@jtalk22/slack-mcp 3.2.0 → 3.2.1

package/README.md

@@ -5,267 +5,56 @@
 [![MCP Registry](https://img.shields.io/badge/MCP_Registry-v3.2.0-blue)](https://registry.modelcontextprotocol.io)
 [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
 
-Session-based Slack MCP for Claude and MCP clients. Local-first `stdio`/`web` with secure-default hosted HTTP in v3.
+Give Claude your Slack. 16 tools — read channels, search messages, send replies, react, manage unreads. Self-host free or Cloud from $19/mo.
 
-## Install + Verify
+## Tools
 
-```bash
-npx -y @jtalk22/slack-mcp --setup
-npx -y @jtalk22/slack-mcp@latest --version
-npx -y @jtalk22/slack-mcp@latest --doctor
-npx -y @jtalk22/slack-mcp@latest --status
-```
-
-[Setup guide](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SETUP.md) · [30-second verify reference](https://github.com/jtalk22/slack-mcp-server/blob/main/README.md#install--verify) · [Autoplay demo landing](https://jtalk22.github.io/slack-mcp-server/) · [Latest release](https://github.com/jtalk22/slack-mcp-server/releases/latest) · [npm package](https://www.npmjs.com/package/@jtalk22/slack-mcp)
-
-[![Live demo poster](https://jtalk22.github.io/slack-mcp-server/docs/images/demo-poster.png)](https://jtalk22.github.io/slack-mcp-server/public/demo-video.html)
-
-Motion proof: [20-second mobile clip](https://jtalk22.github.io/slack-mcp-server/docs/videos/demo-claude-mobile-20s.mp4) · [Live demo walkthrough](https://jtalk22.github.io/slack-mcp-server/public/demo-video.html) · [Share card](https://jtalk22.github.io/slack-mcp-server/public/share.html)
+| Tool | Description | Safety |
+|------|-------------|--------|
+| `slack_health_check` | Verify token validity and workspace info | read-only |
+| `slack_token_status` | Token age, health, and cache stats | read-only |
+| `slack_refresh_tokens` | Auto-extract fresh tokens from Chrome | read-only* |
+| `slack_list_conversations` | List DMs and channels | read-only |
+| `slack_conversations_history` | Get messages from a channel or DM | read-only |
+| `slack_get_full_conversation` | Export full history with threads | read-only |
+| `slack_search_messages` | Search across workspace | read-only |
+| `slack_get_thread` | Get thread replies | read-only |
+| `slack_users_info` | Get user details | read-only |
+| `slack_list_users` | List workspace users (paginated, 500+) | read-only |
+| `slack_users_search` | Search users by name, display name, or email | read-only |
+| `slack_conversations_unreads` | Get channels/DMs with unread messages | read-only |
+| `slack_send_message` | Send a message to any conversation | **destructive** |
+| `slack_add_reaction` | Add an emoji reaction to a message | **destructive** |
+| `slack_remove_reaction` | Remove an emoji reaction from a message | **destructive** |
+| `slack_conversations_mark` | Mark a conversation as read | **destructive** |
 
-Hosted migration note: `v3.1.0` keeps local `stdio`/`web` flows unchanged; hosted `/mcp` requires `SLACK_MCP_HTTP_AUTH_TOKEN` and `SLACK_MCP_HTTP_ALLOWED_ORIGINS`.
+All tools carry [MCP safety annotations](https://modelcontextprotocol.io/specification/2025-03-26/server/tools#annotations): 12 read-only (`readOnlyHint: true`), 4 write-path (`destructiveHint: true`). Only `slack_send_message` is non-idempotent.
 
-Maintainer/operator: `jtalk22` (`james@revasser.nyc`)  
-Release: [`v3.2.0`](https://github.com/jtalk22/slack-mcp-server/releases/tag/v3.2.0) · Notes: [v3.2.0 notes](https://github.com/jtalk22/slack-mcp-server/blob/main/.github/v3.2.0-release-notes.md) · Support: [deployment intake](https://github.com/jtalk22/slack-mcp-server/issues/new?template=deployment-intake.md)
+\* `slack_refresh_tokens` modifies local token file only — no external Slack state.
 
