@jtalk22/slack-mcp 3.1.0 → 3.2.0

package/docs/DEPLOYMENT-MODES.md

@@ -1,55 +0,0 @@
-# Deployment Modes
-
-Use this guide to choose the right operating mode before rollout.
-
-## Quick Chooser
-
-- Choose `stdio` for personal use in Claude Desktop/Claude Code.
-- Choose local `web` for browser workflows and manual Slack browsing.
-- Choose hosted HTTP only when you need remote execution and can handle token operations.
-- Choose Smithery/Worker only when your consumers require registry-hosted MCP transport.
-
-## Mode Matrix
-
-| Mode | Start Command | Best For | Auth Material | Exposure | Notes |
-|------|---------------|----------|---------------|----------|-------|
-| Local MCP (`stdio`) | `npx -y @jtalk22/slack-mcp` | Individual daily usage in Claude | `SLACK_TOKEN` + `SLACK_COOKIE` via token file/env | Local process | Lowest ops burden |
-| Local Web UI (`web`) | `npx -y @jtalk22/slack-mcp web` | Browser-first usage, manual search/send | Same as above + generated API key | `localhost` by default | Useful when MCP is not available |
-| Hosted MCP (`http`) | `node src/server-http.js` | Controlled hosted integration | Env-injected Slack token/cookie + HTTP bearer token | Remote endpoint | `/mcp` is bearer-protected by default; configure CORS allowlist |
-| Smithery/Worker | `wrangler deploy` + Smithery publish flow | Registry distribution for hosted consumers | Query/env token handoff | Remote endpoint | Keep worker version parity with npm release |
-
-## Team Deployment Guidance
-
-If you are deploying for more than one operator:
-
-1. Start with one maintainer on local `stdio`.
-2. Document token lifecycle and rotation ownership.
-3. Define support window and incident contact before enabling hosted mode.
-4. Validate `/health` and MCP initialize responses on every release.
-
-## Release Checklist by Mode
-
-### Local `stdio`
-
-1. `npx -y @jtalk22/slack-mcp --status`
-2. `npx -y @jtalk22/slack-mcp --help`
-3. Confirm tool list in Claude client.
-
-### Local `web`
-
-1. `npx -y @jtalk22/slack-mcp web`
-2. Verify API key generation at `~/.slack-mcp-api-key`.
-3. Verify `/health`, `/conversations`, and `/search` endpoints.
-
-### Hosted (`http` or Worker)
-
-1. Verify `version` parity across `package.json`, server metadata, and health responses.
-2. Verify HTTP auth behavior:
-   - missing `SLACK_MCP_HTTP_AUTH_TOKEN` returns `503`
-   - bad bearer token returns `401`
-   - valid bearer token succeeds
-3. Verify CORS behavior:
-   - denied by default
-   - allowed origins work when listed in `SLACK_MCP_HTTP_ALLOWED_ORIGINS`
-4. Confirm `slack_get_thread`, `slack_search_messages`, and `slack_users_info` behavior.
-5. Confirm token handling mode (ephemeral vs env persistence) is documented.

package/docs/HN-LAUNCH.md

@@ -1,72 +0,0 @@
-# HN Launch Kit (v3.0.0)
-
-Use this for Show HN and follow-up comments.
-
-## Title Options
-
-- `Show HN: Slack MCP Server v3.0.0 (secure-default hosted mode, local-first unchanged)`
-- `Show HN: Slack MCP Server v3.0.0 (session-based Slack access for MCP clients)`
-- `Show HN: Slack MCP Server v3.0.0 (hosted HTTP now auth-by-default)`
-
-## Main Post Draft
-
-```md
-Released `@jtalk22/slack-mcp@3.0.0`.
-
-This release keeps local session-mirroring intact (`stdio`, `web`) and hardens hosted HTTP defaults:
-- `/mcp` requires bearer auth by default
-- CORS requires explicit origin allowlisting
-- no MCP tool renames/removals
-- `--doctor` stays deterministic (`0/1/2/3`)
-- `--status` stays read-only
-
-Verify in 30 seconds:
-- `npx -y @jtalk22/slack-mcp@latest --version`
-- `npx -y @jtalk22/slack-mcp@latest --doctor`
-- `npx -y @jtalk22/slack-mcp@latest --status`
-
-Repo: https://github.com/jtalk22/slack-mcp-server
-npm: https://www.npmjs.com/package/@jtalk22/slack-mcp
-Release notes: https://github.com/jtalk22/slack-mcp-server/blob/main/.github/v3.0.0-release-notes.md
-Maintainer/operator: `jtalk22` (`james@revasser.nyc`)
-```
-
-## First Comment Draft
-
-```md
-Additional operator notes:
-- Local users (`stdio`, `web`) do not need migration.
-- Hosted users need `SLACK_MCP_HTTP_AUTH_TOKEN` and `SLACK_MCP_HTTP_ALLOWED_ORIGINS` configured.
-- Emergency local fallback is available via `SLACK_MCP_HTTP_INSECURE=1`.
-
-If something fails, include:
-- OS + Node version
-- runtime mode (`stdio|web|http|worker`)
-- exact command + output
-```
-
-## Reply Macros
-
-### Why not Slack OAuth?
-
-Session mirroring uses the access already present in the signed-in Slack web session, which is useful for operator workflows where a bot scope model is too limiting.
-
-### Is hosted required?
-
-No. Local-first use is still the default and fully supported.
-
-### Did the tool API change?
-
-No MCP tool names were removed or renamed in `v3.0.0`.
-
-### Why a major version?
-
-Hosted HTTP defaults changed to auth-by-default behavior, which can change existing hosted deployments.
-
-### What should users run first?
-
-```bash
-npx -y @jtalk22/slack-mcp@latest --version
-npx -y @jtalk22/slack-mcp@latest --doctor
-npx -y @jtalk22/slack-mcp@latest --status
-```

