feat: Add file attachment support to add-comment tool #191
Conversation
- Integrate with Todoist SDK v5.8 uploadFile() method for comment attachments
- Accept base64-encoded fileData, fileName (required), and fileType (optional)
- Two-step process: upload file first, then attach to comment
- Maintain backward compatibility - existing usage continues to work
- Support bulk operations with mixed attachment scenarios
- Enhanced output formatting to show attachment information
- Comprehensive test coverage for all attachment scenarios
- Graceful error handling for upload failures
Each comment can have one attachment. Output shows count of comments
with attachments, e.g., "Added 3 task comments (2 with an attachment)"
API Usage:
```
{
comments: [{
taskId: "123",
content: "Here's the report",
fileData: "base64EncodedContent...",
fileName: "report.pdf",
fileType: "application/pdf"
}]
}
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
scottlovegrove
requested review from
amix,
gnapse and
goncalossilva
and removed request for
gnapse
|
There may be security considerations before we add this. @deorus when you have a chance, can you share your 2c here? |
If there are security considerations, shouldn't they be addressed at the API/backend level? If the API allows this operation, then there cannot be any security consideration in enabling it for the MCP server, right? Or am I missing something? |
That's a fair point. And the endpoint is [poorly] documented in our documentation. |
|
@gnapse it's tricky. :) But if we actively block this tool on the work we're doing, it's less of a concern. |
There was a problem hiding this comment.
Reviewing the change itself, I have a question and a significant concern:
Question: How do we expect this to be used? File uploads is not something I've seen used by an agent or in a workflow, so I'd love to understand this better.
Concern: I find the base64 approach very problematic. This means the whole file will be loaded into memory. Worse, it's our MCP server's memory. This is not a good idea. 😬
How are other MCP servers handling file uploads?
I did think of this before, when reviewing this. It means the entire base64 string needs to be handled in the LLM context, and reproduced correctly by the LLM when invoking the tool. There must be some other way to do this. |
My thinking was that an LLM could create a doc/pdf/etc, and be able to attach that as a comment to a task (say a report of some description).
I can investigate alternative approaches, but if you have any immediate thoughts, I'm open to them. |
|
Sorry @scottlovegrove, if I had a suggestion, I'd have mentioned it! I can only think of pre-signed URLs, because the way we handle uploads normally isn't ideal either and they're the solution for it. And it could help in this case too: we'd hand out a pre-signed URL to the LLM, and then it (or a tool, or its user) would just direct the file upload to it. But that's an incomplete thought, and not something we support just yet. |
|
Analyzing some of the best MCP servers out there that support this would be the way I'd go about it. |
|
Another approach could be to add two new steps to our Manifest: As noted by @goncalossilva, base64 encoding has some fundamental limitations here, and I'm worried about scaling issues down the line. If we introduce specialized steps, we can unlock significant optimizations. |
Would that need to actually go in the manifest though? |
Summary
Adds file attachment support to the
add-commenttool using the newuploadFile()method from Todoist SDK v5.8.Changes
uploadFile(), then attach to comment withaddComment()fileData(base64-encoded),fileName(required when fileData provided), andfileType(optional MIME type)API Usage
Technical Details
uploadFile()method accepts Buffer input with required fileNameTest Coverage
All tests pass (337/337) ✅