Skip to content

feat: add Mercury MCP Integration Security & Architecture Guide#203

Merged
yashdev9274 merged 1 commit into
mainfrom
supercode-cli
Jul 14, 2026
Merged

feat: add Mercury MCP Integration Security & Architecture Guide#203
yashdev9274 merged 1 commit into
mainfrom
supercode-cli

Conversation

@yashdev9274

@yashdev9274 yashdev9274 commented Jul 14, 2026

Copy link
Copy Markdown
Owner

Description

  • Introduced a comprehensive guide detailing the architecture and security measures for Mercury MCP integration.
  • Included structural diagrams, end-to-end architecture, OAuth flow, permission enforcement, and data handling protocols.
  • Documented key architectural invariants and tool naming conventions for clarity in implementation.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactor (no functional changes)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

  • bun test passes
  • bun run typecheck passes
  • bun run lint passes (if applicable)

Checklist:

  • My code follows the project's style guidelines
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works

Summary by CodeRabbit

  • Documentation
    • Added a security and architecture guide for Mercury integration.
    • Documented OAuth connection and reconnection flows.
    • Clarified read-only capabilities, permission enforcement, audit visibility, data handling, retention, and revocation procedures.
    • Documented known security limitations, including missing rate limiting, output sanitization, and stale-session cleanup.

- Introduced a comprehensive guide detailing the architecture and security measures for Mercury MCP integration.
- Included structural diagrams, end-to-end architecture, OAuth flow, permission enforcement, and data handling protocols.
- Documented key architectural invariants and tool naming conventions for clarity in implementation.
@vercel

vercel Bot commented Jul 14, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
supercli Ready Ready Preview, Comment Jul 14, 2026 1:24pm
supercli-client Ready Ready Preview, Comment Jul 14, 2026 1:24pm
supercli-docs Ready Ready Preview, Comment Jul 14, 2026 1:24pm

@greptile-apps greptile-apps Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your trial has ended. Reactivate Greptile to resume code reviews.

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

Added a 260-line security and architecture guide for Mercury integration through Composio and MergeDev, covering authorization, permissions, read-only capabilities, data handling, auditing, revocation, and known security gaps.

Changes

Mercury MCP Integration Guide

Layer / File(s) Summary
Architecture and OAuth flow
supercode-mercury.md
Documents dual-gateway authorization, MCP mediation invariants, the Composio OAuth lifecycle, and read-only MCP tool naming.
Permissions, data, and capabilities
supercode-mercury.md
Describes permission evaluation, agent and subagent rules, data retention boundaries, local storage constraints, and read-only capability tiers.
Audit, revocation, and security status
supercode-mercury.md
Lists audit surfaces and revocation paths, and records security strengths and acknowledged gaps.

Estimated code review effort: 2 (Simple) | ~10 minutes

Poem

A rabbit reads where gateways glow,
Two keys guard the funds below.
Read-only carrots fill the tray,
Old sessions hop to clean decay.
Audit tracks each silver toe.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: adding a Mercury MCP integration security and architecture guide.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch supercode-cli

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Nitpick comments (1)
supercode-mercury.md (1)

9-9: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add language identifiers to fenced code blocks.

The four diagram/flow fences trigger markdownlint MD040. Use text (or another appropriate language) after each opening fence.

