slkcli 0.1.1 → 0.1.3

package/README.md

@@ -59,6 +59,9 @@ slk unread
 # See starred items and VIP users
 slk starred
 
+# See saved for later items
+slk saved
+
 # See pinned messages in a channel
 slk pins general
 
@@ -84,6 +87,7 @@ slk react general 1234567890.123456 thumbsup
 | `slk activity` | `a` | Show all channel activity with unread/mention counts |
 | `slk unread` | `ur` | Show only channels with unreads (excludes muted) |
 | `slk starred` | `star` | Show VIP users and starred items |
+| `slk saved [count]` | `sv` | Show saved for later items (active by default, `--all` includes completed) |
 | `slk pins <channel>` | `pin` | Show pinned items in a channel |
 
 ### Flags
@@ -92,6 +96,7 @@ slk react general 1234567890.123456 thumbsup
 |------|-------------|
 | `--ts` | Show raw Slack timestamps (useful for getting ts to read threads) |
 | `--no-emoji` | Disable emoji in output (or set `NO_EMOJI=1`) |
+| `--all` | Include completed items in `slk saved` |
 
 ```bash
 # Get timestamps to use with thread command
@@ -140,9 +145,9 @@ On first run, macOS will show a Keychain dialog asking whether to allow access t
 
 ### How it works
 
-1. **Cookie decryption** — Reads the encrypted `d` cookie from Slack's SQLite cookie store (`~/Library/Application Support/Slack/Cookies`). Decrypts it using the "Slack Safe Storage" key from the macOS Keychain via PBKDF2 + AES-128-CBC.
+1. **Cookie decryption** — Reads the encrypted `d` cookie from Slack's SQLite cookie store (`Cookies` file). Decrypts it using the "Slack Safe Storage" key from the macOS Keychain via PBKDF2 + AES-128-CBC. Supports both direct-download and Mac App Store keychain account names.
 
-2. **Token extraction** — Scans Slack's LevelDB storage (`~/Library/Application Support/Slack/Local Storage/leveldb/`) for `xoxc-` session tokens. Uses both direct regex scanning and a Python fallback for Snappy-compressed entries.
+2. **Token extraction** — Scans Slack's LevelDB storage (`Local Storage/leveldb/`) for `xoxc-` session tokens. Uses both direct regex scanning and a Python fallback for Snappy-compressed entries. The Slack data directory is auto-detected (direct download or App Store sandbox).
 
 3. **Validation** — Tests each candidate token against `auth.test` with the decrypted cookie. The first valid pair is used.
 
@@ -172,8 +177,8 @@ Validated tokens are cached to avoid re-extracting on every invocation:
 | Data | Source | Purpose |
 |------|--------|---------|
 | Keychain password | `security find-generic-password -s "Slack Safe Storage"` | Derive AES key for cookie decryption |
-| Encrypted cookie | `~/Library/Application Support/Slack/Cookies` (SQLite) | Decrypt the `d` session cookie (`xoxd-`) |
-| Session token | `~/Library/Application Support/Slack/Local Storage/leveldb/` | Extract `xoxc-` token |
+| Encrypted cookie | `<slack-data-dir>/Cookies` (SQLite) | Decrypt the `d` session cookie (`xoxd-`) |
+| Session token | `<slack-data-dir>/Local Storage/leveldb/` | Extract `xoxc-` token |
 
 ## Agent usage patterns
 
@@ -236,6 +241,7 @@ npm link                   # symlink globally for development
 ## Notes
 
 - **macOS only** — uses Keychain and Electron storage paths specific to macOS.
+- **Both Slack variants supported** — works with the direct download (`~/Library/Application Support/Slack/`) and the Mac App Store version (`~/Library/Containers/com.tinyspeck.slackmacgap/.../Slack/`). The correct path is auto-detected at runtime.
 - **Slack desktop app required** — must be installed and logged in. The app does not need to be running for cached tokens.
 - **Zero dependencies** — uses only Node.js built-in modules (`crypto`, `fs`, `child_process`, `fetch`).
 - **Session-based** — uses `xoxc-` tokens (user session), not bot tokens. This means you act as yourself.

package/bin/slk.js

@@ -28,6 +28,7 @@ Commands:
   slk activity          (a)               Channel activity with unread/mention counts
   slk unread            (ur)              Channels with unreads (excludes muted)
   slk starred           (star)            VIP users + starred items
+  slk saved [n]         (sv)              Saved for later items (--all includes completed)
   slk pins <ch>         (pin)             Pinned items in a channel
 
 Drafts (synced to Slack UI):
@@ -119,6 +120,11 @@ async function main() {
         await cmd.starred();
         break;
 
+      case "saved":
+      case "sv":
+        await cmd.saved(parseInt(args[1]) || 20, args.includes("--all"));
+        break;
+
       case "pins":
       case "pin":
         if (!args[1]) { console.error("Usage: slk pins <channel>"); process.exit(1); }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "slkcli",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Slack CLI for macOS, so your agents can read and send messages",
   "type": "module",
   "license": "MIT",

package/src/api.js

@@ -29,6 +29,7 @@ export async function slackApi(method, params = {}, retried = false) {
