@rashidazarang/airtable-mcp 2.1.1 → 2.2.1

package/README.md

@@ -1,7 +1,7 @@
 # Airtable MCP Server
 
+[![Trust Score](https://archestra.ai/mcp-catalog/api/badge/quality/rashidazarang/airtable-mcp)](https://archestra.ai/mcp-catalog/rashidazarang__airtable-mcp)
 [![smithery badge](https://smithery.ai/badge/@rashidazarang/airtable-mcp)](https://smithery.ai/server/@rashidazarang/airtable-mcp)
-[![Trust Score](https://archestra.ai/badge/@rashidazarang/airtable-mcp)](https://archestra.ai/mcp-catalog/rashidazarang__airtable-mcp)
 ![Airtable](https://img.shields.io/badge/Airtable-18BFFF?style=for-the-badge&logo=Airtable&logoColor=white)
 [![MCP](https://img.shields.io/badge/MCP-1.6.0-green)](https://github.com/rashidazarang/airtable-mcp)
 

package/airtable_simple_production.js

@@ -56,18 +56,21 @@ const CONFIG = {
 
 // Logging
 const LOG_LEVELS = { ERROR: 0, WARN: 1, INFO: 2, DEBUG: 3, TRACE: 4 };
-const currentLogLevel = LOG_LEVELS[CONFIG.LOG_LEVEL] || LOG_LEVELS.INFO;
+let currentLogLevel = LOG_LEVELS[CONFIG.LOG_LEVEL] || LOG_LEVELS.INFO;
 
 function log(level, message, metadata = {}) {
   if (level <= currentLogLevel) {
     const timestamp = new Date().toISOString();
     const levelName = Object.keys(LOG_LEVELS).find(key => LOG_LEVELS[key] === level);
-    const output = `[${timestamp}] [${levelName}] ${message}`;
+    // Sanitize message to prevent format string attacks
+    const safeMessage = String(message).replace(/%/g, '%%');
+    const output = `[${timestamp}] [${levelName}] ${safeMessage}`;
     
     if (Object.keys(metadata).length > 0) {
-      console.log(output, JSON.stringify(metadata));
+      // Use separate arguments to avoid format string injection
+      console.log('%s %s', output, JSON.stringify(metadata));
     } else {
-      console.log(output);
+      console.log('%s', output);
     }
   }
 }
@@ -95,7 +98,7 @@ function checkRateLimit(clientId) {
   return true;
 }
 
-// Input validation
+// Input validation and HTML escaping
 function sanitizeInput(input) {
   if (typeof input === 'string') {
     return input.replace(/[<>]/g, '').trim().substring(0, 1000);
@@ -103,6 +106,29 @@ function sanitizeInput(input) {
   return input;
 }
 
+function escapeHtml(unsafe) {
+  if (typeof unsafe !== 'string') {
+    return String(unsafe);
+  }
+  return unsafe
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&#039;")
+    .replace(/\//g, "&#x2F;");
+}
+
+function validateUrl(url) {
+  try {
+    const parsed = new URL(url);
+    // Only allow http and https protocols
+    return ['http:', 'https:'].includes(parsed.protocol);
+  } catch {
+    return false;
+  }
+}
+
 // Airtable API integration
 function callAirtableAPI(endpoint, method = 'GET', body = null, queryParams = {}) {
   return new Promise((resolve, reject) => {
@@ -236,6 +262,98 @@ const TOOLS_SCHEMA = [
   }
 ];
 
