npm - @jtalk22/slack-mcp - Versions diffs - 3.2.5 → 4.1.0 - Mend

@jtalk22/slack-mcp 3.2.5 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/lib/public-pages.js CHANGED Viewed

@@ -15,10 +15,7 @@ const ICON_URL = `${GITHUB_PAGES_ROOT}/docs/assets/icon-512.png`;
 const NPM_URL = "https://www.npmjs.com/package/@jtalk22/slack-mcp";
 const RELEASES_URL = `${PUBLIC_METADATA.canonicalRepoUrl}/releases/latest`;
 const SETUP_URL = `${PUBLIC_METADATA.canonicalRepoUrl}/blob/main/docs/SETUP.md`;
-const RELEASE_HEALTH_URL = `${GITHUB_DOCS_ROOT}/release-health/latest.md`;
-const VERSION_PARITY_URL = `${GITHUB_DOCS_ROOT}/release-health/version-parity.md`;
-const RUNBOOK_URL = `${GITHUB_DOCS_ROOT}/LAUNCH-OPS.md`;
-const DEMO_VIDEO_URL = `${GITHUB_PAGES_ROOT}/docs/videos/demo-claude-mobile-20s.mp4`;
+const DEMO_VIDEO_URL = `${GITHUB_PAGES_ROOT}/docs/videos/demo-slack-mcp-mobile-20s.mp4`;
 function template(name) {
   return readFileSync(resolve(TEMPLATE_DIR, name), "utf8");
@@ -36,39 +33,17 @@ function replaceTokens(source, replacements) {
 function rootDecisionPanel() {
   return `
     <section class="stage" style="padding-top:0">
-      <div class="decision-grid" aria-label="Cloud versus self-host decision guide">
+      <div class="decision-grid" aria-label="Self-host info">
         <article class="decision-card">
           <span class="decision-label">Self-host</span>
-          <h2>16 tools and full operator control.</h2>
-          <p>Choose the open-source path if you want npm or Docker, local-first transport control, and direct ownership of token extraction, storage, and process management.</p>
+          <h2>${PUBLIC_METADATA.selfHostedToolCount} tools and full operator control.</h2>
+          <p>Session-based auth, stdio transport. Works with Claude, ChatGPT, Cursor, Copilot, Gemini, Windsurf, and any other MCP client.</p>
           <ul>
             <li>stdio, web, and Docker paths stay fully under your control</li>
-            <li>Best fit for local development, custom transport, or internal operator ownership</li>
-            <li>Proof surfaces: install guide, release health, and version parity remain public</li>
+            <li>No OAuth app registration or admin approval needed</li>
+            <li>Token persistence with automatic refresh on macOS</li>
           </ul>
-          <p class="decision-links"><a href="${SETUP_URL}">Setup guide</a> · <a href="${VERSION_PARITY_URL}">Version parity</a> · <a href="${RELEASE_HEALTH_URL}">Release health</a></p>
-        </article>
-        <article class="decision-card accent">
-          <span class="decision-label">Cloud</span>
-          <h2>${PUBLIC_METADATA.cloudManagedToolCount} managed tools, ${PUBLIC_METADATA.teamAiWorkflowCount} Team AI workflows.</h2>
-          <p>Choose Cloud if you want one remote endpoint, hosted credential handling, deployment review, and an operational support path instead of running the transport yourself. ${PUBLIC_METADATA.primaryClient} stays primary; ${PUBLIC_METADATA.secondaryClient} is supported as the second client path.</p>
-          <ul>
-            <li>Solo: ${PUBLIC_METADATA.cloudSoloPrice} for the managed endpoint and hosted credential handling</li>
-            <li>Team: ${PUBLIC_METADATA.cloudTeamPrice} and adds ${PUBLIC_METADATA.teamAiWorkflowCount} AI workflows</li>
-            <li>Turnkey Team Launch: from ${PUBLIC_METADATA.cloudTurnkeyLaunchPrice}; Managed Reliability: from ${PUBLIC_METADATA.cloudManagedReliabilityPrice}</li>
-          </ul>
-          <p class="decision-links"><a href="${PUBLIC_METADATA.tracked.pages.pricing}">Pricing</a> · <a href="${PUBLIC_METADATA.tracked.pages.workflows}">Workflows</a> · <a href="${PUBLIC_METADATA.tracked.pages.geminiCli}">Gemini CLI</a> · <a href="${PUBLIC_METADATA.tracked.pages.deployment}">Deployment review</a> · <a href="${PUBLIC_METADATA.tracked.pages.security}">Security</a></p>
-        </article>
-        <article class="decision-card">
-          <span class="decision-label">Buyer proof</span>
-          <h2>Technical trust surfaces stay public.</h2>
-          <p>The static Pages root shows npm, GitHub release, and hosted status together. The hosted site publishes <code>/status</code>, <code>/pricing</code>, <code>/docs</code>, <code>/security</code>, <code>/deployment</code>, <code>/support</code>, and <code>/account</code> as the operator-facing Cloud surface.</p>
-          <ul>