package/docs/INDEX.md

@@ -1,41 +0,0 @@
-# Documentation Index
-
-Start here for setup, compatibility checks, operations, and support.
-
-## Core
-
-- [Setup Guide](SETUP.md)
-- [Compatibility Matrix](COMPATIBILITY.md)
-- [API Reference](API.md)
-- [Web API Reference](WEB-API.md)
-- [Troubleshooting](TROUBLESHOOTING.md)
-
-## Operations
-
-- [Deployment Modes](DEPLOYMENT-MODES.md)
-- [Cloudflare Browser Toolkit](CLOUDFLARE-BROWSER-TOOLKIT.md)
-- [Use Case Recipes](USE_CASE_RECIPES.md)
-- [Support Boundaries](SUPPORT-BOUNDARIES.md)
-
-## Launch and Communication
-
-- [HN Launch Kit](HN-LAUNCH.md)
-- [Launch Copy (v3.0.0)](LAUNCH-COPY-v3.0.0.md)
-- [Launch Ops Runbook](LAUNCH-OPS.md)
-- [Capability Matrix](LAUNCH-MATRIX.md)
-- [Install Proof Block](INSTALL-PROOF.md)
-- [Release Notes (v3.0.0)](../.github/v3.0.0-release-notes.md)
-- [Communication Style](COMMUNICATION-STYLE.md)
-- [Changelog](../CHANGELOG.md)
-
-## Public Health
-
-- [Latest Public Health Snapshot](release-health/latest.md)
-- [Version Parity](release-health/version-parity.md)
-- [State of Union (2026-02-28)](release-health/state-of-union-2026-02-28.md)
-
-## Issue Intake
-
-- [Bug Report Template](../.github/ISSUE_TEMPLATE/bug_report.md)
-- [Feature Request Template](../.github/ISSUE_TEMPLATE/feature_request.md)
-- [Deployment Intake Template](../.github/ISSUE_TEMPLATE/deployment-intake.md)

package/docs/INSTALL-PROOF.md

@@ -1,18 +0,0 @@
-# Install Proof Block (v3.0.0)
-
-Use this command block in release notes, HN/X/Reddit follow-ups, and issue replies.
-
-```bash
-npx -y @jtalk22/slack-mcp@latest --version
-npx -y @jtalk22/slack-mcp@latest --doctor
-npx -y @jtalk22/slack-mcp@latest --status
-```
-
-Expected:
-- `--version` prints `slack-mcp-server v3.0.0`
-- `--doctor` exits with:
-  - `0` ready
-  - `1` missing credentials
-  - `2` invalid or expired credentials
-  - `3` runtime or connectivity issue
-- `--status` is read-only and does not trigger Chrome extraction.