+// Prompts schema - AI-powered templates for common Airtable operations
+const PROMPTS_SCHEMA = [
+  {
+    name: 'analyze_data',
+    description: 'Analyze data patterns and provide insights from Airtable records',
+    arguments: [
+      {
+        name: 'table',
+        description: 'Table name or ID to analyze',
+        required: true
+      },
+      {
+        name: 'analysis_type',
+        description: 'Type of analysis (trends, summary, patterns, insights)',
+        required: false
+      },
+      {
+        name: 'field_focus',
+        description: 'Specific fields to focus the analysis on',
+        required: false
+      }
+    ]
+  },
+  {
+    name: 'create_report',
+    description: 'Generate a comprehensive report based on Airtable data',
+    arguments: [
+      {
+        name: 'table',
+        description: 'Table name or ID for the report',
+        required: true
+      },
+      {
+        name: 'report_type',
+        description: 'Type of report (summary, detailed, dashboard, metrics)',
+        required: false
+      },
+      {
+        name: 'time_period',
+        description: 'Time period for the report (if applicable)',
+        required: false
+      }
+    ]
+  },
+  {
+    name: 'data_insights',
+    description: 'Discover hidden insights and correlations in your Airtable data',
+    arguments: [
+      {
+        name: 'tables',
+        description: 'Comma-separated list of table names to analyze',
+        required: true
+      },
+      {
+        name: 'insight_type',
+        description: 'Type of insights to find (correlations, outliers, trends, predictions)',
+        required: false
+      }
+    ]
+  },
+  {
+    name: 'optimize_workflow',
+    description: 'Suggest workflow optimizations based on your Airtable usage patterns',
+    arguments: [
+      {
+        name: 'base_overview',
+        description: 'Overview of the base structure and usage',
+        required: false
+      },
+      {
+        name: 'optimization_focus',
+        description: 'Focus area (automation, fields, views, collaboration)',
+        required: false
+      }
+    ]
+  }
+];
+
+// Roots configuration for filesystem access
+const ROOTS_CONFIG = [
+  {
+    uri: 'file:///airtable-exports',
+    name: 'Airtable Exports'
+  },
+  {
+    uri: 'file:///airtable-attachments', 
+    name: 'Airtable Attachments'
+  }
+];
+
+// Logging configuration (currentLogLevel is already declared above)
+
 // HTTP server
 const server = http.createServer(async (req, res) => {
   // Security headers
@@ -261,13 +379,161 @@ const server = http.createServer(async (req, res) => {
     res.writeHead(200, { 'Content-Type': 'application/json' });
     res.end(JSON.stringify({
       status: 'healthy',
-      version: '2.1.0',
+      version: '2.2.1',
       timestamp: new Date().toISOString(),
       uptime: process.uptime()
     }));
     return;
   }
   
+  // OAuth2 authorization endpoint
+  if (pathname === '/oauth/authorize' && req.method === 'GET') {
+    const params = parsedUrl.query;
+    const clientId = params.client_id;
+    const redirectUri = params.redirect_uri;
+    const state = params.state;
+    const codeChallenge = params.code_challenge;
+    const codeChallengeMethod = params.code_challenge_method;
+    
+    // Validate inputs to prevent XSS
+    if (!clientId || !redirectUri) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'invalid_request', error_description: 'Missing required parameters' }));
+      return;
+    }
+    
+    // Validate redirect URI
+    if (!validateUrl(redirectUri)) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'invalid_request', error_description: 'Invalid redirect URI' }));
+      return;
+    }
+    
+    // Sanitize all user inputs for HTML output
+    const safeClientId = escapeHtml(clientId);
+    const safeRedirectUri = escapeHtml(redirectUri);
+    const safeState = escapeHtml(state || '');
+    
+    // Generate authorization code
+    const authCode = crypto.randomBytes(32).toString('hex');
+    
+    // In a real implementation, store the auth code with expiration
+    // and associate it with the client and PKCE challenge
+    
+    res.writeHead(200, { 
+      'Content-Type': 'text/html',
+      'Content-Security-Policy': "default-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline'",
+      'X-Content-Type-Options': 'nosniff',
+      'X-Frame-Options': 'DENY'
+    });
+    
+    res.end(`<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>OAuth2 Authorization</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+</head>
+<body>
+  <h2>Airtable MCP Server - OAuth2 Authorization</h2>
+  <p>Client ID: ${safeClientId}</p>
+  <p>Redirect URI: ${safeRedirectUri}</p>
+  <div style="margin: 20px 0;">
+    <button onclick="authorize()" style="background: #18BFFF; color: white; padding: 10px 20px; border: none; border-radius: 5px; cursor: pointer;">
+      Authorize Application
+    </button>
+    <button onclick="deny()" style="background: #ff4444; color: white; padding: 10px 20px; border: none; border-radius: 5px; cursor: pointer; margin-left: 10px;">
+      Deny Access
+    </button>
+  </div>
+  <script>
+    function authorize() {
+      const baseUrl = ${JSON.stringify(redirectUri)};
+      const code = ${JSON.stringify(authCode)};
+      const state = ${JSON.stringify(state || '')};
+      const url = baseUrl + '?code=' + encodeURIComponent(code) + '&state=' + encodeURIComponent(state);
+      window.location.href = url;
+    }
+    function deny() {
+      const baseUrl = ${JSON.stringify(redirectUri)};
+      const state = ${JSON.stringify(state || '')};
+      const url = baseUrl + '?error=access_denied&state=' + encodeURIComponent(state);
+      window.location.href = url;
+    }
+  </script>
+</body>
+</html>`);
+    return;
+  }
+  
+  // OAuth2 token endpoint
+  if (pathname === '/oauth/token' && req.method === 'POST') {
+    let body = '';
+    req.on('data', chunk => {
+      body += chunk.toString();
+      // Prevent DoS by limiting body size
+      if (body.length > 10000) {
+        res.writeHead(413, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'payload_too_large', error_description: 'Request body too large' }));
+        return;
+      }
+    });
+    
+    req.on('end', () => {
+      try {
+        const params = querystring.parse(body);
+        const grantType = sanitizeInput(params.grant_type);
+        const code = sanitizeInput(params.code);
+        const codeVerifier = sanitizeInput(params.code_verifier);
+        const clientId = sanitizeInput(params.client_id);
+        
+        // Validate required parameters
+        if (!grantType || !code || !clientId) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({
+            error: 'invalid_request',
+            error_description: 'Missing required parameters'
+          }));
+          return;
+        }
+        
+        // In a real implementation, verify the authorization code and PKCE
+        if (grantType === 'authorization_code' && code) {
+          // Generate access token
+          const accessToken = crypto.randomBytes(32).toString('hex');
+          const refreshToken = crypto.randomBytes(32).toString('hex');
+          
+          res.writeHead(200, { 
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache'
+          });
+          res.end(JSON.stringify({
+            access_token: accessToken,
+            token_type: 'Bearer',
+            expires_in: 3600,
+            refresh_token: refreshToken,
+            scope: 'data.records:read data.records:write schema.bases:read'
+          }));
+        } else {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({
+            error: 'invalid_grant',
+            error_description: 'Invalid grant type or authorization code'
+          }));
+        }
+      } catch (error) {
+        log(LOG_LEVELS.WARN, 'OAuth token request parsing failed', { error: error.message });
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+          error: 'invalid_request',
+          error_description: 'Malformed request body'
+        }));
+      }
+    });
+    return;
+  }
+  
   // MCP endpoint
   if (pathname === '/mcp' && req.method === 'POST') {
     // Rate limiting
@@ -321,9 +587,9 @@ const server = http.createServer(async (req, res) => {
                   logging: {}
                 },
                 serverInfo: {
-                  name: 'Airtable MCP Server',
-                  version: '2.1.0',
-                  description: 'Model Context Protocol server for Airtable integration'
+                  name: 'Airtable MCP Server Enhanced',
+                  version: '2.2.1',
+                  description: 'Complete MCP 2024-11-05 server with Prompts, Sampling, Roots, Logging, and OAuth2'
                 }
               }
             };
@@ -344,6 +610,47 @@ const server = http.createServer(async (req, res) => {
             response = await handleToolCall(request);
             break;
             