-            <li>GitHub Pages reads the hosted <code>/status</code> contract live</li>
-            <li>Registry, npm, runtime parity, and hosted funnel reporting are tracked in the public reports</li>
-            <li>Rollout and security questions route to hosted review surfaces instead of ad hoc GitHub issues</li>
-          </ul>
-          <p class="decision-links"><a href="${RUNBOOK_URL}">Runbook</a> · <a href="${PUBLIC_METADATA.cloudStatusUrl}">Raw status JSON</a> · <a href="${PUBLIC_METADATA.tracked.pages.procurement}">Procurement</a> · <a href="${PUBLIC_METADATA.tracked.pages.readiness}">Readiness</a> · <a href="${PUBLIC_METADATA.tracked.pages.pricing}">Plans & offers</a></p>
+          <p class="decision-links"><a href="${SETUP_URL}">Setup guide</a> · <a href="${RELEASES_URL}">Latest release</a> · <a href="${NPM_URL}">npm</a></p>
         </article>
       </div>
     </section>
@@ -80,65 +55,50 @@ function shareLinks() {
       <a href="${SETUP_URL}" rel="noopener">Install (\`--setup\`)</a>
       <a href="${SETUP_URL}" rel="noopener">Verify (\`--version/--doctor/--status\`)</a>
       <a href="${RELEASES_URL}" rel="noopener">Latest Release</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.pricing}" rel="noopener">Pricing</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.workflows}" rel="noopener">Workflows</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.geminiCli}" rel="noopener">Gemini CLI</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.docs}" rel="noopener">Cloud Docs</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.security}" rel="noopener">Security</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.procurement}" rel="noopener">Procurement</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.deployment}" rel="noopener">Deployment Review</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.support}" rel="noopener">Cloud Support</a>
-      <a href="${PUBLIC_METADATA.cloudUseCasesRootUrl}/support-triage?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Support Triage Use Case</a>
       <a href="${GITHUB_PAGES_ROOT}/" rel="noopener">Autoplay Demo Landing</a>
       <a href="${DEMO_VIDEO_URL}" rel="noopener">20s Mobile Clip</a>
       <a href="${NPM_URL}" rel="noopener">npm Package</a>
-      <a href="${PUBLIC_METADATA.canonicalSiteUrl}" rel="noopener" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Cloud</a>
+      <a href="${PUBLIC_METADATA.canonicalSiteUrl}" rel="noopener" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Hosted</a>
     `.trim();
 }
 function shareNote() {
-  return `<strong>Verify in 30 seconds:</strong> <code>--version</code>, <code>--doctor</code>, <code>--status</code>. Self-host gives ${PUBLIC_METADATA.selfHostedToolCount} tools and full operator control. Cloud starts at ${PUBLIC_METADATA.cloudSoloPrice} for ${PUBLIC_METADATA.cloudManagedToolCount} managed tools, deployment review, procurement-ready security, readiness guidance, and support. Team at ${PUBLIC_METADATA.cloudTeamPrice} adds ${PUBLIC_METADATA.teamAiWorkflowCount} AI workflows. ${PUBLIC_METADATA.primaryClient} is the primary path; ${PUBLIC_METADATA.secondaryClient} is supported on the hosted endpoint.`;
+  return `<strong>Verify in 30 seconds:</strong> <code>--version</code>, <code>--doctor</code>, <code>--status</code>. Self-host gives ${PUBLIC_METADATA.selfHostedToolCount} tools with session-based auth. Works with any MCP client — Claude, ChatGPT, Cursor, Copilot, Gemini, Windsurf. Hosted version coming soon at <a href="${PUBLIC_METADATA.canonicalSiteUrl}">mcp.revasserlabs.com</a>.`;
 }
 function demoLinks() {
   return `
-      <a href="${PUBLIC_METADATA.canonicalSiteUrl}" target="_blank" rel="noopener noreferrer" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Cloud</a>
+      <a href="${PUBLIC_METADATA.canonicalSiteUrl}" target="_blank" rel="noopener noreferrer" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Hosted</a>
       <a href="${NPM_URL}" target="_blank" rel="noopener noreferrer">npm Install</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.pricing}" target="_blank" rel="noopener noreferrer">Pricing</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.workflows}" target="_blank" rel="noopener noreferrer">Workflows</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.geminiCli}" target="_blank" rel="noopener noreferrer">Gemini CLI</a>