package/docs/LAUNCH-COPY-v3.0.0.md

@@ -1,101 +0,0 @@
-# Launch Copy (v3.0.0)
-
-Canonical text blocks for GitHub release surfaces, listings, and operator updates.
-
-## Short Summary (Public)
-
-`@jtalk22/slack-mcp v3.0.0` is live. `v3.0.0` flips hosted `/mcp` from permissive to secure-default without breaking local workflows. Local-first operation stays unchanged (`stdio`, `web`) while hosted HTTP now requires bearer authentication (`SLACK_MCP_HTTP_AUTH_TOKEN`) and explicit origin allowlisting (`SLACK_MCP_HTTP_ALLOWED_ORIGINS`). The major version reflects this hosted behavior shift; MCP tool names remain stable. Diagnostics remain deterministic (`--doctor` returns `0|1|2|3`), and `--status` remains read-only. Public demo/media checks are now included in web verification so broken assets are caught before publish. Maintainer/operator: `jtalk22` (`james@revasser.nyc`).
-
-## GitHub Release Block
-
-````md
-`v3.0.0` flips hosted `/mcp` from permissive to secure-default without breaking local workflows.
-
-```bash
-npx -y @jtalk22/slack-mcp@latest --version
-npx -y @jtalk22/slack-mcp@latest --doctor
-npx -y @jtalk22/slack-mcp@latest --status
-```
-
-What changed:
-- `/mcp` requires bearer auth by default
-- CORS is origin-allowlist driven (`SLACK_MCP_HTTP_ALLOWED_ORIGINS`)
-- no MCP tool renames/removals
-- deterministic diagnostics are preserved
-````
-
-## Hosted Migration Block
-
-````md
-Hosted migration in under a minute:
-```bash
-export SLACK_TOKEN=xoxc-...
-export SLACK_COOKIE=xoxd-...
-export SLACK_MCP_HTTP_AUTH_TOKEN=change-this
-export SLACK_MCP_HTTP_ALLOWED_ORIGINS=https://claude.ai
-node src/server-http.js
-```
-
-Requests must include:
-`Authorization: Bearer <SLACK_MCP_HTTP_AUTH_TOKEN>`
-
-Emergency local fallback only:
-`SLACK_MCP_HTTP_INSECURE=1 node src/server-http.js`
-````
-
-## v3 Quick Proof Maintainer Comment
-
-````md
-Maintainer update:
-`v3.0.0` flips hosted `/mcp` from permissive to secure-default without breaking local workflows.
-
-```bash
-npx -y @jtalk22/slack-mcp@latest --version
-npx -y @jtalk22/slack-mcp@latest --doctor
-npx -y @jtalk22/slack-mcp@latest --status
-```
-
-Hosted migration in under a minute:
-```bash
-export SLACK_TOKEN=xoxc-...
-export SLACK_COOKIE=xoxd-...
-export SLACK_MCP_HTTP_AUTH_TOKEN=change-this
-export SLACK_MCP_HTTP_ALLOWED_ORIGINS=https://claude.ai
-node src/server-http.js
-```
-
-If you hit a blocker, include runtime mode + exact output.
-````
-
-## GitHub Discussion Announcement
-
-```md
-`v3.0.0` is published.
-
-- Hosted HTTP now enforces auth-by-default and explicit CORS policy.
-- Local-first paths (`stdio`, `web`) remain unchanged.
-- MCP tool names remain unchanged.
-
-If you hit a deployment blocker, open deployment intake and include runtime mode + exact output.
-```
-
-## Listing Snippet (awesome-mcp-servers / registries)
-
-```md
-Session-based Slack MCP server for local-first operators. `v3.0.0` hardens hosted HTTP defaults (bearer auth + origin allowlist) while keeping local tool contracts stable.
-```
-
-## Support Intake Snippet
-
-```md
-Need guided hosted deployment help?
-- Open deployment intake: `https://github.com/jtalk22/slack-mcp-server/issues/new?template=deployment-intake.md`
-- Continue in Discussions: `https://github.com/jtalk22/slack-mcp-server/discussions`
-- Support ongoing maintenance: `https://github.com/sponsors/jtalk22`, `https://ko-fi.com/jtalk22`, `https://buymeacoffee.com/jtalk22`
-```
-
-## Propagation Note
-
-Use when listing or registry caches lag:
-
-`Release is published. Metadata propagation is in progress as of <UTC timestamp>.`

package/docs/LAUNCH-MATRIX.md

@@ -1,22 +0,0 @@
-# Capability Matrix (v3.0.0)
-
-Comparison matrix for release notes and channel posts. Keep competitor references unnamed.
-
-| Capability | This Release (`v3.0.0`) | Typical Session-Based Alternatives |
-|---|---|---|
-| Read-only status checks | Enforced and verified in install flow | Often undocumented or mixed with refresh side effects |
-| Deterministic doctor exits | Enforced (`0/1/2/3`) with install-path coverage | Often ad-hoc or text-only |
-| Structured diagnostics | Shared fields in MCP/web error payloads | Mixed payload shapes |
-| Hosted HTTP auth default | Bearer required on `/mcp` by default | Often permissive by default |
-| Hosted HTTP CORS | Explicit allowlist (`SLACK_MCP_HTTP_ALLOWED_ORIGINS`) | Often wildcard/implicit |
-| Unknown token age handling | Explicit `unknown_age` semantics | Missing timestamp may appear as stale/failing |
-| Tool contract stability | No MCP tool rename/removal | Varies by release |
-| Local-first operator path | First-class (`stdio`, `web`) | Varies by runtime emphasis |
-| Version parity check | Scripted local/npm/registry report | Often manual |
-| Smithery/registry alignment | Metadata prepared in release wave | Often delayed post-release |
-
-## Usage Guidance
-
-1. Use this table in release notes and social threads.
-2. Do not name external projects.
-3. Keep claims tied to verifiable commands and docs.

