@surajmarkupchecks…fix/airtable-scope-qa-mismatches → master5 files · +10 −35updated 4w ago_scopes mismatches from the Desktop QA workbook auditAIRTABLE_CREATE_RECORD_FROM_NL unchanged after verifying it genuinely needs a two-clause CNF intersectionNo existing GitHub issue matched this Airtable scope-audit task, so this PR is tied directly to the QA workbook request.
| Action | File | Observed HTTP calls in code | Old _scopes | Final _scopes | Decision |
|---|---|---|---|---|---|
AIRTABLE_CREATE_A_RECORD | apps/airtable/actions/create_a_record.py | POST /v0/{baseId}/{tableIdOrName} | all_of(data.records:write AND schema.bases:read) | any_of(data.records:write) | changed |
AIRTABLE_CREATE_MULTIPLE_RECORDS | apps/airtable/actions/create_multiple_records.py | batched POST /v0/{baseId}/{tableIdOrName} | all_of(data.records:write AND schema.bases:write) | any_of(data.records:write) | changed |
AIRTABLE_CREATE_RECORD_FROM_NL | apps/airtable/actions/create_record_from_nl.py | GET /meta/bases/{baseId}/tables + POST /{baseId}/{table_id} | all_of(data.records:write AND schema.bases:read) | unchanged | reviewed, not changed |
AIRTABLE_GET_RECORD | apps/airtable/actions/get_record.py | GET /{baseId}/{tableIdOrName}/{recordId} | all_of(data.records:read AND schema.bases:read) | any_of(data.records:read) | changed |
AIRTABLE_UPDATE_RECORD | apps/airtable/actions/update_record.py | PATCH /v0/{baseId}/{tableIdOrName}/{recordId} | all_of(data.records:read AND data.records:write AND schema.bases:read) | any_of(data.records:write) | changed |
AIRTABLE_UPLOAD_ATTACHMENT | apps/airtable/actions/upload_attachment.py | POST /v0/{baseId}/{recordId}/{attachmentFieldIdOrName}/uploadAttachment via content.airtable.com | all_of(data.records:write AND data.records:read AND schema.bases:read) | any_of(data.records:write) | changed |
AIRTABLE_CREATE_A_RECORD / AIRTABLE_CREATE_MULTIPLE_RECORDS
data.records:write: https://airtable.com/developers/web/api/create-recordsAIRTABLE_GET_RECORD
data.records:read: https://airtable.com/developers/web/api/get-recordschema.bases:read was unnecessary.AIRTABLE_UPDATE_RECORD
data.records:write: https://airtable.com/developers/web/api/update-recordAIRTABLE_UPLOAD_ATTACHMENT
data.records:write: https://airtable.com/developers/web/api/upload-attachment| Action | Why unchanged |
|---|---|
AIRTABLE_CREATE_RECORD_FROM_NL | This action has two mandatory primary calls: GET /meta/bases/{baseId}/tables to fetch schema and POST /{baseId}/{table_id} to create the record. There is no graceful degradation path. Under the scope-audit rules, the CNF must intersect both endpoints, so keeping data.records:write and schema.bases:read is correct. Docs: get-base-schema https://airtable.com/developers/web/api/get-base-schema ; create-records https://airtable.com/developers/web/api/create-records |
black --check on changed Airtable action filesisort --check-only on changed Airtable action filespython -m py_compile on changed Airtable action filesActionBuilder.validate_scopes(...) on the five changed actions plus CreateRecordFromNaturalLanguage_scopes declarations plus formatter-only line wrapping.AIRTABLE_CREATE_RECORD_FROM_NL.