@rashidazarang/airtable-mcp 1.2.0 → 1.2.4

package/RELEASE_NOTES_v1.2.4.md

@@ -0,0 +1,60 @@
+# Release Notes - v1.2.4
+
+## 🔒 Security Fix Release
+
+### Critical Security Fix
+- **REMOVED hardcoded API tokens from test files** (Addresses Issue #7)
+  - `test_client.py` and `test_mcp_comprehensive.js` now require environment variables
+  - Added security notice documentation
+  - No exposed credentials in the codebase
+
+### 🐛 Bug Fixes
+
+#### Smithery Cloud Deployment Issues (Issues #5 and #6)
+- **Fixed HTTP 400 errors** when using Smithery
+- **Switched to JavaScript implementation** for Smithery deployment
+- Updated `smithery.yaml` to use `airtable_simple.js` instead of problematic Python server
+- Created dedicated `Dockerfile.node` for Node.js deployment
+- Fixed authentication flow for Smithery connections
+
+### 📚 Documentation Updates
+- Added `SECURITY_NOTICE.md` with token rotation instructions
+- Created `.env.example` file for secure configuration
+- Updated Dockerfile references for Glama listing (Issue #4)
+
+### 🔧 Improvements
+- Added environment variable support with dotenv
+- Improved logging system with configurable levels (ERROR, WARN, INFO, DEBUG)
+- Better error messages for missing credentials
+
+### ⚠️ Breaking Changes
+- Test files now require environment variables:
+  ```bash
+  export AIRTABLE_TOKEN="your_token"
+  export AIRTABLE_BASE_ID="your_base_id"
+  ```
+
+### 🚀 Migration Guide
+
+1. **Update your environment variables:**
+   ```bash
+   cp .env.example .env
+   # Edit .env with your credentials
+   ```
+
+2. **For Smithery users:**
+   - Reinstall the MCP to get the latest configuration
+   - The server now properly accepts credentials through Smithery's config
+
+3. **For direct users:**
+   - Continue using command line arguments or switch to environment variables
+   - Both methods are supported
+
+### 📝 Notes
+- All previously exposed tokens have been revoked
+- Please use your own Airtable credentials
+- Never commit API tokens to version control
+
+---
+
+**Full Changelog**: [v1.2.3...v1.2.4](https://github.com/rashidazarang/airtable-mcp/compare/v1.2.3...v1.2.4)

package/SECURITY_NOTICE.md

@@ -0,0 +1,40 @@
+# Security Notice
+
+## Important: API Token Rotation Required
+
+If you have been using or testing this repository before January 2025, please note that hardcoded API tokens were previously included in test files. These have been removed and replaced with environment variable requirements.
+
+### Actions Required:
+
+1. **If you used the exposed tokens**: 
+   - These tokens have been revoked and are no longer valid
+   - You must use your own Airtable API credentials
+
+2. **For all users**:
+   - Never commit API tokens to version control
+   - Always use environment variables or secure configuration files
+   - Add `.env` to your `.gitignore` file
+
+### Secure Configuration
+
+Set your credentials using environment variables:
+
+```bash
+export AIRTABLE_TOKEN="your_personal_token_here"
+export AIRTABLE_BASE_ID="your_base_id_here"
+```
+
+Or create a `.env` file (never commit this):
+
+```env
+AIRTABLE_TOKEN=your_personal_token_here
+AIRTABLE_BASE_ID=your_base_id_here
+```
+
+### Reporting Security Issues
+
+If you discover any security vulnerabilities, please report them to:
+- Open an issue on GitHub (without including sensitive details)
+- Contact the maintainer directly for sensitive information
+
+Thank you for helping keep this project secure.