       <a href="${SETUP_URL}" target="_blank" rel="noopener noreferrer">Setup Guide</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.docs}" target="_blank" rel="noopener noreferrer">Cloud Docs</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.security}" target="_blank" rel="noopener noreferrer">Security</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.procurement}" target="_blank" rel="noopener noreferrer">Procurement</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.deployment}" target="_blank" rel="noopener noreferrer">Deployment Review</a>
-      <a href="${PUBLIC_METADATA.tracked.pages.support}" target="_blank" rel="noopener noreferrer">Cloud Support</a>
     `.trim();
 }
 function demoNote() {
-  return `Self-host free for ${PUBLIC_METADATA.selfHostedToolCount} tools and full transport control, or use <a href="${PUBLIC_METADATA.tracked.pages.pricing}" target="_blank" rel="noopener noreferrer">Cloud</a> for ${PUBLIC_METADATA.cloudManagedToolCount} managed tools, deployment review, procurement-ready security, and support. Solo starts at ${PUBLIC_METADATA.cloudSoloPrice}; Team at ${PUBLIC_METADATA.cloudTeamPrice} adds ${PUBLIC_METADATA.teamAiWorkflowCount} AI workflows. Turnkey Team Launch starts at ${PUBLIC_METADATA.cloudTurnkeyLaunchPrice}; Managed Reliability starts at ${PUBLIC_METADATA.cloudManagedReliabilityPrice}.`;
+  return `Self-host free for ${PUBLIC_METADATA.selfHostedToolCount} tools with session-based auth. Works with Claude, ChatGPT, Cursor, Copilot, Gemini, Windsurf, and any other MCP client. No OAuth app, no admin approval. Hosted version coming soon at <a href="${PUBLIC_METADATA.canonicalSiteUrl}" target="_blank" rel="noopener noreferrer">mcp.revasserlabs.com</a>.`;
 }
 function demoFooterLinks() {
-  return `<a href="${PUBLIC_METADATA.canonicalRepoUrl}">GitHub</a> · <a href="${PUBLIC_METADATA.tracked.pages.pricing}" style="color:#f0c246;text-decoration:none;font-size:0.875rem">Cloud Plans</a> · <a href="${PUBLIC_METADATA.tracked.pages.workflows}" style="color:#94a3b8;text-decoration:none;font-size:0.875rem">Workflows</a> · <a href="${PUBLIC_METADATA.tracked.pages.geminiCli}" style="color:#94a3b8;text-decoration:none;font-size:0.875rem">Gemini CLI</a> · <a href="${PUBLIC_METADATA.tracked.pages.security}" style="color:#94a3b8;text-decoration:none;font-size:0.875rem">Security</a> · <a href="${PUBLIC_METADATA.tracked.pages.deployment}" style="color:#94a3b8;text-decoration:none;font-size:0.875rem">Deployment Review</a> · <a href="${PUBLIC_METADATA.tracked.pages.support}" style="color:#94a3b8;text-decoration:none;font-size:0.875rem">Cloud Support</a> · <a href="${NPM_URL}" style="color:#94a3b8;text-decoration:none;font-size:0.875rem">npm</a>`;
+  return `<a href="${PUBLIC_METADATA.canonicalRepoUrl}">GitHub</a> · <a href="${NPM_URL}" style="color:#94a3b8;text-decoration:none;font-size:0.875rem">npm</a> · <a href="${PUBLIC_METADATA.canonicalSiteUrl}" style="color:#f0c246;text-decoration:none;font-size:0.875rem">Hosted</a>`;
 }
 function commonTokens() {
   return {
     CANONICAL_SITE_URL: PUBLIC_METADATA.canonicalSiteUrl,
-    CLOUD_PRICING_URL: PUBLIC_METADATA.tracked.pages.pricing,
-    CLOUD_WORKFLOWS_URL: PUBLIC_METADATA.tracked.pages.workflows,
-    CLOUD_GEMINI_CLI_URL: PUBLIC_METADATA.tracked.pages.geminiCli,
-    CLOUD_READINESS_URL: PUBLIC_METADATA.tracked.pages.readiness,
-    CLOUD_DOCS_URL: PUBLIC_METADATA.tracked.pages.docs,
-    CLOUD_SECURITY_URL: PUBLIC_METADATA.tracked.pages.security,
-    CLOUD_PROCUREMENT_URL: PUBLIC_METADATA.tracked.pages.procurement,
-    CLOUD_SUPPORT_URL: PUBLIC_METADATA.tracked.pages.support,
-    CLOUD_DEPLOYMENT_URL: PUBLIC_METADATA.tracked.pages.deployment,
+    CLOUD_PRICING_URL: PUBLIC_METADATA.cloudPricingUrl,
+    CLOUD_WORKFLOWS_URL: PUBLIC_METADATA.canonicalSiteUrl + "/workflows",
+    CLOUD_OFFICIAL_COMPARISON_URL: PUBLIC_METADATA.canonicalSiteUrl + "/official-slack-mcp-vs-managed",
+    CLOUD_GEMINI_CLI_URL: PUBLIC_METADATA.canonicalSiteUrl + "/gemini-cli",
+    CLOUD_READINESS_URL: PUBLIC_METADATA.canonicalSiteUrl + "/readiness",
+    CLOUD_DOCS_URL: PUBLIC_METADATA.cloudDocsUrl,
+    CLOUD_SECURITY_URL: PUBLIC_METADATA.cloudSecurityUrl,
+    CLOUD_PROCUREMENT_URL: PUBLIC_METADATA.canonicalSiteUrl + "/procurement",
+    CLOUD_MARKETPLACE_READINESS_URL: PUBLIC_METADATA.canonicalSiteUrl + "/marketplace-readiness",
+    CLOUD_SUPPORT_URL: PUBLIC_METADATA.cloudSupportUrl,
+    CLOUD_DEPLOYMENT_URL: PUBLIC_METADATA.canonicalSiteUrl + "/deployment",
