CtrlK
Composio is an open-source AI agent tool integration platform that provides infrastructure for connecting large language models (LLMs) and AI agents to over 1,000 external applications and services. Founded in 2023 and headquartered in San Francisco, Composio handles authentication, tool orchestration, context management, and sandboxed execution so that developers can build production-ready AI agents without manually implementing OAuth flows, rate limiting, or API wrappers for each integrated service. The platform is framework-agnostic and supports major agent development ecosystems including LangChain, LlamaIndex, CrewAI, AutoGen, the OpenAI Agents SDK, the Claude Agent SDK, and the Vercel AI SDK.
Composio graduated from Y Combinator's Winter 2024 (W24) batch and raised a $25 million Series A round led by Lightspeed Venture Partners in July 2025, bringing total funding to approximately $29 million. As of mid-2025, the platform reports over 100,000 developers using it and more than 200 paying enterprise customers.
Composio was founded in June 2023 by Soham Ganatra and Karan Vaidya, both alumni of the Indian Institute of Technology Bombay (IIT Bombay) where they studied Computer Science Engineering. The two first met at a Physics Olympiad preparation camp before becoming classmates and roommates at IIT Bombay. After graduating, both went on to lead engineering teams focused on integrations at companies including Nirvana and Rubrik.
The founding insight came while the pair were building LLM-based coding agents and found that connecting those agents to real applications was far harder than building the agent logic itself. OAuth credential management, token refresh cycles, rate limit handling, and the inconsistent behavior of third-party APIs consumed most of their engineering time. They saw the same problem repeated across every team building AI agents, and decided to build infrastructure to solve it once at the platform level rather than having every team solve it independently.
Composio was accepted into Y Combinator's Winter 2024 cohort, graduating as part of the W24 batch. YC's backing gave the company early validation in the developer tooling market and connected it to a network of AI-first startups that became some of its earliest customers. The company raised a seed round of $4 million around the time of its YC participation, with backing from Elevation Capital and Together Fund.
Following Y Combinator, Composio grew its developer community rapidly. The GitHub repository for the open-source SDK accumulated more than 25,000 stars within roughly a year, and the platform's total reported integrations expanded from roughly 250 at launch to over 1,000 by mid-2025.
In July 2025, Composio closed a $25 million Series A led by Lightspeed Venture Partners. The round also included SV Angel, Blitzscaling Ventures, Operator Partners, Agent Fund (by Yohei Nakajima), and existing investors Elevation Capital and Together Fund. Angel investors included Guillermo Rauch (CEO of Vercel), Dharmesh Shah (co-founder and CTO of HubSpot), Gokul Rajaram, and Soham Mazumdar (co-founder of Rubrik). Total funding following the Series A stood at approximately $29 million. Lightspeed's investment thesis described Composio as building "the backbone of AI agent intelligence" and characterized its platform as solving the learning and context problem that prevents AI agents from improving over repeated task executions.
In February 2026, Composio open-sourced its Agent Orchestrator, a framework designed to move agent development beyond traditional ReAct (Reason + Act) loops toward structured, stateful multi-agent workflows. The orchestrator allows parallel coding agents to operate in isolated git worktrees, handling CI failure remediation, code review responses, and pull request creation autonomously.
Composio's platform operates through two primary integration modes: a native SDK mode and a Model Context Protocol (MCP) mode.
In native SDK mode, developers initialize a Composio session with Composio.create(user_id), and the session exposes available tools via session.tools(). The SDK handles credential lookup, token refresh, and error normalization transparently.
In MCP mode, Composio generates a secure MCP server URL accessible via session.mcp.url. This approach is provider-agnostic and requires no provider-specific package installation, allowing any MCP-compatible client or AI assistant to access the full tool catalog through the standardized protocol.
Composio's tool catalog covers over 1,000 applications across several categories:
| Category | Example integrations |
|---|---|
| Productivity and project management | GitHub, Linear, Jira, Asana, Trello, ClickUp, Notion |
| Communication and messaging | Slack, Gmail, Microsoft Teams, Discord, Telegram, WhatsApp |
| CRM and sales | Salesforce, HubSpot, Pipedrive |
| Version control and DevOps | GitHub, GitLab, Bitbucket, Sentry, Vercel |
| Data and analytics | Google Sheets, Airtable, Snowflake |
| Storage and documents | Google Drive, Dropbox, Confluence, Notion |
| Payments | Stripe |
| Calendaring | Google Calendar, Outlook Calendar |
Each toolkit in the catalog packages multiple related actions. The GitHub toolkit, for example, includes tools for creating issues, opening pull requests, commenting on code, and managing repository settings. The Gmail toolkit covers reading, drafting, sending, and labeling messages.