package/airtable_simple.js

@@ -0,0 +1,277 @@
+#!/usr/bin/env node
+
+const http = require('http');
+const https = require('https');
+const fs = require('fs');
+const path = require('path');
+
+// Load environment variables from .env file if it exists
+const envPath = path.join(__dirname, '.env');
+if (fs.existsSync(envPath)) {
+  require('dotenv').config({ path: envPath });
+}
+
+// Parse command line arguments with environment variable fallback
+const args = process.argv.slice(2);
+let tokenIndex = args.indexOf('--token');
+let baseIndex = args.indexOf('--base');
+
+// Use environment variables as fallback
+const token = tokenIndex !== -1 ? args[tokenIndex + 1] : process.env.AIRTABLE_TOKEN || process.env.AIRTABLE_API_TOKEN;
+const baseId = baseIndex !== -1 ? args[baseIndex + 1] : process.env.AIRTABLE_BASE_ID || process.env.AIRTABLE_BASE;
+
+if (!token || !baseId) {
+  console.error('Error: Missing Airtable credentials');
+  console.error('\nUsage options:');
+  console.error('  1. Command line: node airtable_simple.js --token YOUR_TOKEN --base YOUR_BASE_ID');
+  console.error('  2. Environment variables: AIRTABLE_TOKEN and AIRTABLE_BASE_ID');
+  console.error('  3. .env file with AIRTABLE_TOKEN and AIRTABLE_BASE_ID');
+  process.exit(1);
+}
+
+// Configure logging levels
+const LOG_LEVELS = {
+  ERROR: 0,
+  WARN: 1,
+  INFO: 2,
+  DEBUG: 3
+};
+
+const currentLogLevel = process.env.LOG_LEVEL ? LOG_LEVELS[process.env.LOG_LEVEL.toUpperCase()] || LOG_LEVELS.INFO : LOG_LEVELS.INFO;
+
+function log(level, message, ...args) {
+  const levelName = Object.keys(LOG_LEVELS).find(key => LOG_LEVELS[key] === level);
+  const timestamp = new Date().toISOString();
+  
+  if (level <= currentLogLevel) {
+    const prefix = `[${timestamp}] [${levelName}]`;
+    if (level === LOG_LEVELS.ERROR) {
+      console.error(prefix, message, ...args);
+    } else if (level === LOG_LEVELS.WARN) {
+      console.warn(prefix, message, ...args);
+    } else {
+      console.log(prefix, message, ...args);
+    }
+  }
+}
+
+log(LOG_LEVELS.INFO, `Starting Airtable MCP server with token ${token.slice(0, 5)}...${token.slice(-5)} and base ${baseId}`);
+
+// Create HTTP server
+const server = http.createServer(async (req, res) => {
+  // Enable CORS
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+  
+  // Handle preflight request
+  if (req.method === 'OPTIONS') {
+    res.writeHead(200);
+    res.end();
+    return;
+  }
+  
+  // Only handle POST requests to /mcp
+  if (req.method !== 'POST' || !req.url.endsWith('/mcp')) {
+    res.writeHead(404);
+    res.end();
+    return;
+  }
+  
+  let body = '';
+  req.on('data', chunk => {
+    body += chunk.toString();
+  });
+  
+  req.on('end', async () => {
+    try {
+      const request = JSON.parse(body);
+      
+      // Handle JSON-RPC methods
+      if (request.method === 'resources/list') {
+        const response = {
+          jsonrpc: '2.0',
+          id: request.id,
+          result: {
+            resources: [
+              {
+                id: 'airtable_tables',
+                name: 'Airtable Tables',
+                description: 'Tables in your Airtable base'
+              }
+            ]
+          }
+        };
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(response));
+        return;
+      }
+      
+      if (request.method === 'prompts/list') {
+        const response = {
+          jsonrpc: '2.0',
+          id: request.id,
+          result: {
+            prompts: [
+              {
+                id: 'tables_prompt',
+                name: 'List Tables',
+                description: 'List all tables'
+              }
+            ]
+          }
+        };
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(response));
+        return;
+      }
+      
+      // Handle tool calls
+      if (request.method === 'tools/call') {
+        const toolName = request.params.name;
+        
+        if (toolName === 'list_tables') {
+          // Call Airtable API to list tables
+          const result = await callAirtableAPI(`meta/bases/${baseId}/tables`);
+          const tables = result.tables || [];
+          
+          const tableList = tables.map((table, i) => 
+            `${i+1}. ${table.name} (ID: ${table.id})`
+          ).join('\n');
+          
+          const response = {
+            jsonrpc: '2.0',
+            id: request.id,
+            result: {
+              content: [
+                {
+                  type: 'text',
+                  text: tables.length > 0 
+                    ? `Tables in this base:\n${tableList}` 
+                    : 'No tables found in this base.'
+                }
+              ]
+            }
+          };
+          
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify(response));
+          return;
+        }
+        
+        if (toolName === 'list_records') {
+          const tableName = request.params.arguments.table_name;
+          const maxRecords = request.params.arguments.max_records || 100;
+          
+          // Call Airtable API to list records
+          const result = await callAirtableAPI(`${baseId}/${tableName}`, { maxRecords });
+          const records = result.records || [];
+          
+          const recordList = records.map((record, i) => {
+            const fields = Object.entries(record.fields || {})
+              .map(([k, v]) => `${k}: ${v}`)
+              .join(', ');
+            return `${i+1}. ID: ${record.id} - ${fields}`;
+          }).join('\n');
+          
+          const response = {
+            jsonrpc: '2.0',
+            id: request.id,
+            result: {
+              content: [
+                {
+                  type: 'text',
+                  text: records.length > 0 
+                    ? `Records:\n${recordList}` 
+                    : 'No records found in this table.'
+                }
+              ]
+            }
+          };
+          
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify(response));
+          return;
+        }
+        
+        // Tool not found
+        const response = {
+          jsonrpc: '2.0',
+          id: request.id,
+          error: {
+            code: -32601,
+            message: `Tool ${toolName} not found`
+          }
+        };
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(response));
+        return;
+      }
+      
+      // Method not found
+      const response = {
+        jsonrpc: '2.0',
+        id: request.id,
+        error: {
+          code: -32601,
+          message: `Method ${request.method} not found`
+        }
+      };
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(response));
+      
+    } catch (error) {
+      console.error('Error processing request:', error);
+      const response = {
+        jsonrpc: '2.0',
+        id: request.id || null,
+        error: {
+          code: -32000,
+          message: error.message || 'Unknown error'
+        }
+      };
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(response));
+    }
+  });
+});
+
+// Helper function to call Airtable API
+function callAirtableAPI(endpoint, params = {}) {
+  return new Promise((resolve, reject) => {
+    const queryParams = new URLSearchParams(params).toString();
+    const url = `https://api.airtable.com/v0/${endpoint}${queryParams ? '?' + queryParams : ''}`;
+    
+    const options = {
+      headers: {
+        'Authorization': `Bearer ${token}`,
+        'Content-Type': 'application/json'
+      }
+    };
+    
+    https.get(url, options, (response) => {
+      let data = '';
+      
+      response.on('data', (chunk) => {
+        data += chunk;
+      });
+      
+      response.on('end', () => {
+        try {
+          resolve(JSON.parse(data));
+        } catch (e) {
+          reject(new Error(`Failed to parse Airtable response: ${e.message}`));
+        }
+      });
+    }).on('error', (error) => {
+      reject(new Error(`Airtable API request failed: ${error.message}`));
+    });
+  });
+}
+
+// Start the server on port 8010
+const PORT = 8010;
+server.listen(PORT, () => {
+  console.log(`Airtable MCP server running at http://localhost:${PORT}/mcp`);
+  console.log(`For Claude, use this URL: http://localhost:${PORT}/mcp`);
+}); 