-If this saved you setup time, consider starring the repo. Maintenance support: [GitHub Sponsors](https://github.com/sponsors/jtalk22) · [Ko-fi](https://ko-fi.com/jtalk22) · [Buy Me a Coffee](https://buymeacoffee.com/jtalk22)
+## Cloud (Recommended)
 
-## v3.2.0 at a Glance
-
-- **16 tools** — added reactions, mark-as-read, unread inbox, and user search
-- All three transports (stdio, web, hosted HTTP) have full tool parity
-- No MCP tool renames or removals — fully backwards compatible
-
-## Slack MCP Cloud
-
-**No token management. No Docker. No Chrome extensions. One URL and you're connected.**
-
-Skip all local setup — paste one URL into Claude and get 16 Slack tools running in under 60 seconds. Encrypted token storage on Cloudflare's global edge (300+ PoPs). The only cloud-hosted session-based Slack MCP on the market.
+Skip all local setup. Paste one URL into Claude and get 16 Slack tools in 60 seconds. Encrypted token storage on Cloudflare's edge (300+ PoPs). OAuth 2.1 with PKCE S256.
 
 | Plan | Price | Includes |
 |------|-------|----------|
 | Solo | $19/mo | 16 standard tools, AES-256-GCM encrypted storage, 5K requests/mo |
 | Team | $49/mo | 16 standard + 3 AI compound tools, 3 workspaces, 25K requests/mo |
 
-[Get Your API Key](https://jtalk22.github.io/slack-mcp-server/cloud.html) — live in 60 seconds. [Privacy Policy](https://jtalk22.github.io/slack-mcp-server/privacy.html).
-
-### Cloud Usage Examples
-
-Once configured, ask Claude naturally:
-
-1. **Catch up on a channel** — *"Summarize what happened in #engineering this week"*
-   Uses `slack_list_conversations` → `slack_conversations_history` → Claude synthesis.
-
-2. **Find a decision** — *"What did the team decide about the API migration?"*
-   Uses `slack_search_messages` with query `"API migration"`, then `slack_get_thread` to pull full context.
-
-3. **Export a conversation** — *"Export my full DM history with Sarah including threads"*
-   Uses `slack_list_conversations` to resolve Sarah's DM ID → `slack_get_full_conversation` with `include_threads: true`.
-
-4. **Send a standup update** — *"Post my standup in #daily-standup: shipped auth refactor, reviewing PR #42 today"*
-   Uses `slack_send_message` to the target channel.
-
-5. **AI-powered action items** *(Team plan)* — *"What action items came out of #product-sync today?"*
-   Uses `slack_extract_action_items` to identify owners, deadlines, and commitments.
-
-## 60-Second Hosted Migration
-
-```bash
-export SLACK_TOKEN=xoxc-...
-export SLACK_COOKIE=xoxd-...
-export SLACK_MCP_HTTP_AUTH_TOKEN=change-this
-export SLACK_MCP_HTTP_ALLOWED_ORIGINS=https://claude.ai
-node src/server-http.js
-```
-
-Request with:
-
-```bash
-Authorization: Bearer <SLACK_MCP_HTTP_AUTH_TOKEN>
-```
-
-Emergency local fallback only:
-
-```bash
-SLACK_MCP_HTTP_INSECURE=1 node src/server-http.js
-```
-
-For guided hosted rollout requirements, open: [deployment intake](https://github.com/jtalk22/slack-mcp-server/issues/new?template=deployment-intake.md)
-
-### Why This Exists
-
-I built this because I was working with someone to help me manage a complex workload, and we kept hitting walls. They needed context from my messages—"what did X say about Y?"—and standard app/OAuth flows were too constrained for that workflow.
-
-Screenshotting messages is not a workflow.
-
-This server bridges the gap. It creates a secure, local bridge between Claude and your Slack web session. It gives your MCP client the same access **you** already have in the browser—search history, summarize threads, and retrieve prior context—without fighting the platform.
-
-![Slack MCP Server Web UI](https://jtalk22.github.io/slack-mcp-server/docs/images/demo-main.png)
-
----
-
-## Architecture: Local Session Mirroring
-
-Instead of authenticating as a bot, this server leverages your existing Chrome session credentials (macOS) or manual token injection (Linux/Windows). It mirrors your user access exactly—if you can see it in Slack, Claude can see it too.
-
-![Session Mirroring Flow](https://jtalk22.github.io/slack-mcp-server/docs/images/diagram-session-flow.svg)
-
-### Why Not OAuth?
+[Get Started](https://jtalk22.github.io/slack-mcp-server/cloud.html) · [Privacy Policy](https://jtalk22.github.io/slack-mcp-server/privacy.html)
 
