korotovsky
diff --git a/‎README.md‎
Lines changed: 3 additions & 2 deletions b/‎README.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎cmd/slack-mcp-server/main.go‎
Lines changed: 28 additions & 2 deletions b/‎cmd/slack-mcp-server/main.go‎
Lines changed: 28 additions & 2 deletions
diff --git a/‎docs/03-configuration-and-usage.md‎
Lines changed: 83 additions & 5 deletions b/‎docs/03-configuration-and-usage.md‎
Lines changed: 83 additions & 5 deletions
diff --git a/‎pkg/handler/conversations.go‎
Lines changed: 34 additions & 19 deletions b/‎pkg/handler/conversations.go‎
Lines changed: 34 additions & 19 deletions
@@ -173,13 +173,14 @@ Fetches a CSV directory of all users in the workspace.
 | `SLACK_MCP_SERVER_CA`             | No        | `nil`                     | Path to CA certificate                                                                                                                                                                                                                                                                    |
 | `SLACK_MCP_SERVER_CA_TOOLKIT`     | No        | `nil`                     | Inject HTTPToolkit CA certificate to root trust-store for MitM debugging                                                                                                                                                                                                                  |
 | `SLACK_MCP_SERVER_CA_INSECURE`    | No        | `false`                   | Trust all insecure requests (NOT RECOMMENDED)                                                                                                                                                                                                                                             |
-| `SLACK_MCP_ADD_MESSAGE_TOOL`      | No        | `nil`                     | Enable message posting via `conversations_add_message` and emoji reactions via `reactions_add`/`reactions_remove` by setting it to true for all channels, a comma-separated list of channel IDs to whitelist specific channels, or use `!` before a channel ID to allow all except specified ones, while an empty value disables these tools by default. |
-| `SLACK_MCP_ADD_MESSAGE_MARK`      | No        | `nil`                     | When the `conversations_add_message` tool is enabled, any new message sent will automatically be marked as read.                                                                                                                                                                          |
+| `SLACK_MCP_ADD_MESSAGE_TOOL`      | No        | `nil`                     | Enable message posting via `conversations_add_message` by setting it to `true` for all channels, a comma-separated list of channel IDs to whitelist specific channels, or use `!` before a channel ID to allow all except specified ones. If empty, the tool is only registered when explicitly listed in `SLACK_MCP_ENABLED_TOOLS`. |
+| `SLACK_MCP_ADD_MESSAGE_MARK`      | No        | `nil`                     | When `conversations_add_message` is enabled (via `SLACK_MCP_ADD_MESSAGE_TOOL` or `SLACK_MCP_ENABLED_TOOLS`), setting this to `true` will automatically mark sent messages as read.                                                                                                        |
 | `SLACK_MCP_ADD_MESSAGE_UNFURLING` | No        | `nil`                     | Enable to let Slack unfurl posted links or set comma-separated list of domains e.g. `github.com,slack.com` to whitelist unfurling only for them. If text contains whitelisted and unknown domain unfurling will be disabled for security reasons.                                         |
 | `SLACK_MCP_USERS_CACHE`           | No        | `~/Library/Caches/slack-mcp-server/users_cache.json` (macOS)<br>`~/.cache/slack-mcp-server/users_cache.json` (Linux)<br>`%LocalAppData%/slack-mcp-server/users_cache.json` (Windows) | Path to the users cache file. Used to cache Slack user information to avoid repeated API calls on startup. |
 | `SLACK_MCP_CHANNELS_CACHE`        | No        | `~/Library/Caches/slack-mcp-server/channels_cache_v2.json` (macOS)<br>`~/.cache/slack-mcp-server/channels_cache_v2.json` (Linux)<br>`%LocalAppData%/slack-mcp-server/channels_cache_v2.json` (Windows) | Path to the channels cache file. Used to cache Slack channel information to avoid repeated API calls on startup. |
 | `SLACK_MCP_LOG_LEVEL`             | No        | `info`                    | Log-level for stdout or stderr. Valid values are: `debug`, `info`, `warn`, `error`, `panic` and `fatal`                                                                                                                                                                                   |
 | `SLACK_MCP_GOVSLACK`              | No        | `nil`                     | Set to `true` to enable [GovSlack](https://slack.com/solutions/govslack) mode. Routes API calls to `slack-gov.com` endpoints instead of `slack.com` for FedRAMP-compliant government workspaces.                                                                                          |
+| `SLACK_MCP_ENABLED_TOOLS`         | No        | `nil`                     | Comma-separated list of tools to register. If empty, all read-only tools are registered; write tools (`conversations_add_message`, `reactions_add`, `reactions_remove`, `attachment_get_data`) require their specific env var OR must be explicitly listed here. When a write tool is listed here, it's enabled without channel restrictions. Available tools: `conversations_history`, `conversations_replies`, `conversations_add_message`, `reactions_add`, `reactions_remove`, `attachment_get_data`, `conversations_search_messages`, `channels_list`. |
 