package/cleanup.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+echo "🧹 Airtable MCP Cleanup Script"
+echo "=============================="
+
+# Function to check if port is in use
+check_port() {
+    if lsof -Pi :8010 -sTCP:LISTEN -t >/dev/null ; then
+        echo "⚠️  Port 8010 is in use"
+        return 0
+    else
+        echo "✅ Port 8010 is free"
+        return 1
+    fi
+}
+
+# Function to kill processes on port 8010
+kill_port() {
+    echo "🔄 Killing processes on port 8010..."
+    lsof -ti:8010 | xargs kill -9 2>/dev/null
+    echo "✅ Port 8010 cleared"
+}
+
+# Function to clean up temporary files
+cleanup_files() {
+    echo "🧹 Cleaning up temporary files..."
+    
+    # Remove test files if they exist
+    if [ -f "test_mcp_comprehensive.js" ]; then
+        rm test_mcp_comprehensive.js
+        echo "✅ Removed test_mcp_comprehensive.js"
+    fi
+    
+    if [ -f "quick_test.sh" ]; then
+        rm quick_test.sh
+        echo "✅ Removed quick_test.sh"
+    fi
+    
+    if [ -f "MCP_REVIEW_SUMMARY.md" ]; then
+        rm MCP_REVIEW_SUMMARY.md
+        echo "✅ Removed MCP_REVIEW_SUMMARY.md"
+    fi
+    
+    if [ -f "cleanup.sh" ]; then
+        rm cleanup.sh
+        echo "✅ Removed cleanup.sh"
+    fi
+}
+
+# Main cleanup process
+echo "1. Checking port status..."
+if check_port; then
+    echo "2. Clearing port 8010..."
+    kill_port
+else
+    echo "2. Port is already free"
+fi
+
+echo "3. Cleaning up temporary files..."
+cleanup_files
+
+echo ""
+echo "🎉 Cleanup completed!"
+echo ""
+echo "To start the MCP server again:"
+echo "  node airtable_simple.js --token YOUR_TOKEN --base YOUR_BASE_ID"
+echo ""
+echo "To test the MCP:"
+echo "  npm run test"