-![OAuth vs Session Mirroring](https://jtalk22.github.io/slack-mcp-server/docs/images/diagram-oauth-comparison.svg)
-
-**Trade-off:** Session tokens expire every 1-2 weeks. Auto-refresh (macOS) or manual update keeps things running.
-
----
-
-## Features
-
-### Core Capabilities
-- **Read Any Message** - DMs, private channels, public channels
-- **Full Export** - Conversations with threads and resolved usernames
-- **Search** - Query across your entire workspace
-- **Send Messages** - DMs or channels, with thread support
-- **Reactions** - Add or remove emoji reactions on any message
-- **Unreads** - Priority-sorted unread inbox across all conversations
-- **User Directory** - List, search, and look up 500+ users with pagination
-
-### Stability
-- **Auto Token Refresh** - Extracts fresh tokens from Chrome automatically *(macOS only)*
-- **Atomic Writes** - File operations use temp-file-then-rename to prevent corruption
-- **Zombie Protection** - Background timers use `unref()` for clean process exit
-- **Race Condition Safety** - Mutex locks prevent concurrent token extraction
-- **Rate Limit Handling** - Exponential backoff with jitter
-
-### Tools
-| Tool | Description |
-|------|-------------|
-| `slack_health_check` | Verify token validity and workspace info |
-| `slack_token_status` | Detailed token age, health, and cache stats |
-| `slack_refresh_tokens` | Auto-extract fresh tokens from Chrome |
-| `slack_list_conversations` | List DMs/channels (with lazy discovery cache) |
-| `slack_conversations_history` | Get messages from a channel or DM |
-| `slack_get_full_conversation` | Export full history with threads |
-| `slack_search_messages` | Search across workspace |
-| `slack_send_message` | Send a message to any conversation |
-| `slack_get_thread` | Get thread replies |
-| `slack_users_info` | Get user details |
-| `slack_list_users` | List workspace users (paginated, 500+ supported) |
-| `slack_add_reaction` | Add an emoji reaction to a message |
-| `slack_remove_reaction` | Remove an emoji reaction from a message |
-| `slack_conversations_mark` | Mark a conversation as read up to a timestamp |
-| `slack_conversations_unreads` | Get channels/DMs with unread messages, priority-sorted |
-| `slack_users_search` | Search workspace users by name, display name, or email |
-
----
-
-## Quick Start
+## Install (Self-Hosted)
 