As of mid-2025, the catalog contained over 10,000 individual tool actions across those 1,000+ applications.
Authentication is one of Composio's central value propositions. Connecting AI agents to user-owned accounts requires managing OAuth 2.0 authorization flows, storing tokens securely, refreshing tokens before expiry, and scoping permissions to only what the agent needs. Composio abstracts all of this at the platform level.
Supported authentication schemes include:
| Scheme | Description |
|---|---|
| OAuth 2.0 | Full authorization code flow with PKCE support, token refresh, and expiry management |
| Bearer token | Direct token injection for services that issue long-lived tokens |
| API key | Static credential storage and injection |
| Basic authentication | Username and password encoding for legacy services |
Composio manages token refresh automatically. A connected account is only marked as EXPIRED after all refresh attempts have failed, reducing the chance of tool call failures due to stale credentials. The platform also supports bearer tokens as an auth scheme for all OAuth 2.0 toolkits, giving developers flexibility when users supply tokens directly rather than completing an OAuth flow.
For enterprise deployments, Composio offers white-labeled authentication interfaces, allowing product teams to present OAuth consent screens under their own branding rather than Composio's. The company holds SOC 2 Type II and ISO 27001:2022 certifications, and offers VPC and on-premises deployment options for customers with strict data residency requirements.
Rather than requiring developers to manually specify which tools an agent can access, Composio introduced intent-based tool resolution. The platform interprets a natural language description of the agent's goal and proposes a relevant subset of tools from the full catalog. This reduces the number of tool definitions injected into the LLM's context window, which improves function-calling accuracy and reduces token costs.
The Agent Orchestrator builds on this with just-in-time context management: instead of exposing every tool at the start of a session, the orchestrator dynamically routes only the necessary tool definitions to the agent based on which step in a workflow is currently executing.
Composio provides remote sandbox environments for agents that need to run multi-step workflows involving large file transfers, shell commands, or persistent session state. Sandbox containers maintain state across interactions and can handle file responses that would be impractical to pass through a standard API response. This is particularly relevant for software engineering agents that need a persistent filesystem, code execution environment, and version control access during a task.
Beyond outbound tool calls, Composio supports inbound event triggers that allow agents to be notified when something happens in an external application. A trigger on a Gmail account can fire an agent whenever a new email matching certain criteria arrives. A GitHub trigger can activate an agent when a new pull request is opened. This bidirectional communication model enables agents to operate autonomously in response to real-world events rather than only executing when explicitly called by a human.
Composio is designed to work with any AI framework that supports tool calling. Official SDK support is provided for both Python and TypeScript.
| Framework | Integration method |
|---|---|
| LangChain | ComposioToolSet with LangChain tool format |
| LangGraph | State machine nodes with Composio tools |
| LlamaIndex | Tool spec integration |
| CrewAI | Agent tool injection |
| AutoGen | Tool use integration |
| OpenAI Agents SDK | Function tool wrapping |
| Anthropic (Claude Agent SDK) | Tool use blocks |
| Google ADK | Tool integration |
| Framework | Integration method |
|---|---|
| OpenAI Agents SDK | Function tool wrapping |
| Anthropic (Claude Agent SDK) | Tool use blocks |
| LangChain | LangChain tools |
| LlamaIndex | Tool spec |
| Vercel AI SDK | Tool definition format |
| Mastra | Tool integration |
| Cloudflare Workers AI | Tool integration |
The LangChain integration is among the most widely used. Developers initialize a ComposioToolSet, specify which toolkits they want to expose (such as ["github", "slack"]), and receive a list of LangChain-compatible tool objects that can be passed directly to a LangChain agent executor or LangGraph node.
LangChain's documentation includes an official integration guide for Composio, and the platform is listed as a supported integration in the LangChain tool registry.