Also applies to: 50-50, 76-76, 120-120

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supercode-mercury.md` at line 9, Update the four diagram/flow fenced code
blocks in supercode-mercury.md, including the referenced locations, by adding a
language identifier such as text to each opening fence. Preserve the existing
diagram contents and formatting.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@supercode-mercury.md`:
- Around line 224-228: Correct the Mercury disconnect documentation around
resetSession() so it describes only clearing the local Composio session, not
revoking access. Document the actual remote account/session teardown path, and
update the disconnect flow to perform remote teardown when disconnect is
intended to revoke access, while preserving local reset behavior.
- Around line 161-167: Update the connected-account retrieval in the server flow
around connectedAccounts.list to pass the authenticated user’s identifier as
Composio’s user filter, and retain only that user’s ACTIVE accounts when
building the session. Ensure the documentation’s per-user isolation claim
matches the filtered runtime behavior.
- Around line 157-160: Update the “What Supercode Persists (Mercury-Related)”
section to replace “Nothing” with the actual Mercury-derived data retained in
conversation/message rows and MergeDev audit logs. Identify the retained fields,
storage locations, and applicable retention or redaction rules, while preserving
the statement that no Mercury-specific PostgreSQL tables store balances,
transactions, vendor information, or OAuth tokens.
- Around line 247-250: Update the /api/composio/session response and
ComposioSessionManager handling so the server COMPOSIO_API_KEY is never returned
to or stored by the client. Return only session metadata; if client
authentication requires a credential, provide a separate short-lived, narrowly
scoped token and document it independently from Mercury OAuth data.
- Around line 16-21: Update the supercode-mercury.md flow and invariants to
accurately describe that McpManager exposes separate mcp_composio_* and
mcp_mergedev_* tools, while the CLI execution path prefers only mcp_composio_*
without enforcing both gateways. Do not claim every Mercury call is
dual-authorized; alternatively, add an explicit wrapper enforcing both gateways
if that is the intended contract.

---

Nitpick comments:
In `@supercode-mercury.md`:
- Line 9: Update the four diagram/flow fenced code blocks in
supercode-mercury.md, including the referenced locations, by adding a language
identifier such as text to each opening fence. Preserve the existing diagram
contents and formatting.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f4f74416-30fd-4fa9-8fb1-1a1ea89dbafa

📥 Commits

Reviewing files that changed from the base of the PR and between 7245c7d and 0cfab96.

📒 Files selected for processing (1)
  • supercode-mercury.md

Comment thread supercode-mercury.md
Comment on lines +16 to +21
┌─────────────────────────────────────────────────────────────────────┐
│ MCP MANAGER (McpManager) │
│ • HTTP/SSE transport to Composio MCP gateway │
│ • HTTP/SSE transport to MergeDev connector gateway │
│ • Prefixes tools as mcp_composio_* and mcp_mergedev_* │
│ • All tool invocations gated by PermissionManager.check() │

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the documented sections and the implementation paths they refer to.
printf '\n## supercode-mercury.md (selected ranges)\n'
nl -ba supercode-mercury.md | sed -n '1,220p'

printf '\n## candidate implementation files\n'
git ls-files 'apps/supercode-cli/server/src/**' | sed -n '1,200p'

printf '\n## relevant symbols in mcp-manager.ts and index.ts\n'
for f in apps/supercode-cli/server/src/mcp/mcp-manager.ts apps/supercode-cli/server/src/index.ts; do
  if [ -f "$f" ]; then
    printf '\n### %s\n' "$f"
    ast-grep outline "$f" --view expanded || true
  fi
done

printf '\n## textual search for relevant terms\n'
rg -n "mcp_composio_|mcp_mergedev_|PermissionManager|ACTIVE connected accounts|connected accounts|resetSession|MergeDev|Composio|gateway" apps/supercode-cli/server/src supercode-mercury.md

Repository: yashdev9274/supercli

Length of output: 241


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Read the relevant code slices with line numbers after locating them.
for f in apps/supercode-cli/server/src/mcp/mcp-manager.ts apps/supercode-cli/server/src/index.ts; do
  if [ -f "$f" ]; then
    printf '\n## %s\n' "$f"
    wc -l "$f"
  fi
done

printf '\n## mcp-manager.ts excerpt\n'
nl -ba apps/supercode-cli/server/src/mcp/mcp-manager.ts | sed -n '1,260p'

printf '\n## index.ts excerpt\n'
nl -ba apps/supercode-cli/server/src/index.ts | sed -n '1,260p'

Repository: yashdev9274/supercli

Length of output: 419


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Read only the relevant slices around the cited logic.
for f in supercode-mercury.md apps/supercode-cli/server/src/mcp/mcp-manager.ts apps/supercode-cli/server/src/index.ts; do
  if [ -f "$f" ]; then
    echo "===== $f ====="
    wc -l "$f"
  fi
done

echo
echo "===== supercode-mercury.md:1-170 ====="
nl -ba supercode-mercury.md | sed -n '1,170p'

echo
echo "===== mcp-manager.ts:1-260 ====="
nl -ba apps/supercode-cli/server/src/mcp/mcp-manager.ts | sed -n '1,260p'

echo
echo "===== index.ts:1-260 ====="
nl -ba apps/supercode-cli/server/src/index.ts | sed -n '1,260p'

