Skip to content

【substack-mcp】サムネ付き記事投稿CLIを整備する#2

Draft
nanameru wants to merge 1 commit into
mainfrom
issue-1-article-cover-cli
Draft

【substack-mcp】サムネ付き記事投稿CLIを整備する#2
nanameru wants to merge 1 commit into
mainfrom
issue-1-article-cover-cli

Conversation

@nanameru

@nanameru nanameru commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Closes #1

概要

  • Markdown本文からSubstack下書きを作成し、任意のカバー画像をアップロードして設定できる substack-publish-article CLIを追加
  • --publish 指定時のみ公開し、--send-email / --share-automatically--publish なしでは拒否する安全設計にした
  • Fable記事本文 articles/fable5.md を追加し、実際にSubstack下書き作成とサムネ設定まで実行
  • test-board.yaml とユニットテストを追加

実運用結果

検証

  • .venv/bin/python -m unittest discover -s tests → 成功(2 tests)
  • .venv/bin/python -m compileall src → 成功
  • test-board once --board test-board.yamlstatus=done:1

リスク

  • Substackは公式公開APIではなく内部API依存のため、Substack側の仕様変更で失敗する可能性がある
  • サムネイルPNGは既存 .gitignorethumbnails/*.png 対象のためコミットしていない。下書きにはSubstack CDNアップロード済み画像を設定済み

@amazon-q-developer amazon-q-developer Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Summary

This PR adds a CLI tool for creating Substack articles with cover images, along with supporting infrastructure and tests. The implementation is well-structured with proper validation and safety mechanisms.

Critical Issue Found (1)

A security vulnerability in the exception handling that could leak sensitive information through error messages. The bare except Exception handler needs to be replaced with specific exception types to prevent exposing credentials or internal system details.

Code Quality Observations

The PR includes solid defensive programming practices such as blocked path prefixes for image uploads and proper validation of arguments. The test coverage demonstrates correct behavior for the main workflow and validation rules.

Action Required: Address the exception handling security issue before merging.


You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

Comment on lines +124 to +126
except Exception as exc:
print(f"error: {exc}", file=sys.stderr)
return 1

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛑 Security Vulnerability: Replace generic exception handler with specific exceptions to prevent leaking sensitive information. The current bare except Exception can expose credentials or internal system details if SubstackClient.from_env() or client methods fail with unexpected errors. Handle credential loading failures separately from API errors to provide safe error messages.

Suggested change
except Exception as exc:
print(f"error: {exc}", file=sys.stderr)
return 1
except RuntimeError as exc:
# Credential loading or API initialization errors
print(f"error: {exc}", file=sys.stderr)
return 1
except (ValueError, FileNotFoundError) as exc:
# Validation or file errors
print(f"error: {exc}", file=sys.stderr)
return 1
except Exception as exc:
# Unexpected errors - don't expose details
print(f"error: An unexpected error occurred during article processing", file=sys.stderr)
return 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

【substack-mcp】サムネ付き記事投稿CLIを整備する

1 participant