feat: Add download_attachment tool for fetching card attachments

[sap2me]

Problem

Currently there's no way to download/view attachments from Trello cards through the MCP server. The attachment URLs returned by get_card require authentication and cannot be accessed directly.

Solution

Added a new download_attachment tool that:

• Fetches attachment metadata
• Downloads the file using OAuth authentication header
• Returns base64-encoded data (images are returned as viewable content)

Implementation Details

• Uses OAuth header: Authorization: OAuth oauth_consumer_key="...", oauth_token="..."
• Query parameters don't work for attachment downloads (returns 401)
• Reference: https://community.developer.atlassian.com/t/download-attachments-with-api/72386

Usage

{
  "cardId": "card-id-or-shortlink",
  "attachmentId": "attachment-id"
}

Changes

• src/trello-client.ts: Added downloadAttachment() method
• src/index.ts: Registered download_attachment tool

Testing

Tested manually with real Trello attachments - successfully downloads and returns images as base64 data.

[gemini-code-assist]

Summary of Changes

Hello @sap2me, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant enhancement by providing a dedicated tool to download attachments from Trello cards. Previously, direct access to these attachments was restricted due to authentication requirements. The new download_attachment tool resolves this by securely fetching the attachment data using OAuth and returning it in a base64-encoded format, making it readily available for further processing or viewing, particularly for image files.

Highlights

• New Tool Added: A new tool named download_attachment has been introduced to enable downloading of attachments from Trello cards.
• Authentication Handling: The new tool correctly handles OAuth authentication required for accessing Trello attachment URLs, which are otherwise inaccessible directly.
• Base64 Encoding: Downloaded attachments are returned as base64-encoded data, with a special handling for images to be directly viewable.
• Metadata Retrieval: The implementation first fetches attachment metadata to obtain details like the filename and MIME type before initiating the download.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new download_attachment tool, which is a great addition for fetching attachment content from Trello cards. The implementation correctly handles authentication for attachment downloads, which differs from other API calls. It also provides a good user experience by differentiating between image and non-image files in the output. My main feedback is to ensure that all API calls, including the one for downloading the attachment file, respect the client's rate limiting to prevent hitting Trello's API limits.

[gemini-code-assist]

This direct call to axios.get bypasses the rate limiting implemented for this client. While a separate axios call is necessary because attachment downloads require an Authorization header instead of query parameters, it should still respect the rate limits. You should wait for an available token from the rate limiter before making the request to avoid hitting Trello's rate limits unexpectedly. This function makes two API calls, and both should be rate-limited.

Suggested change

	const response = await axios.get(downloadUrl, {
	headers: {
	Authorization: `OAuth oauth_consumer_key="${this.config.apiKey}", oauth_token="${this.config.token}"`,
	},
	responseType: 'arraybuffer',
	});
	await this.rateLimiter.waitForAvailableToken();
	const response = await axios.get(downloadUrl, {
	headers: {
	Authorization: 'OAuth oauth_consumer_key="' + this.config.apiKey + '", oauth_token="' + this.config.token + '"',
	},
	responseType: 'arraybuffer',
	});

[glani]

@sap2me can you fix the CR comment, please? This feature is useful.