 *You need one of: `xoxp` (user), `xoxb` (bot), or both `xoxc`/`xoxd` tokens for authentication.
 
 
@@ -22,26 +22,52 @@ var defaultSsePort = 13080
 
 func main() {
 	var transport string
+	var enabledToolsFlag string
 	flag.StringVar(&transport, "t", "stdio", "Transport type (stdio, sse or http)")
 	flag.StringVar(&transport, "transport", "stdio", "Transport type (stdio, sse or http)")
+	flag.StringVar(&enabledToolsFlag, "e", "", "Comma-separated list of enabled tools (empty = all tools)")
+	flag.StringVar(&enabledToolsFlag, "enabled-tools", "", "Comma-separated list of enabled tools (empty = all tools)")
 	flag.Parse()
 
+	if enabledToolsFlag == "" {
+		enabledToolsFlag = os.Getenv("SLACK_MCP_ENABLED_TOOLS")
+	}
+
+	var enabledTools []string
+	if enabledToolsFlag != "" {
+		for _, tool := range strings.Split(enabledToolsFlag, ",") {
+			tool = strings.TrimSpace(tool)
+			if tool != "" {
+				enabledTools = append(enabledTools, tool)
+			}
+		}
+	}
+
 	logger, err := newLogger(transport)
 	if err != nil {
 		panic(err)
 	}
 	defer logger.Sync()
 
-	err = validateToolConfig(os.Getenv("SLACK_MCP_ADD_MESSAGE_TOOL"))
+	addMessageToolEnv := os.Getenv("SLACK_MCP_ADD_MESSAGE_TOOL")
+	err = validateToolConfig(addMessageToolEnv)
 	if err != nil {
 		logger.Fatal("error in SLACK_MCP_ADD_MESSAGE_TOOL",
 			zap.String("context", "console"),
 			zap.Error(err),
 		)
 	}
 
+	err = server.ValidateEnabledTools(enabledTools)
+	if err != nil {
+		logger.Fatal("error in SLACK_MCP_ENABLED_TOOLS",
+			zap.String("context", "console"),
+			zap.Error(err),
+		)
+	}
+
 	p := provider.New(transport, logger)
-	s := server.NewMCPServer(p, logger)
+	s := server.NewMCPServer(p, logger, enabledTools)
 
 	go func() {
 		var once sync.Once
 
@@ -258,9 +258,10 @@ docker-compose up -d
 
 ### Console Arguments
 
-| Argument              | Required ? | Description                                                              |
-|-----------------------|------------|--------------------------------------------------------------------------|
-| `--transport` or `-t` | Yes        | Select transport for the MCP Server, possible values are: `stdio`, `sse` |
+| Argument                    | Required ? | Description                                                                                                                                                                                                         |
+|-----------------------------|------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--transport` or `-t`       | Yes        | Select transport for the MCP Server, possible values are: `stdio`, `sse`                                                                                                                                            |
+| `--enabled-tools` or `-e`   | No         | Comma-separated list of tools to register. If not set, all tools are registered. Runtime permissions (e.g., `SLACK_MCP_ADD_MESSAGE_TOOL`) are still enforced. Available tools: `conversations_history`, `conversations_replies`, `conversations_add_message`, `reactions_add`, `reactions_remove`, `attachment_get_data`, `conversations_search_messages`, `channels_list`. |
 
