@jtalk22/slack-mcp 3.2.4 → 4.0.0

package/README.md

@@ -1,24 +1,28 @@
 # Slack MCP Server
 
 [![npm version](https://img.shields.io/npm/v/@jtalk22/slack-mcp)](https://www.npmjs.com/package/@jtalk22/slack-mcp)
-[![npm downloads](https://img.shields.io/npm/dm/@jtalk22/slack-mcp)](https://www.npmjs.com/package/@jtalk22/slack-mcp)
 [![MCP Registry](https://img.shields.io/badge/MCP_Registry-listed-blue)](https://registry.modelcontextprotocol.io)
 [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
 
-Give Claude your Slack. 16 self-hosted tools for channels, search, replies, reactions, unread triage, and user search. Self-host free or use Slack MCP Cloud for managed transport, credential handling, and support.
-
-## Verify & Proof
+Give your AI agent full Slack access. No app registration, no admin approval, no OAuth. One command, 16 tools, works with any MCP client.
 
 ```bash
 npx -y @jtalk22/slack-mcp --setup
-npx -y @jtalk22/slack-mcp@latest --version
-npx -y @jtalk22/slack-mcp@latest --doctor
-npx -y @jtalk22/slack-mcp@latest --status
 ```
 
-[20-second demo](https://jtalk22.github.io/slack-mcp-server/public/demo-video.html) · [Interactive demo](https://jtalk22.github.io/slack-mcp-server/public/demo.html) · [Latest release notes](https://github.com/jtalk22/slack-mcp-server/releases/latest) · [Release-day runbook](docs/LAUNCH-OPS.md) · [Deployment intake](https://github.com/jtalk22/slack-mcp-server/issues/new?template=deployment-intake.md) · [Support boundaries](docs/SUPPORT-BOUNDARIES.md)
+![demo](docs/images/demo-readme.gif)
+
+> **Ask Claude to catch you up on #engineering from the last 24 hours.** Search for that deployment thread from last week. Find every message mentioning the API key. Send a reply. All from your editor.
+
+[Interactive demo](https://jtalk22.github.io/slack-mcp-server/public/demo.html) · [Latest release](https://github.com/jtalk22/slack-mcp-server/releases/latest)
+
+## Why This Exists
+
+Slack's official MCP server requires a registered app, admin approval, and [doesn't work with Claude Code or GitHub Copilot](https://github.com/anthropics/claude-code/issues/30564) due to OAuth/DCR incompatibility. Screenshotting messages is not a workflow.
 
-[![Slack MCP proof surface](docs/images/demo-poster.png)](https://jtalk22.github.io/slack-mcp-server/public/demo-video.html)
+This server uses your browser's session tokens instead. If you can see it in Slack, your AI agent can see it too. No app install, no scopes, no admin.
+
+![OAuth vs Session](docs/images/diagram-oauth-comparison.svg)
 
 ## Tools
 
@@ -41,35 +45,19 @@ npx -y @jtalk22/slack-mcp@latest --status
 | `slack_remove_reaction` | Remove an emoji reaction from a message | **destructive** |
 | `slack_conversations_mark` | Mark a conversation as read | **destructive** |
 
-All tools carry [MCP safety annotations](https://modelcontextprotocol.io/specification/2025-03-26/server/tools#annotations): 12 read-only (`readOnlyHint: true`), 4 write-path (`destructiveHint: true`). Only `slack_send_message` is non-idempotent.
-
-\* `slack_refresh_tokens` modifies local token file only — no external Slack state.
-
-## Cloud
-
-Slack MCP Cloud provides 15 managed tools with hosted credential handling. Team adds 3 AI compound workflows for summaries, action items, and decisions.
-
-| Plan | Price | Includes |
-|------|-------|----------|
-| Solo | $19/mo | 15 standard tools, AES-256-GCM encrypted storage, 5K requests/mo |
-| Team | $49/mo | 15 standard + 3 AI compound tools, 3 workspaces, 25K requests/mo |
+12 read-only, 4 write-path. All carry [MCP safety annotations](https://modelcontextprotocol.io/specification/2025-03-26/server/tools#annotations).
 
-[Get Started](https://mcp.revasserlabs.com) · [Privacy Policy](https://mcp.revasserlabs.com/privacy) · [Support Boundaries](docs/SUPPORT-BOUNDARIES.md)
+\* `slack_refresh_tokens` modifies local token file only.
 