     CLOUD_STATUS_URL: PUBLIC_METADATA.cloudStatusUrl,
-    CLOUD_SELF_HOST_URL: PUBLIC_METADATA.cloudSelfHostUrl,
-    CLOUD_ACCOUNT_URL: PUBLIC_METADATA.cloudAccountUrl,
+    CLOUD_SELF_HOST_URL: PUBLIC_METADATA.canonicalSiteUrl + "/self-host",
+    CLOUD_ACCOUNT_URL: PUBLIC_METADATA.canonicalSiteUrl + "/account",
     GITHUB_REPO_URL: PUBLIC_METADATA.canonicalRepoUrl,
     GITHUB_PAGES_ROOT,
     GITHUB_DOCS_ROOT,
@@ -147,16 +107,16 @@ function commonTokens() {
     NPM_URL,
     RELEASES_URL,
     SETUP_URL,
-    RELEASE_HEALTH_URL,
-    VERSION_PARITY_URL,
-    RUNBOOK_URL,
+    RELEASE_HEALTH_URL: RELEASES_URL,
+    VERSION_PARITY_URL: RELEASES_URL,
+    RUNBOOK_URL: SETUP_URL,
     SELF_HOSTED_TOOL_COUNT: String(PUBLIC_METADATA.selfHostedToolCount),
-    CLOUD_MANAGED_TOOL_COUNT: String(PUBLIC_METADATA.cloudManagedToolCount),
-    TEAM_AI_WORKFLOW_COUNT: String(PUBLIC_METADATA.teamAiWorkflowCount),
-    CLOUD_SOLO_PRICE: PUBLIC_METADATA.cloudSoloPrice,
-    CLOUD_TEAM_PRICE: PUBLIC_METADATA.cloudTeamPrice,
-    CLOUD_TURNKEY_LAUNCH_PRICE: PUBLIC_METADATA.cloudTurnkeyLaunchPrice,
-    CLOUD_MANAGED_RELIABILITY_PRICE: PUBLIC_METADATA.cloudManagedReliabilityPrice,
+    CLOUD_MANAGED_TOOL_COUNT: "15",
+    TEAM_AI_WORKFLOW_COUNT: "3",
+    CLOUD_SOLO_PRICE: "coming soon",
+    CLOUD_TEAM_PRICE: "coming soon",
+    CLOUD_TURNKEY_LAUNCH_PRICE: "contact us",
+    CLOUD_MANAGED_RELIABILITY_PRICE: "contact us",
     SUPPORT_EMAIL: PUBLIC_METADATA.supportEmail,
     ROOT_DECISION_PANEL: rootDecisionPanel(),
     SHARE_LINKS: shareLinks(),
@@ -174,6 +134,6 @@ export function buildPublicPages() {
     "public/share.html": replaceTokens(template("share.html.tpl"), tokens),
     "public/demo.html": replaceTokens(template("demo.html.tpl"), tokens),
     "public/demo-video.html": replaceTokens(template("demo-video.html.tpl"), tokens),
-    "public/demo-claude.html": replaceTokens(template("demo-claude.html.tpl"), tokens),
+    "public/demo-slack-mcp.html": replaceTokens(template("demo-slack-mcp.html.tpl"), tokens),
   };
 }

package/lib/token-store.js CHANGED Viewed

@@ -8,10 +8,11 @@
  * 4. Chrome auto-extraction (fallback)
  */
-import { readFileSync, writeFileSync, existsSync, renameSync, unlinkSync } from "fs";
-import { homedir, platform } from "os";
+import { readFileSync, writeFileSync, existsSync, renameSync, unlinkSync, chmodSync, copyFileSync, mkdtempSync } from "fs";
+import { homedir, platform, tmpdir } from "os";
 import { join } from "path";
-import { execSync, execFileSync } from "child_process";
+import { execFileSync } from "child_process";
+import { pbkdf2Sync, createDecipheriv } from "crypto";
 const TOKEN_FILE = join(homedir(), ".slack-mcp-tokens.json");
 const KEYCHAIN_SERVICE = "slack-mcp-server";
@@ -79,7 +80,7 @@ function atomicWriteSync(filePath, content) {
   try {
     writeFileSync(tempPath, content);
     if (IS_MACOS || platform() === 'linux') {
-      try { execSync(`chmod 600 "${tempPath}"`); } catch {}
+      try { chmodSync(tempPath, 0o600); } catch {}
     }
     renameSync(tempPath, filePath); // Atomic on POSIX systems
   } catch (e) {
@@ -102,32 +103,31 @@ export function saveToFile(token, cookie) {
 // Multiple localStorage paths Slack might use (for robustness)
 const SLACK_TOKEN_PATHS = [
-  // Current known path
   `JSON.parse(localStorage.localConfig_v2).teams[Object.keys(JSON.parse(localStorage.localConfig_v2).teams)[0]].token`,
-  // Potential future paths
   `JSON.parse(localStorage.localConfig_v3).teams[Object.keys(JSON.parse(localStorage.localConfig_v3).teams)[0]].token`,
-  // Redux store path (older Slack)
   `JSON.parse(localStorage.getItem('reduxPersist:localConfig'))?.teams?.[Object.keys(JSON.parse(localStorage.getItem('reduxPersist:localConfig'))?.teams || {})[0]]?.token`,
-  // Direct boot data
   `window.boot_data?.api_token`,
 ];
+// Chrome profile directories to search (in priority order)
+const CHROME_PROFILES = ['Default', 'Profile 1', 'Profile 2', 'Profile 3'];
 function normalizeExtractionError(error) {
   const raw = String(error?.message || error || "");
   if (raw.includes("Executing JavaScript through AppleScript is turned off")) {
     return {
       code: "apple_events_javascript_disabled",
-      message: "Chrome blocked JavaScript execution from Apple Events.",
-      detail: "Enable it in Chrome: View > Developer > Allow JavaScript from Apple Events."