Composio added native Model Context Protocol (MCP) support as the standard gained traction in 2024 and 2025. The MCP integration exposes the full Composio tool catalog through a single MCP server endpoint, allowing any MCP-compatible host (including Claude Desktop, Cursor, and other AI coding assistants) to discover and invoke Composio tools without requiring any SDK installation.
Composio's MCP implementation generates per-session secure URLs that scope tool access to a specific user's connected accounts. This means an MCP client can send an email through the user's Gmail account or create a GitHub issue under their identity without the developer needing to implement any OAuth flow themselves.
The company also open-sourced a standalone MCP server called Rube, which connects AI tools to over 500 applications through the MCP protocol and is designed to work with any MCP-compatible assistant.
Composio's MCP support was noted positively in industry comparisons, with observers pointing to it as a differentiator over alternatives that required provider-specific SDK installations for each framework integration.
Composio built an open-source software engineering agent using its SWE-Kit toolkit and achieved a 48.6% accuracy rate on the SWE-bench Verified benchmark in 2024, solving 243 out of 500 human-validated software engineering problems. This placed the agent fourth overall on the leaderboard and second among open-source solutions at the time of evaluation.
The agent was implemented with LangGraph using a state machine architecture rather than a ReAct loop. Three specialized sub-agents handle different responsibilities: a Software Engineering Agent that manages task delegation and workflow control, a CodeAnalyzer Agent that inspects codebases and produces code insights, and an Editor Agent that handles file navigation and code modifications. LangSmith provided monitoring and observability across the agent's execution traces.
The SWE-Kit toolkit underpinning the agent includes Language Server Protocol support, a secure development container, and specialized tools for shell execution, file management, and Git operations.
Composio offers four pricing tiers as of 2025:
| Tier | Monthly price | Tool calls included | Additional calls | Support |
|---|---|---|---|---|
| Free | $0 | 20,000 | N/A | Community |
| Standard | $29 | 200,000 | $0.299 per 1,000 | |
| Professional | $229 | 2,000,000 | $0.249 per 1,000 | Slack (1,000+ users) |
| Enterprise | Custom | Custom | Custom | Dedicated SLA |
The Enterprise tier adds custom user account management, VPC and on-premises deployment, SOC 2 Type II compliance documentation, and dedicated onboarding. Composio is also available through the AWS Marketplace, which allows enterprise customers to consume Composio spend against existing AWS committed spend.
Composio competes with several other platforms in the AI agent tool integration space, most notably Toolhouse and Arcade.dev. Each platform takes a different approach to the problem of giving AI agents access to external services.
| Feature | Composio | Toolhouse | Arcade.dev |
|---|---|---|---|
| Integrations | 1,000+ apps, 10,000+ tools | Dozens of curated tools | ~112 first-party integrations |
| Auth handling | OAuth 2.0, API key, bearer, basic auth | Managed auth | OAuth 2.0 with fine-grained per-user scoping |
| MCP support | Native MCP server (Rube) | MCP-native registry | Purpose-built MCP runtime |
| Open source | Yes (MIT licensed SDK) | Partial | Partial |
| Custom tool extensibility | Limited (closed-source pre-built tools) | Limited | Better (SDK for custom MCP servers) |
| Per-tenant configuration | No | No | Yes |
| Framework support | 25+ frameworks (LangChain, LlamaIndex, CrewAI, AutoGen, Vercel AI, etc.) | Universal SDK | LangGraph-centric |
| Pricing model | Usage-based (tool calls) | Usage-based | Usage-based |
| Security certifications | SOC 2 Type II, ISO 27001:2022 | SOC 2 Type II | Not publicly disclosed |
Toolhouse positions itself as an MCP-native tool registry. Rather than providing a broad connector catalog through proprietary APIs, it operates as a managed layer on top of the Model Context Protocol, allowing agents to discover and call tools through MCP's standard interface. Toolhouse's tool catalog is smaller than Composio's, but the platform is favored by teams that are already building MCP-first architectures and want a registry with versioning and tool lifecycle management. Toolhouse counts Cloudflare, NVIDIA, Groq, and Snowflake among its users.
Arcade.dev describes itself as an MCP runtime for production AI agents. Its primary differentiator is fine-grained, just-in-time authorization: when an agent needs to perform an action on behalf of a specific user, Arcade can trigger an authorization prompt at the moment of action execution rather than requiring upfront credential provisioning. This makes it better suited for multi-user consumer applications where each end user has their own identity and the agent needs to perform actions under that user's account with their explicit consent.