-For rollout help or managed deployment review, open a [deployment intake](https://github.com/jtalk22/slack-mcp-server/issues/new?template=deployment-intake.md). Reproducible bugs stay in standard issues; rollout requests belong in deployment intake.
+## Install
 
-## Install & Verify (Self-Hosted)
-
-**Runtime:** Node.js 20+
+**Node.js 20+**
 
 ```bash
 npx -y @jtalk22/slack-mcp --setup
-npx -y @jtalk22/slack-mcp@latest --version
-npx -y @jtalk22/slack-mcp@latest --doctor
-npx -y @jtalk22/slack-mcp@latest --status
 ```
 
-The setup wizard handles token extraction and validation automatically.
+The setup wizard handles token extraction and validation.
 
 <details>
 <summary><strong>Claude Desktop (macOS)</strong></summary>
@@ -114,7 +102,7 @@ Edit `%APPDATA%\Claude\claude_desktop_config.json`:
 </details>
 
 <details>
-<summary><strong>Claude Code CLI</strong></summary>
+<summary><strong>Claude Code</strong></summary>
 
 Add to `~/.claude.json`:
 
@@ -132,6 +120,41 @@ Add to `~/.claude.json`:
 
 </details>
 
+<details>
+<summary><strong>Cursor / Copilot / Other MCP clients</strong></summary>
+
+Any client that supports stdio MCP servers works. Add to your client's MCP config:
+
+```json
+{
+  "slack": {
+    "command": "npx",
+    "args": ["-y", "@jtalk22/slack-mcp"],
+    "env": {
+      "SLACK_TOKEN": "xoxc-your-token",
+      "SLACK_COOKIE": "xoxd-your-cookie"
+    }
+  }
+}
+```
+
+On macOS, tokens are auto-extracted from Chrome — `env` block is optional.
+
+</details>
+
+<details>
+<summary><strong>Claude Web / Remote MCP</strong></summary>
+
+For browser-based clients that can't run local processes, use the hosted HTTP endpoint:
+
+```
+https://mcp.revasserlabs.com/oauth/mcp
+```
+
+Add this as a remote MCP server in your client's settings. Transport: Streamable HTTP. Auth: OAuth 2.1 + PKCE.
+
+</details>
+
 <details>
 <summary><strong>Docker</strong></summary>
 
@@ -154,7 +177,19 @@ docker pull ghcr.io/jtalk22/slack-mcp-server:latest
 
 </details>
 
-Restart Claude after configuration. Full setup guide: [docs/SETUP.md](docs/SETUP.md)
+Restart your client after configuration. Full setup: [docs/SETUP.md](docs/SETUP.md)
+
+## How It Works
+
+Session tokens (`xoxc-` + `xoxd-`) from your browser. If you can see it in Slack, this server can see it too.
+
+**Token persistence** — four-layer fallback:
+1. Environment variables (`SLACK_TOKEN`, `SLACK_COOKIE`)
+2. Token file (`~/.slack-mcp-tokens.json`, chmod 600)
+3. macOS Keychain (encrypted)
+4. Chrome auto-extraction (macOS)
+
+Tokens expire. The server notices before you do — proactive health monitoring, automatic refresh on macOS, warnings when tokens age out. File writes are atomic (temp file → chmod → rename) to prevent corruption. Concurrent refresh attempts are mutex-locked.
 
 ## Hosted HTTP Mode
 
@@ -172,32 +207,31 @@ Details: [docs/DEPLOYMENT-MODES.md](docs/DEPLOYMENT-MODES.md)
 
 ## Troubleshooting
 
-**Tokens expired:** Run `npx -y @jtalk22/slack-mcp --setup` or use `slack_refresh_tokens` in Claude (macOS).
+**Tokens expired:** Run `npx -y @jtalk22/slack-mcp --setup` or use `slack_refresh_tokens` (macOS).
 
-**DMs not showing:** Use `slack_list_conversations` with `discover_dms=true` to force discovery.
+**DMs not showing:** Use `slack_list_conversations` with `discover_dms=true`.
 
-**Claude not seeing tools:** Verify JSON syntax in config, check logs at `~/Library/Logs/Claude/mcp*.log`, fully restart Claude (Cmd+Q).
+**Client not seeing tools:** Check JSON syntax in config, restart client fully.
 
