feat: Add file attachment support to add-comment tool#191
feat: Add file attachment support to add-comment tool#191scottlovegrove wants to merge 1 commit intomainfrom
Conversation
scottlovegrove
requested review from
amix,
gnapse and
goncalossilva
and removed request for
gnapse
|
There may be security considerations before we add this. @deorus when you have a chance, can you share your 2c here? |
If there are security considerations, shouldn't they be addressed at the API/backend level? If the API allows this operation, then there cannot be any security consideration in enabling it for the MCP server, right? Or am I missing something? |
That's a fair point. And the endpoint is [poorly] documented in our documentation. |
|
@gnapse it's tricky. :) But if we actively block this tool on the work we're doing, it's less of a concern. |
goncalossilva
left a comment
goncalossilva
left a comment
There was a problem hiding this comment.
Reviewing the change itself, I have a question and a significant concern:
Question: How do we expect this to be used? File uploads is not something I've seen used by an agent or in a workflow, so I'd love to understand this better.
Concern: I find the base64 approach very problematic. This means the whole file will be loaded into memory. Worse, it's our MCP server's memory. This is not a good idea. 😬
How are other MCP servers handling file uploads?
I did think of this before, when reviewing this. It means the entire base64 string needs to be handled in the LLM context, and reproduced correctly by the LLM when invoking the tool. There must be some other way to do this. |
My thinking was that an LLM could create a doc/pdf/etc, and be able to attach that as a comment to a task (say a report of some description).
I can investigate alternative approaches, but if you have any immediate thoughts, I'm open to them. |
|
Sorry @scottlovegrove, if I had a suggestion, I'd have mentioned it! I can only think of pre-signed URLs, because the way we handle uploads normally isn't ideal either and they're the solution for it. And it could help in this case too: we'd hand out a pre-signed URL to the LLM, and then it (or a tool, or its user) would just direct the file upload to it. But that's an incomplete thought, and not something we support just yet. |
|
Analyzing some of the best MCP servers out there that support this would be the way I'd go about it. |
|
Another approach could be to add two new steps to our Manifest: As noted by @goncalossilva, base64 encoding has some fundamental limitations here, and I'm worried about scaling issues down the line. If we introduce specialized steps, we can unlock significant optimizations. |
Would that need to actually go in the manifest though? |
|
Hi all, I just had my PR #359 closed in favor of this one, so I wanted to share my approach here since it addresses the base64 concern raised above. In my fork I use a {
comments: [{
taskId: "123456",
content: "Here's the quarterly report",
filePath: "/path/to/quarterly-report.pdf"
}]
}The LLM only passes a file path string, not the file contents. The MCP server handles the actual file reading and upload. This works well in practice — I've been using it in production for weeks for automated invoice filing workflows. This seems like a pragmatic middle ground while pre-signed URLs or Manifest-level upload/get steps are still being designed. |
- Integrate with Todoist SDK v5.8 uploadFile() method for comment attachments
- Accept base64-encoded fileData, fileName (required), and fileType (optional)
- Two-step process: upload file first, then attach to comment
- Maintain backward compatibility - existing usage continues to work
- Support bulk operations with mixed attachment scenarios
- Enhanced output formatting to show attachment information
- Comprehensive test coverage for all attachment scenarios
- Graceful error handling for upload failures
Each comment can have one attachment. Output shows count of comments
with attachments, e.g., "Added 3 task comments (2 with an attachment)"
API Usage:
```
{
comments: [{
taskId: "123",
content: "Here's the report",
fileData: "base64EncodedContent...",
fileName: "report.pdf",
fileType: "application/pdf"
}]
}
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
scottlovegrove
force-pushed
the
scottl/comment-attachments
branch
from
7334e2d to
e5586c2
Compare
|
@arndjan I'm not sure the file path approach would work for the remote MCP server, would it? |
|
@scottlovegrove You're right — filePath won't work for the remote/hosted MCP server. But for stdio/self-hosted setups (which is what most Claude Code, Cursor, etc. users run), it's the pragmatic solution and works well in practice. Maybe both approaches could coexist: filePath for local MCP servers, and pre-signed URLs (as @goncalossilva suggested) for remote. That way you don't block the local use case while working toward a proper remote solution. |
"Find the booking emails with pdfs for my flights, car rental, parking and add them all as attachments under my trip in todoist" exact use case today, the following discussion with the LLM lead me here, and next to setting it up with an API key to workaround. |
|
@adrian-skybaker Great use case — very similar to what I built this for. My main workflow: I have Claude Code monitor my email for incoming invoices (PDF attachments), download them, file them in Dropbox, and attach them as a comment to a payment task in Todoist. The task gets a deadline (due date minus 2 days) and the file path in the notes. Fully automated weekly invoice filing. Another one: attaching generated reports or exported documents to project tasks as documentation. Both of these work well with the |
6 participants
Summary
Adds file attachment support to the
add-commenttool using the newuploadFile()method from Todoist SDK v5.8.Changes
uploadFile(), then attach to comment withaddComment()fileData(base64-encoded),fileName(required when fileData provided), andfileType(optional MIME type)API Usage
Technical Details
uploadFile()method accepts Buffer input with required fileNameTest Coverage
All tests pass (337/337) ✅