debug2

app.py

@@ -4,18 +4,21 @@ import re
 import logging
 import asyncio
 from typing import List, Dict, Any
+from datetime import datetime, timezone
 
 # Core Web Framework and Async Handlers
 from fastapi import FastAPI, Request
-from fastapi.responses import HTMLResponse
+from fastapi.responses import HTMLResponse, RedirectResponse
 from uvicorn import run as uvicorn_run
 
 # Slack Libraries (Async versions)
 from slack_bolt.async_app import AsyncApp
 from slack_bolt.adapter.fastapi.async_handler import AsyncSlackRequestHandler
-from slack_sdk.web.async_client import AsyncWebClient
+from slack_bolt.oauth.async_oauth_settings import AsyncOAuthSettings
 from slack_sdk.oauth.installation_store.async_installation_store import AsyncInstallationStore
-from slack_sdk.oauth.installation_store.models import Installation
+from slack_sdk.oauth.installation_store.models import Installation, Bot
+from slack_sdk.oauth.state_store import FileOAuthStateStore
+from slack_sdk.web.async_client import AsyncWebClient
 from slack_bolt.authorization import AuthorizeResult
 
 # RAG/ML Libraries
@@ -43,25 +46,21 @@ SLACK_CLIENT_ID = os.environ.get("SLACK_CLIENT_ID")
 SLACK_CLIENT_SECRET = os.environ.get("SLACK_CLIENT_SECRET")
 HF_TOKEN = os.environ.get("HF_TOKEN")
 
-# Validate bot token format
-if SLACK_BOT_TOKEN:
-    if not SLACK_BOT_TOKEN.startswith("xoxb-"):
-        raise ValueError(
-            "❌ SLACK_BOT_TOKEN must start with 'xoxb-' (Bot User OAuth Token).\n"
-            "You're using the wrong token type. Go to:\n"
-            "https://api.slack.com/apps → Your App → OAuth & Permissions\n"
-            "Copy the 'Bot User OAuth Token' (starts with xoxb-), NOT the User OAuth Token (xoxp-)"
-        )
-    logger.info("✓ Valid bot token format detected (xoxb-)")
-else:
-    raise ValueError("SLACK_BOT_TOKEN is required")
-
 # Check for required environment variables
 required_vars = [SUPABASE_URL, SUPABASE_KEY, SLACK_CLIENT_ID, SLACK_CLIENT_SECRET, SLACK_SIGNING_SECRET]
 if not all(required_vars):
     missing = [var for var in required_vars if not var]
     raise ValueError(f"Missing required environment variables: {', '.join(missing)}")
 
+# Validate bot token if provided
+if SLACK_BOT_TOKEN:
+    if SLACK_BOT_TOKEN.startswith("xoxp-"):
+        raise ValueError(
+            "❌ SLACK_BOT_TOKEN is a User OAuth Token (xoxp-).\n"
+            "You need the Bot User OAuth Token (xoxb-)"
+        )
+    logger.info("✓ Bot token provided")
+
 # Set HF_TOKEN if provided
 if HF_TOKEN:
     try:
@@ -73,54 +72,150 @@ if HF_TOKEN:
 # Initialize Supabase client
 supabase: Client = create_client(SUPABASE_URL, SUPABASE_KEY)
 
-# --- Supabase Async Installation Store ---
+# --- Supabase Installation Store with Token Rotation Support ---
 class SupabaseAsyncInstallationStore(AsyncInstallationStore):
     def __init__(self, supabase_client):
         self.supabase = supabase_client
+        self._client = AsyncWebClient()
+
+    async def async_save(self, installation: Installation):
+        """Save installation with token rotation support."""
+        return await self.save(installation)
 
     async def save(self, installation: Installation) -> None:
+        """Save installation including refresh token and expiration."""
         data = {
             "team_id": installation.team_id,
+            "enterprise_id": installation.enterprise_id,
             "bot_token": installation.bot_token,
             "bot_user_id": installation.bot_user_id,
             "bot_scopes": ",".join(installation.bot_scopes) if installation.bot_scopes else None,
             "app_id": installation.app_id,
+            "bot_refresh_token": installation.bot_refresh_token,
+            "bot_token_expires_at": installation.bot_token_expires_at,
+            "user_id": installation.user_id,
+            "installed_at": datetime.now(timezone.utc).isoformat(),
         }
         try:
             result = await asyncio.to_thread(
                 lambda: self.supabase.table("installations").upsert(data, on_conflict="team_id").execute()
             )
-            logger.info(f"Saved installation for team: {installation.team_id}")
+            logger.info(f"✓ Saved installation for team: {installation.team_id}")
+            if installation.bot_token_expires_at:
+                expires_dt = datetime.fromtimestamp(installation.bot_token_expires_at, tz=timezone.utc)
+                logger.info(f"  Token expires at: {expires_dt}")
         except Exception as e:
             logger.error(f"Failed to save installation for team {installation.team_id}: {e}")
             raise
 
