Slack MCP Server

# ============================================================================= # Slack MCP Server - Environment Configuration # ============================================================================= # Copy this file to .env and fill in your values # NEVER commit .env to version control! # ----------------------------------------------------------------------------- # Required Configuration # ----------------------------------------------------------------------------- # Slack OAuth Credentials (from api.slack.com/apps -> Your App -> Basic Information) SLACK_CLIENT_ID=123456789012.1234567890123 SLACK_CLIENT_SECRET=abc123def456ghi789jkl012mno345pq # OAuth Redirect URI (must match exactly in Slack app settings) # Development: http://localhost:8080/slack/oauth/callback # Production: https://yourdomain.com/slack/oauth/callback SLACK_REDIRECT_URI=http://localhost:8080/slack/oauth/callback # Slack Bot Scopes (comma-separated, no spaces) # Minimum: chat:write,channels:history,channels:read # Recommended: Add groups:history,groups:read,im:history,im:read,mpim:history,mpim:read SLACK_SCOPES=chat:write,channels:history,channels:read,groups:history,groups:read,im:history,im:read,mpim:history,mpim:read # ----------------------------------------------------------------------------- # Security Configuration # ----------------------------------------------------------------------------- # API Key for MCP endpoint protection (REQUIRED for production) # Generate with: openssl rand -base64 32 # Clients must send this in Authorization header: Bearer YOUR_KEY AFFINITYBOTS_MCP_API_KEY=your-strong-random-api-key-here # Allowed Origins for CORS (comma-separated, no spaces) # Leave empty to allow all origins (NOT recommended for production) # Example: https://yourdomain.com,https://app.yourdomain.com ALLOWED_ORIGINS= # ----------------------------------------------------------------------------- # Server Configuration # ----------------------------------------------------------------------------- # Server port PORT=8080 # Server host (0.0.0.0 to accept connections from any IP) HOST=0.0.0.0 # Public base URL for OAuth redirects # Development: http://localhost:8080 # Production: https://yourdomain.com PUBLIC_BASE_URL=http://localhost:8080 # ----------------------------------------------------------------------------- # Session Configuration # ----------------------------------------------------------------------------- # MCP session timeout in milliseconds (default: 15 minutes) # 900000 = 15 minutes # 1800000 = 30 minutes # 3600000 = 1 hour SESSION_TTL_MS=900000 # ----------------------------------------------------------------------------- # Logging Configuration # ----------------------------------------------------------------------------- # Log level: trace, debug, info, warn, error, fatal # Use 'debug' for development, 'info' for production LOG_LEVEL=info # ----------------------------------------------------------------------------- # Database Configuration (Optional - for persistent storage) # ----------------------------------------------------------------------------- # PostgreSQL connection string (if using PostgresInstallStore) # DATABASE_URL=postgresql://user:password@localhost:5432/slack_mcp # Redis connection string (if using RedisInstallStore) # REDIS_URL=redis://localhost:6379 # ----------------------------------------------------------------------------- # Notes # ----------------------------------------------------------------------------- # 1. Token Rotation: Enable in Slack app settings for enhanced security # The server automatically handles token refresh when enabled. # 2. HTTPS Required: Slack requires HTTPS for production OAuth redirects. # Use a reverse proxy (nginx, Caddy) or cloud provider SSL. # 3. Storage: Replace InMemoryInstallStore with persistent storage # (PostgreSQL, Redis, MongoDB) for production deployments. # 4. Monitoring: Set up health check monitoring on /health endpoint # 5. Rate Limiting: Consider adding rate limiting at reverse proxy level # or using express-rate-limit middleware.