 ### Environment Variables
 
@@ -278,9 +279,86 @@ docker-compose up -d
 | `SLACK_MCP_SERVER_CA`             | No        | `nil`                     | Path to CA certificate                                                                                                                                                                                                                                                                    |
 | `SLACK_MCP_SERVER_CA_TOOLKIT`     | No        | `nil`                     | Inject HTTPToolkit CA certificate to root trust-store for MitM debugging                                                                                                                                                                                                                  |
 | `SLACK_MCP_SERVER_CA_INSECURE`    | No        | `false`                   | Trust all insecure requests (NOT RECOMMENDED)                                                                                                                                                                                                                                             |
-| `SLACK_MCP_ADD_MESSAGE_TOOL`      | No        | `nil`                     | Enable message posting via `conversations_add_message` by setting it to true for all channels, a comma-separated list of channel IDs to whitelist specific channels, or use `!` before a channel ID to allow all except specified ones, while an empty value disables posting by default. |
-| `SLACK_MCP_ADD_MESSAGE_MARK`      | No        | `nil`                     | When the `conversations_add_message` tool is enabled, any new message sent will automatically be marked as read.                                                                                                                                                                          |
+| `SLACK_MCP_ADD_MESSAGE_TOOL`      | No        | `nil`                     | Enable message posting via `conversations_add_message` by setting it to `true` for all channels, a comma-separated list of channel IDs to whitelist specific channels, or use `!` before a channel ID to allow all except specified ones. If empty, the tool is only registered when explicitly listed in `SLACK_MCP_ENABLED_TOOLS`. |
+| `SLACK_MCP_ADD_MESSAGE_MARK`      | No        | `nil`                     | When `conversations_add_message` is enabled (via `SLACK_MCP_ADD_MESSAGE_TOOL` or `SLACK_MCP_ENABLED_TOOLS`), setting this to `true` will automatically mark sent messages as read.                                                                                                        |
 | `SLACK_MCP_ADD_MESSAGE_UNFURLING` | No        | `nil`                     | Enable to let Slack unfurl posted links or set comma-separated list of domains e.g. `github.com,slack.com` to whitelist unfurling only for them. If text contains whitelisted and unknown domain unfurling will be disabled for security reasons.                                         |
 | `SLACK_MCP_USERS_CACHE`           | No        | `.users_cache.json`       | Path to the users cache file. Used to cache Slack user information to avoid repeated API calls on startup.                                                                                                                                                                                |
 | `SLACK_MCP_CHANNELS_CACHE`        | No        | `.channels_cache_v2.json` | Path to the channels cache file. Used to cache Slack channel information to avoid repeated API calls on startup.                                                                                                                                                                          |
 | `SLACK_MCP_LOG_LEVEL`             | No        | `info`                    | Log-level for stdout or stderr. Valid values are: `debug`, `info`, `warn`, `error`, `panic` and `fatal`                                                                                                                                                                                   |
+| `SLACK_MCP_ENABLED_TOOLS`         | No        | `nil`                     | Comma-separated list of tools to register. If empty, all read-only tools are registered; write tools (`conversations_add_message`, `reactions_add`, `reactions_remove`, `attachment_get_data`) require their specific env var to be set OR must be explicitly listed here. When a write tool is listed here, it's enabled without channel restrictions. Available tools: `conversations_history`, `conversations_replies`, `conversations_add_message`, `reactions_add`, `reactions_remove`, `attachment_get_data`, `conversations_search_messages`, `channels_list`. |
+
+### Tool Registration and Permissions
+
+#### Overview
+
+Tools are controlled at two levels:
+- **Registration** (`SLACK_MCP_ENABLED_TOOLS`) — determines which tools are visible to MCP clients
+- **Runtime permissions** (tool-specific env vars like `SLACK_MCP_ADD_MESSAGE_TOOL`) — channel restrictions for write tools
+
+Write tools (`conversations_add_message`, `reactions_add`, `reactions_remove`, `attachment_get_data`) are **not registered by default** to prevent accidental exposure. To enable them, you must either:
+1. Set their specific environment variable (e.g., `SLACK_MCP_ADD_MESSAGE_TOOL`), or
+2. Explicitly list them in `SLACK_MCP_ENABLED_TOOLS`
+
+#### Examples
+
+**Example 1: Read-only mode (default)**
+
+By default, only read-only tools are available. No write tools are registered.
+
+```json
+{
+  "env": {
+    "SLACK_MCP_XOXP_TOKEN": "xoxp-..."
+  }
+}
+```
+
+**Example 2: Enable messaging to specific channels**
+
+Use `SLACK_MCP_ADD_MESSAGE_TOOL` to enable messaging with channel restrictions:
+
+```json
+{
+  "env": {
+    "SLACK_MCP_XOXP_TOKEN": "xoxp-...",
+    "SLACK_MCP_ADD_MESSAGE_TOOL": "C123456789,C987654321"
+  }
+}
+```
+
+**Example 3: Enable messaging without channel restrictions**
+
+Use `SLACK_MCP_ENABLED_TOOLS` to register write tools without restrictions:
+
+```json
+{
+  "env": {
+    "SLACK_MCP_XOXP_TOKEN": "xoxp-...",
+    "SLACK_MCP_ENABLED_TOOLS": "conversations_history,conversations_add_message,reactions_add"
+  }
+}
+```
+
+**Example 4: Minimal read-only setup**
+
+Expose only specific tools:
+
+```json
+{
+  "env": {
+    "SLACK_MCP_XOXP_TOKEN": "xoxp-...",
+    "SLACK_MCP_ENABLED_TOOLS": "channels_list,conversations_history"
+  }
+}
+```
+
+#### Behavior Matrix
+
+| `ENABLED_TOOLS` | Tool-specific env var | Write tool registered? | Channel restrictions |
+|-----------------|----------------------|------------------------|---------------------|
+| empty/not set   | not set              | No                     | N/A                 |
+| empty/not set   | `true`               | Yes                    | None                |
+| empty/not set   | `C123,C456`          | Yes                    | Only listed channels |
+| includes tool   | not set              | Yes                    | None                |
+| includes tool   | `C123,C456`          | Yes                    | Only listed channels |
+| excludes tool   | any                  | No                     | N/A                 |
@@ -867,14 +867,19 @@ func (ch *ConversationsHandler) parseParamsToolConversations(ctx context.Context
 
