Composio Human-Dependent

Name: Agent Native Offer Audit — Composio
Item: Composio
Rating: 56
Author: Agent Native Offers

AUDIE Score: 56/100 · Audited 2026-04-04 · Website: https://composio.dev · Machine-readable: JSON

Pillar Scores

P1 Signal Architecture — 14/25

P2 Clarity Stack — 12/25

P3 Trust Envelope — 11/20

P4 Velocity Triggers — 7/10

P5 Gravity Design — 12/20

Executive Summary

Composio scores 56/100 (Human-Dependent tier) — a surprising result for a platform that explicitly positions itself as the infrastructure layer for AI agents. Its strongest dimension is trust verification: the public status page, SOC2/ISO 27001 certifications, and G2 review presence set a high bar for P3-A. However, the platform's Signal Architecture lags significantly (14/25) — no llms.txt, no AI-crawler-specific robots.txt, no structured offer markup — creating a discoverability gap exactly where Composio's customers (AI agents) look for tools. The biggest gap overall is the Clarity Stack (12/25), where absent rate limits and no machine-readable conditional logic mean agents operating on Composio must rely on human-configured rules rather than self-governing from platform signals. The single highest-ROI action is publishing /llms.txt — a 2-hour task that directly closes the gap between what Composio IS (agent infrastructure) and how it PRESENTS itself to the agents it serves.

Strongest Signals

Public status page with 90-day uptime data status.composio.dev publishes component-level uptime, incident history, and subscription hooks (Slack, webhooks, RSS). This is the most transparent trust signal found in this audit and sets a high bar for P3-A.
SOC2 + ISO 27001:2022 certification Third-party compliance certifications provide independently verified evidence of security and operational discipline. Rare for a platform at this scale and age.
MCP Gateway built-in for all 1,000+ integrations Every integration is automatically MCP-exposed — zero additional configuration for agents using MCP clients like Claude Code or Cursor. This is one of the strongest P1-D scores possible with the current evidence.
Deep integration switching cost Once an agent builds on Composio's OAuth infrastructure for 10+ apps, the rebuild cost is substantial. Gravity is real even if not surfaced as an agent-readable signal.

Critical Gaps

No llms.txt and no AI-crawler-explicit robots.txt (P1-C: 2/5) Composio's robots.txt allows all crawlers but doesn't name AI crawlers or reference an agent identity layer. In an era where competitors like AgenticTrade explicitly enable Anthropic-AI and GPTBot, this is a noticeable absence for a platform whose entire value proposition is serving AI agents.
No explicit rate limits in developer-facing documentation (P2-B: 2/5) Tier-level tool call quotas exist, but per-minute/per-hour API rate limits are absent from public docs. Fair Usage Policy says "excessive use may result in suspension" — this is legally defensible but operationally useless for agents that need to self-govern.
No advance ToS change notice (P3-D: 2/5) The only change mechanism is "updating the effective date." A platform that 1,000+ agent-dependent workflows rely on should offer at minimum 30-day advance notice for material changes — the absence signals the ToS is optimized for company flexibility, not agent reliability.
No agent-readable audit log API (P3-C: 2/5) Structured logging exists internally (documented in security blog), but agents cannot query their own action history. For a platform processing millions of tool calls, the absence of an audit log API is a significant gap in agentic accountability.

Priority Actions

Publish /llms.txt and update robots.txt for AI crawlers — +3 pts · P1 · Effort: Low
Publish explicit API rate limits in developer docs — +3 pts · P2 · Effort: Low
Implement 30-day advance ToS change notice — +2 pts · P3 · Effort: Low
Add schema.org/Offer JSON-LD to pricing page — +2 pts · P1 · Effort: Low
Expose agent action audit log via API — +3 pts · P3 · Effort: Medium

All 20 Criteria

P1-A Structured Data — 2/5
robots.txt reveals 3 sitemaps (toolkits, frameworks, main) indicating solid SEO infrastructure, but no schema.org Offer, Product, or AggregateRating markup found via scrape or search. Homepage is rich in content but not machine-tagged for offer inference.

P1-B Machine-Readable Pricing — 3/5
Pricing tiers clearly presented in HTML on /pricing: Free ($0, 20K calls), $29 (200K calls), $229 (2M calls), Enterprise (custom). Overage pricing explicit ($0.299/1K extra). Not in schema.org/Offer or JSON-LD. Agent must parse HTML.

P1-C llms.txt / Agent Layer — 2/5
No /llms.txt found. robots.txt uses "Allow: /" for all user agents but does not explicitly name AI crawlers. Extensive developer documentation exists but is human-framed (SDK guides, auth flows). No agent identity layer detected.

P1-D API / MCP Availability — 4/5
MCP gateway is a core feature: "every integration on the platform automatically exposed via a secure, standardized MCP interface." SDKs in Python and TypeScript. 1000+ toolkits. No explicit published OpenAPI spec found, which limits a 5.