 **Runtime:** Node.js 20+
 
-### 30-Second Compatibility Check
-
-```bash
-npx -y @jtalk22/slack-mcp --setup
-npx -y @jtalk22/slack-mcp --doctor
-npx -y @jtalk22/slack-mcp --status
-```
-
-Expected:
-- `--setup` launches the interactive wizard
-- `--doctor` returns one clear next action with exit code:
-  - `0` ready
-  - `1` missing credentials
-  - `2` invalid/expired credentials
-  - `3` connectivity/runtime issue
-- `--status` is read-only and non-mutating
-
-Command reference: [HN launch kit](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/HN-LAUNCH.md)
-
-### Known Working Clients
-
-- Claude Desktop (macOS/Windows/Linux)
-- Claude Code CLI
-- Local browser mode (`web`)
-- Hosted Node runtime (`http`)
-- Cloudflare Worker / Smithery transport
-
-Compatibility matrix: [compatibility matrix](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/COMPATIBILITY.md)
-
-### Option A: npm (Recommended)
-
-```bash
-npm install -g @jtalk22/slack-mcp
-```
-
-### Option B: Clone Repository
-
-```bash
-git clone https://github.com/jtalk22/slack-mcp-server.git
-cd slack-mcp-server
-npm install
-```
-
-### Option C: Docker
-
-```bash
-docker pull ghcr.io/jtalk22/slack-mcp-server:latest
-```
-
-### Install Sanity (Clean Temp Directory)
-
-```bash
-tmpdir="$(mktemp -d)"
-cd "$tmpdir"
-npx -y @jtalk22/slack-mcp --version
-npx -y @jtalk22/slack-mcp --help
-npx -y @jtalk22/slack-mcp --status
-```
-
-Expected:
-- `--version` and `--help` exit `0`
-- `--status` exits non-zero until credentials are configured
-- `--status` is read-only and never attempts Chrome extraction
-
----
-
-## Configuration
-
-### Step 1: Get Your Tokens
-
-#### Setup Wizard (Recommended)
-
-The interactive setup wizard handles token extraction and validation automatically:
-
 ```bash
 npx -y @jtalk22/slack-mcp --setup
 ```
 
-- **macOS**: Auto-extracts tokens from Chrome (have Slack open in a tab)
-- **Linux/Windows**: Guides you through manual extraction step-by-step
-- Validates tokens against Slack API before saving
-- Stores tokens securely at `~/.slack-mcp-tokens.json`
+The setup wizard handles token extraction and validation automatically.
 
-#### Check Token Status
-
-```bash
-npx -y @jtalk22/slack-mcp --status
-```
-
-#### Alternative: Manual Token Scripts
-
-```bash
-# macOS auto-extraction
-npm run tokens:auto
-
-# Manual entry (all platforms)
-npm run tokens:refresh
-
-# Check health
-npm run tokens:status
-```
-
-### Step 2: Configure Claude
-
-#### Claude Desktop (macOS)
+<details>
+<summary><strong>Claude Desktop (macOS)</strong></summary>
 
 Edit `~/Library/Application Support/Claude/claude_desktop_config.json`:
 
@@ -280,7 +69,10 @@ Edit `~/Library/Application Support/Claude/claude_desktop_config.json`:
 }
 ```
 
-#### Claude Desktop (Windows)
+</details>
+
+<details>
+<summary><strong>Claude Desktop (Windows/Linux)</strong></summary>
 
 Edit `%APPDATA%\Claude\claude_desktop_config.json`:
 
@@ -299,9 +91,12 @@ Edit `%APPDATA%\Claude\claude_desktop_config.json`:
 }
 ```
 
-> **Note:** Windows/Linux users must provide tokens via `env` since auto-refresh is macOS-only.
+> Windows/Linux users must provide tokens via `env` since auto-refresh is macOS-only.
+
+</details>
 
-#### Claude Code (CLI)
+<details>
+<summary><strong>Claude Code CLI</strong></summary>
 
 Add to `~/.claude.json`:
 
@@ -317,9 +112,14 @@ Add to `~/.claude.json`:
 }
 ```
 
-Claude Code reads tokens from `~/.slack-mcp-tokens.json` automatically.
+</details>
 
-#### Docker Configuration
+<details>
+<summary><strong>Docker</strong></summary>
+
+```bash
+docker pull ghcr.io/jtalk22/slack-mcp-server:latest
+```
 