 More: [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md)
 
 ## Docs
 
-- [Setup Guide](docs/SETUP.md) — Token extraction and configuration
-- [API Reference](docs/API.md) — All 16 tools with parameters and examples
-- [Deployment Modes](docs/DEPLOYMENT-MODES.md) — stdio, web, hosted HTTP, Cloudflare Worker
-- [Use Case Recipes](docs/USE_CASE_RECIPES.md) — 12 copy-paste prompts
-- [Troubleshooting](docs/TROUBLESHOOTING.md) — Common issues and fixes
-- [Compatibility](docs/COMPATIBILITY.md) — Client compatibility matrix
-- [Support Boundaries](docs/SUPPORT-BOUNDARIES.md) — Scope and response targets
-- [Docs Index](docs/INDEX.md) — Full documentation index
+- [Setup Guide](docs/SETUP.md)
+- [API Reference](docs/API.md)
+- [Architecture](docs/ARCHITECTURE.md)
+- [Deployment Modes](docs/DEPLOYMENT-MODES.md)
+- [Use Case Recipes](docs/USE_CASE_RECIPES.md)
+- [Troubleshooting](docs/TROUBLESHOOTING.md)
+- [Compatibility](docs/COMPATIBILITY.md)
 
 ## Security
 
-- Token files stored with `chmod 600` (owner-only)
-- macOS Keychain provides encrypted backup
+- Token files: `chmod 600` (owner-only)
+- macOS Keychain encrypted backup
 - Web server binds to localhost only
-- API keys are cryptographically random (`crypto.randomBytes`)
-- See [SECURITY.md](SECURITY.md) for vulnerability reporting
+- API keys: `crypto.randomBytes`
+- See [SECURITY.md](SECURITY.md)
 
 ## Contributing
 
@@ -209,4 +243,8 @@ MIT — See [LICENSE](LICENSE)
 
 ## Disclaimer
 
-This project accesses Slack's Web API using browser session credentials. It is not affiliated with or endorsed by Slack Technologies, Inc. Slack workspace administrators should review their acceptable use policies.
+Not affiliated with Slack Technologies, Inc. Uses browser session credentials — check your workspace's acceptable use policy.
+
+---
+
+Managed hosting available — [mcp.revasserlabs.com](https://mcp.revasserlabs.com)

package/docs/API.md

@@ -259,7 +259,7 @@ Get all replies in a thread.
   "messages": [
     {
       "ts": "1767368030.607599",
-      "user": "James Lambert",
+      "user": "Example User",
       "text": "Original message",
       "datetime": "2026-01-02T15:33:50.000Z",
       "is_parent": true

package/lib/public-metadata.js

@@ -9,13 +9,14 @@ export const RELEASE_VERSION = packageJson.version;
 export const PUBLIC_METADATA = Object.freeze({
   projectName: "slack-mcp-server",
   packageName: packageJson.name,
+  canonicalShortDescription: packageJson.description,
   canonicalRepoUrl: "https://github.com/jtalk22/slack-mcp-server",
   canonicalSiteUrl: "https://mcp.revasserlabs.com",
+  cloudPricingUrl: "https://mcp.revasserlabs.com/pricing",
+  cloudDocsUrl: "https://mcp.revasserlabs.com/docs",
+  cloudSecurityUrl: "https://mcp.revasserlabs.com/security",
+  cloudSupportUrl: "https://mcp.revasserlabs.com/support",
+  cloudStatusUrl: "https://mcp.revasserlabs.com/status",
   supportEmail: "support@revasserlabs.com",
-  privacyEmail: "privacy@revasserlabs.com",
   selfHostedToolCount: 16,
-  cloudManagedToolCount: 15,
-  teamAiWorkflowCount: 3,
-  cloudSoloPrice: "$19/mo",
-  cloudTeamPrice: "$49/mo",
 });

