Connecting 1,000+ Tools: Inside the Composio Integration Layer

When we started building Skopx, we faced a choice: build native integrations for each tool (like Zapier does) or use a platform that provides pre-built integrations at scale. We chose Composio, and this article explains why and how it works.

The Scale Problem

Skopx users want to connect their entire work stack. That means Gmail, Slack, Jira, Notion, GitHub, Trello, Salesforce, HubSpot, ClickUp, Linear, Asana, Figma, Sentry, Stripe, and dozens more. Building and maintaining native OAuth integrations for each of these tools would require a dedicated team and months of engineering per integration.

Composio provides pre-built integrations for over 1,000 tools. Each integration includes OAuth flow management, API action definitions, and workspace discovery.

Architecture

The integration layer has three components:

1. Connection Management

When a user clicks "Connect" on an integration, the flow depends on the authentication type:

• Composio-managed OAuth: Composio handles the OAuth app, redirect URIs, and token management. The user sees a popup, authorizes access, and the connection is live. We support 40 integrations this way.
• API key integrations: For tools like Firecrawl or ElevenLabs, the user pastes their API key in an inline modal. The key is forwarded to Composio and stored in their encrypted vault.

2. Tool Execution

Each connected integration exposes a set of "tools" (API actions) that the AI can call. For example, Gmail exposes GMAIL_SEND_EMAIL, GMAIL_FETCH_EMAILS, GMAIL_CREATE_EMAIL_DRAFT, etc.

When the AI decides to use a tool, the execution flow is:

1. AI generates a tool_use block with the action name and parameters
2. Skopx routes the call to Composio's tool execution API
3. Composio authenticates with the user's stored credentials
4. The API call is made to the third-party service
5. The result is returned to the AI for interpretation

3. Workspace Discovery

After connecting a tool, Skopx runs a "workspace discovery" process that queries the tool for structural metadata:

• Slack: channel names and IDs
• Notion: page titles and IDs
• ClickUp: team, space, and list IDs
• Google Calendar: calendar names and IDs
• Trello: board and list names

This metadata is injected into the AI's system prompt so it can reference specific channels, pages, and workspaces by name without asking the user for IDs.

Performance Optimization

Essential Tool Filtering

Each integration exposes many tools (Gmail has 62, GitHub has 500+). Sending all of them to the AI would consume the user's token budget. We maintain an "essential tools" whitelist per integration:

• Gmail: 14 essential tools (send, fetch, draft, reply, forward, contacts, labels)
• Google Calendar: 10 essential tools (create, list, find, delete, quick-add)
• GitHub: 14 essential tools (issues, PRs, repos, commits, notifications)

This reduces tool token consumption by 75-96% per integration.

Smart Toolkit Detection

Instead of loading all connected tools on every request, we analyze the user's message to detect which integrations are relevant. "Send an email" loads Gmail tools only. "Check my calendar" loads Google Calendar tools only. "What changed in the repo?" loads GitHub tools only.

If the message does not match any integration keywords, we load zero Composio tools. The AI can still respond using its own knowledge; tools are only needed when the user references a specific integration.

The Static Catalog

Composio's API was unreliable from our Railway hosting environment (20+ second timeouts). We solved this by shipping the full 1,028-toolkit catalog as a committed JSON file that is served statically. The catalog is refreshed locally using a script and committed to the repo.

This means the integrations page loads instantly, every time, regardless of Composio's API availability.

What Is Next

We are exploring:

• Custom tool creation: letting users define their own API actions without code
• Cross-tool workflows: chaining multiple tool calls into automated sequences
• Integration health monitoring: alerting users when a connected tool's credentials expire or API changes