 ```json
 {
@@ -334,237 +134,61 @@ Claude Code reads tokens from `~/.slack-mcp-tokens.json` automatically.
 }
 ```
 
-### Step 3: Restart Claude
-
-Fully quit and reopen Claude. The Slack tools will appear.
-
----
-
-## Architecture
-
-### Token Persistence (4 Layers)
-
-```
-Priority 1: Environment Variables (SLACK_TOKEN, SLACK_COOKIE)
-    ↓ fallback
-Priority 2: Token File (~/.slack-mcp-tokens.json)
-    ↓ fallback
-Priority 3: macOS Keychain (encrypted)
-    ↓ fallback
-Priority 4: Chrome Auto-Extraction (macOS only)
-```
-
-### Stability Features
-
-#### Atomic Writes
-All file operations (tokens, DM cache) use atomic writes:
-```
-Write to temp file → chmod 600 → rename to target
-```
-This prevents JSON corruption if the process is killed mid-write.
-
-#### Zombie Process Protection
-Background refresh timers use `unref()`:
-```javascript
-const timer = setInterval(refreshTokens, 4 * 60 * 60 * 1000);
-timer.unref(); // Process can exit even if timer is pending
-```
-When Claude closes the MCP connection, the server exits cleanly.
-
-#### Race Condition Prevention
-A mutex lock prevents concurrent Chrome extractions:
-```javascript
-if (refreshInProgress) return null; // Skip if already refreshing
-refreshInProgress = true;
-try { return extractFromChromeInternal(); }
-finally { refreshInProgress = false; }
-```
-
----
-
-## Web UI (optional browser/local fallback)
-
-Claude now supports remote MCP connectors on paid plans. For claude.ai, the preferred path is adding a remote connector in Settings -> Connectors.
-
-Reference:
-- https://support.anthropic.com/en/articles/11995447-connectors-in-claude
-- https://support.anthropic.com/en/articles/11175166-about-custom-integrations-using-remote-mcp
-
-Use this Web UI when you want a local localhost dashboard, REST access, or a fallback workflow without remote connector hosting:
-
-```bash
-npm run web
-# Or: npx -y @jtalk22/slack-mcp web
-```
-
-**Magic Link:** The console prints a one-click URL with the API key embedded:
-
-```
-════════════════════════════════════════════════════════════
-  Slack Web API Server v3.2.0
-════════════════════════════════════════════════════════════
-
-  Dashboard: http://localhost:3000/?key=smcp_xxxxxxxxxxxx
-```
-
-Just click the link - no copy-paste needed. The key is saved to your browser and stripped from the URL for security.
-
-<details>
-<summary><strong>Screenshots</strong></summary>
-
-| DMs View | Channels View |
-|----------|---------------|
-| ![DMs](https://jtalk22.github.io/slack-mcp-server/docs/images/demo-main.png) | ![Channels](https://jtalk22.github.io/slack-mcp-server/docs/images/demo-channels.png) |
-
 </details>
 
----
+Restart Claude after configuration. Full setup guide: [docs/SETUP.md](docs/SETUP.md)
 
-## Hosted HTTP Mode (Secure Defaults)
+## Hosted HTTP Mode
 
-Use this mode only when you need a remote MCP endpoint:
+For remote MCP endpoints (Cloudflare Worker, VPS, etc.):
 
