Summary
Navigating to the Integrations/Connections page causes an immediate session expiry cascade, logging the user out. The root cause appears to be a server-side Composio API key issue (401 Invalid API key) that the client incorrectly interprets as a user session expiration.
Environment
- Version: v0.54.0
- Platform: macOS (Apple Silicon, aarch64 DMG)
- OS: macOS Darwin 25.2.0
Steps to Reproduce
- Log into OpenHuman desktop app
- Navigate to the Integrations/Connections page
- App immediately logs out
Expected Behavior
Integrations page loads without session issues.
Actual Behavior
Client calls openhuman.composio_list_connections → backend returns 500 wrapping a 401 Invalid API key from Composio → client publishes SessionExpired → session cleared → user logged out.
Key Log Evidence
From ~/.openhuman/logs/openhuman.2026-05-23.log:
22:17:07:ERR:report_error [observability] composio.list_connections failed: Backend returned 500 Internal Server Error for GET https://api.tinyhumans.ai/agent-integrations/composio/connections: 401 {"error":{"message":"Invalid API key: ak_o1Og5*****","code":10401,"slug":"HTTP_Unauthorized","status":401}}
22:17:07:WRN:log [jsonrpc] backend returned 401 for method 'openhuman.composio_list_connections' — publishing SessionExpired
22:17:07:WRN:bus [auth] SessionExpired received — pausing background LLM work and clearing session
22:17:07:INF:log [socketio] broadcast auth:session_expired
22:17:29:INF:log [app] perform_early_teardown_sync_once — reason=exit_requested
The same pattern repeats for openhuman.billing_get_current_plan and openhuman.team_get_usage.
Root Cause Analysis
- The Composio integration API key on the server side appears invalid (
ak_o1Og5***** returns 401)
- The client treats any 401 from the backend as
SessionExpired, even when the 401 originates from an upstream service (Composio) rather than the user's auth token
- This triggers a cascade: session cleared → login-gated services stopped → app exits
Suggested Fix
- Server-side: Verify/renew the Composio API key
- Client-side: Distinguish between user auth 401s and upstream service 401s. A Composio API key failure should show an error toast, not clear the user's session.
Summary
Navigating to the Integrations/Connections page causes an immediate session expiry cascade, logging the user out. The root cause appears to be a server-side Composio API key issue (
401 Invalid API key) that the client incorrectly interprets as a user session expiration.Environment
Steps to Reproduce
Expected Behavior
Integrations page loads without session issues.
Actual Behavior
Client calls
openhuman.composio_list_connections→ backend returns500wrapping a401 Invalid API keyfrom Composio → client publishesSessionExpired→ session cleared → user logged out.Key Log Evidence
From
~/.openhuman/logs/openhuman.2026-05-23.log:The same pattern repeats for
openhuman.billing_get_current_planandopenhuman.team_get_usage.Root Cause Analysis
ak_o1Og5*****returns 401)SessionExpired, even when the 401 originates from an upstream service (Composio) rather than the user's auth tokenSuggested Fix