Re: [PR] Mcp service amin dev flask mcp [superset]

Wed, 17 Sep 2025 22:59:34 -0700 


github-advanced-security[bot] commented on code in PR #35121:
URL: https://github.com/apache/superset/pull/35121#discussion_r2344691023


##########
superset/mcp_service/bin/superset-mcp.js:
##########
@@ -0,0 +1,263 @@
+#!/usr/bin/env node
+
+/**
+ * Apache Superset MCP (Model Context Protocol) Server Runner
+ *
+ * OVERVIEW:
+ * This Node.js wrapper script provides an npx-compatible entry point for the 
Superset MCP service.
+ * It acts as a bridge between npm/npx tooling and the Python-based MCP server 
implementation.
+ *
+ * FUNCTIONALITY:
+ * - Detects and validates Python environment and Superset installation
+ * - Supports both stdio (Claude Desktop integration) and HTTP transport modes
+ * - Handles command-line argument parsing and environment variable 
configuration
+ * - Manages Python subprocess lifecycle with proper signal handling
+ * - Provides comprehensive help documentation and error diagnostics
+ *
+ * USAGE PATTERNS (DEVELOPMENT - Not yet published to npm):
+ * - Direct execution: node superset/mcp_service/bin/superset-mcp.js --stdio
+ * - HTTP server: node superset/mcp_service/bin/superset-mcp.js --http --port 
6000
+ * - Development debugging: node superset/mcp_service/bin/superset-mcp.js 
--debug
+ *
+ * FUTURE USAGE (Once published to npm registry):
+ * - npx @superset/mcp-server --stdio
+ * - npx @superset/mcp-server --http --port 6000
+ *
+ * ARCHITECTURE:
+ * This wrapper enables the MCP service to be distributed as an npm package 
while
+ * maintaining the core Python implementation, bridging Node.js tooling with 
Python execution.
+ *
+ * PACKAGE STATUS (as of 2025-01-10):
+ * - NOT YET PUBLISHED to npm registry
+ * - Package name reserved: @superset/mcp-server
+ * - Requires package.json with proper metadata and "bin" field for npx 
execution
+ * - Will need to be published to npm registry before npx commands work
+ *
+ * TODO FOR NPM PUBLISHING:
+ * 1. Create package.json with name "@superset/mcp-server"
+ * 2. Add "bin" field pointing to this file
+ * 3. Set version, description, repository, license
+ * 4. Run npm publish with appropriate access rights
+ */
+
+const { spawn, execSync } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+
+// Parse command line arguments
+const args = process.argv.slice(2);
+const isStdio = args.includes('--stdio') || process.env.FASTMCP_TRANSPORT === 
'stdio';
+const isDebug = args.includes('--debug') || process.env.MCP_DEBUG === '1';
+const showHelp = args.includes('--help') || args.includes('-h');
+
+// Configuration
+const DEFAULT_PORT = process.env.MCP_PORT || '5008';
+const DEFAULT_HOST = process.env.MCP_HOST || '127.0.0.1';
+
+// Show help
+if (showHelp) {
+    console.log(`
+Apache Superset MCP Server
+
+Usage:
+  Development: node superset/mcp_service/bin/superset-mcp.js [options]
+  Future (npm): npx @superset/mcp-server [options]
+
+Options:
+  --stdio       Run in stdio mode for direct Claude Desktop integration
+  --http        Run in HTTP mode (default)
+  --port PORT   HTTP port to bind to (default: ${DEFAULT_PORT})
+  --host HOST   HTTP host to bind to (default: ${DEFAULT_HOST})
+  --debug       Enable debug mode
+  --help        Show this help message
+
+Environment Variables:
+  FASTMCP_TRANSPORT     Transport mode (stdio or http)
+  MCP_PORT              HTTP port (default: ${DEFAULT_PORT})
+  MCP_HOST              HTTP host (default: ${DEFAULT_HOST})
+  MCP_DEBUG             Enable debug (set to 1)
+  PYTHONPATH            Python path including Superset root
+  SUPERSET_CONFIG_PATH  Path to superset_config.py
+
+Examples (Development):
+  # Run in stdio mode for Claude Desktop
+  node superset/mcp_service/bin/superset-mcp.js --stdio
+
+  # Run in HTTP mode on custom port
+  node superset/mcp_service/bin/superset-mcp.js --http --port 6000
+
+  # Run with debug output
+  node superset/mcp_service/bin/superset-mcp.js --debug
+
+  # Or use the Python CLI directly:
+  superset mcp run --host 127.0.0.1 --port 6000
+`);
+    process.exit(0);
+}
+
+// Find Superset root directory
+function findSupersetRoot() {
+    // Start from the mcp_service directory
+    let currentDir = path.resolve(__dirname, '..');
+
+    // Walk up until we find the superset root (contains setup.py or 
pyproject.toml)
+    while (currentDir !== path.dirname(currentDir)) {
+        if (fs.existsSync(path.join(currentDir, 'pyproject.toml')) ||
+            fs.existsSync(path.join(currentDir, 'setup.py'))) {
+            // Check if it's actually the superset root (has superset 
directory)
+            if (fs.existsSync(path.join(currentDir, 'superset'))) {
+                return currentDir;
+            }
+        }
+        currentDir = path.dirname(currentDir);
+    }
+
+    // Fallback to environment variable
+    if (process.env.PYTHONPATH) {
+        return process.env.PYTHONPATH;
+    }
+
+    throw new Error('Could not find Superset root directory. Please set 
PYTHONPATH environment variable.');
+}
+
+// Find Python executable
+function findPython() {

Review Comment:
   ## Shell command built from environment values
   
   This shell command depends on an uncontrolled [absolute path](1).
   This shell command depends on an uncontrolled [absolute path](2).
   
   [Show more 
details](https://github.com/apache/superset/security/code-scanning/2048)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org

Reply via email to