Repository: yashdev9274/supercli

Length of output: 506


🏁 Script executed:

#!/bin/bash
set -euo pipefail

python3 - <<'PY'
from pathlib import Path

files = [
    ("supercode-mercury.md", 1, 170),
    ("apps/supercode-cli/server/src/mcp/mcp-manager.ts", 1, 260),
    ("apps/supercode-cli/server/src/index.ts", 1, 260),
]
for path, start, end in files:
    p = Path(path)
    print(f"\n===== {path}:{start}-{end} =====")
    for i, line in enumerate(p.read_text().splitlines(), 1):
        if start <= i <= end:
            print(f"{i:4d}: {line}")
PY

Repository: yashdev9274/supercli

Length of output: 26901


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n## mercury doc hits\n'
rg -n -A3 -B3 "MCP MANAGER|mcp_composio_|mcp_mergedev_|PermissionManager|resetSession|ACTIVE connected accounts|chat-history|raw model output|Mercury" supercode-mercury.md

printf '\n## implementation hits\n'
rg -n -A4 -B4 "mcp_composio_|mcp_mergedev_|PermissionManager|resetSession|ACTIVE connected accounts|connected accounts|Composio|MergeDev|gateway|pref" apps/supercode-cli/server/src/index.ts apps/supercode-cli/server/src/mcp/mcp-manager.ts

Repository: yashdev9274/supercli

Length of output: 16163


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n## PermissionManager references\n'
rg -n "class PermissionManager|function PermissionManager|PermissionManager\.check|PermissionManager" .

printf '\n## MCP manager usage\n'
rg -n "getMcpManager\(|resetMcpManager\(|getAllTools\(|reconnectServer\(|mcp_composio_|mcp_mergedev_" apps/supercode-cli/server/src

Repository: yashdev9274/supercli

Length of output: 5520


🏁 Script executed:

#!/bin/bash
set -euo pipefail

python3 - <<'PY'
from pathlib import Path
path = Path("apps/supercode-cli/server/src/index.ts")
start, end = 520, 640
for i, line in enumerate(path.read_text().splitlines(), 1):
    if start <= i <= end:
        print(f"{i:4d}: {line}")
PY

Repository: yashdev9274/supercli

Length of output: 6633


Document the real gating path supercode-mercury.md:16-21, 48-63, 118-135 — McpManager exposes separate mcp_composio_* and mcp_mergedev_* tools, and the CLI only prefers mcp_composio_* for execution; there is no wrapper that forces both gateways on every Mercury call. Update the flow/invariants to match that behavior, or add the missing enforcement if dual authorization is required.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supercode-mercury.md` around lines 16 - 21, Update the supercode-mercury.md
flow and invariants to accurately describe that McpManager exposes separate
mcp_composio_* and mcp_mergedev_* tools, while the CLI execution path prefers
only mcp_composio_* without enforcing both gateways. Do not claim every Mercury
call is dual-authorized; alternatively, add an explicit wrapper enforcing both
gateways if that is the intended contract.

Comment thread supercode-mercury.md
Comment on lines +157 to +160
### What Supercode Persists (Mercury-Related)

**Nothing.** The Supercode PostgreSQL schema contains no Mercury-specific tables. No balances, transactions, vendor info, or OAuth tokens are stored in Supercode's database.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Locate the document and related mentions of Mercury retention/persistence.
git ls-files | rg 'supercode-mercury\.md|mercury|chat history|provider payload|trace|log|retention|redact|response'

# Show the relevant section of the target file with line numbers.
if git ls-files | rg -q '^supercode-mercury\.md$'; then
  nl -ba supercode-mercury.md | sed -n '140,280p'
fi

# Search for persistence/retention language across the repo.
rg -n --hidden --glob '!**/.git/**' \
  -e 'persist(ed|s|ence)|stored|storage|retention|redact|redaction|trace|traces|log(s|ged|ging)?|chat history|conversation message|provider payload|Mercury' .

