Slack MCP Setup (macOS Keychain)
This workstation uses macOS Keychain to store Slack MCP tokens securely. Tokens are fetched at darwin-rebuild switch time and injected into OpenCode config.
Architecture
- •Slack MCP is injected into opencode.json with tokens from Keychain
- •Dedicated
slackagent defined via OpenCode-native markdown with tool allowlist - •To use Slack: delegate tasks to the
slackagent (e.g.,delegate_task(subagent_type="slack", ...))
Two agent systems exist (don't confuse them!):
| System | Path | tools: format |
|---|---|---|
| OpenCode-native (we use this) | ~/.config/opencode/agents/ | YAML map: tools:\n bash: false |
| Claude Code-style | ~/.claude/agents/ | Comma string: tools: foo,bar |
We use OpenCode-native format because:
- •First-class validation (errors aren't silently swallowed)
- •Tool allowlist/denylist is natural YAML map format
- •No dependency on oh-my-opencode's Claude-compat layer
Initial Setup
1. Get Tokens from Slack
Open Slack in a web browser (https://app.slack.com or Okta tile). Must be in web client (URL like app.slack.com/client/T.../...).
Get XOXC Token
- •Open DevTools (Cmd+Option+I or F12)
- •Go to Console tab
- •Type
allow pastingand press Enter - •Run:
JSON.parse(localStorage.localConfig_v2).teams[document.location.pathname.match(/^\/client\/([A-Z0-9]+)/)[1]].token
- •Copy the
xoxc-...token
Get XOXD Token
- •In DevTools, go to Application tab (Chrome) or Storage tab (Firefox)
- •Expand Cookies → click Slack domain
- •Find cookie named
d(single letter) - •Double-click its Value, copy the
xoxd-...value
Firefox users: Decode URL-encoded characters:
- •
%2F→/ - •
%2B→+
2. Store Tokens in Keychain
# Add XOXC token security add-generic-password -a "$USER" -s slack-mcp-xoxc-token -w "xoxc-YOUR-TOKEN-HERE" -U # Add XOXD token security add-generic-password -a "$USER" -s slack-mcp-xoxd-token -w "xoxd-YOUR-TOKEN-HERE" -U
The -U flag updates if the item already exists.
3. Apply Configuration
darwin-rebuild switch --flake .#$(hostname -s)
The activation script will:
- •Fetch tokens from Keychain
- •Inject Slack MCP config into
~/.config/opencode/opencode.json - •If tokens missing: delete any existing Slack config and warn
4. Verify
# Check config was created
jq '.mcp.slack' ~/.config/opencode/opencode.json
# Should show:
# {
# "type": "local",
# "command": ["npx", "-y", "slack-mcp-server@latest", "--transport", "stdio"],
# "environment": {
# "SLACK_MCP_XOXC_TOKEN": "xoxc-...",
# "SLACK_MCP_XOXD_TOKEN": "xoxd-...",
# "SLACK_MCP_CUSTOM_TLS": "1",
# "SLACK_MCP_USER_AGENT": "Mozilla/5.0..."
# }
# }
# Verify opencode boots without errors
opencode --version
5. Restart OpenCode
Restart OpenCode to load the new MCP server. First use triggers cache build (takes several minutes for large workspaces).
Token Refresh
When you see invalid_auth errors, tokens have expired. Refresh them:
- •Get new tokens from Slack (see "Get Tokens from Slack" above)
- •Update Keychain:
security add-generic-password -a "$USER" -s slack-mcp-xoxc-token -w "NEW-XOXC-TOKEN" -U security add-generic-password -a "$USER" -s slack-mcp-xoxd-token -w "NEW-XOXD-TOKEN" -U
- •Re-run:
darwin-rebuild switch --flake .#$(hostname -s) - •Restart OpenCode
Troubleshooting
| Error | Solution |
|---|---|
invalid_auth | Tokens expired. Refresh tokens (see above). |
cache not ready | Wait for sync to complete. Large workspaces take 5-10 min. |
| Logged out of Slack | One-time fraud protection. Re-extract tokens. |
| No Slack config after switch | Check Keychain has both tokens: security find-generic-password -s slack-mcp-xoxc-token |
Cache Files
Slack MCP creates cache files in working directory:
~/Library/Caches/slack-mcp-server/users_cache.json ~/Library/Caches/slack-mcp-server/channels_cache_v2.json
Gitignore recommendation: Add .*.json to .gitignore in repos where you use Slack MCP to avoid committing cache files.
Using the Slack Agent
Delegate Slack research to the dedicated agent:
delegate_task( subagent_type="slack", load_skills=[], run_in_background=true, description="Search Slack for X", prompt="Find messages about [topic] in [channel/timeframe]. Return key findings with quotes and attribution." )
Available tools for slack agent:
- •
slack_channels_list- List channels - •
slack_conversations_history- Get channel messages - •
slack_conversations_replies- Get thread replies - •
slack_conversations_search_messages- Search messages with filters - •
slack_conversations_add_message- Post messages (use carefully)
References
- •Repo: https://github.com/korotovsky/slack-mcp-server
- •Auth docs: https://github.com/korotovsky/slack-mcp-server/blob/master/docs/01-authentication-setup.md
- •Activation script:
users/dev/opencode-config.nix(home.activation.injectSlackMcpSecrets) - •Slack agent definition:
assets/opencode/agents/slack.md(deployed to ~/.config/opencode/agents/) - •OpenCode agent docs: https://opencode.ai/docs (native markdown agent format)