package/examples/claude_simple_config.json

@@ -0,0 +1,16 @@
+{
+  "mcpServers": {
+    "airtable": {
+      "command": "curl",
+      "args": [
+        "-s",
+        "-X",
+        "POST",
+        "-H",
+        "Content-Type: application/json",
+        "http://localhost:8010/mcp"
+      ],
+      "url": "http://localhost:8010/mcp"
+    }
+  }
+} 

package/examples/python_debug_patch.txt

@@ -0,0 +1,27 @@
+# Add proper error handling
+import traceback
+import sys
+
+# Override the default error handlers to format errors as proper JSON
+def handle_exceptions(func):
+    async def wrapper(*args, **kwargs):
+        try:
+            return await func(*args, **kwargs)
+        except Exception as e:
+            error_trace = traceback.format_exc()
+            sys.stderr.write(f"Error in MCP handler: {str(e)}\n{error_trace}\n")
+            # Return a properly formatted JSON error
+            return {"error": {"code": -32000, "message": str(e)}}
+    return wrapper
+
+# Apply the decorator to all RPC methods
+original_rpc_method = app.rpc_method
+def patched_rpc_method(*args, **kwargs):
+    def decorator(func):
+        wrapped_func = handle_exceptions(func)
+        return original_rpc_method(*args, **kwargs)(wrapped_func)
+    return decorator
+
+# Then add this line right before creating the FastMCP instance:
+# Replace app.rpc_method with our patched version
+app.rpc_method = patched_rpc_method 

package/inspector_server.py

@@ -10,6 +10,7 @@ import json
 import logging
 import requests
 import argparse
+import traceback
 from typing import Optional, Dict, Any, List
 
 try:
@@ -68,6 +69,36 @@ if args.config_json:
 # Create MCP server
 app = FastMCP("Airtable Tools")
 
+# Add error handling wrapper for all MCP methods
+def handle_exceptions(func):
+    """Decorator to properly handle and format exceptions in MCP functions"""
+    async def wrapper(*args, **kwargs):
+        try:
+            return await func(*args, **kwargs)
+        except Exception as e:
+            error_trace = traceback.format_exc()
+            logger.error(f"Error in MCP handler: {str(e)}\n{error_trace}")
+            sys.stderr.write(f"Error in MCP handler: {str(e)}\n{error_trace}\n")
+            
+            # For tool functions that return strings, return a formatted error message
+            if hasattr(func, "__annotations__") and func.__annotations__.get("return") == str:
+                return f"Error: {str(e)}"
+            
+            # For RPC methods that return dicts, return a properly formatted JSON error
+            return {"error": {"code": -32000, "message": str(e)}}
+    return wrapper
+
+# Patch the tool method to automatically apply error handling
+original_tool = app.tool
+def patched_tool(*args, **kwargs):
+    def decorator(func):
+        wrapped_func = handle_exceptions(func)
+        return original_tool(*args, **kwargs)(wrapped_func)
+    return decorator
+
+# Replace app.tool with our patched version
+app.tool = patched_tool
+
 # Get token from arguments, config, or environment
 token = args.api_token or config.get("airtable_token", "") or os.environ.get("AIRTABLE_PERSONAL_ACCESS_TOKEN", "")
 # Clean up token if it has trailing quote
@@ -297,5 +328,10 @@ async def set_base_id(base_id_param: str) -> str:
     base_id = base_id_param
     return f"Base ID set to: {base_id}"
 