-    async def fetch_installation(self, team_id: str, *, enterprise_id: str | None = None, user_id: str | None = None) -> Installation | None:
-        logger.info(f"Fetching installation for team_id: {team_id}")
+    async def async_find_installation(
+        self,
+        *,
+        enterprise_id: str | None,
+        team_id: str | None,
+        user_id: str | None = None,
+        is_enterprise_install: bool | None = None,
+    ) -> Installation | None:
+        """Find installation with automatic token rotation."""
+        if not team_id:
+            return None
+        
+        installation = await self.fetch_installation(
+            team_id=team_id,
+            enterprise_id=enterprise_id,
+            user_id=user_id
+        )
+        
+        if not installation:
+            return None
+        
+        # Check if token needs rotation
+        if installation.bot_token_expires_at and installation.bot_refresh_token:
+            now = datetime.now(timezone.utc).timestamp()
+            # Refresh if token expires in less than 1 hour
+            if installation.bot_token_expires_at - now < 3600:
+                logger.info(f"🔄 Token expiring soon for team {team_id}, rotating...")
+                installation = await self._rotate_token(installation)
+        
+        return installation
+
+    async def _rotate_token(self, installation: Installation) -> Installation:
+        """Rotate an expired or expiring token using refresh token."""
+        try:
+            response = await self._client.oauth_v2_access(
+                client_id=SLACK_CLIENT_ID,
+                client_secret=SLACK_CLIENT_SECRET,
+                grant_type="refresh_token",
+                refresh_token=installation.bot_refresh_token,
+            )
+            
+            if response["ok"]:
+                # Update installation with new tokens
+                installation.bot_token = response["access_token"]
+                installation.bot_refresh_token = response.get("refresh_token", installation.bot_refresh_token)
+                installation.bot_token_expires_at = response.get("expires_in", 0) + int(datetime.now(timezone.utc).timestamp())
+                
+                # Save updated installation
+                await self.save(installation)
+                logger.info(f"✓ Token rotated successfully for team {installation.team_id}")
+                return installation
+            else:
+                logger.error(f"Token rotation failed: {response.get('error')}")
+                return installation
+        except Exception as e:
+            logger.error(f"Error rotating token: {e}")
+            return installation
+
+    async def fetch_installation(
+        self, 
+        team_id: str, 
+        *, 
+        enterprise_id: str | None = None, 
+        user_id: str | None = None
+    ) -> Installation | None:
+        """Fetch installation from Supabase."""
         try:
             result = await asyncio.to_thread(
                 lambda: self.supabase.table("installations").select("*").eq("team_id", team_id).execute()
             )
             if not result.data:
-                logger.warning(f"No installation found for team {team_id}")
                 return None
             
             data = result.data[0]
             return Installation(
                 app_id=data.get("app_id"),
-                enterprise_id=enterprise_id,
+                enterprise_id=data.get("enterprise_id"),
                 team_id=team_id,
-                user_id=user_id,
+                user_id=data.get("user_id"),
                 bot_token=data.get("bot_token"),
                 bot_user_id=data.get("bot_user_id"),
                 bot_scopes=data.get("bot_scopes", "").split(',') if data.get("bot_scopes") else [],
-                incoming_webhook=None,
+                bot_refresh_token=data.get("bot_refresh_token"),
+                bot_token_expires_at=data.get("bot_token_expires_at"),
             )
         except Exception as e:
             logger.error(f"Failed to fetch installation for team {team_id}: {e}")
             return None
 