package/lib/public-pages.js

@@ -0,0 +1,139 @@
+import { readFileSync } from "node:fs";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+
+import { PUBLIC_METADATA } from "./public-metadata.js";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const ROOT = resolve(__dirname, "..");
+const TEMPLATE_DIR = resolve(ROOT, "templates", "public-pages");
+
+const GITHUB_PAGES_ROOT = "https://jtalk22.github.io/slack-mcp-server";
+const GITHUB_DOCS_ROOT = `${PUBLIC_METADATA.canonicalRepoUrl}/blob/main/docs`;
+const SOCIAL_IMAGE_URL = `${GITHUB_PAGES_ROOT}/docs/images/social-preview-v3.png`;
+const ICON_URL = `${GITHUB_PAGES_ROOT}/docs/assets/icon-512.png`;
+const NPM_URL = "https://www.npmjs.com/package/@jtalk22/slack-mcp";
+const RELEASES_URL = `${PUBLIC_METADATA.canonicalRepoUrl}/releases/latest`;
+const SETUP_URL = `${PUBLIC_METADATA.canonicalRepoUrl}/blob/main/docs/SETUP.md`;
+const DEMO_VIDEO_URL = `${GITHUB_PAGES_ROOT}/docs/videos/demo-claude-mobile-20s.mp4`;
+
+function template(name) {
+  return readFileSync(resolve(TEMPLATE_DIR, name), "utf8");
+}
+
+function replaceTokens(source, replacements) {
+  return source.replace(/\{\{([A-Z0-9_]+)\}\}/g, (match, key) => {
+    if (!(key in replacements)) {
+      throw new Error(`Missing template token: ${key}`);
+    }
+    return replacements[key];
+  });
+}
+
+function rootDecisionPanel() {
+  return `
+    <section class="stage" style="padding-top:0">
+      <div class="decision-grid" aria-label="Self-host info">
+        <article class="decision-card">
+          <span class="decision-label">Self-host</span>
+          <h2>${PUBLIC_METADATA.selfHostedToolCount} tools and full operator control.</h2>
+          <p>Session-based auth, stdio transport. Works with Claude, ChatGPT, Cursor, Copilot, Gemini, Windsurf, and any other MCP client.</p>
+          <ul>
+            <li>stdio, web, and Docker paths stay fully under your control</li>
+            <li>No OAuth app registration or admin approval needed</li>
+            <li>Token persistence with automatic refresh on macOS</li>
+          </ul>
+          <p class="decision-links"><a href="${SETUP_URL}">Setup guide</a> · <a href="${RELEASES_URL}">Latest release</a> · <a href="${NPM_URL}">npm</a></p>
+        </article>
+      </div>
+    </section>
+  `.trim();
+}
+
+function shareLinks() {
+  return `
+      <a href="${SETUP_URL}" rel="noopener">Install (\`--setup\`)</a>
+      <a href="${SETUP_URL}" rel="noopener">Verify (\`--version/--doctor/--status\`)</a>
+      <a href="${RELEASES_URL}" rel="noopener">Latest Release</a>
+      <a href="${GITHUB_PAGES_ROOT}/" rel="noopener">Autoplay Demo Landing</a>
+      <a href="${DEMO_VIDEO_URL}" rel="noopener">20s Mobile Clip</a>
+      <a href="${NPM_URL}" rel="noopener">npm Package</a>
+      <a href="${PUBLIC_METADATA.canonicalSiteUrl}" rel="noopener" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Cloud</a>
+    `.trim();
+}
+
+function shareNote() {
+  return `<strong>Verify in 30 seconds:</strong> <code>--version</code>, <code>--doctor</code>, <code>--status</code>. Self-host gives ${PUBLIC_METADATA.selfHostedToolCount} tools with session-based auth. Works with any MCP client — Claude, ChatGPT, Cursor, Copilot, Gemini, Windsurf. Managed hosting available at <a href="${PUBLIC_METADATA.canonicalSiteUrl}">mcp.revasserlabs.com</a>.`;
+}
+
+function demoLinks() {
+  return `