     "conversations.open",
     "client.counts",
     "users.prefs.get",
+    "saved.list",
   ];
 
   const isWrite = writeMethods.some((m) => method.startsWith(m));

package/src/auth.js

@@ -14,7 +14,27 @@ import { pbkdf2Sync } from "crypto";
 
 import { existsSync, mkdirSync } from "fs";
 
-const SLACK_DIR = join(homedir(), "Library", "Application Support", "Slack");
+const SLACK_DIR_DIRECT = join(homedir(), "Library", "Application Support", "Slack");
+const SLACK_DIR_APPSTORE = join(
+  homedir(),
+  "Library", "Containers", "com.tinyspeck.slackmacgap",
+  "Data", "Library", "Application Support", "Slack"
+);
+
+function resolveSlackDir() {
+  if (existsSync(SLACK_DIR_DIRECT)) return SLACK_DIR_DIRECT;
+  if (existsSync(SLACK_DIR_APPSTORE)) return SLACK_DIR_APPSTORE;
+  console.error(
+    "Could not find Slack data directory.\n" +
+    "Checked:\n" +
+    `  ${SLACK_DIR_DIRECT}\n` +
+    `  ${SLACK_DIR_APPSTORE}\n` +
+    "Is Slack installed?"
+  );
+  process.exit(1);
+}
+
+const SLACK_DIR = resolveSlackDir();
 const LEVELDB_DIR = join(SLACK_DIR, "Local Storage", "leveldb");
 const COOKIES_DB = join(SLACK_DIR, "Cookies");
 const CACHE_DIR = join(homedir(), ".local", "slk");
@@ -23,11 +43,24 @@ const TOKEN_CACHE = join(CACHE_DIR, "token-cache.json");
 let cachedCreds = null;
 
 function getKeychainKey() {
-  return Buffer.from(
-    execSync('security find-generic-password -s "Slack Safe Storage" -w', {
-      encoding: "utf-8",
-    }).trim()
-  );
+  // Mac App Store Slack uses account "Slack App Store Key", direct download uses "Slack"
+  const accounts = SLACK_DIR === SLACK_DIR_APPSTORE
+    ? ["Slack App Store Key", "Slack"]
+    : ["Slack", "Slack App Store Key"];
+
+  for (const account of accounts) {
+    try {
+      return Buffer.from(
+        execSync(
+          `security find-generic-password -s "Slack Safe Storage" -a "${account}" -w`,
+          { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }
+        ).trim()
+      );
+    } catch {}
+  }
+
+  console.error("Could not find Slack Safe Storage key in Keychain.");
+  process.exit(1);
 }
 
 function decryptCookie() {
@@ -111,7 +144,7 @@ function extractToken() {
   try {
     const pyResult = spawnSync("python3", ["-c", `
 import os, re
-path = os.path.expanduser("~/Library/Application Support/Slack/Local Storage/leveldb")
+path = ${JSON.stringify(LEVELDB_DIR)}
 for f in os.listdir(path):
     if not (f.endswith(".ldb") or f.endswith(".log")): continue
     data = open(os.path.join(path, f), "rb").read()

package/src/commands.js

@@ -333,6 +333,72 @@ export async function pins(channelRef) {
   }
 }
 
+export async function saved(count = 20, includeCompleted = false) {
+  const users = await getUsers();
+
+  // Build channel name map
+  const chData = await slackPaginate("conversations.list", {
+    types: "public_channel,private_channel,mpim,im",
+    exclude_archived: true,
+  });
+  const chMap = {};
+  if (chData.ok) {
+    for (const ch of chData.channels) {
+      chMap[ch.id] = ch.name || (ch.user ? `DM:${userName(users, ch.user)}` : ch.id);
+    }
+  }
+
+  const data = await slackApi("saved.list", { count });
+  if (!data.ok) {
+    console.error(`Error: ${data.error}`);
+    process.exit(1);
+  }
+
+  const items = data.saved_items || [];
+  const counts = data.counts || {};
+  console.log(`📑 Saved for Later — ${counts.uncompleted_count || 0} active, ${counts.completed_count || 0} completed\n`);
+
+  if (!items.length) {
+    console.log("No saved items.");
+    return;
+  }
+
+  for (const item of items) {
+    if (!includeCompleted && item.state === "completed") continue;
+
+    const chName = chMap[item.item_id] || item.item_id;
+    const savedAt = formatTs(item.date_created);
+    const state = item.state === "completed" ? " ✅" : "";
+
+    // Fetch the actual message
+    try {
+      const msgData = await slackApi("conversations.history", {
+        channel: item.item_id,
+        latest: item.ts,
+        inclusive: true,
+        limit: 1,
+      });
+      if (msgData.ok && msgData.messages?.[0]) {
+        const msg = msgData.messages[0];
+        const who = userName(users, msg.user);
+        const msgTime = formatTs(msg.ts);
+        console.log(`[saved ${savedAt}]${state} #${chName} — ${who} (${msgTime}):`);
+        console.log(`  ${(msg.text || "").substring(0, 300)}`);
+        if (msg.files?.length) {
+          for (const f of msg.files) {
+            console.log(`  📎 ${f.name} (${f.mimetype})`);
+          }
+        }
+      } else {
+        console.log(`[saved ${savedAt}]${state} #${chName} (ts: ${item.ts}) — could not fetch message`);
+      }
+    } catch {
+      console.log(`[saved ${savedAt}]${state} #${chName} (ts: ${item.ts}) — access denied or channel not found`);
+    }
+    console.log();
+  }
+}
+
 export async function react(channelRef, ts, emoji) {
   const channel = await resolveChannel(channelRef);
   const data = await slackApi("reactions.add", {