-    async def delete(self, team_id: str, *, enterprise_id: str | None = None, user_id: str | None = None) -> None:
+    async def async_delete_installation(
+        self,
+        *,
+        enterprise_id: str | None,
+        team_id: str | None,
+        user_id: str | None = None,
+    ) -> None:
+        """Delete installation."""
+        if team_id:
+            await self.delete(team_id=team_id, enterprise_id=enterprise_id, user_id=user_id)
+
+    async def delete(
+        self, 
+        team_id: str, 
+        *, 
+        enterprise_id: str | None = None, 
+        user_id: str | None = None
+    ) -> None:
+        """Delete installation from Supabase."""
         try:
             await asyncio.to_thread(
                 lambda: self.supabase.table("installations").delete().eq("team_id", team_id).execute()
@@ -132,29 +227,49 @@ class SupabaseAsyncInstallationStore(AsyncInstallationStore):
 
 # Initialize installation store
 installation_store = SupabaseAsyncInstallationStore(supabase)
-logger.info("Using single-team mode with SLACK_BOT_TOKEN.")
 
-# Custom authorize function
+# Custom authorize function with token rotation
 async def async_authorize(enterprise_id, team_id, user_id):
-    """
-    Custom authorization function for single-team mode.
-    Returns AuthorizeResult using the SLACK_BOT_TOKEN.
-    """
-    logger.info(f"Authorizing request for team: {team_id}, user: {user_id}")
+    """Custom authorization with automatic token rotation."""
+    logger.info(f"Authorizing request for team: {team_id}")
     
-    # For single-team, always use the configured bot token
-    return AuthorizeResult(
+    # Try to find installation (will auto-rotate if needed)
+    installation = await installation_store.async_find_installation(
         enterprise_id=enterprise_id,
         team_id=team_id,
-        bot_user_id=None,  # Will be populated by Slack SDK
-        bot_token=SLACK_BOT_TOKEN,
-        user_id=user_id,
+        user_id=user_id
     )
+    
+    if installation:
+        return AuthorizeResult(
+            enterprise_id=enterprise_id or installation.enterprise_id,
+            team_id=team_id,
+            user_id=user_id or installation.user_id,
+            bot_token=installation.bot_token,
+            bot_user_id=installation.bot_user_id,
+        )
+    
+    logger.warning(f"No installation found for team {team_id}")
+    return None
 
-# Initialize Bolt Async App (simplified for single-team)
+# Initialize Bolt Async App with OAuth
 app = AsyncApp(
     signing_secret=SLACK_SIGNING_SECRET,
-    token=SLACK_BOT_TOKEN,  # Use token directly for single-team mode
+    installation_store=installation_store,
+    authorize=async_authorize,
+    oauth_settings=AsyncOAuthSettings(
+        client_id=SLACK_CLIENT_ID,
+        client_secret=SLACK_CLIENT_SECRET,
+        scopes=[
+            "app_mentions:read",
+            "files:read",
+            "chat:write",
+            "channels:read",
+        ],
+        install_path="/slack/install",
+        redirect_uri_path="/slack/oauth_redirect",
+        state_store=FileOAuthStateStore(expiration_seconds=600, base_dir="/tmp/slack_states"),
+    ),
     process_before_response=True,
 )
 
@@ -171,26 +286,30 @@ qa_pipeline = None
 try:
     embedding_model = SentenceTransformer('all-MiniLM-L6-v2', device=device)
     print("Loading QA model...")
-    qa_pipeline = pipeline("question-answering", model="deepset/roberta-base-squad2", device=0 if device == 'cuda' else -1)
+    qa_pipeline = pipeline(
+        "question-answering", 
+        model="deepset/roberta-base-squad2", 
+        device=0 if device == 'cuda' else -1
+    )
     print("Models loaded successfully!")
 except Exception as e:
     logger.error(f"Error loading models: {e}")
-    raise RuntimeError("Failed to load required ML models. Check dependencies and hardware.")
+    raise RuntimeError("Failed to load required ML models.")
 
