+                type="button"
+                role="switch"
+                aria-checked={enabled}
+                aria-label={`${enabled ? 'Disable' : 'Enable'} ${row.label} scope`}
+                disabled={loading || savingScope !== null}
+                onClick={() => onToggle(row.key)}
+                className={`relative inline-flex h-5 w-9 shrink-0 cursor-pointer items-center rounded-full transition-colors focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-1 disabled:cursor-not-allowed disabled:opacity-50 ${
+                  enabled ? 'bg-primary-500' : 'bg-stone-300'
+                }`}>
+                <span
+                  className={`inline-block h-3.5 w-3.5 transform rounded-full bg-white shadow transition-transform ${
+                    enabled ? 'translate-x-5' : 'translate-x-0.5'
+                  } ${isSaving ? 'animate-pulse' : ''}`}
+                />
+              </button>
+            </li>
+          );
+        })}
+      </ul>
+      {error && <p className="text-[11px] text-coral-600">{error}</p>}
+    </div>
+  );
+}