+      message: "Chrome needs one setting enabled for token extraction.",
+      detail: "In Chrome: View > Developer > Allow JavaScript from Apple Events. Cookie extraction works without this — only the token needs it."
     };
   }
   if (raw.includes("Application isn't running") || raw.includes("Google Chrome got an error")) {
     return {
       code: "chrome_not_ready",
-      message: "Chrome is not ready for token extraction.",
-      detail: "Open Google Chrome with an active Slack tab at app.slack.com."
+      message: "Chrome is not running or has no windows open.",
+      detail: "Open Google Chrome with a Slack tab at app.slack.com."
     };
   }
@@ -139,6 +139,14 @@ function normalizeExtractionError(error) {
     };
   }
+  if (raw.includes("Chrome Safe Storage")) {
+    return {
+      code: "keychain_access_denied",
+      message: "Could not access Chrome's encryption key in Keychain.",
+      detail: "You may need to allow terminal access in System Settings > Privacy > Full Disk Access."
+    };
+  }
   return {
     code: "chrome_extraction_failed",
     message: "Chrome token extraction failed.",
@@ -147,13 +155,133 @@ function normalizeExtractionError(error) {
 }
 /**
- * Extract tokens from Chrome (macOS only, uses AppleScript)
- * Returns null on non-macOS platforms
+ * Extract the Slack session cookie from Chrome's encrypted cookie database.
+ * The `d` cookie is HttpOnly — JavaScript cannot access it via document.cookie.
+ * This reads Chrome's SQLite cookie store and decrypts using the Keychain-stored key.
+ */
+function extractCookieFromChromeDB() {
+  const chromeBase = join(homedir(), 'Library', 'Application Support', 'Google', 'Chrome');
+  // Find the first profile with a Slack d cookie
+  for (const profile of CHROME_PROFILES) {
+    const cookiesPath = join(chromeBase, profile, 'Cookies');
+    if (!existsSync(cookiesPath)) continue;
+    // Copy DB to temp location (Chrome holds a WAL lock on the original)
+    const tmpDir = mkdtempSync(join(tmpdir(), 'slack-mcp-'));
+    const tmpDb = join(tmpDir, 'Cookies');
+    try {
+      copyFileSync(cookiesPath, tmpDb);
+      // Query for the encrypted d cookie
+      const queryResult = execFileSync('sqlite3', [
+        tmpDb,
+        "SELECT hex(encrypted_value) FROM cookies WHERE host_key LIKE '%.slack.com%' AND name = 'd' LIMIT 1;"
+      ], { encoding: 'utf-8', timeout: 5000 }).trim();
+      // Clean up temp files
+      try { unlinkSync(tmpDb); unlinkSync(tmpDir); } catch {}
+      if (!queryResult) continue;
+      // Convert hex back to buffer
+      const encrypted = Buffer.from(queryResult, 'hex');
+      if (encrypted.length < 4) continue;
+      // Get Chrome Safe Storage password from Keychain
+      const safeStoragePassword = execFileSync('security', [
+        'find-generic-password', '-s', 'Chrome Safe Storage', '-w'
+      ], { encoding: 'utf-8', timeout: 5000 }).trim();
+      // Chrome macOS cookies: v10 prefix + AES-128-CBC
+      const prefix = encrypted.subarray(0, 3).toString('utf-8');
+      if (prefix !== 'v10') continue;
+      const ciphertext = encrypted.subarray(3);
+      // Derive key: PBKDF2-SHA1, 1003 iterations, salt 'saltysalt', 16-byte key
+      const key = pbkdf2Sync(safeStoragePassword, 'saltysalt', 1003, 16, 'sha1');
+      const iv = Buffer.alloc(16, ' '); // 16 space characters
+      const decipher = createDecipheriv('aes-128-cbc', key, iv);
+      let decrypted;
+      try {
+        decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+      } catch {
+        continue; // Decryption failed for this profile, try next
+      }
+      // Find xoxd- in decrypted data (Chrome prepends internal metadata bytes)
+      const text = decrypted.toString('utf-8');
+      const xoxdIndex = text.indexOf('xoxd-');
+      if (xoxdIndex < 0) continue;
+      return text.substring(xoxdIndex);
+    } catch (e) {
+      // Clean up on error and try next profile
+      try { unlinkSync(tmpDb); } catch {}
+      try { unlinkSync(tmpDir); } catch {}
+      continue;
+    }
+  }
+  return null;
+}
+/**
+ * Extract Slack token from Chrome via AppleScript (reads localStorage).