 # --- Utility Functions ---
 def download_slack_file(url: str, token: str) -> bytes:
-    """Downloads a file from Slack using the private download URL and bot token."""
+    """Downloads a file from Slack."""
     try:
         headers = {"Authorization": f"Bearer {token}"}
         response = requests.get(url, headers=headers, stream=True, timeout=30)
         response.raise_for_status()
         return response.content
     except requests.RequestException as e:
-        logger.error(f"Failed to download Slack file from {url}: {e}")
+        logger.error(f"Failed to download Slack file: {e}")
         raise
 
 def extract_text_from_pdf(file_content: bytes) -> str:
-    """Extracts text from PDF bytes."""
+    """Extracts text from PDF."""
     try:
         pdf_reader = pypdf.PdfReader(io.BytesIO(file_content))
         text = ""
@@ -200,43 +319,34 @@ def extract_text_from_pdf(file_content: bytes) -> str:
                 text += extracted + "\n"
         return text
     except Exception as e:
-        logger.error(f"Failed to extract text from PDF: {e}")
+        logger.error(f"Failed to extract PDF text: {e}")
         raise
 
 def extract_text_from_docx(file_content: bytes) -> str:
-    """Extracts text from DOCX bytes."""
+    """Extracts text from DOCX."""
     try:
         doc = Document(io.BytesIO(file_content))
-        text = ""
-        for paragraph in doc.paragraphs:
-            text += paragraph.text + "\n"
-        return text
+        return "\n".join([p.text for p in doc.paragraphs])
     except Exception as e:
-        logger.error(f"Failed to extract text from DOCX: {e}")
+        logger.error(f"Failed to extract DOCX text: {e}")
         raise
 
 def chunk_text(text: str, chunk_size: int = 300) -> List[str]:
-    """Chunks text by word count to create manageable RAG chunks."""
+    """Chunks text by word count."""
     words = text.split()
-    chunks = []
-    for i in range(0, len(words), chunk_size):
-        chunk = " ".join(words[i:i + chunk_size])
-        if chunk.strip():
-            chunks.append(chunk)
-    return chunks
+    return [" ".join(words[i:i + chunk_size]) for i in range(0, len(words), chunk_size) if words[i:i + chunk_size]]
 
 def embed_text(text: str) -> List[float]:
-    """Generates an embedding for a piece of text."""
-    if embedding_model is None:
+    """Generates embedding for text."""
+    if not embedding_model:
         raise RuntimeError("Embedding model not loaded.")
-    embedding = embedding_model.encode(text, convert_to_tensor=False)
-    return embedding.tolist()
+    return embedding_model.encode(text, convert_to_tensor=False).tolist()
 
 async def store_embeddings(chunks: List[str]):
-    """Stores text chunks and their embeddings in Supabase."""
+    """Stores text chunks and embeddings in Supabase."""
     for chunk in chunks:
-        embedding = embed_text(chunk)
         try:
+            embedding = embed_text(chunk)
             await asyncio.to_thread(
                 lambda c=chunk, e=embedding: supabase.table("documents").insert({
                     "content": c,
@@ -244,58 +354,56 @@ async def store_embeddings(chunks: List[str]):
                 }).execute()
             )
         except Exception as e:
-            logger.error(f"Failed to insert chunk into Supabase: {str(e)}")
+            logger.error(f"Failed to insert chunk: {e}")
 
 async def is_table_empty() -> bool:
-    """Checks if the documents table has any records."""
+    """Checks if documents table is empty."""
     try:
         result = await asyncio.to_thread(
             lambda: supabase.table("documents").select("id", count="exact").limit(1).execute()
         )
         return result.count == 0
     except Exception as e:
-        logger.error(f"Error checking table emptiness: {str(e)}")
+        logger.error(f"Error checking table: {e}")
         return True
 
 async def search_documents(query: str, match_count: int = 5) -> List[Dict[str, Any]]:
-    """Searches Supabase for documents matching the query using vector similarity."""
-    if embedding_model is None:
+    """Searches documents using vector similarity."""
+    if not embedding_model:
         raise RuntimeError("Embedding model not loaded.")
-    query_embedding = embed_text(query)
     try:
+        query_embedding = embed_text(query)
         result = await asyncio.to_thread(
-            lambda qe=query_embedding, mc=match_count: supabase.rpc("match_documents", {
-                "query_embedding": qe,
-                "match_count": mc
+            lambda: supabase.rpc("match_documents", {
+                "query_embedding": query_embedding,
+                "match_count": match_count
             }).execute()
         )
         return result.data
     except Exception as e:
-        logger.error(f"Error searching documents for query '{query}': {str(e)}")
+        logger.error(f"Error searching documents: {e}")
         return []
 
 async def answer_question(question: str, context: str) -> str:
-    """Answers a question based on the provided context using the QA pipeline."""
-    if qa_pipeline is None:
+    """Answers question using QA pipeline."""
+    if not qa_pipeline:
         raise RuntimeError("QA pipeline not loaded.")
     if not context.strip():
         return "No relevant documents found."
     try:
-        MAX_CONTEXT_LEN = 4096
-        context_slice = context[:MAX_CONTEXT_LEN]
-        
+        context_slice = context[:4096]
         result = await asyncio.to_thread(
             lambda: qa_pipeline(question=question, context=context_slice)
         )
         return result['answer']
     except Exception as e:
-        logger.error(f"Error in QA pipeline: {str(e)}")
-        return "Error generating answer from context."
+        logger.error(f"Error in QA pipeline: {e}")
+        return "Error generating answer."
 