+# Note: rpc_method is not available in the current MCP version
+# These methods would be used for Claude-specific functionality
+# but are not needed for basic MCP operation
+
+# Start the server
 if __name__ == "__main__":
-    app.run() 
+    app.start() 

package/package.json

@@ -1,40 +1,43 @@
 {
   "name": "@rashidazarang/airtable-mcp",
-  "version": "1.2.0",
-  "description": "Airtable MCP for AI tools - compatible with MCP SDK 1.4.1+, includes compatibility fixes for Claude and Windsurf",
-  "main": "index.js",
+  "version": "1.2.4",
+  "description": "Airtable MCP for Claude Desktop - Connect directly to Airtable using natural language",
+  "main": "airtable_simple.js",
   "bin": {
-    "airtable-mcp": "index.js"
+    "airtable-mcp": "./airtable_simple.js"
   },
   "scripts": {
-    "start": "node index.js"
+    "start": "node airtable_simple.js",
+    "start:python": "python3.10 inspector_server.py",
+    "test": "node test_mcp_comprehensive.js",
+    "test:quick": "./quick_test.sh",
+    "dev": "node airtable_simple.js --token YOUR_TOKEN --base YOUR_BASE_ID"
   },
   "keywords": [
     "airtable",
     "mcp",
-    "ai",
     "claude",
+    "claude-desktop",
     "anthropic",
-    "cursor",
-    "claude-code",
-    "smithery",
-    "model-context-protocol",
-    "windsurf"
+    "ai",
+    "database"
   ],
   "author": "Rashid Azarang",
   "license": "MIT",
+  "dependencies": {
+    "@smithery/cli": "^1.0.0",
+    "airtable": "^0.12.2",
+    "dotenv": "^16.0.0"
+  },
+  "engines": {
+    "node": ">=14.0.0"
+  },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/rashidazarang/airtable-mcp.git"
+    "url": "https://github.com/rashidazarang/airtable-mcp"
   },
   "bugs": {
     "url": "https://github.com/rashidazarang/airtable-mcp/issues"
   },
-  "homepage": "https://github.com/rashidazarang/airtable-mcp#readme",
-  "engines": {
-    "node": ">=14.0.0"
-  },
-  "dependencies": {
-    "dotenv": "^16.0.3"
-  }
+  "homepage": "https://github.com/rashidazarang/airtable-mcp#readme"
 }

package/quick_test.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+echo "🔌 Airtable MCP Quick Tests"
+echo "==========================="
+
+# Test 1: List Tables
+echo "📊 Testing: List Tables"
+curl -s -X POST http://localhost:8010/mcp \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "list_tables"}}' | jq '.result.content[0].text'
+
+echo -e "\n"
+
+# Test 2: List Records from Requests
+echo "📄 Testing: List Records (Requests)"
+curl -s -X POST http://localhost:8010/mcp \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "list_records", "arguments": {"table_name": "requests", "max_records": 2}}}' | jq '.result.content[0].text'
+
+echo -e "\n"
+
+# Test 3: List Records from Providers
+echo "👥 Testing: List Records (Providers)"
+curl -s -X POST http://localhost:8010/mcp \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "list_records", "arguments": {"table_name": "providers", "max_records": 2}}}' | jq '.result.content[0].text'
+
+echo -e "\n✅ All quick tests completed!"