+ * Uses strict URL matching to avoid hitting non-Slack tabs.
+ */
+function extractTokenFromChrome() {
+  // Prefer /client URLs (active workspace), fall back to any app.slack.com
+  const urlChecks = [
+    'URL of t starts with "https://app.slack.com/client"',
+    'URL of t starts with "https://app.slack.com"',
+  ];
+  const tokenPathsJS = SLACK_TOKEN_PATHS.map((path, i) =>
+    `try { var t${i} = ${path}; if (t${i} && t${i}.startsWith('xoxc-')) return t${i}; } catch(e) {}`
+  ).join(' ');
+  for (const urlCheck of urlChecks) {
+    try {
+      const script = `tell application "Google Chrome"
+  repeat with w in windows
+    repeat with t in tabs of w
+      if ${urlCheck} then
+        return execute t javascript "(function() { ${tokenPathsJS} return ''; })()"
+      end if
+    end repeat
+  end repeat
+  return ""
+end tell`;
+      const token = execFileSync('osascript', ['-e', script], {
+        encoding: 'utf-8', timeout: 8000
+      }).trim();
+      if (token && token.startsWith('xoxc-')) return token;
+    } catch {
+      continue;
+    }
+  }
+  return null;
+}
+/**
+ * Extract tokens from Chrome (macOS only).
+ *
+ * Token: AppleScript executes JS in Chrome to read localStorage (requires
+ *   "Allow JavaScript from Apple Events" in Chrome > View > Developer).
+ * Cookie: Reads Chrome's encrypted SQLite cookie database directly. The `d`
+ *   session cookie is HttpOnly and cannot be accessed via document.cookie.
+ *   Decryption uses the Chrome Safe Storage key from macOS Keychain.
  */
 function extractFromChromeInternal() {
   lastExtractionError = null;
   if (!IS_MACOS) {
-    // AppleScript/osascript is macOS-only
     lastExtractionError = {
       code: "unsupported_platform",
       message: "Chrome auto-extraction is only available on macOS.",
@@ -162,68 +290,51 @@ function extractFromChromeInternal() {
     return null;
   }
+  // Extract cookie from Chrome's encrypted cookie database
+  let cookie;
   try {
-    // Extract cookie
-    const cookieScript = `
-      tell application "Google Chrome"
-        repeat with w in windows
-          repeat with t in tabs of w
-            if URL of t contains "slack.com" then
-              return execute t javascript "document.cookie.split('; ').find(c => c.startsWith('d='))?.split('=')[1] || ''"
-            end if
-          end repeat
-        end repeat
-        return ""
-      end tell
-    `;
-    const cookie = execSync(`osascript -e '${cookieScript.replace(/'/g, "'\"'\"'")}'`, {
-      encoding: 'utf-8', timeout: 5000
-    }).trim();
-    if (!cookie || !cookie.startsWith('xoxd-')) {
-      lastExtractionError = {
-        code: "cookie_not_found",
-        message: "Could not extract Slack cookie from Chrome.",
-        detail: "Ensure a logged-in Slack tab is open at app.slack.com."
-      };
-      return null;
-    }
+    cookie = extractCookieFromChromeDB();
+  } catch (e) {
+    lastExtractionError = normalizeExtractionError(e);
+    return null;
+  }
+  if (!cookie) {
+    lastExtractionError = {
+      code: "cookie_not_found",
+      message: "Could not extract Slack session cookie from Chrome.",
+      detail: "Ensure you are logged into Slack at app.slack.com in Chrome."
+    };
+    return null;
+  }
-    // Try multiple token extraction paths
-    const tokenPathsJS = SLACK_TOKEN_PATHS.map((path, i) =>
-      `try { var t${i} = ${path}; if (t${i}?.startsWith('xoxc-')) return t${i}; } catch(e) {}`
-    ).join(' ');
-    const tokenScript = `
-      tell application "Google Chrome"
-        repeat with w in windows
-          repeat with t in tabs of w
-            if URL of t contains "slack.com" then
-              return execute t javascript "(function() { ${tokenPathsJS} return ''; })()"
-            end if
-          end repeat
-        end repeat
-        return ""
-      end tell
-    `;
-    const token = execSync(`osascript -e '${tokenScript.replace(/'/g, "'\"'\"'")}'`, {
-      encoding: 'utf-8', timeout: 5000
-    }).trim();
-    if (!token || !token.startsWith('xoxc-')) {
+  // Extract token via AppleScript (localStorage)
+  let token;
+  try {
+    token = extractTokenFromChrome();
+  } catch (e) {
+    lastExtractionError = normalizeExtractionError(e);
+    // If we got the cookie but not the token, give a specific error
+    if (cookie && !token) {
       lastExtractionError = {
-        code: "token_not_found",
-        message: "Could not extract Slack token from Chrome.",
-        detail: "Refresh Slack in Chrome and retry extraction."