 func (ch *ConversationsHandler) parseParamsToolAddMessage(ctx context.Context, request mcp.CallToolRequest) (*addMessageParams, error) {
 	toolConfig := os.Getenv("SLACK_MCP_ADD_MESSAGE_TOOL")
+	enabledTools := os.Getenv("SLACK_MCP_ENABLED_TOOLS")
+
 	if toolConfig == "" {
-		ch.logger.Error("Add-message tool disabled by default")
-		return nil, errors.New(
-			"by default, the conversations_add_message tool is disabled to guard Slack workspaces against accidental spamming." +
-				"To enable it, set the SLACK_MCP_ADD_MESSAGE_TOOL environment variable to true, 1, or comma separated list of channels" +
-				"to limit where the MCP can post messages, e.g. 'SLACK_MCP_ADD_MESSAGE_TOOL=C1234567890,D0987654321', 'SLACK_MCP_ADD_MESSAGE_TOOL=!C1234567890'" +
-				"to enable all except one or 'SLACK_MCP_ADD_MESSAGE_TOOL=true' for all channels and DMs",
-		)
+		if !strings.Contains(enabledTools, "conversations_add_message") {
+			ch.logger.Error("Add-message tool disabled by default")
+			return nil, errors.New(
+				"by default, the conversations_add_message tool is disabled to guard Slack workspaces against accidental spamming. " +
+					"To enable it, set the SLACK_MCP_ADD_MESSAGE_TOOL environment variable to true, 1, or comma separated list of channels " +
+					"to limit where the MCP can post messages, e.g. 'SLACK_MCP_ADD_MESSAGE_TOOL=C1234567890,D0987654321', 'SLACK_MCP_ADD_MESSAGE_TOOL=!C1234567890' " +
+					"to enable all except one or 'SLACK_MCP_ADD_MESSAGE_TOOL=true' for all channels and DMs",
+			)
+		}
+		toolConfig = "true"
 	}
 