+      <a href="${PUBLIC_METADATA.canonicalSiteUrl}" target="_blank" rel="noopener noreferrer" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Cloud</a>
+      <a href="${NPM_URL}" target="_blank" rel="noopener noreferrer">npm Install</a>
+      <a href="${SETUP_URL}" target="_blank" rel="noopener noreferrer">Setup Guide</a>
+    `.trim();
+}
+
+function demoNote() {
+  return `Self-host free for ${PUBLIC_METADATA.selfHostedToolCount} tools with session-based auth. Works with Claude, ChatGPT, Cursor, Copilot, Gemini, Windsurf, and any other MCP client. No OAuth app, no admin approval. Managed hosting available at <a href="${PUBLIC_METADATA.canonicalSiteUrl}" target="_blank" rel="noopener noreferrer">mcp.revasserlabs.com</a>.`;
+}
+
+function demoFooterLinks() {
+  return `<a href="${PUBLIC_METADATA.canonicalRepoUrl}">GitHub</a> · <a href="${NPM_URL}" style="color:#94a3b8;text-decoration:none;font-size:0.875rem">npm</a> · <a href="${PUBLIC_METADATA.canonicalSiteUrl}" style="color:#f0c246;text-decoration:none;font-size:0.875rem">Cloud</a>`;
+}
+
+function commonTokens() {
+  return {
+    CANONICAL_SITE_URL: PUBLIC_METADATA.canonicalSiteUrl,
+    CLOUD_PRICING_URL: PUBLIC_METADATA.cloudPricingUrl,
+    CLOUD_WORKFLOWS_URL: PUBLIC_METADATA.canonicalSiteUrl + "/workflows",
+    CLOUD_OFFICIAL_COMPARISON_URL: PUBLIC_METADATA.canonicalSiteUrl + "/official-slack-mcp-vs-managed",
+    CLOUD_GEMINI_CLI_URL: PUBLIC_METADATA.canonicalSiteUrl + "/gemini-cli",
+    CLOUD_READINESS_URL: PUBLIC_METADATA.canonicalSiteUrl + "/readiness",
+    CLOUD_DOCS_URL: PUBLIC_METADATA.cloudDocsUrl,
+    CLOUD_SECURITY_URL: PUBLIC_METADATA.cloudSecurityUrl,
+    CLOUD_PROCUREMENT_URL: PUBLIC_METADATA.canonicalSiteUrl + "/procurement",
+    CLOUD_MARKETPLACE_READINESS_URL: PUBLIC_METADATA.canonicalSiteUrl + "/marketplace-readiness",
+    CLOUD_SUPPORT_URL: PUBLIC_METADATA.cloudSupportUrl,
+    CLOUD_DEPLOYMENT_URL: PUBLIC_METADATA.canonicalSiteUrl + "/deployment",
+    CLOUD_STATUS_URL: PUBLIC_METADATA.cloudStatusUrl,
+    CLOUD_SELF_HOST_URL: PUBLIC_METADATA.canonicalSiteUrl + "/self-host",
+    CLOUD_ACCOUNT_URL: PUBLIC_METADATA.canonicalSiteUrl + "/account",
+    GITHUB_REPO_URL: PUBLIC_METADATA.canonicalRepoUrl,
+    GITHUB_PAGES_ROOT,
+    GITHUB_DOCS_ROOT,
+    ICON_URL,
+    SOCIAL_IMAGE_URL,
+    NPM_URL,
+    RELEASES_URL,
+    SETUP_URL,
+    RELEASE_HEALTH_URL: RELEASES_URL,
+    VERSION_PARITY_URL: RELEASES_URL,
+    RUNBOOK_URL: SETUP_URL,
+    SELF_HOSTED_TOOL_COUNT: String(PUBLIC_METADATA.selfHostedToolCount),
+    CLOUD_MANAGED_TOOL_COUNT: "15",
+    TEAM_AI_WORKFLOW_COUNT: "3",
+    CLOUD_SOLO_PRICE: "$19/mo",
+    CLOUD_TEAM_PRICE: "$49/mo",
+    CLOUD_TURNKEY_LAUNCH_PRICE: "$2.5k+",
+    CLOUD_MANAGED_RELIABILITY_PRICE: "$800/mo+",
+    SUPPORT_EMAIL: PUBLIC_METADATA.supportEmail,
+    ROOT_DECISION_PANEL: rootDecisionPanel(),
+    SHARE_LINKS: shareLinks(),
+    SHARE_NOTE: shareNote(),
+    DEMO_LINKS: demoLinks(),
+    DEMO_NOTE: demoNote(),
+    DEMO_FOOTER_LINKS: demoFooterLinks(),
+  };
+}
+
+export function buildPublicPages() {
+  const tokens = commonTokens();
+  return {
+    "index.html": replaceTokens(template("index.html.tpl"), tokens),
+    "public/share.html": replaceTokens(template("share.html.tpl"), tokens),
+    "public/demo.html": replaceTokens(template("demo.html.tpl"), tokens),
+    "public/demo-video.html": replaceTokens(template("demo-video.html.tpl"), tokens),
+    "public/demo-claude.html": replaceTokens(template("demo-claude.html.tpl"), tokens),
+  };
+}

