chore: remove unused ALLOWED_ARTIST_CONNECTORS from api (chat#1793)

[sweetmantech]

What

Removes the unused ALLOWED_ARTIST_CONNECTORS / isAllowedArtistConnector from recoupable/api.

Repurposed: this PR originally added twitter/linkedin to the api artist allow-list. Investigation during preview testing showed that constant has no runtime consumer in api — only its definition, its test, and an (also-unused) barrel re-export in lib/composio/connectors/index.ts. The connector routes are unopinionated by design (validateAuthorizeConnectorRequest.ts: "allows any connector for any account type… decisions are handled at the tool router level, not the API level"). The allow-list that actually drives the artist Connectors tab lives in chat (lib/composio/allowedArtistConnectors.ts, see chat#1805).

Decision (owner, 2026-06-18): the artist allow-list is chat-only; the api copy is dead code → deleted.

Changes

• delete lib/composio/connectors/isAllowedArtistConnector.ts
• delete lib/composio/connectors/__tests__/isAllowedArtistConnector.test.ts
• remove the re-export from lib/composio/connectors/index.ts

Net diff vs test: 64 deletions, 0 insertions (squash-merge collapses the intermediate add-then-delete commits).

Verification

• grep confirms zero remaining references in lib/app.
• pnpm exec vitest run lib/composio → 149 passed.
• tsc --noEmit → 198 errors, identical to the test baseline (all pre-existing test-mock typings; none from this change).
• eslint clean.

Tracking issue: recoupable/chat#1793

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
api	Ready	Preview	Jun 18, 2026 11:23pm

[coderabbitai]

Warning

Review limit reached

@sweetmantech, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 43 minutes and 17 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: bbcb194a-94cb-4df2-88f9-69ca179a8a69

📥 Commits

Reviewing files that changed from the base of the PR and between 802f696 and 85b26f5.

⛔ Files ignored due to path filters (1)

• lib/composio/connectors/__tests__/isAllowedArtistConnector.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**

📒 Files selected for processing (2)

• lib/composio/connectors/index.ts
• lib/composio/connectors/isAllowedArtistConnector.ts

📝 Walkthrough

Walkthrough

ALLOWED_ARTIST_CONNECTORS in isAllowedArtistConnector.ts is expanded from a 3-element inline array (tiktok, instagram, youtube) to a 5-element multi-line array adding twitter and linkedin. The derived AllowedArtistConnector type and the isAllowedArtistConnector guard function are updated accordingly, along with the module comment.

Changes

Artist Connector Allowlist Extension

Layer / File(s)	Summary
ALLOWED_ARTIST_CONNECTORS and type expansion lib/composio/connectors/isAllowedArtistConnector.ts	Reformats ALLOWED_ARTIST_CONNECTORS to a multi-line array, appends "twitter" and "linkedin", updates the module documentation comment, and widens the derived AllowedArtistConnector type and isAllowedArtistConnector guard to match.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related issues

• Add X (Twitter) + LinkedIn connectors via the existing Composio whitelist pattern chat#1793: This PR directly implements the allowlist extension described in that issue by adding twitter and linkedin to isAllowedArtistConnector.ts.
• recoupable/api#659: This PR extends the per-toolkit allowlist that issue #659 proposes replacing with a generic, policy-based approach — making this an incremental patch to the same mechanism flagged for refactoring.

Possibly related PRs

• recoupable/api#397: Modifies the same ALLOWED_ARTIST_CONNECTORS constant in the same file, extending the set of accepted artist connector slugs.

Poem

🐦 Tweet and link up, the artists now soar,
Five connectors listed where three stood before.
A single-line array spread gracefully wide,
With twitter and linkedin brought inside.
Clean code grows stronger, one slug at a time! 🎸

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Solid & Clean Code	✅ Passed	PR adheres to SOLID & Clean Code principles: SRP maintained (file/function naming matches), OCP respected (array-based extension), DRY applied (const-derived type), KISS followed (simple logic). No...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/artist-connector-twitter

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 2 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

Architecture diagram

sequenceDiagram
    participant UI as Artist UI
    participant Chat as Chat Service
    participant API as Artist API
    participant Connectors as Connectors Module
    participant Composio as Composio Service
    participant Twitter as X (Twitter) API

    Note over UI,Twitter: Artist Connector Availability Flow

    UI->>Chat: Request artist connector options
    Chat->>API: GET /artist/connectors
    
    API->>Connectors: Call isAllowedArtistConnector()
    Connectors->>Connectors: Check ALLOWED_ARTIST_CONNECTORS list
    Note over Connectors: Contains: tiktok, instagram, youtube, twitter
    Note over Connectors: Excludes: linkedin (label/owner-only)
    
    alt Twitter is in allowed list
        Connectors-->>API: Return true
        API-->>Chat: Include twitter in available connectors
        Chat-->>UI: Show X (Twitter) as connectable
    else LinkedIn (not allowed)
        Connectors-->>API: Return false
        API-->>Chat: Exclude linkedin from available connectors
        Chat-->>UI: Hide LinkedIn (label/owner-only)
    end

    Note over UI,Twitter: Artist initiates X (Twitter) connection

    UI->>Chat: Request to connect X account
    Chat->>API: POST /artist/connect/twitter
    API->>Connectors: Validate connector via isAllowedArtistConnector()
    alt Valid artist connector
        API->>Composio: Initiate OAuth flow for twitter
        Composio->>Twitter: Redirect to X OAuth
        Twitter-->>Composio: OAuth token callback
        Composio-->>API: Connection established
        API-->>Chat: Success response
        Chat-->>UI: X account connected
    else Invalid connector
        API-->>Chat: 403 Forbidden (not allowed)
        Chat-->>UI: Show error: connector not available
    end

Loading

<sub>Auto-approved: Adds twitter to allowed artist connectors and tests; low-risk whitelist update with no logic or infrastructure changes.