P1-E Discoverability (GEO) — 3/5
Strong SEO content with 3 sitemaps, extensive toolkit directory, blog with high search-intent content. No explicit AI retrieval optimization (no llms.txt, no AI-crawler-named permissions in robots.txt, no agent-facing summary content).

P2-A Offer Completeness — 4/5
The /pricing page is a single-page source for what (1000+ toolkits via API/MCP), who (developers and agent builders), and how much ($0/$29/$229/Enterprise with tool call counts). Overage pricing explicit. Enterprise tier requires sales contact, which creates a partial gap for machine parsing.

P2-B Scope & Limits — 2/5
Tier-level tool call counts are stated (20K/200K/2M) but no per-integration rate limits, no API request caps per minute/hour, and the Fair Usage Policy in ToS only says "excessive use may result in suspension" — no specific numbers. Agents cannot self-govern without explicit limits.

P2-C Substitution Rules — 1/5
No substitution or fallback rules documented for unavailable integrations. If GitHub goes down, Composio's behavior is undefined in agent-facing documentation.

P2-D Conditional Logic — 2/5
Enterprise tier conditions are hidden behind "contact sales." Free and paid tier conditions are on the pricing page but not machine-readable. ToS change notices use minimal "update effective date" approach with no advance notice commitment.

P2-E Semantic Precision — 3/5
Mix of precise language (exact tool call counts, dollar pricing, SOC2/ISO 27001 certifications) and vague brand language ("the Skill Layer of AI," "Ridiculously Cheap," "Serious Business"). Core offer data is precise; framing is human-persuasion-optimized.

P3-A Verifiable Performance — 4/5
Public status page (status.composio.dev) with 90-day component-level uptime data: platform 99.79%, webapp 99.95%, v3 API 99.94%, triggers 99.45%. Recent incidents documented (April 3: 500s on connected accounts; March: multiple trigger outages). G2 reviews exist. SOC2 + ISO 27001:2022 certified. Strong third-party signal — best pillar dimension.

P3-B Scoped Permissions — 3/5
OAuth scoping documented; security blog describes principle of least privilege, Rich Authorization Requests (RAR), On-Behalf-Of (OBO) token exchange, and Brokered Credentials pattern. However, this is blog content — not a published, machine-readable agent permissions specification. Agents can't programmatically query "what scopes am I requesting?"

P3-C Audit Trail — 2/5
Security blog documents structured logging with trace IDs (agent_id, user_id, tool_name, status, duration). In practice this architecture likely exists, but no machine-accessible agent audit log API is documented publicly. Agents cannot programmatically retrieve their own action history.

P3-D Behavioral Consistency — 2/5
ToS change notice is minimal: "updating the effective date." No version-controlled ToS, no advance notice period, no published changelog. SOC2/ISO compliance implies internal process discipline, but externally visible behavioral consistency signals are weak. Enterprise SLA exists (mentioned) but not publicly published for standard tiers.

P4-A Friction-Free Activation — 4/5
Free tier requires no credit card; dashboard and CLI onboarding; 5-line SDK integration. Self-serve activation is strong. Enterprise tier requires human contact ("Custom quote"), which creates a friction gate for high-volume agent use. Deducted one point for the human gate on the tier most relevant to production agent deployments.

P4-B Agent Decision Signals — 3/5
Free tier existence (20K calls/mo, no card) is a clear agent-legible "try before you commit" signal. Pricing tiers are explicit. However, signals are framed for human decision-making (plan names, tier comparisons) rather than machine-legible "when to upgrade" logic. No API signal for "your agent is approaching the tier limit."

P5-A Integration Depth — 4/5
1,000+ application integrations, managed OAuth for each, deep data sync (Slack, GitHub, Gmail, HubSpot, Salesforce). Once an agent is built on Composio's auth infrastructure, migrating requires rebuilding OAuth flows for every connector independently. Significant switching cost. Network effects grow as more connectors are added.

P5-B Agent Memory Layer — 3/5
"User-scoped sessions maintaining sandbox state, files, and progress" confirmed in product documentation. Session context is preserved across interactions. More than stateless; less than a true agent-readable memory API. History exists at account level but querying session history programmatically is not documented.

P5-C Programmatic Renewal — 2/5
Standard subscription billing (monthly tiers) — agents can theoretically auto-renew if billing automation is set up externally, but Composio does not expose a renewal API or agent-accessible subscription management endpoint. Renewal is a human action in the dashboard.

P5-D Compounding Value Signal — 3/5
More integrations + session history = more productive agent over time. OAuth connections persist, session state accumulates. But there is no agent-readable API signal exposing "your agent has improved X% with Y sessions" or compounding capability data. Value compounds in practice; it's not surfaced programmatically.

Rubric v1 (April 2026). Scores reflect the company's state on the audit date and may have improved since.