package/lib/token-store.js

@@ -8,7 +8,7 @@
  * 4. Chrome auto-extraction (fallback)
  */
 
-import { readFileSync, writeFileSync, existsSync, renameSync, unlinkSync } from "fs";
+import { readFileSync, writeFileSync, existsSync, renameSync, unlinkSync, chmodSync } from "fs";
 import { homedir, platform } from "os";
 import { join } from "path";
 import { execSync, execFileSync } from "child_process";
@@ -79,7 +79,7 @@ function atomicWriteSync(filePath, content) {
   try {
     writeFileSync(tempPath, content);
     if (IS_MACOS || platform() === 'linux') {
-      try { execSync(`chmod 600 "${tempPath}"`); } catch {}
+      try { chmodSync(tempPath, 0o600); } catch {}
     }
     renameSync(tempPath, filePath); // Atomic on POSIX systems
   } catch (e) {

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@jtalk22/slack-mcp",
   "mcpName": "io.github.jtalk22/slack-mcp-server",
-  "version": "3.2.4",
-  "description": "Session-based Slack MCP for Claude and MCP clients: local-first workflows, secure-default HTTP.",
+  "version": "4.0.0",
+  "description": "Slack MCP server. Session-based auth, 16 tools, stdio transport. Works with any MCP client.",
   "type": "module",
   "main": "src/server.js",
   "bin": {
@@ -25,19 +25,19 @@
     "tokens:clear": "node scripts/token-cli.js clear",
     "screenshot": "node scripts/capture-screenshots.js",
     "build:social-preview": "node scripts/build-social-preview.js",
+    "build:public-pages": "node scripts/generate-public-pages.js",
     "build:demo-mobile": "node scripts/build-mobile-demo.js",
     "build:demo-mobile:gif": "node scripts/build-mobile-demo.js --gif",
     "record-demo": "node scripts/record-demo.js",
     "social-preview:update": "node scripts/update-github-social-preview.js --headed",
     "cf:browser": "node scripts/cloudflare-browser-tool.js",
-    "metrics:release-health": "node scripts/collect-release-health.js",
-    "metrics:release-health:delta": "node scripts/build-release-health-delta.js",
-    "impact:push:v3": "node scripts/impact-push-v3.js --dry-run",
-    "impact:push:v3:apply": "node scripts/impact-push-v3.js --apply",
     "verify:attribution-guardrail": "node scripts/verify-attribution-guardrail.js",
+    "verify:public-pages": "node scripts/verify-generated-public-pages.js",
     "verify:version-parity": "node scripts/check-version-parity.js",
     "verify:public-surface": "node scripts/check-public-surface-integrity.js",
-    "verify:release-dry-run": "node scripts/release-preflight.js"
+    "verify:release-dry-run": "node scripts/release-preflight.js",
+    "smoke:browser": "node scripts/browser-smoke.js",
+    "smoke:browser:live": "node scripts/browser-smoke.js --mode live"
   },
   "keywords": [
     "claude",
@@ -51,7 +51,9 @@
     "mcp-server",
     "session-based",
     "claude-code",
+    "gemini-cli",
     "local-first",
+    "remote-mcp",
     "session-mirroring",
     "slack-mcp",
     "secure-by-default",
@@ -62,9 +64,9 @@
     "productivity"
   ],
   "author": {
-    "name": "James Lambert",
+    "name": "Revasser",
     "email": "support@revasserlabs.com",
-    "url": "https://github.com/jtalk22"
+    "url": "https://mcp.revasserlabs.com"
   },
   "license": "MIT",
   "repository": {

package/public/share.html

@@ -4,18 +4,19 @@
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <title>Slack MCP Server</title>
-  <meta name="description" content="Session-based Slack MCP for Claude. Local-first stdio/web with secure-default hosted HTTP in v3.">
+  <meta name="description" content="Session-based Slack MCP for Claude. Self-host locally or use the managed Cloud path with Gemini CLI support, pricing, security/procurement review, deployment review, and hosted credentials.">
   <meta property="og:type" content="website">
   <meta property="og:title" content="Slack MCP Server">
-  <meta property="og:description" content="Session-based Slack MCP for Claude. Self-host 16 tools for free or use Cloud for 15 managed tools and support.">
+  <meta property="og:description" content="Session-based Slack MCP for Claude. Self-host 16 tools for free or use Cloud for 15 managed tools, Gemini CLI support, security/procurement review, deployment review, and support.">
   <meta property="og:url" content="https://jtalk22.github.io/slack-mcp-server/public/share.html">
   <meta property="og:image" content="https://jtalk22.github.io/slack-mcp-server/docs/images/social-preview-v3.png">
   <meta property="og:image:width" content="1280">
   <meta property="og:image:height" content="640">
   <meta name="twitter:card" content="summary_large_image">
   <meta name="twitter:title" content="Slack MCP Server">
-  <meta name="twitter:description" content="Session-based Slack MCP for Claude. Self-host 16 tools for free or use Cloud for 15 managed tools and support.">
+  <meta name="twitter:description" content="Session-based Slack MCP for Claude. Self-host 16 tools for free or use Cloud for 15 managed tools, Gemini CLI support, security/procurement review, deployment review, and support.">
   <meta name="twitter:image" content="https://jtalk22.github.io/slack-mcp-server/docs/images/social-preview-v3.png">
+  <link rel="icon" href="https://jtalk22.github.io/slack-mcp-server/docs/assets/icon-512.png" type="image/png">
   <style>
     :root {
       --bg-1: #0b1436;
@@ -106,25 +107,23 @@
 <body>
   <main class="wrap">
     <h1>Slack MCP Server</h1>
-    <p class="sub">Give Claude full access to your Slack. Self-host 16 tools for free, or use Cloud for 15 managed tools with support and hosted credentials.</p>
+    <p class="sub">Give Claude full access to your Slack. Self-host 16 tools for free, or use Cloud for 15 managed tools, Gemini CLI support, hosted credentials, rollout support, and buyer-facing security review.</p>
 