package/docs/LAUNCH-OPS.md

@@ -1,71 +0,0 @@
-# Launch Ops Runbook (v3.0.0)
-
-This runbook defines launch-day monitoring and distribution for technical/operator channels (no X/Reddit dependency).
-
-## Same-Day Fanout Order (9 Channels)
-
-1. GitHub release page refresh (`v3.0.0` copy + install-proof block)
-2. npm parity confirm (`@jtalk22/slack-mcp@3.0.0`)
-3. MCP registry parity confirm (`3.0.0`)
-4. Smithery listing metadata/parity update (or timestamped propagation note)
-5. `awesome-mcp-servers` listing PR refresh
-6. Glama metadata sync and canonical link verification
-7. HN thread update comment (high-signal install proof + support path)
-8. GitHub Discussions announcement/support threads update
-9. GitHub Pages/docs surface publish + link verification
-
-## Monitoring Cadence
-
-- First 4 hours: every 30 minutes
-- Up to 24 hours: every 60 minutes
-
-Track:
-- install reports and blocker count
-- npm/MCP parity state
-- listing propagation status (Smithery/Glama)
-- inbound issue and discussion severity
-- hosted migration questions (`SLACK_MCP_HTTP_AUTH_TOKEN`, CORS allowlist)
-
-## Triage Rules
-
-P1 install blocker:
-- acknowledge within 30-60 minutes
-- provide immediate workaround
-- add fix to patch queue
-
-Non-blocking request:
-- acknowledge and route to issue/discussion template
-- provide timeline as best effort
-
-## Escalation Triggers
-
-1. If install failures exceed 3 unique reports in 24h:
-- pause outbound promotion
-- prioritize hotfix
-
-2. If support load exceeds 2 hours/day for 2 days:
-- switch to stability-only mode
-- defer non-critical requests
-
-## 24h / 48h / 72h Follow-Up
-
-24h:
-- publish release-health delta and short technical summary
-
-48h:
-- patch docs for top recurring setup questions
-
-72h:
-- ship `v3.0.1` only if launch defects are confirmed
-
-## Evidence Log
-
-Use:
-- local `output/release-health/launch-log-template.md` (private by default)
-
-Capture:
-- channel
-- UTC timestamp
-- URL or command evidence
-- action taken
-- observed result (`success|partial|blocked`)

package/docs/RELEASE-HEALTH.md

@@ -1,77 +0,0 @@
-# Release Health Tracking
-
-Operator telemetry is private-by-default in this repo.
-
-By default, release-health scripts write to local gitignored files under:
-
-- `output/release-health/`
-
-Use public docs output only when explicitly needed.
-
-## Snapshot (local default)
-
-```bash
-node scripts/collect-release-health.js
-```
-
-Outputs:
-
-- `output/release-health/latest.md`
-- `output/release-health/YYYY-MM-DD.md`
-
-Optional public output:
-
-```bash
-node scripts/collect-release-health.js --public
-```
-
-Outputs:
-
-- `docs/release-health/latest.md`
-- `docs/release-health/YYYY-MM-DD.md`
-
-## Version Parity (local default)
-
-```bash
-npm run verify:version-parity
-```
-
-Output:
-
-- `output/release-health/version-parity.md`
-
-Optional public output:
-
-```bash
-node scripts/check-version-parity.js --public
-```
-
-## Delta Report (local default)
-
-```bash
-node scripts/build-release-health-delta.js
-```
-
-Defaults:
-
-- `--after output/release-health/latest.md`
-- `--out output/release-health/automation-delta.md`
-
-## Prepublish Dry Run (local default)
-
-```bash
-npm run verify:release-dry-run
-```
-
-Output:
-
-- `output/release-health/prepublish-dry-run.md`
-
-## CI Workflow
-
-Workflow: `.github/workflows/release-health.yml`
-
-- collects local snapshots in `output/release-health/`
-- publishes workflow summary
-- uploads artifacts for maintainers
-- does not commit telemetry files back to the repo