-# --- Slack Handlers (Async) ---
+# --- Slack Event Handlers ---
 @app.event("file_shared")
 async def handle_file_shared(event, say, client):
-    """Processes files shared in a channel and adds their content to the RAG knowledge base."""
+    """Processes shared files."""
     file_id = event["file_id"]
     try:
         file_info = await client.files_info(file=file_id)
@@ -305,11 +413,10 @@ async def handle_file_shared(event, say, client):
         file_url = file_data.get("url_private_download")
         
         if not file_url:
-            await say("No download URL available for the file.")
+            await say("No download URL available.")
             return
         
-        token = SLACK_BOT_TOKEN
-        file_content = await asyncio.to_thread(download_slack_file, file_url, token)
+        file_content = await asyncio.to_thread(download_slack_file, file_url, client.token)
         
         text = ""
         if "pdf" in file_type:
@@ -317,71 +424,80 @@ async def handle_file_shared(event, say, client):
         elif "wordprocessingml" in file_type or "msword" in file_type:
             text = await asyncio.to_thread(extract_text_from_docx, file_content)
         else:
-            await say("Unsupported file type. Please upload PDF or DOCX files.")
+            await say("❌ Unsupported file type. Please upload PDF or DOCX files.")
             return
         
         if not text.strip():
-            await say("No text could be extracted from the file.")
+            await say("❌ No text could be extracted from the file.")
             return
         
         chunks = chunk_text(text)
         await store_embeddings(chunks)
         
-        await say(f"✅ File processed successfully! Added **{len(chunks)}** chunks to the knowledge base.")
+        await say(f"✅ File processed! Added **{len(chunks)}** chunks to knowledge base.")
     except Exception as e:
-        logger.error(f"Error in file_shared handler for file_id {file_id}: {str(e)}")
+        logger.error(f"Error processing file {file_id}: {e}")
         await say(f"❌ Error processing file: {str(e)}")
 
 @app.event("app_mention")
-async def handle_mention(event, say, client):
-    """Handles mentions (@bot) for answering questions using RAG."""
+async def handle_mention(event, say):
+    """Handles bot mentions."""
     text = event["text"]
     user_query = re.sub(r'<@[A-Z0-9]+>', '', text).strip()
     
     if not user_query:
-        await say("Please ask me a question after mentioning me!")
+        await say("Please ask me a question!")
         return
     
     try:
         if await is_table_empty():
-            await say("My knowledge base is empty. Please share some PDF or DOCX files first so I can learn!")
+            await say("📚 My knowledge base is empty. Please share PDF or DOCX files first!")
             return
         
         results = await search_documents(user_query, match_count=5)
         
         if not results:
-            await say("I couldn't find any relevant information in my knowledge base. Try uploading more documents.")
+            await say("🔍 I couldn't find relevant information. Try uploading more documents.")
             return
         
         context = " ".join([doc["content"] for doc in results])
         answer = await answer_question(user_query, context)
         
-        await say(f"💡 *Answer:* {answer}\n\n_I found this information by analyzing {len(results)} relevant document chunks._")
+        await say(f"💡 **Answer:** {answer}\n\n_Found from {len(results)} document chunks._")
     except Exception as e:
-        logger.error(f"Error in app_mention handler for query '{user_query}': {str(e)}")
-        await say(f"❌ Error answering question: {str(e)}")
+        logger.error(f"Error answering query '{user_query}': {e}")
+        await say(f"❌ Error: {str(e)}")
 
-# --- FastAPI Integration ---
+# --- FastAPI Routes ---
 handler = AsyncSlackRequestHandler(app)
 
