This fixes ChatGPT's "MCP write action is temporarily disabled" error by explicitly marking all tools as read-only operations. ChatGPT's Developer Mode was misinterpreting the tools as write actions without these annotations.
Changes:
- Added annotations to all 5 tools in both index.js and server-http.js
- All tools now have: annotations: { readOnlyHint: true, openWorldHint: true }
- Added test-annotations.js to verify annotations are correctly returned
Tools updated:
- search_episodes
- get_episode
- search_transcripts
- get_host_info
- get_series_info
🤖 Generated with Claude Code
Critical Fix:
- Added app.set('trust proxy', true) to server-http.js
- Fixes ValidationError about X-Forwarded-For headers
- Allows rate limiting to work correctly on Render/Heroku/etc
Problem:
- Without trust proxy, Express doesn't recognize real client IPs
- All users appear to have the same IP (the proxy's IP)
- Rate limiting applied to ALL users as a single entity
- One user hitting limit blocks everyone
Solution:
- Trust X-Forwarded-For headers from reverse proxies
- Each user now has their own rate limit bucket
- Rate limiting works as designed (50 req/min per IP)
Documentation:
- Added troubleshooting section in DEPLOYMENT.md
- Explains the error and impact
- Shows how to verify the fix
This is required for any deployment behind a reverse proxy
(Render, Heroku, AWS ELB, nginx, etc.)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
New Features:
- HTTP/SSE server (server-http.js) for network access
- Express-based web server with MCP SSE transport
- Rate limiting (50 req/min per IP)
- Request timeouts (30s)
- Concurrent request limiting (max 10)
- Circuit breaker pattern for failure handling
- Memory monitoring (450MB threshold)
- Gzip compression for responses
- CORS support for cross-origin requests
- Health check endpoint (/health)
Infrastructure:
- Updated package.json with new dependencies (express, cors, compression, rate-limit)
- New npm script: start:http for HTTP server
- Comprehensive deployment guide (DEPLOYMENT.md)
- Updated README with deployment instructions
Graceful Degradation:
- Automatically rejects requests when at capacity
- Circuit breaker opens after 5 failures
- Memory-aware request handling
- Per-IP rate limiting to prevent abuse
The original stdio server (index.js) remains unchanged for local use.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
