# Dependencies

This document tracks major dependencies and their versions for the Slack MCP Client.

## Core Dependencies

### LangChain Go

**Current Version**: v0.1.14 (Upgraded: 2025-10-29)

**Purpose**: LLM integration, agent framework, and tool orchestration

**Key Features Used**:

* Agent framework (ConversationalAgent, Executor)
* LLM providers (OpenAI, Anthropic, Ollama)
* Tool abstraction and callback handlers
* RAG components (document loaders, text splitters)

**Recent Updates**:

* **v0.1.14 (2025-10-29)**: Major stability and performance improvements
  * Fixed memory and goroutine leaks in streaming for OpenAI, Anthropic, Ollama
  * Enhanced agent parsing for multi-line tool calls
  * Improved error handling and API key sanitization
  * Panic prevention in streaming edge cases
  * See [v0.1.14 Upgrade Report](https://github.com/tuannvm/slack-mcp-client/blob/main/docs/v0.1.14-upgrade-plan.md) for details

**Documentation**: [github.com/tmc/langchaingo](https://github.com/tmc/langchaingo)

***

### Slack Go SDK

**Package**: `github.com/slack-go/slack`

**Purpose**: Slack API integration and Socket Mode communication

**Key Features Used**:

* Socket Mode for real-time messaging
* Block Kit message formatting
* User context and thread management
* Rich message formatting

**Documentation**: [github.com/slack-go/slack](https://github.com/slack-go/slack)

***

### Model Context Protocol (MCP)

**Current Version**: v0.42.0 (Upgraded: 2025-10-29)

**Purpose**: Standardized protocol for AI model-tool communication

**Transports Supported**:

* HTTP with JSON-RPC 2.0 and improved sampling
* Server-Sent Events (SSE) with automatic retry and session management
* stdio for local development

**Specification**: MCP 2025-06-18

**Recent Updates**:

* **v0.42.0 (2025-10-29)**: HTTP sampling improvements, session-specific resources, enhanced streaming control, bug fixes for transport initialization and session reuse

**Documentation**: [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go)

***

## Monitoring & Observability

### Prometheus

**Package**: `github.com/prometheus/client_golang`

**Purpose**: Metrics collection and monitoring

**Metrics Provided**:

* Tool invocation counters with error tracking
* LLM token usage histograms by model and type
* Endpoint: `/metrics` on configurable port (default: 8080)

***

### OpenTelemetry

**Packages**:

* `go.opentelemetry.io/otel`
* `go.opentelemetry.io/otel/exporters/otlp/otlptrace`

**Purpose**: Distributed tracing for LLM operations and tool calls

**Providers Supported**:

* Simple OTLP for basic tracing
* Langfuse for advanced LLM observability

***

## Development Dependencies

### Testing

* `github.com/stretchr/testify` - Testing utilities and assertions

### Build & Release

* GoReleaser - Automated release management
* GitHub Actions - CI/CD pipeline
* Trivy - Security scanning
* golangci-lint - Code quality checks

***

## Dependency Management

### Upgrade Policy

1. **Security fixes**: Upgrade immediately
2. **Bug fixes**: Upgrade within 1 week if affecting us
3. **New features**: Upgrade when needed
4. **Major versions**: Plan carefully, expect breaking changes

### Monitoring

* Subscribe to release notifications for critical dependencies
* Quarterly review of outdated dependencies: `go list -u -m all`
* Security scanning in CI/CD pipeline

### Upgrade Process

Follow the [Upgrade Template](https://github.com/tuannvm/slack-mcp-client/blob/main/docs/UPGRADE_TEMPLATE.md) for consistent upgrade documentation:

1. Research release notes and breaking changes
2. Test in development environment
3. Document changes in upgrade report
4. Update this dependencies file
5. Deploy to staging, then production

***

## Version History

### langchaingo

| Version | Date       | Changes                                                    | Report                                                                                       |
| ------- | ---------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
| v0.1.14 | 2025-10-29 | Streaming fixes, agent improvements, security enhancements | [Report](https://github.com/tuannvm/slack-mcp-client/blob/main/docs/v0.1.14-upgrade-plan.md) |
| v0.1.13 | Previous   | Initial version in use                                     | -                                                                                            |

### mcp-go

| Version | Date       | Changes                                                                                        | Notes               |
| ------- | ---------- | ---------------------------------------------------------------------------------------------- | ------------------- |
| v0.42.0 | 2025-10-29 | HTTP sampling improvements, session-specific resources, streaming control, transport bug fixes | No breaking changes |
| v0.37.0 | Previous   | Previous version in use                                                                        | -                   |

***

## Transitive Dependencies

Major transitive dependencies automatically managed by `go.mod`:

* `golang.org/x/net` - Network primitives
* `golang.org/x/sys` - System calls
* `golang.org/x/crypto` - Cryptography
* `google.golang.org/grpc` - gRPC for some MCP transports
* `google.golang.org/api` - Google Cloud APIs (for Vertex AI)

Run `go mod graph` to see the complete dependency tree.

***

## Security

### Vulnerability Scanning

Automated security scanning in CI/CD:

* **govulncheck**: Checks for known vulnerabilities in Go dependencies
* **Trivy**: Comprehensive dependency and container scanning
* **SBOM Generation**: Software Bill of Materials for tracking

### Reporting

To report security vulnerabilities, see [SECURITY.md](https://github.com/tuannvm/slack-mcp-client/blob/main/SECURITY.md).

***

## License Compliance

All dependencies are vetted for license compatibility:

* Primary dependencies use permissive licenses (MIT, Apache 2.0, BSD)
* Full license information available in `go.mod` and vendored dependencies

Run `go-licenses csv .` to generate a complete license report.

***

## See Also

* [Upgrade Template](https://github.com/tuannvm/slack-mcp-client/blob/main/docs/UPGRADE_TEMPLATE.md) - Template for documenting dependency upgrades
* [v0.1.14 Upgrade Report](https://github.com/tuannvm/slack-mcp-client/blob/main/docs/v0.1.14-upgrade-plan.md) - Recent langchaingo upgrade
* [Implementation Notes](/slack-mcp-client/docs/implementation.md) - Technical architecture details
* [Configuration Guide](/slack-mcp-client/docs/configuration.md) - Dependency configuration


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tuannvm.com/slack-mcp-client/docs/dependencies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.