 @api.post("/slack/events")
 async def slack_events(request: Request):
-    """Endpoint for all Slack event subscriptions."""
-    try:
-        logger.info("Received Slack event request")
-        return await handler.handle(request)
-    except Exception as e:
-        logger.error(f"Error handling Slack events: {e}")
-        raise
+    """Slack events endpoint."""
+    return await handler.handle(request)
+
+@api.get("/slack/install")
+async def slack_install(request: Request):
+    """OAuth installation initiation."""
+    return await handler.handle(request)
+
+@api.get("/slack/oauth_redirect")
+async def oauth_redirect(request: Request):
+    """OAuth callback handler."""
+    return await handler.handle(request)
 
 @api.get("/")
 async def root():
-    """Simple root endpoint."""
-    return {"status": "Slack RAG Bot is running!", "message": "Use /slack/events endpoint for Slack events"}
+    """Root endpoint."""
+    return {
+        "status": "✅ Slack RAG Bot Running",
+        "install_url": f"/slack/install",
+        "features": ["OAuth2 with token rotation", "RAG with vector search", "PDF/DOCX support"]
+    }
 
 @api.get("/health")
 async def health():
-    """Health check endpoint."""
+    """Health check."""
     db_status = "error"
     try:
         await asyncio.to_thread(
@@ -389,41 +505,37 @@ async def health():
         )
         db_status = "ok"
     except Exception as e:
-        logger.error(f"Database health check failed: {e}")
-    
-    models_status = "ok" if embedding_model and qa_pipeline else "error"
-    
-    # Check token validity
-    token_status = "invalid"
-    if SLACK_BOT_TOKEN and SLACK_BOT_TOKEN.startswith("xoxb-"):
-        token_status = "valid_format"
+        logger.error(f"DB health check failed: {e}")
     
     return {
-        "status": "ok" if db_status == "ok" and models_status == "ok" else "error",
+        "status": "ok" if db_status == "ok" and embedding_model and qa_pipeline else "error",
         "database": db_status,
-        "models": models_status,
-        "token": token_status,
-        "mode": "single-team"
+        "models": "ok" if embedding_model and qa_pipeline else "error",
+        "oauth": "enabled",
+        "token_rotation": "enabled"
     }
 
-@api.get("/debug/token-check")
-async def debug_token():
-    """Debug endpoint to verify token configuration."""
-    token_info = {
-        "token_set": bool(SLACK_BOT_TOKEN),
-        "token_prefix": SLACK_BOT_TOKEN[:10] + "..." if SLACK_BOT_TOKEN else "NOT SET",
-        "is_bot_token": SLACK_BOT_TOKEN.startswith("xoxb-") if SLACK_BOT_TOKEN else False,
-        "is_user_token": SLACK_BOT_TOKEN.startswith("xoxp-") if SLACK_BOT_TOKEN else False,
-    }
-    
-    if token_info["is_user_token"]:
-        token_info["error"] = "❌ You're using a USER token (xoxp-). You need a BOT token (xoxb-)"
-        token_info["fix"] = "Go to https://api.slack.com/apps → Your App → OAuth & Permissions → Copy 'Bot User OAuth Token'"
-    
-    return token_info
+@api.get("/debug/installations")
+async def debug_installations():
+    """Debug endpoint to view installations."""
+    try:
+        result = await asyncio.to_thread(
+            lambda: supabase.table("installations").select("team_id", "bot_user_id", "bot_token_expires_at", "installed_at").execute()
+        )
+        installations = []
+        for inst in result.data:
+            expires_at = inst.get("bot_token_expires_at")
+            if expires_at:
+                expires_dt = datetime.fromtimestamp(expires_at, tz=timezone.utc)
+                inst["expires_at_formatted"] = expires_dt.isoformat()
+                inst["expires_in_hours"] = round((expires_at - datetime.now(timezone.utc).timestamp()) / 3600, 2)
+            installations.append(inst)
+        return {"installations": installations, "count": len(installations)}
+    except Exception as e:
+        return {"error": str(e)}
 
 if __name__ == "__main__":
     port = int(os.environ.get("PORT", 7860))
-    logger.info(f"Starting server on port {port}...")
-    logger.info(f"Bot token validation: {'✓ Valid' if SLACK_BOT_TOKEN.startswith('xoxb-') else '✗ Invalid'}")
+    logger.info(f"🚀 Starting server on port {port}")
+    logger.info("🔐 OAuth2 with token rotation enabled")
     uvicorn_run(api, host="0.0.0.0", port=port)