 ```bash
-SLACK_TOKEN=xoxc-...
-SLACK_COOKIE=xoxd-...
-SLACK_MCP_HTTP_AUTH_TOKEN=change-this
-SLACK_MCP_HTTP_ALLOWED_ORIGINS=https://claude.ai
+SLACK_TOKEN=xoxc-... \
+SLACK_COOKIE=xoxd-... \
+SLACK_MCP_HTTP_AUTH_TOKEN=change-this \
+SLACK_MCP_HTTP_ALLOWED_ORIGINS=https://claude.ai \
 node src/server-http.js
 ```
 
-Behavior:
-- `/mcp` requires `Authorization: Bearer <SLACK_MCP_HTTP_AUTH_TOKEN>` by default.
-- Cross-origin browser calls are denied unless origin is listed in `SLACK_MCP_HTTP_ALLOWED_ORIGINS`.
-- For local testing only, you can opt out with `SLACK_MCP_HTTP_INSECURE=1`.
-
----
-
-## Operations Guides
-
-- [Docs Index](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/INDEX.md) - One-click index for setup, API, troubleshooting, deployment, and support docs
-- [Deployment Modes](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/DEPLOYMENT-MODES.md) - Choose the right operating model (`stdio`, `web`, hosted HTTP, Smithery/Worker)
-- [Use Case Recipes](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/USE_CASE_RECIPES.md) - 12 copy/paste prompts mapped to current tool contracts
-- [Support Boundaries](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SUPPORT-BOUNDARIES.md) - Scope, response targets, and solo-maintainer capacity limits
-- [Release Health](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/RELEASE-HEALTH.md) - Track setup reliability and support-load targets through this release cycle
-
-If you're evaluating team rollout, start with [Deployment Modes](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/DEPLOYMENT-MODES.md) before exposing remote endpoints.
-
----
-
-## Getting Help Fast
-
-1. Run:
-   ```bash
-   npx -y @jtalk22/slack-mcp --version
-   npx -y @jtalk22/slack-mcp --doctor
-   ```
-2. If setup fails, run:
-   ```bash
-   npx -y @jtalk22/slack-mcp --setup
-   ```
-3. Open an issue with full environment details:
-   - [Bug Report Template](https://github.com/jtalk22/slack-mcp-server/issues/new?template=bug_report.md)
-   - [Deployment Intake Template](https://github.com/jtalk22/slack-mcp-server/issues/new?template=deployment-intake.md)
-4. For guided hosted rollout support:
-   - [GitHub Discussions](https://github.com/jtalk22/slack-mcp-server/discussions)
-5. Check scope and response targets:
-   - [Support Boundaries](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SUPPORT-BOUNDARIES.md)
-   - [Troubleshooting Guide](https://github.com/jtalk22/slack-mcp-server/blob/main/docs/TROUBLESHOOTING.md)
-
----
+Details: [docs/DEPLOYMENT-MODES.md](docs/DEPLOYMENT-MODES.md)
 
 ## Troubleshooting
 
-### Tokens Expired
-```bash
-# macOS: Auto-refresh from Chrome
-slack_refresh_tokens  # In Claude
-# Or: npm run tokens:auto
-
-# Package setup wizard
-npx -y @jtalk22/slack-mcp --setup
-
-# Linux/Windows: Manual update
-# Edit ~/.slack-mcp-tokens.json with fresh values
-```
-
-### DMs Not Showing
-Use `discover_dms: true` to force discovery:
-```
-slack_list_conversations with discover_dms=true
-```
-This caches DM channel IDs for 24 hours.
-
-### Chrome Extraction Fails
-- Chrome must be **running** (not minimized to Dock)
-- Slack tab must be open at `app.slack.com`
-- You must be logged in
-- In Chrome menu, enable `View > Developer > Allow JavaScript from Apple Events`
+**Tokens expired:** Run `npx -y @jtalk22/slack-mcp --setup` or use `slack_refresh_tokens` in Claude (macOS).
 
-### Claude Desktop Not Seeing Tools
-1. Verify JSON syntax in config file
-2. Check logs: `~/Library/Logs/Claude/mcp*.log`
-3. Fully restart Claude (Cmd+Q, then reopen)
+**DMs not showing:** Use `slack_list_conversations` with `discover_dms=true` to force discovery.
 
----
+**Claude not seeing tools:** Verify JSON syntax in config, check logs at `~/Library/Logs/Claude/mcp*.log`, fully restart Claude (Cmd+Q).
 
-## Project Structure
+More: [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md)
 
-```
-slack-mcp-server/
-├── src/
-│   ├── server.js         # MCP server (stdio transport)
-│   └── web-server.js     # REST API + Web UI
-├── lib/
-│   ├── token-store.js    # 4-layer persistence + atomic writes
-│   ├── slack-client.js   # API client, LRU cache, retry logic
-│   ├── tools.js          # MCP tool definitions
-│   └── handlers.js       # Tool implementations
-├── public/
-│   ├── index.html        # Web UI
-│   └── demo.html         # Interactive demo
-└── scripts/
-    └── token-cli.js      # Token management CLI
-```
+## Docs
 
----
+- [Setup Guide](docs/SETUP.md) — Token extraction and configuration
+- [API Reference](docs/API.md) — All 16 tools with parameters and examples
+- [Deployment Modes](docs/DEPLOYMENT-MODES.md) — stdio, web, hosted HTTP, Cloudflare Worker
