feat: Add Windows support for import-desktop command#47
feat: Add Windows support for import-desktop command#47AmethystLiang merged 5 commits intostablyai:mainfrom
Conversation
Add support for extracting Slack credentials from the Windows desktop app (both regular installer and Microsoft Store version). - Add Windows Slack data paths (%APPDATA%\Slack and Microsoft Store package) - Implement DPAPI + AES-256-GCM cookie decryption via PowerShell - Copy Cookies DB to temp file before reading (Windows file locking) - URL-decode the decrypted cookie value - Allow refreshFromDesktopIfPossible on win32
|
Here are the feedback from Codex • 1. High: require(...) inside an ESM module will break in Node runtime on the Windows path. |
- Remove require("node:crypto") in ESM module; use existing top-level
createDecipheriv import instead (fixes ReferenceError in Node ESM)
- Escape single quotes in PowerShell temp file paths to prevent breakage
and command injection for profiles like C:\Users\O'Connor
- Update README auth section to reflect Windows platform support
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace execSync with execFileSync for PowerShell invocation to bypass cmd.exe shell interpolation, consistent with every other exec call in the file. Eliminates double-quote injection surface. - Add existence check for decrypted key file after PowerShell DPAPI call to provide a meaningful error instead of cryptic ENOENT. - Update JSDoc to document v10/v11 prefix support (both are handled). - Remove unused execSync import. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Clarify that authentication is automatic on both macOS and Windows. - Update command documentation to reflect Windows support for `import-desktop` command.
|
Hey @AmethystLiang, I have addressed the above comments, and the PR should be ready to merge. Please check it out. |
The repo was added as a git submodule inside itself, which is clearly unintentional. Remove the empty submodule entry. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AmethystLiang
left a comment
AmethystLiang
left a comment
There was a problem hiding this comment.
All 3 Codex feedback items verified as addressed:
- require() in ESM — Fixed:
createDecipherivnow uses the top-level ESM import fromnode:crypto - PowerShell injection — Fixed: single quotes escaped via
replaceAll("'", "''")before interpolation - Docs mismatch — Fixed: README, SKILL.md, and commands.md updated for Windows support
Code looks good — LGTM!
feat: Add Windows support for import-desktop command
2 participants
Summary
agent-slack auth import-desktop, which was previously limited to macOS and Linux%APPDATA%\Slack) and Microsoft Store version (%LOCALAPPDATA%\Packages\com.tinyspeck.slackdesktop_*)win32platform guard fromrefreshFromDesktopIfPossible()How it works
On Windows, Chromium-based apps (including Slack/Electron) encrypt cookies using:
Local State→os_crypt.encrypted_key(base64, "DPAPI" prefixed)ProtectedData.Unprotect) through PowerShellThis is different from macOS (Keychain + AES-128-CBC) and Linux (secret-tool/peanuts + AES-128-CBC).
Test plan
agent-slack auth import-desktopsuccessfully extracts xoxc token + xoxd cookieagent-slack auth testreturnsok: trueagent-slack message sendworks with the imported credentials%APPDATA%\Slack)Note
Slack must be fully quit before running
import-desktopon Windows, as it holds an exclusive lock on the Cookies database file. This is consistent with the macOS behavior where Slack's LevelDB is also locked while running.