Arcade raised $12 million in early 2025 and co-authored a core MCP capability with Anthropic in November 2025 related to secure authorization flows. It joined the Linux Foundation's Agentic AI Foundation as a Gold Member in December 2025. Arcade has approximately 112 first-party integrations, fewer than Composio's catalog, but offers a richer SDK for developers who want to build custom tools rather than relying solely on pre-built connectors.
Composio has a larger pre-built tool catalog and broader framework support, making it the more common choice for teams that need out-of-the-box coverage across many applications. Arcade is typically preferred when per-user authorization control is the primary requirement. Toolhouse is favored for teams that want a managed MCP registry without the overhead of running their own MCP servers.
Composio is used across several categories of AI agent application:
Coding agents that interact with GitHub, Linear, Jira, Sentry, and other development tools use Composio to handle credential management and tool normalization. The SWE-Kit toolkit provides IDE-like capabilities to agents operating in a sandboxed container: Language Server Protocol queries, file editing, shell execution, and Git operations. Teams building agents that triage issues, generate pull requests, respond to code review comments, or fix failing CI pipelines commonly use Composio for the tooling layer.
Agents that read and update CRM records, send emails, schedule meetings, and log call notes use Composio's Salesforce, HubSpot, Gmail, and Google Calendar integrations. Because Composio handles the OAuth tokens and API normalization, developers can build multi-step sales automation agents without writing integration code for each service.
Support agents that look up tickets in Zendesk or Jira, check order status in Stripe or Shopify, and respond to users via email or Slack use Composio to stitch together the tool calls. The event trigger system allows an agent to activate automatically when a new support ticket arrives, rather than requiring a human to initiate each interaction.
Agents that gather information from web sources, store structured results in Airtable or Google Sheets, and send summaries via Slack or Gmail use Composio for the persistence and notification layers.
Internal tooling agents that manage GitHub repositories, send Slack notifications on CI status, create Linear tickets from meeting notes, and update Notion documentation use Composio to access all these services through a single integration layer.
By mid-2025, Composio's open-source SDK had accumulated more than 28,000 GitHub stars and 4,600 forks, making it one of the more widely starred projects in the AI agent tooling space. The company reported over 100,000 developers had used the platform, with over 200 paying enterprise customers including companies from Y Combinator cohorts and enterprises such as Glean and Databricks.
Lightspeed Venture Partners described Composio in its investment announcement as having "developer-first adoption" and noted the company's SOC 2 Type II compliance as a signal of enterprise readiness. The investment thesis framed Composio as building a "shared learning layer that captures and distributes practical knowledge across the entire AI ecosystem."
The LangChain team featured Composio's SWE-bench result on the LangChain blog, citing the 48.6% accuracy result as a demonstration of what state machine agent architectures could achieve over traditional ReAct loops.
Developer reviews on G2 generally rate Composio positively on ease of setup and the breadth of its integration catalog. Critical feedback commonly points to limited customizability of pre-built tools (the tool source code is not exposed for modification) and limited observability in production (no OpenTelemetry export or full API request/response logging).
Several limitations have been noted in reviews and comparisons:
Closed-source pre-built tools. Composio's tool implementations for third-party services are not open source. Developers who find that a tool does not behave exactly as needed cannot fork and modify the implementation. They must either work around the behavior or build a replacement from scratch outside of Composio.
Limited observability. The platform provides basic debugging information but does not support custom log injection, full API request/response inspection, or OpenTelemetry trace export. Diagnosing why a specific tool call failed in production can require significant guesswork.
Tool calling only. Composio's infrastructure is focused on synchronous tool calls. Teams that also need continuous data synchronization for RAG pipelines, webhook ingestion, batch write operations, or unified API access across object models must use separate infrastructure for those use cases.
No per-tenant configuration. Composio does not support customer-specific field mappings, per-tenant auth scopes beyond what the platform supports natively, or custom validation rules per customer. All users of a given integration receive identical tool behavior, which limits how much product teams can tailor the agent's behavior for individual enterprise accounts.
Testing friction. Composio tools can only be tested by executing them through the SDK in code. There is no visual testing interface that non-engineers can use, and there is no built-in way to replay a previous tool call with modified inputs.