+        code: "apple_events_javascript_disabled",
+        message: "Cookie extracted, but token extraction requires a Chrome setting.",
+        detail: "In Chrome: View > Developer > Allow JavaScript from Apple Events. Then retry."
       };
-      return null;
     }
+    return null;
+  }
-    return { token, cookie };
-  } catch (e) {
-    lastExtractionError = normalizeExtractionError(e);
+  if (!token) {
+    lastExtractionError = {
+      code: "token_not_found",
+      message: "Could not extract Slack token from Chrome.",
+      detail: "Ensure a Slack workspace is open in Chrome (not just the landing page). If Chrome blocks AppleScript, enable View > Developer > Allow JavaScript from Apple Events."
+    };
     return null;
   }
+  return { token, cookie };
 }
 /**

package/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "@jtalk22/slack-mcp",
   "mcpName": "io.github.jtalk22/slack-mcp-server",
-  "version": "3.2.5",
-  "description": "Claude-first Slack MCP for self-host or managed Cloud, with Gemini CLI, deployment review, and secure-default HTTP.",
+  "version": "4.1.0",
+  "description": "Slack MCP without OAuth — no app registration, no admin approval. Works with Claude Code, Cursor, Copilot (where the official server doesn't). 16 tools, one command.",
   "type": "module",
   "main": "src/server.js",
   "bin": {
@@ -30,11 +30,8 @@
     "build:demo-mobile:gif": "node scripts/build-mobile-demo.js --gif",
     "record-demo": "node scripts/record-demo.js",
     "social-preview:update": "node scripts/update-github-social-preview.js --headed",
+    "bookmarklet": "node scripts/generate-bookmarklet.js",
     "cf:browser": "node scripts/cloudflare-browser-tool.js",
-    "metrics:release-health": "node scripts/collect-release-health.js",
-    "metrics:release-health:delta": "node scripts/build-release-health-delta.js",
-    "impact:push:v3": "node scripts/impact-push-v3.js --dry-run",
-    "impact:push:v3:apply": "node scripts/impact-push-v3.js --apply",
     "verify:attribution-guardrail": "node scripts/verify-attribution-guardrail.js",
     "verify:public-pages": "node scripts/verify-generated-public-pages.js",
     "verify:version-parity": "node scripts/check-version-parity.js",
@@ -65,7 +62,14 @@
     "slack-integration",
     "ai-agents",
     "automation",
-    "productivity"
+    "productivity",
+    "oauth-free",
+    "no-admin-approval",
+    "cursor",
+    "copilot",
+    "windsurf",
+    "codex-cli",
+    "stealth-mode"
   ],
   "author": {
     "name": "Revasser",

package/public/index.html CHANGED Viewed

@@ -255,7 +255,7 @@
   <div class="container">
     <h1>Slack Web API <span id="status" class="status"></span></h1>
     <div style="background:rgba(240,194,70,0.08);border:1px solid rgba(240,194,70,0.2);border-radius:8px;padding:8px 14px;margin-bottom:16px;display:flex;align-items:center;justify-content:space-between;flex-wrap:wrap;gap:8px;font-size:13px;color:#d4c48a">
-      <span>Skip local setup? <strong style="color:#f0c246">Slack MCP Cloud</strong> gives you 15 managed tools with one URL. Team adds 3 AI workflows.</span>
+      <span>Hosted version coming soon — <strong style="color:#f0c246">permanent OAuth, semantic search, AI summaries</strong></span>
       <a href="https://mcp.revasserlabs.com" style="color:#f0c246;font-weight:600;text-decoration:none;white-space:nowrap" target="_blank">Learn more &rarr;</a>
     </div>
     <div class="grid">

package/public/share.html CHANGED Viewed

@@ -4,17 +4,17 @@
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <title>Slack MCP Server</title>
-  <meta name="description" content="Session-based Slack MCP for Claude. Self-host locally or use the managed Cloud path with Gemini CLI support, pricing, security/procurement review, deployment review, and hosted credentials.">
+  <meta name="description" content="No OAuth. No admin. 16 Slack tools for Claude, Cursor, Copilot, Gemini, and any MCP client. One command: npx -y @jtalk22/slack-mcp --setup">
   <meta property="og:type" content="website">
-  <meta property="og:title" content="Slack MCP Server">
-  <meta property="og:description" content="Session-based Slack MCP for Claude. Self-host 16 tools for free or use Cloud for 15 managed tools, Gemini CLI support, security/procurement review, deployment review, and support.">
+  <meta property="og:title" content="Slack MCP Server — No OAuth, no admin, just your browser session">
+  <meta property="og:description" content="Slack's official MCP needs OAuth + admin. This one uses your browser session. 16 tools, works with Claude, Cursor, Copilot, Gemini.">
   <meta property="og:url" content="https://jtalk22.github.io/slack-mcp-server/public/share.html">
   <meta property="og:image" content="https://jtalk22.github.io/slack-mcp-server/docs/images/social-preview-v3.png">
