Ai

Composio Python SDK 0.11.6 Tightens File Upload Safety and Hook Flow

Composio Python SDK 0.11.6 Tightens File Upload Safety and Hook Flow

Composio has released Python SDK version 0.11.6 with a focused update around local file upload safety and execution flow control. The release introduces built-in blocking for sensitive file paths, standardizes file upload interception through modifier-based hooks, removes older standalone hook arguments, and adds clearer error behavior when uploads are blocked or aborted. For teams embedding tool execution into AI workflows, this version is mainly about making file handling safer, more explicit, and easier to reason about.

What Changed

The headline change in 0.11.6 is sensitive path blocking before any local file is auto-uploaded. Composio now checks candidate paths against a denylist that includes risky directory segments such as .ssh and .aws, along with dangerous filenames. This behavior is configurable through the client, giving developers a stronger default safety layer while still allowing controlled customization.

The release also formalizes @before_file_upload behavior as a modifier-only pattern. Instead of passing file upload hooks through separate keyword arguments, developers now decorate a function and include it in modifiers=[...] on tools.get, tools.execute, or router-based tool sessions. These hooks are merged with merge_before_file_upload and execute before any before_execute modifier, which clarifies the lifecycle for uploadable file substitution.

In parallel, Composio removed the older standalone before_file_upload= keyword path from the client, get/execute calls, and tool router. FileHelper no longer stores a default hook on the client either. Instead, the effective hook is derived per call from merged modifiers, or left unset when not needed. That makes the API surface narrower and reduces ambiguity around where upload interception is configured.

Error handling has been tightened as well. The package now exposes explicit errors such as SensitiveFilePathBlockedError and FileUploadAbortedError for cases where a path is denied or a hook returns False. The release is backed by additional tests covering merge behavior, scope boundaries, and execute-path wiring. The package version in pyproject.toml is now 0.11.6, and the supported Python baseline remains >=3.10.

Why It Matters

This update matters because file upload behavior is one of the most sensitive junctions in AI tool execution. When agents or automated workflows can read local paths and forward content into third-party tools, safe defaults become essential. By blocking obviously sensitive paths up front, Composio reduces the chance of accidental credential leakage or unsafe file exposure during automated execution.

The modifier-only approach also makes the SDK more consistent. Developers now have a single mental model for pre-execution customization, rather than mixing dedicated keyword hooks with modifier composition. That should make integrations easier to maintain, especially for teams building reusable tool routers or layered execution policies across multiple environments.

For enterprise and AI infrastructure teams, version 0.11.6 is less about flashy new capability and more about trust, predictability, and operational guardrails. In practice, that is often the kind of release that improves production readiness the most.

Official Source: https://github.com/ComposioHQ/composio/releases/tag/py%400.11.6