+- [Use Case Recipes](docs/USE_CASE_RECIPES.md) — 12 copy-paste prompts
+- [Troubleshooting](docs/TROUBLESHOOTING.md) — Common issues and fixes
+- [Compatibility](docs/COMPATIBILITY.md) — Client compatibility matrix
+- [Support Boundaries](docs/SUPPORT-BOUNDARIES.md) — Scope and response targets
+- [Docs Index](docs/INDEX.md) — Full documentation index
 
 ## Security
 
 - Token files stored with `chmod 600` (owner-only)
 - macOS Keychain provides encrypted backup
 - Web server binds to localhost only
-- Never commit tokens to version control
 - API keys are cryptographically random (`crypto.randomBytes`)
-
----
-
-## Platform Support
-
-| Feature | macOS | Linux | Windows |
-|---------|-------|-------|---------|
-| MCP Server | Yes | Yes | Yes |
-| Token File | Yes | Yes | Yes |
-| Auto-Refresh from Chrome | Yes | No | No |
-| Keychain Storage | Yes | No | No |
-| Web UI | Yes | Yes | Yes |
-
----
+- See [SECURITY.md](SECURITY.md) for vulnerability reporting
 
 ## Contributing
 
 PRs welcome. Run `node --check` on modified files before submitting.
 
-If this project saves you setup time, consider starring the repository.
-
----
-
 ## License
 
-MIT - See LICENSE
-
----
+MIT — See [LICENSE](LICENSE)
 
 ## Disclaimer
 
-This project uses unofficial Slack APIs. Use at your own risk. Not affiliated with or endorsed by Slack Technologies.
+This project accesses Slack's Web API using browser session credentials. It is not affiliated with or endorsed by Slack Technologies, Inc. Slack workspace administrators should review their acceptable use policies.

package/docs/API.md

@@ -321,3 +321,137 @@ List all workspace users.
   ]
 }
 ```
+
+---
+
+### slack_add_reaction
+
+Add an emoji reaction to a message.
+
+**Parameters:**
+| Name | Type | Default | Description |
+|------|------|---------|-------------|
+| channel_id | string | *required* | Channel or DM ID |
+| timestamp | string | *required* | Message timestamp to react to |
+| reaction | string | *required* | Emoji name without colons (e.g. `thumbsup`, `heart`, `eyes`) |
+
+**Returns:**
+```json
+{
+  "status": "added",
+  "channel": "D063M4403MW",
+  "timestamp": "1767368030.607599",
+  "reaction": "thumbsup"
+}
+```
+
+---
+
+### slack_remove_reaction
+
+Remove an emoji reaction from a message.
+
+**Parameters:**
+| Name | Type | Default | Description |
+|------|------|---------|-------------|
+| channel_id | string | *required* | Channel or DM ID |
+| timestamp | string | *required* | Message timestamp |
+| reaction | string | *required* | Emoji name without colons |
+
+**Returns:**
+```json
+{
+  "status": "removed",
+  "channel": "D063M4403MW",
+  "timestamp": "1767368030.607599",
+  "reaction": "thumbsup"
+}
+```
+
+---
+
+### slack_conversations_mark
+
+Mark a conversation as read up to a specific message timestamp.
+
+**Parameters:**
+| Name | Type | Default | Description |
+|------|------|---------|-------------|
+| channel_id | string | *required* | Channel or DM ID to mark as read |
+| timestamp | string | *required* | Message timestamp to mark as read up to |
+
+**Returns:**
+```json
+{
+  "status": "marked",
+  "channel": "D063M4403MW",
+  "read_up_to": "1767368030.607599"
+}
+```
+
+---
+
+### slack_conversations_unreads
+
+Get channels and DMs with unread messages, sorted by unread count (highest first).
+
+**Parameters:**
+| Name | Type | Default | Description |
+|------|------|---------|-------------|
+| types | string | "im,mpim,public_channel,private_channel" | Comma-separated conversation types |
+| limit | number | 50 | Maximum conversations to return |
+
+**Returns:**
+```json
+{
+  "total_unread_conversations": 3,
+  "conversations": [
+    {
+      "id": "C05GPEVH7J9",
+      "name": "engineering",
+      "type": "public_channel",
+      "unread_count": 12,
+      "latest_ts": "1767368030.607599"
+    },
+    {
+      "id": "D063M4403MW",
+      "name": "Gwen Santos",
+      "type": "dm",
+      "unread_count": 5,
+      "latest_ts": "1767368025.123456"
+    }
+  ]
+}
+```
+
+---
+
+### slack_users_search
+
+Search workspace users by name, display name, or email. Case-insensitive partial match.
+
+**Parameters:**
+| Name | Type | Default | Description |
+|------|------|---------|-------------|
+| query | string | *required* | Search term to match against name, display name, real name, or email |
+| limit | number | 20 | Maximum results to return |
+
+**Returns:**
+```json
+{
+  "query": "gwen",
+  "count": 1,
+  "total_matches": 1,
+  "users": [
+    {
+      "id": "U05GPEVH7J9",
+      "name": "gwen",
+      "real_name": "Gwen Santos",
+      "display_name": "Gwen",
+      "email": "gwen@example.com",
+      "title": "Assistant",
+      "is_admin": false
+    }
+  ]
+}
+```