+          case 'prompts/list':
+            response = {
+              jsonrpc: '2.0',
+              id: request.id,
+              result: {
+                prompts: PROMPTS_SCHEMA
+              }
+            };
+            break;
+            
+          case 'prompts/get':
+            response = await handlePromptGet(request);
+            break;
+            
+          case 'roots/list':
+            response = {
+              jsonrpc: '2.0',
+              id: request.id,
+              result: {
+                roots: ROOTS_CONFIG
+              }
+            };
+            break;
+            
+          case 'logging/setLevel':
+            const level = request.params?.level;
+            if (level && LOG_LEVELS[level.toUpperCase()] !== undefined) {
+              currentLogLevel = LOG_LEVELS[level.toUpperCase()];
+              log(LOG_LEVELS.INFO, 'Log level updated', { newLevel: level });
+            }
+            response = {
+              jsonrpc: '2.0',
+              id: request.id,
+              result: {}
+            };
+            break;
+            
+          case 'sampling/createMessage':
+            response = await handleSampling(request);
+            break;
+            
           default:
             log(LOG_LEVELS.WARN, 'Unknown method', { method: request.method });
             throw new Error(`Method "${request.method}" not found`);
@@ -476,6 +783,162 @@ async function handleToolCall(request) {
   }
 }
 