Re-trigger cubic</sub>

[sweetmantech]

Updated 2026-06-18: per owner decision, LinkedIn is now an artist connector too (reversing the earlier label-only split). Added linkedin to ALLOWED_ARTIST_CONNECTORS alongside twitter; flipped the linkedin test assertions (RED→GREEN). Branch synced with latest test (includes the merged #679 whitelist). lib/composio suite 159 green, lint+format clean. The chat mirror (chat#1805) is updated to match.

[cubic-dev-ai]

1 issue found across 2 files (changes from recent commits).

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

Dismissed because Cubic found issues in a newer review.

[sweetmantech]

Preview verification — 2026-06-18

Preview: https://api-9nbv0p3gu-recoup.vercel.app · commit: 802f696 (confirmed = PR head, deployment success) · auth: Privy Bearer token.

Key finding: this change has no api-observable behavior (yet)

ALLOWED_ARTIST_CONNECTORS / isAllowedArtistConnector has no runtime consumer in recoupable/api — grep shows only the definition, its test, and an unused re-export in lib/composio/connectors/index.ts. The connector routes are unopinionated by design:

validateAuthorizeConnectorRequest.ts: "Unopinionated: allows any connector for any account type. Connector usage decisions … are handled at the tool router level, not the API level."

So adding linkedin/twitter to the artist allow-list cannot be exercised through any api endpoint — there is no artist-scoped connector-filtering route to hit. The allow-list is surfaced to users on the chat frontend (ArtistConnectorsTab → chat#1805), not here.

What I verified on the preview

Check	Result
Preview built from this PR's head commit (802f696)	confirmed via deployment sha	✅
No regression — GET /api/connectors	200, 8 connectors incl. twitter + linkedin (from the merged #679 whitelist)	✅
Auth path	Bearer accepted; unauth → 401	✅

How this change is covered

• Unit test: lib/composio/connectors/__tests__/isAllowedArtistConnector.test.ts asserts twitter and linkedin are allowed (and the prior "linkedin excluded" assertions were flipped, RED→GREEN). Part of the green CI test job — lib/composio suite 159 passing.
• User-facing behavior: verified via the chat side (chat#1805), where ALLOWED_ARTIST_CONNECTORS actually drives the artist Connectors tab.

Conclusion

Nothing to exercise against the api preview for this specific change beyond the no-regression check above (which passes). The behavioral verification for "an artist sees X + LinkedIn" belongs to chat#1805's preview. Flagging in case we later want an api endpoint that actually enforces the artist allow-list — today it's a constant consumed only by the frontend.

[sweetmantech]

Repurposed 2026-06-18: rather than add twitter/linkedin to this api constant, we're deleting it — it has no runtime consumer in api (only def + test + an unused barrel re-export), and the connector routes are unopinionated. The real artist allow-list lives in chat (chat#1805). Net diff is now 64 deletions / 0 insertions; lib/composio suite 149 green; tsc count unchanged vs test (198). See the updated description.

[cubic-dev-ai]

0 issues found across 3 files (changes from recent commits).

<sub>Auto-approved: Removal of unused dead code (constant, function, test, and barrel export) with no runtime consumers in the API. Verified clean grep, passing tests, and no new TypeScript errors.

Re-trigger cubic</sub>

[sweetmantech]

Post-deletion verification — nothing broke ✅

Ran on the deletion commit 85b26f58.

Layer	Check	Result
Full unit/integration suite	pnpm exec vitest run (entire repo, not just composio)	✅ 3622 passed / 642 files
Build	Vercel preview deployment (next build)	✅ pass — compiles without the deleted file
Types	tsc --noEmit	✅ 198 errors = identical to test baseline (all pre-existing test-mock typings; deletion added none)
Lint / format	CI lint + format	✅ pass
Dead-ref check	grep for isAllowedArtistConnector / ALLOWED_ARTIST_CONNECTORS in lib+app	✅ zero remaining references
Live smoke — connector routes (preview api-k43g67cux, Bearer auth)
	GET /api/connectors	✅ 200, 8 connectors (twitter + linkedin present)
	POST /api/connectors authorize twitter / linkedin	✅ 200 / 200
	GET /api/connectors/actions?connector=tiktok	✅ 200
	GET /api/connectors no auth	✅ 401

The live smoke test specifically exercises the connector routes that import from the barrel (lib/composio/connectors/index.ts) I edited — they all respond normally, confirming removing the unused re-export didn't break the import graph at runtime.

Conclusion: the deletion is safe — full suite green, build green, connector endpoints functional, no dangling references.