slack-max-api-mcp 1.0.12 → 1.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -2
- package/config/operations.json +32 -0
- package/package.json +1 -1
- package/src/slack-mcp-server.js +1225 -43
package/README.md
CHANGED
|
@@ -9,9 +9,9 @@ Operations-first Slack MCP server for Codex/Claude Code over `stdio`.
|
|
|
9
9
|
|
|
10
10
|
## Tool exposure
|
|
11
11
|
|
|
12
|
-
- `operations` (default):
|
|
12
|
+
- `operations` (default): 21 operations-first tools only
|
|
13
13
|
- `developer`: operations tools + `gateway_*` + core Slack API tools
|
|
14
|
-
- `legacy`: fixed core tools + optional catalog method tools
|
|
14
|
+
- `legacy`: fixed core tools + optional catalog method tools (final count depends on method-tool settings)
|
|
15
15
|
|
|
16
16
|
Environment:
|
|
17
17
|
|
|
@@ -27,6 +27,11 @@ Environment:
|
|
|
27
27
|
The default surface is now operations-first and keeps raw API wrappers out of the main tool list:
|
|
28
28
|
|
|
29
29
|
- `ops_policy_info`: runtime policy/audit guardrails
|
|
30
|
+
- `ops_access_policy_info`: active access profile, effective rules, pending requests, active grants
|
|
31
|
+
- `ops_access_policy_set`: switch active access-control profile (`open`, `readonly`, `restricted`)
|
|
32
|
+
- `ops_access_request`: create a scoped elevation request for read/write/admin/delete access
|
|
33
|
+
- `ops_access_approve`: approve a pending elevation request and activate a time-boxed grant
|
|
34
|
+
- `ops_access_revoke`: revoke one grant or all active grants
|
|
30
35
|
- `ops_playbook_list`: built-in operations playbooks
|
|
31
36
|
- `ops_state_overview`: inspect local operations state (`incidents`, `digests`, `broadcasts`, `followups`)
|
|
32
37
|
- `ops_incident_create`: create + optionally announce a tracked incident
|
|
@@ -39,6 +44,8 @@ The default surface is now operations-first and keeps raw API wrappers out of th
|
|
|
39
44
|
- `ops_sla_breach_scan`: detect SLA breach threads across multiple channels
|
|
40
45
|
- `ops_sla_followup`: auto follow-up replies for SLA breaches with duplicate-suppression state
|
|
41
46
|
- `ops_broadcast_message`: send a prepared draft or direct operational announcement
|
|
47
|
+
- `ops_recent_failures`: list recent human-readable failures from local diagnostics state
|
|
48
|
+
- `ops_explain_error`: explain one recorded failure with troubleshooting hints
|
|
42
49
|
- `ops_audit_log_read`: inspect local JSONL audit logs
|
|
43
50
|
|
|
44
51
|
These tools let teams run repeatable Slack operations without rebuilding multi-step API call chains, and they persist local operational state to make incidents/broadcasts/followups first-class records.
|
|
@@ -52,6 +59,13 @@ These tools let teams run repeatable Slack operations without rebuilding multi-s
|
|
|
52
59
|
|
|
53
60
|
The operations config controls incident templates, digest defaults, broadcast templates, and follow-up suppression windows.
|
|
54
61
|
|
|
62
|
+
### Access control and diagnostics
|
|
63
|
+
|
|
64
|
+
- Access control is enforced inside the MCP server, not only by prompt instructions.
|
|
65
|
+
- Default profiles are `open`, `readonly`, and `restricted`.
|
|
66
|
+
- Elevation is two-step: create a scoped request with `ops_access_request`, then explicitly approve it with `ops_access_approve`.
|
|
67
|
+
- Recorded failures are stored in operations state and can be inspected with `ops_recent_failures` and `ops_explain_error`.
|
|
68
|
+
|
|
55
69
|
### Playbook examples
|
|
56
70
|
|
|
57
71
|
```text
|
package/config/operations.json
CHANGED
|
@@ -71,5 +71,37 @@
|
|
|
71
71
|
"default_max_messages": 30,
|
|
72
72
|
"suppress_hours": 6,
|
|
73
73
|
"reminder_template": "Friendly reminder: this thread appears to be pending for more than {{sla_minutes}} minutes. Please provide an update."
|
|
74
|
+
},
|
|
75
|
+
"access_control": {
|
|
76
|
+
"enabled": true,
|
|
77
|
+
"default_profile": "open",
|
|
78
|
+
"profiles": {
|
|
79
|
+
"open": {
|
|
80
|
+
"description": "No additional Slack access restrictions.",
|
|
81
|
+
"read": { "allow_all": true },
|
|
82
|
+
"write": { "allow_all": true },
|
|
83
|
+
"admin": { "allow_all": true },
|
|
84
|
+
"delete": { "allow_all": true }
|
|
85
|
+
},
|
|
86
|
+
"readonly": {
|
|
87
|
+
"description": "Read-only Slack access. Write/admin/delete actions are blocked.",
|
|
88
|
+
"read": { "allow_all": true },
|
|
89
|
+
"write": { "allow_all": false },
|
|
90
|
+
"admin": { "allow_all": false },
|
|
91
|
+
"delete": { "allow_all": false }
|
|
92
|
+
},
|
|
93
|
+
"restricted": {
|
|
94
|
+
"description": "All Slack access is blocked unless an elevation grant is approved.",
|
|
95
|
+
"read": { "allow_all": false },
|
|
96
|
+
"write": { "allow_all": false },
|
|
97
|
+
"admin": { "allow_all": false },
|
|
98
|
+
"delete": { "allow_all": false }
|
|
99
|
+
}
|
|
100
|
+
},
|
|
101
|
+
"elevation": {
|
|
102
|
+
"enabled": true,
|
|
103
|
+
"default_duration_minutes": 30,
|
|
104
|
+
"max_duration_minutes": 240
|
|
105
|
+
}
|
|
74
106
|
}
|
|
75
107
|
}
|