 	channel := request.GetString("channel_id", "")
@@ -924,14 +929,19 @@ func (ch *ConversationsHandler) parseParamsToolAddMessage(ctx context.Context, r
 
 func (ch *ConversationsHandler) parseParamsToolReaction(ctx context.Context, request mcp.CallToolRequest) (*addReactionParams, error) {
 	toolConfig := os.Getenv("SLACK_MCP_REACTION_TOOL")
+	enabledTools := os.Getenv("SLACK_MCP_ENABLED_TOOLS")
+
 	if toolConfig == "" {
-		ch.logger.Error("Reactions tool disabled by default")
-		return nil, errors.New(
-			"by default, the reactions tools are disabled to guard Slack workspaces against accidental spamming. " +
-				"To enable them, set the SLACK_MCP_REACTION_TOOL environment variable to true, 1, or comma separated list of channels " +
-				"to limit where the MCP can manage reactions, e.g. 'SLACK_MCP_REACTION_TOOL=C1234567890,D0987654321', 'SLACK_MCP_REACTION_TOOL=!C1234567890' " +
-				"to enable all except one or 'SLACK_MCP_REACTION_TOOL=true' for all channels and DMs",
-		)
+		if !strings.Contains(enabledTools, "reactions_add") && !strings.Contains(enabledTools, "reactions_remove") {
+			ch.logger.Error("Reactions tool disabled by default")
+			return nil, errors.New(
+				"by default, the reactions tools are disabled to guard Slack workspaces against accidental spamming. " +
+					"To enable them, set the SLACK_MCP_REACTION_TOOL environment variable to true, 1, or comma separated list of channels " +
+					"to limit where the MCP can manage reactions, e.g. 'SLACK_MCP_REACTION_TOOL=C1234567890,D0987654321', 'SLACK_MCP_REACTION_TOOL=!C1234567890' " +
+					"to enable all except one or 'SLACK_MCP_REACTION_TOOL=true' for all channels and DMs",
+			)
+		}
+		toolConfig = "true"
 	}
 
 	channel := request.GetString("channel_id", "")
@@ -967,12 +977,17 @@ func (ch *ConversationsHandler) parseParamsToolReaction(ctx context.Context, req
 
 func (ch *ConversationsHandler) parseParamsToolFilesGet(request mcp.CallToolRequest) (*filesGetParams, error) {
 	toolConfig := os.Getenv("SLACK_MCP_ATTACHMENT_TOOL")
+	enabledTools := os.Getenv("SLACK_MCP_ENABLED_TOOLS")
+
 	if toolConfig == "" {
-		ch.logger.Error("Attachment tool disabled by default")
-		return nil, errors.New(
-			"by default, the attachment_get_data tool is disabled. " +
-				"To enable it, set the SLACK_MCP_ATTACHMENT_TOOL environment variable to true or 1",
-		)
+		if !strings.Contains(enabledTools, "attachment_get_data") {
+			ch.logger.Error("Attachment tool disabled by default")
+			return nil, errors.New(
+				"by default, the attachment_get_data tool is disabled. " +
+					"To enable it, set the SLACK_MCP_ATTACHMENT_TOOL environment variable to true or 1",
+			)
+		}
+		toolConfig = "true"
 	}
 	if toolConfig != "true" && toolConfig != "1" && toolConfig != "yes" {
 		ch.logger.Error("Attachment tool disabled", zap.String("config", toolConfig))