package/lib/tools.js

@@ -221,7 +221,7 @@ export const TOOLS = [
     annotations: {
       title: "Send Message",
       readOnlyHint: false,
-      destructiveHint: false,
+      destructiveHint: true,
       idempotentHint: false,
       openWorldHint: true
     }
@@ -293,7 +293,7 @@ export const TOOLS = [
     annotations: {
       title: "Add Reaction",
       readOnlyHint: false,
-      destructiveHint: false,
+      destructiveHint: true,
       idempotentHint: true,
       openWorldHint: true
     }
@@ -322,7 +322,7 @@ export const TOOLS = [
     annotations: {
       title: "Remove Reaction",
       readOnlyHint: false,
-      destructiveHint: false,
+      destructiveHint: true,
       idempotentHint: true,
       openWorldHint: true
     }
@@ -347,7 +347,7 @@ export const TOOLS = [
     annotations: {
       title: "Mark as Read",
       readOnlyHint: false,
-      destructiveHint: false,
+      destructiveHint: true,
       idempotentHint: true,
       openWorldHint: true
     }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@jtalk22/slack-mcp",
   "mcpName": "io.github.jtalk22/slack-mcp-server",
-  "version": "3.2.0",
+  "version": "3.2.1",
   "description": "Session-based Slack MCP for Claude and MCP clients: local-first workflows, secure-default HTTP.",
   "type": "module",
   "main": "src/server.js",

package/scripts/setup-wizard.js

@@ -392,7 +392,7 @@ async function runDoctor() {
 async function showHelp() {
   print(`${colors.bold}slack-mcp-server v${VERSION}${colors.reset}`);
   print();
-  print("Full Slack access for Claude via MCP. Session mirroring bypasses OAuth.");
+  print("Full Slack access for Claude via MCP.");
   print();
   print(`${colors.bold}Usage:${colors.reset}`);
   print("  npx -y @jtalk22/slack-mcp             Start MCP server (stdio)");