     <a class="preview" href="https://github.com/jtalk22/slack-mcp-server" rel="noopener">
       <img src="https://jtalk22.github.io/slack-mcp-server/docs/images/social-preview-v3.png" alt="Slack MCP Server social preview card">
     </a>
 
     <div class="links">
-      <a href="https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SETUP.md" rel="noopener">Install (`--setup`)</a>
+<a href="https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SETUP.md" rel="noopener">Install (`--setup`)</a>
       <a href="https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SETUP.md" rel="noopener">Verify (`--version/--doctor/--status`)</a>
       <a href="https://github.com/jtalk22/slack-mcp-server/releases/latest" rel="noopener">Latest Release</a>
-      <a href="https://github.com/jtalk22/slack-mcp-server/issues/new?template=deployment-intake.md" rel="noopener">Deployment Intake</a>
-      <a href="https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SUPPORT-BOUNDARIES.md" rel="noopener">Support</a>
       <a href="https://jtalk22.github.io/slack-mcp-server/" rel="noopener">Autoplay Demo Landing</a>
       <a href="https://jtalk22.github.io/slack-mcp-server/docs/videos/demo-claude-mobile-20s.mp4" rel="noopener">20s Mobile Clip</a>
       <a href="https://www.npmjs.com/package/@jtalk22/slack-mcp" rel="noopener">npm Package</a>
       <a href="https://mcp.revasserlabs.com" rel="noopener" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Cloud</a>
     </div>
 
-    <p class="note"><strong>Verify in 30 seconds:</strong> <code>--version</code>, <code>--doctor</code>, <code>--status</code>. For rollout support, use deployment intake. Maintainer/operator: <code>jtalk22</code> (<code>support@revasserlabs.com</code>).</p>
+    <p class="note"><strong>Verify in 30 seconds:</strong> <code>--version</code>, <code>--doctor</code>, <code>--status</code>. Self-host gives 16 tools with session-based auth. Works with any MCP client — Claude, ChatGPT, Cursor, Copilot, Gemini, Windsurf. Managed hosting available at <a href="https://mcp.revasserlabs.com">mcp.revasserlabs.com</a>.</p>
   </main>
 </body>
 </html>

package/server.json

@@ -2,7 +2,7 @@
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
   "name": "io.github.jtalk22/slack-mcp-server",
   "title": "Slack MCP Server",
-  "description": "Session-based Slack MCP for Claude and MCP clients: local-first workflows, secure-default HTTP.",
+  "description": "Slack MCP server. Session-based auth, 16 tools, stdio transport. Works with any MCP client.",
   "websiteUrl": "https://mcp.revasserlabs.com",
   "icons": [
     {
@@ -17,7 +17,7 @@
     "url": "https://github.com/jtalk22/slack-mcp-server",
     "source": "github"
   },
-  "version": "3.2.4",
+  "version": "4.0.0",
   "remotes": [
     {
       "type": "streamable-http",
@@ -28,7 +28,7 @@
     {
       "registryType": "npm",
       "identifier": "@jtalk22/slack-mcp",
-      "version": "3.2.4",
+      "version": "4.0.0",
       "transport": {
         "type": "stdio"
       },

package/src/server.js

@@ -150,7 +150,7 @@ server.setRequestHandler(GetPromptRequestSchema, async (request) => {
     }
     case "summarize-channel": {
       const channelId = args?.channel_id || "";
-      const days = parseInt(args?.days) || 7;
+      const days = parseInt(args?.days, 10) || 7;
       const since = Math.floor(Date.now() / 1000) - (days * 24 * 60 * 60);
       return {
         messages: [

package/src/web-server.js

@@ -11,8 +11,7 @@ import express from "express";
 import { randomBytes } from "crypto";
 import { fileURLToPath } from "url";
 import { dirname, join } from "path";
-import { existsSync, readFileSync, writeFileSync } from "fs";
-import { execSync } from "child_process";
+import { existsSync, readFileSync, writeFileSync, chmodSync } from "fs";
 import { homedir } from "os";
 import { loadTokensReadOnly } from "../lib/token-store.js";
 import { PUBLIC_METADATA, RELEASE_VERSION } from "../lib/public-metadata.js";
@@ -60,7 +59,7 @@ function getOrCreateAPIKey() {
   const newKey = `smcp_${randomBytes(24).toString('base64url')}`;
   try {
     writeFileSync(API_KEY_FILE, newKey);
-    execSync(`chmod 600 "${API_KEY_FILE}"`);
+    chmodSync(API_KEY_FILE, 0o600);
   } catch {}
 
   return newKey;
@@ -98,6 +97,12 @@ app.use((req, res, next) => {
   next();
 });
 