+// Prompt handlers
+async function handlePromptGet(request) {
+  const promptName = request.params.name;
+  const promptArgs = request.params.arguments || {};
+  
+  try {
+    const prompt = PROMPTS_SCHEMA.find(p => p.name === promptName);
+    if (!prompt) {
+      throw new Error(`Prompt "${promptName}" not found`);
+    }
+    
+    let messages = [];
+    
+    switch (promptName) {
+      case 'analyze_data':
+        const { table, analysis_type = 'summary', field_focus } = promptArgs;
+        messages = [
+          {
+            role: 'user',
+            content: {
+              type: 'text',
+              text: `Please analyze the data in table "${table}". 
+                     Analysis type: ${analysis_type}
+                     ${field_focus ? `Focus on fields: ${field_focus}` : ''}
+                     
+                     First, list the tables and their schemas, then retrieve sample records from "${table}" 
+                     and provide insights based on the ${analysis_type} analysis type.`
+            }
+          }
+        ];
+        break;
+        
+      case 'create_report':
+        const { table: reportTable, report_type = 'summary', time_period } = promptArgs;
+        messages = [
+          {
+            role: 'user',
+            content: {
+              type: 'text',
+              text: `Create a ${report_type} report for table "${reportTable}".
+                     ${time_period ? `Time period: ${time_period}` : ''}
+                     
+                     Please gather the table schema and recent records, then generate a comprehensive 
+                     ${report_type} report with key metrics, trends, and actionable insights.`
+            }
+          }
+        ];
+        break;
+        
+      case 'data_insights':
+        const { tables, insight_type = 'correlations' } = promptArgs;
+        messages = [
+          {
+            role: 'user',
+            content: {
+              type: 'text',
+              text: `Discover ${insight_type} insights across these tables: ${tables}
+                     
+                     Please examine the data structures and content to identify:
+                     - ${insight_type} patterns
+                     - Unexpected relationships
+                     - Optimization opportunities
+                     - Data quality insights`
+            }
+          }
+        ];
+        break;
+        
+      case 'optimize_workflow':
+        const { base_overview, optimization_focus = 'automation' } = promptArgs;
+        messages = [
+          {
+            role: 'user',
+            content: {
+              type: 'text',
+              text: `Analyze the current Airtable setup and suggest ${optimization_focus} optimizations.
+                     ${base_overview ? `Base overview: ${base_overview}` : ''}
+                     
+                     Please review the table structures, field types, and relationships to recommend:
+                     - ${optimization_focus} improvements
+                     - Best practice implementations
+                     - Performance enhancements
+                     - Workflow streamlining opportunities`
+            }
+          }
+        ];
+        break;
+        
+      default:
+        throw new Error(`Unsupported prompt: ${promptName}`);
+    }
+    
+    return {
+      jsonrpc: '2.0',
+      id: request.id,
+      result: {
+        description: prompt.description,
+        messages: messages
+      }
+    };
+    
+  } catch (error) {
+    log(LOG_LEVELS.ERROR, `Prompt ${promptName} failed`, { error: error.message });
+    
+    return {
+      jsonrpc: '2.0',
+      id: request.id,
+      error: {
+        code: -32000,
+        message: `Error getting prompt ${promptName}: ${error.message}`
+      }
+    };
+  }
+}
+
+// Sampling handler
+async function handleSampling(request) {
+  const { messages, modelPreferences } = request.params;
+  
+  try {
+    // Note: In a real implementation, this would integrate with an LLM API
+    // For now, we'll return a structured response indicating sampling capability
+    
+    log(LOG_LEVELS.INFO, 'Sampling request received', { 
+      messageCount: messages?.length,
+      model: modelPreferences?.model 
+    });
+    
+    return {
+      jsonrpc: '2.0',
+      id: request.id,
+      result: {
+        model: modelPreferences?.model || 'claude-3-sonnet',
+        role: 'assistant',
+        content: {
+          type: 'text',
+          text: 'Sampling capability is available. This MCP server can request AI assistance for complex data analysis and insights generation. In a full implementation, this would connect to your preferred LLM for intelligent Airtable operations.'
+        },
+        stopReason: 'end_turn'
+      }
+    };
+    
+  } catch (error) {
+    log(LOG_LEVELS.ERROR, 'Sampling failed', { error: error.message });
+    
+    return {
+      jsonrpc: '2.0',
+      id: request.id,
+      error: {
+        code: -32000,
+        message: `Sampling error: ${error.message}`
+      }
+    };
+  }
+}
+
 // Server startup
 const PORT = CONFIG.PORT;
 const HOST = CONFIG.HOST;

package/examples/claude_simple_config.json

@@ -1,15 +1,6 @@
 {
   "mcpServers": {
     "airtable": {
-      "command": "curl",
-      "args": [
-        "-s",
-        "-X",
-        "POST",
-        "-H",
-        "Content-Type: application/json",
-        "http://localhost:8010/mcp"
-      ],
       "url": "http://localhost:8010/mcp"
     }
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rashidazarang/airtable-mcp",
-  "version": "2.1.1",
+  "version": "2.2.1",
   "description": "Airtable MCP server for Claude Desktop - Connect directly to Airtable using natural language",
   "main": "airtable_simple_production.js",
   "bin": {