   <meta property="og:image:width" content="1280">
   <meta property="og:image:height" content="640">
   <meta name="twitter:card" content="summary_large_image">
-  <meta name="twitter:title" content="Slack MCP Server">
-  <meta name="twitter:description" content="Session-based Slack MCP for Claude. Self-host 16 tools for free or use Cloud for 15 managed tools, Gemini CLI support, security/procurement review, deployment review, and support.">
+  <meta name="twitter:title" content="Slack MCP Server — No OAuth, no admin, just your browser session">
+  <meta name="twitter:description" content="16 tools for Claude, Cursor, Copilot, Gemini. npx -y @jtalk22/slack-mcp --setup">
   <meta name="twitter:image" content="https://jtalk22.github.io/slack-mcp-server/docs/images/social-preview-v3.png">
   <link rel="icon" href="https://jtalk22.github.io/slack-mcp-server/docs/assets/icon-512.png" type="image/png">
   <style>
@@ -107,7 +107,7 @@
 <body>
   <main class="wrap">
     <h1>Slack MCP Server</h1>
-    <p class="sub">Give Claude full access to your Slack. Self-host 16 tools for free, or use Cloud for 15 managed tools, Gemini CLI support, hosted credentials, rollout support, and buyer-facing security review.</p>
+    <p class="sub">Give Claude full access to your Slack. Self-host 16 tools for free. Hosted version with semantic search, AI summaries, and permanent OAuth coming soon.</p>
     <a class="preview" href="https://github.com/jtalk22/slack-mcp-server" rel="noopener">
       <img src="https://jtalk22.github.io/slack-mcp-server/docs/images/social-preview-v3.png" alt="Slack MCP Server social preview card">
@@ -117,22 +117,13 @@
 <a href="https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SETUP.md" rel="noopener">Install (`--setup`)</a>
       <a href="https://github.com/jtalk22/slack-mcp-server/blob/main/docs/SETUP.md" rel="noopener">Verify (`--version/--doctor/--status`)</a>
       <a href="https://github.com/jtalk22/slack-mcp-server/releases/latest" rel="noopener">Latest Release</a>
-      <a href="https://mcp.revasserlabs.com/pricing?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Pricing</a>
-      <a href="https://mcp.revasserlabs.com/workflows?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Workflows</a>
-      <a href="https://mcp.revasserlabs.com/gemini-cli?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Gemini CLI</a>
-      <a href="https://mcp.revasserlabs.com/docs?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Cloud Docs</a>
-      <a href="https://mcp.revasserlabs.com/security?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Security</a>
-      <a href="https://mcp.revasserlabs.com/procurement?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Procurement</a>
-      <a href="https://mcp.revasserlabs.com/deployment?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Deployment Review</a>
-      <a href="https://mcp.revasserlabs.com/support?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Cloud Support</a>
-      <a href="https://mcp.revasserlabs.com/use-cases/support-triage?utm_source=github&utm_medium=pages&utm_campaign=slack_mcp_cloud" rel="noopener">Support Triage Use Case</a>
       <a href="https://jtalk22.github.io/slack-mcp-server/" rel="noopener">Autoplay Demo Landing</a>
-      <a href="https://jtalk22.github.io/slack-mcp-server/docs/videos/demo-claude-mobile-20s.mp4" rel="noopener">20s Mobile Clip</a>
+      <a href="https://jtalk22.github.io/slack-mcp-server/docs/videos/demo-slack-mcp-mobile-20s.mp4" rel="noopener">20s Mobile Clip</a>
       <a href="https://www.npmjs.com/package/@jtalk22/slack-mcp" rel="noopener">npm Package</a>
-      <a href="https://mcp.revasserlabs.com" rel="noopener" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Cloud</a>
+      <a href="https://mcp.revasserlabs.com" rel="noopener" style="background:rgba(240,194,70,0.18);border-color:rgba(240,194,70,0.45);color:#f0c246">Hosted</a>
     </div>
-    <p class="note"><strong>Verify in 30 seconds:</strong> <code>--version</code>, <code>--doctor</code>, <code>--status</code>. Self-host gives 16 tools and full operator control. Cloud starts at $19/mo for 15 managed tools, deployment review, procurement-ready security, readiness guidance, and support. Team at $49/mo adds 3 AI workflows. Claude is the primary path; Gemini CLI is supported on the hosted endpoint.</p>
+    <p class="note"><strong>Verify in 30 seconds:</strong> <code>--version</code>, <code>--doctor</code>, <code>--status</code>. Self-host gives 16 tools with session-based auth. Works with any MCP client — Claude, ChatGPT, Cursor, Copilot, Gemini, Windsurf. Hosted version coming soon at <a href="https://mcp.revasserlabs.com">mcp.revasserlabs.com</a>.</p>
   </main>
 </body>
 </html>