+function safeParseInt(value, fallback, max = 10000) {
+  const n = parseInt(value, 10);
+  if (isNaN(n) || n < 1) return fallback;
+  return Math.min(n, max);
+}
+
 // API Key authentication
 function authenticate(req, res, next) {
   const authHeader = req.headers.authorization;
@@ -209,7 +214,7 @@ app.get("/conversations", authenticate, async (req, res) => {
   try {
     const result = await handleListConversations({
       types: req.query.types || "im,mpim",
-      limit: parseInt(req.query.limit) || 100
+      limit: safeParseInt(req.query.limit, 100)
     });
     res.json(extractContent(result));
   } catch (e) {
@@ -222,7 +227,7 @@ app.get("/conversations/unreads", authenticate, async (req, res) => {
   try {
     const result = await handleConversationsUnreads({
       types: req.query.types || "im,mpim,public_channel,private_channel",
-      limit: parseInt(req.query.limit) || 50
+      limit: safeParseInt(req.query.limit, 50)
     });
     res.json(extractContent(result));
   } catch (e) {
@@ -235,7 +240,7 @@ app.get("/conversations/:id/history", authenticate, async (req, res) => {
   try {
     const result = await handleConversationsHistory({
       channel_id: req.params.id,
-      limit: parseInt(req.query.limit) || 50,
+      limit: safeParseInt(req.query.limit, 50),
       oldest: req.query.oldest,
       latest: req.query.latest,
       resolve_users: req.query.resolve_users !== "false"
@@ -253,7 +258,7 @@ app.get("/conversations/:id/full", authenticate, async (req, res) => {
       channel_id: req.params.id,
       oldest: req.query.oldest,
       latest: req.query.latest,
-      max_messages: parseInt(req.query.max_messages) || 2000,
+      max_messages: safeParseInt(req.query.max_messages, 2000, 50000),
       include_threads: req.query.include_threads !== "false",
       output_file: req.query.output_file
     });
@@ -312,7 +317,7 @@ app.get("/search", authenticate, async (req, res) => {
     }
     const result = await handleSearchMessages({
       query: req.query.q,
-      count: parseInt(req.query.count) || 20
+      count: safeParseInt(req.query.count, 20)
     });
     res.json(extractContent(result));
   } catch (e) {
@@ -347,7 +352,7 @@ app.post("/messages", authenticate, async (req, res) => {
 app.get("/users", authenticate, async (req, res) => {
   try {
     const result = await handleListUsers({
-      limit: parseInt(req.query.limit) || 100
+      limit: safeParseInt(req.query.limit, 100)
     });
     res.json(extractContent(result));
   } catch (e) {
@@ -369,7 +374,7 @@ app.get("/users/search", authenticate, async (req, res) => {
     }
     const result = await handleUsersSearch({
       query: req.query.q,
-      limit: parseInt(req.query.limit) || 20
+      limit: safeParseInt(req.query.limit, 20)
     });
     res.json(extractContent(result));
   } catch (e) {
@@ -452,9 +457,9 @@ async function main() {
     console.error(`\n${"═".repeat(60)}`);
     console.error(`  Slack Web API Server v${RELEASE_VERSION}`);
     console.error(`${"═".repeat(60)}`);
-    console.error(`\n  Dashboard: http://localhost:${PORT}/?key=${API_KEY}`);
-    console.error(`\n  API Key:   ${API_KEY}`);
-    console.error(`\n  curl -H "Authorization: Bearer ${API_KEY}" http://localhost:${PORT}/health`);
+    console.error(`\n  Dashboard: http://localhost:${PORT}/?key=${API_KEY.slice(0, 8)}...`);
+    console.error(`\n  API Key:   ${API_KEY.slice(0, 8)}${"*".repeat(12)}`);
+    console.error(`\n  curl -H "Authorization: Bearer <key>" http://localhost:${PORT}/health`);
     console.error(`\n  Security: Bound to localhost only (127.0.0.1)`);
     console.error(`\n${"═".repeat(60)}\n`);
   });