@jtalk22/slack-mcp 1.0.4 → 1.1.0

package/lib/handlers.js

@@ -4,11 +4,107 @@
  * Implementation of all MCP tool handlers.
  */
 
-import { writeFileSync } from "fs";
-import { homedir } from "os";
+import { writeFileSync, readFileSync, existsSync, renameSync, unlinkSync } from "fs";
+import { homedir, platform } from "os";
 import { join } from "path";
-import { loadTokens, saveTokens, extractFromChrome } from "./token-store.js";
-import { slackAPI, resolveUser, formatTimestamp, sleep } from "./slack-client.js";
+import { loadTokens, saveTokens, extractFromChrome, isAutoRefreshAvailable } from "./token-store.js";
+import { slackAPI, resolveUser, formatTimestamp, sleep, checkTokenHealth, getUserCacheStats } from "./slack-client.js";
+
+// ============ Utilities ============
+
+/**
+ * Robust boolean parser for LLM input unpredictability
+ * Handles: true, "true", "True", "1", 1, "yes", etc.
+ */
+function parseBool(val) {
+  if (typeof val === 'boolean') return val;
+  if (typeof val === 'number') return val !== 0;
+  if (typeof val === 'string') {
+    return ['true', '1', 'yes', 'on'].includes(val.toLowerCase());
+  }
+  return false;
+}
+
+/**
+ * Atomic write to prevent file corruption from concurrent writes
+ */
+function atomicWriteSync(filePath, content) {
+  const tempPath = `${filePath}.${process.pid}.tmp`;
+  try {
+    writeFileSync(tempPath, content);
+    if (platform() === 'darwin' || platform() === 'linux') {
+      try { require('child_process').execSync(`chmod 600 "${tempPath}"`); } catch {}
+    }
+    renameSync(tempPath, filePath);
+  } catch (e) {
+    try { unlinkSync(tempPath); } catch {}
+    throw e;
+  }
+}
+
+// ============ DM Cache ============
+const DM_CACHE_FILE = join(homedir(), ".slack-mcp-dm-cache.json");
+const DM_CACHE_TTL = 24 * 60 * 60 * 1000; // 24 hours
+
+function loadDMCache() {
+  if (!existsSync(DM_CACHE_FILE)) return { dms: {}, updated: 0 };
+  try {
+    const data = JSON.parse(readFileSync(DM_CACHE_FILE, "utf-8"));
+    // Check if cache is stale
+    if (Date.now() - (data.updated || 0) > DM_CACHE_TTL) {
+      return { dms: {}, updated: 0 };
+    }
+    return data;
+  } catch {
+    return { dms: {}, updated: 0 };
+  }
+}
+
+function saveDMCache(dms) {
+  try {
+    const data = { dms, updated: Date.now() };
+    atomicWriteSync(DM_CACHE_FILE, JSON.stringify(data, null, 2));
+  } catch {
+    // Ignore write errors - cache is optional
+  }
+}
+
+/**
+ * Token status handler - detailed token health info
+ */
+export async function handleTokenStatus() {
+  const health = await checkTokenHealth({ error: () => {} });
+  const cacheStats = getUserCacheStats();
+  const dmCache = loadDMCache();
+
+  return {
+    content: [{
+      type: "text",
+      text: JSON.stringify({
+        token: {
+          status: health.healthy ? "healthy" : health.reason === 'no_tokens' ? "missing" : "warning",
+          age_hours: health.age_hours,
+          source: health.source,
+          updated_at: health.updated_at,
+          message: health.message
+        },
+        auto_refresh: {
+          enabled: true,
+          interval: "4 hours",
+          last_attempt: health.refreshed ? "just now" : "on-demand",
+          requires: "Slack tab open in Chrome"
+        },
+        cache: {
+          users: cacheStats,
+          dms: {
+            count: Object.keys(dmCache.dms || {}).length,
+            age_hours: dmCache.updated ? Math.round((Date.now() - dmCache.updated) / (60 * 60 * 1000) * 10) / 10 : null
+          }
+        }
+      }, null, 2)
+    }]
+  };
+}
 
 /**
  * Health check handler
@@ -53,6 +149,17 @@ export async function handleHealthCheck() {
  * Refresh tokens handler
  */
 export async function handleRefreshTokens() {
+  // Check platform support
+  if (!isAutoRefreshAvailable()) {
+    return {
+      content: [{
+        type: "text",
+        text: "Auto-refresh is only available on macOS.\n\nOn other platforms, manually update ~/.slack-mcp-tokens.json with:\n{\n  \"SLACK_TOKEN\": \"xoxc-...\",\n  \"SLACK_COOKIE\": \"xoxd-...\"\n}"
+      }],
+      isError: true
+    };
+  }
+
   const chromeTokens = extractFromChrome();
   if (chromeTokens) {
     saveTokens(chromeTokens.token, chromeTokens.cookie);
@@ -86,11 +193,12 @@ export async function handleRefreshTokens() {
 }
 
 /**
- * List conversations handler
+ * List conversations handler (with lazy DM discovery)
  */
 export async function handleListConversations(args) {
   const types = args.types || "im,mpim";
   const wantsDMs = types.includes("im") || types.includes("mpim");
+  const discoverDMs = parseBool(args.discover_dms); // Robust boolean parsing
 
   const result = await slackAPI("conversations.list", {
     types: types,
@@ -111,29 +219,48 @@ export async function handleListConversations(args) {
     };
   }));
 
-  // xoxc tokens often don't return IMs via conversations.list
-  // So we manually add DMs by opening them with known users
-  if (wantsDMs) {
+  // Load cached DMs first (fast path)
+  const dmCache = loadDMCache();
+  for (const [channelId, data] of Object.entries(dmCache.dms || {})) {
+    if (!conversations.find(c => c.id === channelId)) {
+      conversations.push(data);
+    }
+  }
+
+  // Only do expensive full DM discovery if explicitly requested
+  // This avoids hitting rate limits on large workspaces
+  if (wantsDMs && discoverDMs) {
+    const newDMs = { ...dmCache.dms };
+    let discoveredCount = 0;
+
     try {
-      const usersResult = await slackAPI("users.list", { limit: 100 });
+      const usersResult = await slackAPI("users.list", { limit: 200 });
       for (const user of (usersResult.members || [])) {
         if (user.is_bot || user.id === "USLACKBOT" || user.deleted) continue;
 
-        // Try to open DM with each user to get channel ID
+        // Skip if we already have this user's DM
+        const existingDM = conversations.find(c => c.user_id === user.id && c.type === "dm");
+        if (existingDM) continue;
+
+        // Try to open DM with this user
         try {
           const dmResult = await slackAPI("conversations.open", { users: user.id });
-          if (dmResult.channel && dmResult.channel.id) {
+          if (dmResult.channel?.id) {
             const channelId = dmResult.channel.id;
-            // Only add if not already in list
             if (!conversations.find(c => c.id === channelId)) {
-              conversations.push({
+              const dmData = {
                 id: channelId,
                 name: user.real_name || user.name,
                 type: "dm",
                 user_id: user.id
-              });
+              };
+              conversations.push(dmData);
+              newDMs[channelId] = dmData;
+              discoveredCount++;
             }
           }
+          // Rate limit protection
+          await sleep(50);
         } catch (e) {
           // Skip users we can't DM
         }
@@ -141,12 +268,22 @@ export async function handleListConversations(args) {
     } catch (e) {
       // If users.list fails, continue with what we have
     }
+
+    // Save updated cache
+    if (discoveredCount > 0) {
+      saveDMCache(newDMs);
+    }
   }
 
   return {
     content: [{
       type: "text",
-      text: JSON.stringify({ count: conversations.length, conversations }, null, 2)
+      text: JSON.stringify({
+        count: conversations.length,
+        conversations,
+        cached_dms: Object.keys(dmCache.dms || {}).length,
+        hint: !discoverDMs && wantsDMs ? "Use discover_dms:true for full DM discovery (slower)" : undefined
+      }, null, 2)
     }]
   };
 }
@@ -394,28 +531,43 @@ export async function handleGetThread(args) {
 }
 
 /**
- * List users handler
+ * List users handler (with pagination support)
  */
 export async function handleListUsers(args) {
-  const result = await slackAPI("users.list", {
-    limit: args.limit || 100
-  });
+  const maxUsers = args.limit || 500;
+  const allUsers = [];
+  let cursor;
+
+  do {
+    const result = await slackAPI("users.list", {
+      limit: Math.min(200, maxUsers - allUsers.length),
+      cursor
+    });
 
-  const users = (result.members || [])
-    .filter(u => !u.deleted && !u.is_bot)
-    .map(u => ({
-      id: u.id,
-      name: u.name,
-      real_name: u.real_name,
-      display_name: u.profile?.display_name,
-      email: u.profile?.email,
-      is_admin: u.is_admin
-    }));
+    const users = (result.members || [])
+      .filter(u => !u.deleted && !u.is_bot)
+      .map(u => ({
+        id: u.id,
+        name: u.name,
+        real_name: u.real_name,
+        display_name: u.profile?.display_name,
+        email: u.profile?.email,
+        is_admin: u.is_admin
+      }));
+
+    allUsers.push(...users);
+    cursor = result.response_metadata?.next_cursor;
+
+    // Small delay between pagination requests
+    if (cursor && allUsers.length < maxUsers) {
+      await sleep(100);
+    }
+  } while (cursor && allUsers.length < maxUsers);
 
   return {
     content: [{
       type: "text",
-      text: JSON.stringify({ count: users.length, users }, null, 2)
+      text: JSON.stringify({ count: allUsers.length, users: allUsers }, null, 2)
     }]
   };
 }

package/lib/slack-client.js

@@ -3,17 +3,138 @@
  *
  * Handles all Slack API communication with:
  * - Automatic token refresh on auth failure
- * - User name caching
+ * - User name caching with LRU + TTL
  * - Rate limiting
+ * - Network error retry with exponential backoff
+ * - Proactive token health checking
  */
 
 import { loadTokens, saveTokens, extractFromChrome } from "./token-store.js";
 
-// User cache to avoid repeated API calls
-const userCache = new Map();
+// ============ Configuration ============
+
+const TOKEN_WARNING_AGE = 6 * 60 * 60 * 1000;  // 6 hours
+const TOKEN_CRITICAL_AGE = 10 * 60 * 60 * 1000; // 10 hours
+const REFRESH_COOLDOWN = 60 * 60 * 1000;        // 1 hour between refresh attempts
+const USER_CACHE_MAX_SIZE = 500;
+const USER_CACHE_TTL = 60 * 60 * 1000;          // 1 hour
+
+const RETRYABLE_NETWORK_ERRORS = [
+  'ECONNRESET', 'ETIMEDOUT', 'ENOTFOUND', 'EAI_AGAIN',
+  'ECONNREFUSED', 'EPIPE', 'UND_ERR_CONNECT_TIMEOUT'
+];
+
+let lastRefreshAttempt = 0;
+
+// ============ LRU Cache with TTL ============
+
+class LRUCache {
+  constructor(maxSize = 500, ttlMs = 60 * 60 * 1000) {
+    this.maxSize = maxSize;
+    this.ttlMs = ttlMs;
+    this.cache = new Map();
+  }
+
+  get(key) {
+    const entry = this.cache.get(key);
+    if (!entry) return null;
+    if (Date.now() > entry.expiry) {
+      this.cache.delete(key);
+      return null;
+    }
+    // Move to end (most recently used)
+    this.cache.delete(key);
+    this.cache.set(key, entry);
+    return entry.value;
+  }
+
+  set(key, value) {
+    // Delete if exists (to update position)
+    this.cache.delete(key);
+    // Evict oldest if at capacity
+    if (this.cache.size >= this.maxSize) {
+      const firstKey = this.cache.keys().next().value;
+      this.cache.delete(firstKey);
+    }
+    this.cache.set(key, {
+      value,
+      expiry: Date.now() + this.ttlMs
+    });
+  }
+
+  has(key) {
+    return this.get(key) !== null;
+  }
+
+  get size() { return this.cache.size; }
+
+  clear() { this.cache.clear(); }
+
+  stats() {
+    return { size: this.cache.size, maxSize: this.maxSize, ttlMs: this.ttlMs };
+  }
+}
+
+// User cache with LRU + TTL
+const userCache = new LRUCache(USER_CACHE_MAX_SIZE, USER_CACHE_TTL);
+
+// ============ Token Health ============
+
+/**
+ * Check token health and attempt proactive refresh if needed
+ */
+export async function checkTokenHealth(logger = console) {
+  const silentLogger = { error: () => {}, warn: () => {}, log: () => {} };
+  const creds = loadTokens(false, silentLogger);
+
+  if (!creds) {
+    return { healthy: false, reason: 'no_tokens', message: 'No credentials found' };
+  }
+
+  const tokenAge = creds.updatedAt
+    ? Date.now() - new Date(creds.updatedAt).getTime()
+    : Infinity;
+  const ageHours = Math.round(tokenAge / (60 * 60 * 1000) * 10) / 10;
+
+  // Attempt proactive refresh if token is getting old
+  if (tokenAge > TOKEN_WARNING_AGE && Date.now() - lastRefreshAttempt > REFRESH_COOLDOWN) {
+    lastRefreshAttempt = Date.now();
+    logger.error?.(`Token is ${ageHours}h old, attempting proactive refresh...`);
+
+    const newTokens = extractFromChrome();
+    if (newTokens) {
+      saveTokens(newTokens.token, newTokens.cookie);
+      logger.error?.('Proactively refreshed tokens from Chrome');
+      return {
+        healthy: true,
+        refreshed: true,
+        age_hours: 0,
+        source: 'chrome-auto',
+        message: 'Tokens refreshed successfully'
+      };
+    } else {
+      logger.error?.('Could not refresh from Chrome (is Slack tab open?)');
+    }
+  }
+
+  return {
+    healthy: tokenAge < TOKEN_CRITICAL_AGE,
+    age_hours: ageHours,
+    warning: tokenAge > TOKEN_WARNING_AGE,
+    critical: tokenAge > TOKEN_CRITICAL_AGE,
+    source: creds.source,
+    updated_at: creds.updatedAt,
+    message: tokenAge > TOKEN_CRITICAL_AGE
+      ? 'Token may expire soon - open Slack in Chrome'
+      : tokenAge > TOKEN_WARNING_AGE
+        ? 'Token is getting old - will auto-refresh if Slack tab is open'
+        : 'Token is healthy'
+  };
+}
 
 /**
  * Make an authenticated Slack API call
+ * Features: auth retry, rate limit handling, network error retry
  */
 export async function slackAPI(method, params = {}, options = {}) {
   const { retryOnAuthFail = true, retryCount = 0, maxRetries = 3, logger = console } = options;
@@ -23,15 +144,40 @@ export async function slackAPI(method, params = {}, options = {}) {
     throw new Error("No credentials available. Run refresh-tokens.sh or open Slack in Chrome.");
   }
 
-  const response = await fetch(`https://slack.com/api/${method}`, {
-    method: "POST",
-    headers: {
-      "Authorization": `Bearer ${creds.token}`,
-      "Cookie": `d=${creds.cookie}`,
-      "Content-Type": "application/json; charset=utf-8",
-    },
-    body: JSON.stringify(params),
-  });
+  // Proactive token health check (non-blocking, only on first attempt)
+  if (retryCount === 0) {
+    checkTokenHealth({ error: () => {} }).catch(() => {});
+  }
+
+  let response;
+  try {
+    response = await fetch(`https://slack.com/api/${method}`, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${creds.token}`,
+        "Cookie": `d=${creds.cookie}`,
+        "Content-Type": "application/json; charset=utf-8",
+      },
+      body: JSON.stringify(params),
+    });
+  } catch (networkError) {
+    // Retry on network errors with exponential backoff + jitter
+    if (retryCount < maxRetries) {
+      const isRetryable = RETRYABLE_NETWORK_ERRORS.some(e =>
+        networkError.message?.includes(e) ||
+        networkError.code === e ||
+        networkError.cause?.code === e
+      );
+      if (isRetryable || networkError.message?.includes('fetch')) {
+        const backoff = Math.min(1000 * Math.pow(2, retryCount), 10000);
+        const jitter = Math.random() * 1000;
+        logger.error?.(`Network error on ${method}: ${networkError.message}, retry ${retryCount + 1}/${maxRetries} in ${Math.round(backoff + jitter)}ms`);
+        await sleep(backoff + jitter);
+        return slackAPI(method, params, { ...options, retryCount: retryCount + 1 });
+      }
+    }
+    throw networkError;
+  }
 
   const data = await response.json();
 
@@ -40,14 +186,15 @@ export async function slackAPI(method, params = {}, options = {}) {
     if (data.error === "ratelimited" && retryCount < maxRetries) {
       const retryAfter = parseInt(response.headers.get("Retry-After") || "5", 10);
       const backoff = Math.min(retryAfter * 1000, 30000) * (retryCount + 1);
-      logger.error(`Rate limited on ${method}, waiting ${backoff}ms before retry ${retryCount + 1}/${maxRetries}`);
-      await sleep(backoff);
+      const jitter = Math.random() * 1000;
+      logger.error?.(`Rate limited on ${method}, waiting ${Math.round(backoff + jitter)}ms before retry ${retryCount + 1}/${maxRetries}`);
+      await sleep(backoff + jitter);
       return slackAPI(method, params, { ...options, retryCount: retryCount + 1 });
     }
 
     // Handle auth errors with auto-retry
     if ((data.error === "invalid_auth" || data.error === "token_expired") && retryOnAuthFail) {
-      logger.error("Token expired, attempting Chrome auto-extraction...");
+      logger.error?.("Token expired, attempting Chrome auto-extraction...");
       const chromeTokens = extractFromChrome();
       if (chromeTokens) {
         saveTokens(chromeTokens.token, chromeTokens.cookie);
@@ -63,11 +210,13 @@ export async function slackAPI(method, params = {}, options = {}) {
 }
 
 /**
- * Resolve user ID to real name (with caching)
+ * Resolve user ID to real name (with LRU caching)
  */
 export async function resolveUser(userId, options = {}) {
   if (!userId) return "unknown";
-  if (userCache.has(userId)) return userCache.get(userId);
+
+  const cached = userCache.get(userId);
+  if (cached) return cached;
 
   try {
     const result = await slackAPI("users.info", { user: userId }, options);
@@ -75,6 +224,7 @@ export async function resolveUser(userId, options = {}) {
     userCache.set(userId, name);
     return name;
   } catch (e) {
+    // Cache the ID itself to avoid repeated failed lookups
     userCache.set(userId, userId);
     return userId;
   }
@@ -91,10 +241,7 @@ export function clearUserCache() {
  * Get user cache stats
  */
 export function getUserCacheStats() {
-  return {
-    size: userCache.size,
-    entries: Array.from(userCache.entries())
-  };
+  return userCache.stats();
 }
 
 /**

package/lib/token-store.js

@@ -8,17 +8,24 @@
  * 4. Chrome auto-extraction (fallback)
  */
 
-import { readFileSync, writeFileSync, existsSync } from "fs";
-import { homedir } from "os";
+import { readFileSync, writeFileSync, existsSync, renameSync, unlinkSync } from "fs";
+import { homedir, platform } from "os";
 import { join } from "path";
 import { execSync } from "child_process";
 
 const TOKEN_FILE = join(homedir(), ".slack-mcp-tokens.json");
 const KEYCHAIN_SERVICE = "slack-mcp-server";
 
-// ============ Keychain Storage ============
+// Platform detection
+const IS_MACOS = platform() === 'darwin';
+
+// Refresh lock to prevent concurrent extraction attempts
+let refreshInProgress = null;
+
+// ============ Keychain Storage (macOS only) ============
 
 export function getFromKeychain(key) {
+  if (!IS_MACOS) return null; // Keychain is macOS-only
   try {
     const result = execSync(
       `security find-generic-password -s "${KEYCHAIN_SERVICE}" -a "${key}" -w 2>/dev/null`,
@@ -31,6 +38,7 @@ export function getFromKeychain(key) {
 }
 
 export function saveToKeychain(key, value) {
+  if (!IS_MACOS) return false; // Keychain is macOS-only
   try {
     // Delete existing entry
     try {
@@ -61,21 +69,57 @@ export function getFromFile() {
   }
 }
 
+/**
+ * Atomic write to prevent file corruption from concurrent writes
+ */
+function atomicWriteSync(filePath, content) {
+  const tempPath = `${filePath}.${process.pid}.tmp`;
+  try {
+    writeFileSync(tempPath, content);
+    if (IS_MACOS || platform() === 'linux') {
+      try { execSync(`chmod 600 "${tempPath}"`); } catch {}
+    }
+    renameSync(tempPath, filePath); // Atomic on POSIX systems
+  } catch (e) {
+    // Clean up temp file on error
+    try { unlinkSync(tempPath); } catch {}
+    throw e;
+  }
+}
+
 export function saveToFile(token, cookie) {
   const data = {
     SLACK_TOKEN: token,
     SLACK_COOKIE: cookie,
     updated_at: new Date().toISOString()
   };
-  writeFileSync(TOKEN_FILE, JSON.stringify(data, null, 2));
-  try {
-    execSync(`chmod 600 "${TOKEN_FILE}"`);
-  } catch (e) { /* ignore on non-unix */ }
+  atomicWriteSync(TOKEN_FILE, JSON.stringify(data, null, 2));
 }
 
 // ============ Chrome Extraction ============
 
-export function extractFromChrome() {
+// Multiple localStorage paths Slack might use (for robustness)
+const SLACK_TOKEN_PATHS = [
+  // Current known path
+  `JSON.parse(localStorage.localConfig_v2).teams[Object.keys(JSON.parse(localStorage.localConfig_v2).teams)[0]].token`,
+  // Potential future paths
+  `JSON.parse(localStorage.localConfig_v3).teams[Object.keys(JSON.parse(localStorage.localConfig_v3).teams)[0]].token`,
+  // Redux store path (older Slack)
+  `JSON.parse(localStorage.getItem('reduxPersist:localConfig'))?.teams?.[Object.keys(JSON.parse(localStorage.getItem('reduxPersist:localConfig'))?.teams || {})[0]]?.token`,
+  // Direct boot data
+  `window.boot_data?.api_token`,
+];
+
+/**
+ * Extract tokens from Chrome (macOS only, uses AppleScript)
+ * Returns null on non-macOS platforms
+ */
+function extractFromChromeInternal() {
+  if (!IS_MACOS) {
+    // AppleScript/osascript is macOS-only
+    return null;
+  }
+
   try {
     // Extract cookie
     const cookieScript = `
@@ -96,13 +140,17 @@ export function extractFromChrome() {
 
     if (!cookie || !cookie.startsWith('xoxd-')) return null;
 
-    // Extract token
+    // Try multiple token extraction paths
+    const tokenPathsJS = SLACK_TOKEN_PATHS.map((path, i) =>
+      `try { var t${i} = ${path}; if (t${i}?.startsWith('xoxc-')) return t${i}; } catch(e) {}`
+    ).join(' ');
+
     const tokenScript = `
       tell application "Google Chrome"
         repeat with w in windows
           repeat with t in tabs of w
             if URL of t contains "slack.com" then
-              return execute t javascript "try{JSON.parse(localStorage.localConfig_v2).teams[Object.keys(JSON.parse(localStorage.localConfig_v2).teams)[0]].token}catch(e){''}"
+              return execute t javascript "(function() { ${tokenPathsJS} return ''; })()"
             end if
           end repeat
         end repeat
@@ -121,6 +169,32 @@ export function extractFromChrome() {
   }
 }
 
+/**
+ * Extract tokens from Chrome with mutex lock
+ * Prevents concurrent extraction attempts (race condition fix)
+ */
+export function extractFromChrome() {
+  // Simple mutex: if another extraction is running, skip this one
+  // This prevents race conditions from background + foreground refresh
+  if (refreshInProgress) {
+    return null; // Let the in-progress extraction complete
+  }
+
+  try {
+    refreshInProgress = true;
+    return extractFromChromeInternal();
+  } finally {
+    refreshInProgress = false;
+  }
+}
+
+/**
+ * Check if auto-refresh is available on this platform
+ */
+export function isAutoRefreshAvailable() {
+  return IS_MACOS;
+}
+
 // ============ Main Token Loader ============
 
 export function loadTokens(forceRefresh = false, logger = console) {