package/docs/SUPPORT-BOUNDARIES.md

@@ -1,49 +0,0 @@
-# Support Boundaries
-
-This document sets expectations for issue triage, support scope, and rollout safety.
-
-## In Scope
-
-- Reproducible bugs in published release behavior.
-- Install and setup blockers for supported Node/runtime paths.
-- Regressions in existing tools (`slack_get_thread`, `slack_search_messages`, etc.).
-- Documentation corrections with clear technical evidence.
-
-## Out of Scope
-
-- Custom Slack policy/legal interpretation for a specific organization.
-- Workspace-specific data migrations or bespoke integrations.
-- Real-time operational support for third-party hosting providers.
-- Urgent production incident ownership for self-hosted external deployments.
-
-## Intake Requirements
-
-Include the following in every issue:
-
-1. Version (`npm view @jtalk22/slack-mcp version` output).
-2. Runtime mode (`stdio`, `web`, `http`, or Worker/Smithery).
-3. OS and Node version.
-4. Minimal reproduction steps and exact error text.
-5. Whether this blocks individual use or team rollout.
-
-## Response Windows (Best Effort)
-
-- Installation/blocker bugs: initial response target within 2 business days.
-- Non-blocking bugs: initial response target within 5 business days.
-- Feature requests: triaged in backlog batches.
-
-## Solo Maintainer Capacity Guardrail
-
-- Weekly support budget target: <= 2 hours/week.
-- If inbound support exceeds this cap, new feature work may be paused.
-- High-context requests may be deferred until reproducible artifacts are provided.
-
-## Security and Data Handling
-
-- Do not post raw tokens/cookies in issues.
-- Use redacted logs.
-- If credentials are exposed, rotate immediately and update issue with redaction.
-
-## Deployment Escalation Rule
-
-For team/hosted usage, open a deployment intake issue before broad rollout.

package/docs/USE_CASE_RECIPES.md

@@ -1,69 +0,0 @@
-# Use Case Recipes
-
-Copy and paste any prompt into your MCP client. Each recipe maps to existing tools and parameters.
-
-## 1) Fast Health Check
-
-Prompt:
-`Run slack_health_check and tell me if my workspace connection is valid.`
-
-## 2) Token Age and Cache Snapshot
-
-Prompt:
-`Run slack_token_status and summarize token age, health, and cache stats.`
-
-## 3) List Recent DMs
-
-Prompt:
-`Use slack_list_conversations with types="im,mpim" and limit=50. Return names and IDs.`
-
-## 4) Summarize a Channel for the Last 3 Days
-
-Prompt:
-`Use slack_conversations_history with channel_id="<CHANNEL_ID>", oldest="<UNIX_TS_3_DAYS_AGO>", limit=100, resolve_users=true, then summarize decisions and action items.`
-
-## 5) Pull a Full Thread
-
-Prompt:
-`Use slack_get_thread with channel_id="<CHANNEL_ID>" and thread_ts="<THREAD_TS>". Summarize timeline and owners.`
-
-## 6) Search for Decisions
-
-Prompt:
-`Use slack_search_messages with query="decision OR approved after:2026-01-01" and count=50. Group results by channel.`
-
-## 7) Find Messages from One Person
-
-Prompt:
-`Use slack_search_messages with query="from:@<USERNAME> after:2026-01-01" and count=30. Return top themes.`
-
-## 8) Export Conversation History
-
-Prompt:
-`Use slack_get_full_conversation with channel_id="<CHANNEL_ID>", max_messages=2000, include_threads=true, output_file="q1-export.json".`
-
-## 9) Lookup a User Profile
-
-Prompt:
-`Use slack_users_info with user_id="<USER_ID>" and return role, timezone, and status fields.`
-
-## 10) Send a Channel Update
-
-Prompt:
-`Use slack_send_message with channel_id="<CHANNEL_ID>" and text="Daily update: build passed, deploy at 4 PM ET."`
-
-## 11) Reply in a Thread
-
-Prompt:
-`Use slack_send_message with channel_id="<CHANNEL_ID>", thread_ts="<THREAD_TS>", text="Acknowledged. I will post follow-up logs in 30 minutes."`
-
-## 12) Directory Snapshot
-
-Prompt:
-`Use slack_list_users with limit=500. Return a compact list of users with admin/bot flags.`
-
-## Notes
-
-- Replace placeholders before running (`<CHANNEL_ID>`, `<THREAD_TS>`, `<USER_ID>`, `<USERNAME>`, timestamps).
-- Timestamp parameters are Unix seconds in string form.
-- For large workspaces, start with smaller limits, then expand.