Repository: yashdev9274/supercli

Length of output: 934


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Read the target document section with portable line numbering.
sed -n '140,280p' supercode-mercury.md | cat -n

printf '\n--- MATCHES ---\n'

# Search for Mercury-related persistence/retention wording in the repository.
rg -n --hidden --glob '!**/.git/**' \
  -e 'persist(ed|s|ence)|stored|storage|retention|redact|redaction|trace|traces|log(s|ged|ging)?|chat history|conversation message|provider payload|Mercury' supercode-mercury.md .

Repository: yashdev9274/supercli

Length of output: 50377


Clarify the Mercury retention boundary. Supercode does persist Mercury-derived data in conversation/message rows (tool arguments) and MergeDev audit logs; replace “Nothing” with the actual retained fields, locations, and retention/redaction rules.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supercode-mercury.md` around lines 157 - 160, Update the “What Supercode
Persists (Mercury-Related)” section to replace “Nothing” with the actual
Mercury-derived data retained in conversation/message rows and MergeDev audit
logs. Identify the retained fields, storage locations, and applicable retention
or redaction rules, while preserving the statement that no Mercury-specific
PostgreSQL tables store balances, transactions, vendor information, or OAuth
tokens.

Comment thread supercode-mercury.md
Comment on lines +161 to +167
### What Composio Persists

| Data | Location | Retention |
|------|----------|-----------|
| Mercury OAuth tokens (access + refresh, read-only scoped) | Composio infrastructure | Until user revokes or token expires |
| Connected account metadata (account ID, status, provider) | Composio infrastructure | Until disconnected |
| Active MCP session state | Composio infrastructure | Per session lifecycle |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Locate the relevant code paths and map their structure first.
git ls-files | rg '^(apps/supercode-cli/server/src/index\.ts|.*connectedAccounts.*|.*mcp.*|.*account.*)$'

echo
echo "== Outline of apps/supercode-cli/server/src/index.ts =="
ast-grep outline apps/supercode-cli/server/src/index.ts --view expanded || true

echo
echo "== Search for connectedAccounts usage =="
rg -n "connectedAccounts\.list|connectedAccounts|ACTIVE account|Mercury" apps/supercode-cli/server/src/index.ts apps/supercode-cli/server/src || true

echo
echo "== Search for user/tenant scoping around connected accounts =="
rg -n "tenant|userId|accountId|workspace|project|session" apps/supercode-cli/server/src || true

echo
echo "== Search for tests or helpers around connected accounts =="
rg -n "connectedAccounts|Mercury|ACTIVE" . --glob '!**/node_modules/**' --glob '!**/dist/**' --glob '!**/build/**' || true

Repository: yashdev9274/supercli

Length of output: 39526


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== apps/supercode-cli/server/src/index.ts (around Composio session proxy) =="
sed -n '1080,1155p' apps/supercode-cli/server/src/index.ts | cat -n

echo
echo "== apps/supercode-cli/server/src/mcp/composio.ts (session/account handling) =="
sed -n '1,280p' apps/supercode-cli/server/src/mcp/composio.ts | cat -n

echo
echo "== Search for any user-scoped filtering passed to connectedAccounts.list() =="
rg -n "connectedAccounts\.list\(\{[^}]*user|connectedAccounts\.list\(\{[^}]*account|connectedAccounts\.list\(\{[^}]*tenant|connectedAccounts\.list\(" apps/supercode-cli/server/src

Repository: yashdev9274/supercli

Length of output: 11851


🌐 Web query:

Composio connectedAccounts.list userId filter docs sessions.create connectedAccounts project-wide

💡 Result:

In Composio, connected accounts and sessions are managed within the scope of a specific project, as projects serve as the primary isolation boundary for all resources, including connected accounts, authentication configurations, and API keys [1][2]. Connected Accounts To retrieve connected accounts, use the connectedAccounts.list method [3]. This method supports filtering by various criteria, including user IDs, via an optional query object [3][4][5]. Example (TypeScript): // List all accounts for a specific user const userAccounts = await composio.connectedAccounts.list({ userIds: ['user_123'] }); Example (Python): # List all accounts for a user accounts = composio.connected_accounts.list( user_ids=['user_123']) The available filter parameters for connectedAccounts.list include user_ids, toolkit_slugs, statuses, auth_config_ids, and connected_account_ids [4]. Sessions To initialize a session, use the composio.create(user_id) method, which acts as the entry point for all integrations [6][7]. While the documentation refers to sessions.create (often associated with the underlying API or internal session management), the recommended implementation for users is invoking create on the Composio SDK instance to establish a context for a specific user [6][7]. Once a session is created, it can access toolkits and connected accounts authorized for that project [8]. Project-wide access is implicitly handled by the API key associated with the project; resources in one project are strictly isolated from others [1].

Citations:


Scope Composio connected accounts to the authenticated user

apps/supercode-cli/server/src/index.ts still calls connectedAccounts.list({}) and forwards every ACTIVE account in the project into the session. Composio supports user filters on this API, so this should be narrowed to the authenticated user before documenting the storage as per-user isolated.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supercode-mercury.md` around lines 161 - 167, Update the connected-account
retrieval in the server flow around connectedAccounts.list to pass the
authenticated user’s identifier as Composio’s user filter, and retain only that
user’s ACTIVE accounts when building the session. Ensure the documentation’s
per-user isolation claim matches the filtered runtime behavior.

Comment thread supercode-mercury.md
Comment on lines +224 to +228
**From Supercode:**
1. User opens `/mcp` TUI → views connected apps and connector status
2. Disconnects Mercury → `composioSessionManager.resetSession()`
3. Future Mercury tool calls fail at the Composio session layer
4. Since access is read-only, revocation risk is limited to loss of balance visibility

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift

Do not describe resetSession() as revocation.

apps/supercode-cli/server/src/mcp/composio.ts:200-205 shows that resetSession() only sets the local session to null; it does not disconnect the connected account, revoke OAuth, invalidate the remote session, or stop an existing MCP connection.

Document the real revocation path and implement remote account/session teardown if local disconnect is intended to revoke access.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supercode-mercury.md` around lines 224 - 228, Correct the Mercury disconnect
documentation around resetSession() so it describes only clearing the local
Composio session, not revoking access. Document the actual remote
account/session teardown path, and update the disconnect flow to perform remote
teardown when disconnect is intended to revoke access, while preserving local
reset behavior.

Comment thread supercode-mercury.md
Comment on lines +247 to +250
1. OAuth tokens never touch Supercode — stored and managed entirely by Composio
2. No Mercury data persisted in Supercode's database or local files
3. Dual-gate authorization — both Composio (auth/session) and MergeDev (policy/audit) must pass
4. Read-only by design — Mercury enforces at OAuth scope level, MergeDev enforces at policy level

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n## Files mentioning createSessionFromServer / composio session\n'
rg -n --hidden --glob '!**/node_modules/**' --glob '!**/.git/**' 'createSessionFromServer|/api/composio/session|apiKey|Composio\(' .

printf '\n## Candidate files in repository root related to supercode-mercury\n'
git ls-files | rg 'supercode-mercury\.md|composio|mercury'

Repository: yashdev9274/supercli

Length of output: 15374


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# If the files are found, inspect the relevant ranges with line numbers.
for f in $(git ls-files | rg 'supercode-mercury\.md|composio|mercury'); do
  echo "## $f"
  wc -l "$f"
done

Repository: yashdev9274/supercli

Length of output: 306


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Show the relevant document section around the cited lines.
f=$(git ls-files | rg '^supercode-mercury\.md$')
echo "## $f"
cat -n "$f" | sed -n '230,265p'

Repository: yashdev9274/supercli

Length of output: 1839


🌐 Web query:

Composio createSessionFromServer apiKey client-side session endpoint returns apiKey

💡 Result:

In Composio, the session creation process (via composio.create(user_id) or the underlying /api/v3.1/tool_router/session endpoint) is designed to return session-specific metadata, such as a session_id and MCP server information (like mcp.url and mcp.headers) [1][2][3]. It does not return your sensitive API key. Your API key is used to authenticate the request that creates the session [4]. Key security points: 1. Authentication: The Composio API requires an API key (passed in the x-api-key header) to verify your project or organization access [4][5]. 2. Client-side Usage: While you can interact with Composio from client-side environments (e.g., in a browser or mobile app), it is considered a security risk to expose your project-level API key directly in client-side code [4]. 3. Recommended Practice: For client-side or frontend applications, you should handle session creation on your own backend server. The backend should authenticate with Composio using the API key, create the session, and then securely provide the necessary session context (such as the session_id or MCP configuration) to your client-side application [1][3]. If you are observing your API key being returned by an endpoint or client-side session, ensure that you are not inadvertently echoing back the request headers or configuration object in your application code [6]. Always verify that your API key is kept in environment variables or a secure secret manager on the server side [6][4].

Citations:


🌐 Web query:

site:docs.composio.dev Composio apiKey createSessionFromServer session apiKey

💡 Result:

To create a Composio session from your server, you initialize the Composio client with your API key and then create a session scoped to a specific user ID [1][2][3]. Steps to create a session: 1. Initialize the Composio client using your API key. 2. Call the create method to establish a session for a user. TypeScript Example: import { Composio } from '@composio/core'; // Initialize the client with your API key const composio = new Composio({ apiKey: 'YOUR_COMPOSIO_API_KEY' }); // Create a session for a specific user const session = await composio.create("user_123"); // Retrieve tools for this session const tools = await session.tools; Python Example: from composio import Composio # Initialize the client (ensure COMPOSIO_API_KEY is set in your environment) composio = Composio(api_key="YOUR_COMPOSIO_API_KEY") # Create a session for a specific user session = composio.create(user_id="user_123") # Retrieve tools for this session tools = session.tools Key Concepts: - API Keys: You can use a project API key (passed via headers or client initialization) to authenticate requests [4]. - Sessions: A session represents the runtime context for an agent [2]. It ties together user-specific authentication, connected accounts, and available toolkits [2][3]. - Multi-turn Support: For ongoing conversations, you can store the session ID and resume the session later using composio.use("session_id") instead of creating a new one [2].

Citations:


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "## apps/supercode-cli/server/src/mcp/composio.ts"
cat -n apps/supercode-cli/server/src/mcp/composio.ts | sed -n '1,180p'

echo
echo "## apps/supercode-cli/server/src/index.ts around /api/composio/session"
cat -n apps/supercode-cli/server/src/index.ts | sed -n '1070,1125p'

Repository: yashdev9274/supercli

Length of output: 8628


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the changelog / docs references around the session flow.
echo "## CHANGELOG.md around the session entry"
cat -n CHANGELOG.md | sed -n '1,30p'

echo
echo "## apps/web/app/(pages)/changelog/page.tsx around the session entry"
cat -n 'apps/web/app/(pages)/changelog/page.tsx' | sed -n '30,55p'

Repository: yashdev9274/supercli

Length of output: 4152


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "## apps/supercode-cli/server/src/mcp/composio.ts"
cat -n apps/supercode-cli/server/src/mcp/composio.ts | sed -n '1,180p'

echo
echo "## apps/supercode-cli/server/src/index.ts around /api/composio/session"
cat -n apps/supercode-cli/server/src/index.ts | sed -n '1080,1120p'

Repository: yashdev9274/supercli

Length of output: 8038


Do not return apiKey from /api/composio/session. The route echoes the server’s COMPOSIO_API_KEY back to the client, and ComposioSessionManager stores it locally. Return only session metadata; if a client credential is needed, expose a separate short-lived token and document its scope separately from Mercury OAuth data.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supercode-mercury.md` around lines 247 - 250, Update the
/api/composio/session response and ComposioSessionManager handling so the server
COMPOSIO_API_KEY is never returned to or stored by the client. Return only
session metadata; if client authentication requires a credential, provide a
separate short-lived, narrowly scoped token and document it independently from
Mercury OAuth data.

@yashdev9274 yashdev9274 merged commit 8cf70f4 into main Jul 14, 2026
5 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant