feat: improve agent resilience — send shortcut, bot-fallback, doctor command

- Add top-level `slackbuzz send` shortcut (alias for `message send`)
- Add `slackbuzz doctor` command to validate tokens and probe scopes
- Bot-fallback: when user token lacks channels:read for channel resolution,
  transparently retry with bot token while still posting as the user
- Agent mode (SLACKBUZZ_AGENT=1): prefer bot token, skip interactive
  prompts, emit structured JSON errors to stderr
- Add channels:read to user token scopes in app manifest
- Add IsMissingScopeError() and FormatResolveError() error helpers
- Improve missing_scope error message with actionable fix suggestions
- Fix SKILL.md bash expansion issue with \! in backtick spans

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: isaacrowntree

internal/api/errors.go

@@ -29,6 +29,20 @@ func IsAuthRelatedSlackError(slackErr string) bool {
 	return false
 }
 
+// IsMissingScopeError checks if an error is (or wraps) a Slack "missing_scope" error.
+func IsMissingScopeError(err error) bool {
+	if err == nil {
+		return false
+	}
+	// Walk the error chain
+	for e := err; e != nil; e = errors.Unwrap(e) {
+		if e.Error() == "missing_scope" {
+			return true
+		}
+	}
+	return strings.Contains(err.Error(), "missing_scope")
+}
+
 // SlackErrorMessage maps Slack API error codes to user-friendly messages.
 func SlackErrorMessage(slackErr string) string {
 	messages := map[string]string{
@@ -41,7 +55,7 @@ func SlackErrorMessage(slackErr string) string {
 		"invalid_auth":         "Authentication failed. Run 'slackbuzz auth login' to re-authenticate.",
 		"account_inactive":     "Account is inactive or token has been revoked.",
 		"token_revoked":        "Token has been revoked. Run 'slackbuzz auth login' to re-authenticate.",
-		"missing_scope":        "Token is missing required scopes. Check your Slack app configuration.",
+		"missing_scope":        "Token is missing required scopes. Run 'slackbuzz auth status' to check capabilities, or try --as-bot.",
 		"not_authed":           "Not authenticated. Run 'slackbuzz auth login' to authenticate.",
 		"user_not_found":       "User not found. Check the username or ID.",
 		"thread_not_found":     "Thread not found. Check the thread timestamp.",
@@ -54,6 +68,26 @@ func SlackErrorMessage(slackErr string) string {
 	return fmt.Sprintf("Slack API error: %s", slackErr)
 }
 
+// FormatResolveError produces an actionable error message when channel/user
+// resolution fails. It detects missing_scope errors and suggests fixes.
+func FormatResolveError(err error, target string) string {
+	if err == nil {
+		return ""
+	}
+
+	if IsMissingScopeError(err) {
+		return fmt.Sprintf(
+			"Channel resolution for %q failed: missing_scope (likely channels:read).\n"+
+				"  Fix: Re-install your Slack app with updated scopes, or run:\n"+
+				"    slackbuzz app create   (creates app with correct scopes)\n"+
+				"  Workaround: slackbuzz send --as-bot %s <text>",
+			target, target,
+		)
+	}
+
+	return fmt.Sprintf("failed to resolve %q: %s", target, err.Error())
+}
+
 // FormatError converts a Slack API error to a user-friendly message.
 func FormatError(err error) string {
 	if err == nil {

internal/app/app.go

@@ -1,6 +1,7 @@
 package app
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 
@@ -22,23 +23,49 @@ func Run() int {
 			return 1
 		}
 
+		exitCode := 1
+		errType := "error"
+
 		// Auth expired (401 from Slack API)
 		var authExpired *api.AuthExpiredError
 		if errors.As(err, &authExpired) {
-			fmt.Fprintln(ios.ErrOut, authExpired.Error())
-			return 4
+			exitCode = 4
+			errType = "auth_expired"
+		} else if cmdutil.IsAuthError(err) {
+			exitCode = 4
+			errType = "auth_required"
+		} else if cmdutil.IsTokenTypeError(err) {
+			exitCode = 4
+			errType = "token_type"
+		} else if api.IsMissingScopeError(err) {
+			errType = "missing_scope"
 		}
 
-		if cmdutil.IsAuthError(err) {
-			fmt.Fprintln(ios.ErrOut, err.Error())
-			return 4
-		}
-		if cmdutil.IsTokenTypeError(err) {
-			fmt.Fprintln(ios.ErrOut, err.Error())
-			return 4
+		// Agent mode: structured JSON to stderr
+		if f.IsAgentMode() {
+			suggestion := ""
+			switch errType {
+			case "auth_expired", "auth_required":
+				suggestion = "Run 'slackbuzz auth login' to re-authenticate"
+			case "token_type":
+				suggestion = "Run 'slackbuzz auth login' with the required token type"
+			case "missing_scope":
+				suggestion = "Re-install app with updated scopes, or use --as-bot"
+			}
+			agentErr := map[string]string{
+				"error": err.Error(),
+				"type":  errType,
+			}
+			if suggestion != "" {
+				agentErr["suggestion"] = suggestion
+			}
+			data, _ := json.Marshal(agentErr)
+			fmt.Fprintln(ios.ErrOut, string(data))
+			return exitCode
 		}
+
 		fmt.Fprintln(ios.ErrOut, err.Error())
-		return 1
+		return exitCode
 	}
 
 	return 0

pkg/cmd/app/create.go

@@ -85,6 +85,7 @@ var appManifest = map[string]interface{}{
 				"users:read",
 			},
 			"user": []string{
+				"channels:read",
 				"chat:write",
 				"im:write",
 				"search:read",

pkg/cmd/doctor/doctor.go

@@ -0,0 +1,155 @@
+package doctor
+
+import (
+	"fmt"
+
+	"github.com/slack-go/slack"
+	"github.com/spf13/cobra"
+	"github.com/triptechtravel/slackbuzz-cli/internal/auth"
+	"github.com/triptechtravel/slackbuzz-cli/pkg/cmdutil"
+)
+
+// NewCmdDoctor returns the "doctor" command.
+func NewCmdDoctor(f *cmdutil.Factory) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "doctor",
+		Short: "Check token health and required scopes",
+		Long: `Validate bot and user tokens, then probe key API scopes to detect
+permission gaps before they cause errors.
+
+Checks:
+  - Bot token validity and channels:read scope
+  - User token validity and channels:read scope
+  - Reports pass/fail with remediation advice
+
+Exit code 1 if any check fails.`,
+		Example: `  slackbuzz doctor`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return doctorRun(f)
+		},
+	}
+	return cmd
+}
+
+type checkResult struct {
+	name    string
+	passed  bool
+	detail  string
+	fix     string
+}
+
+func doctorRun(f *cmdutil.Factory) error {
+	ios := f.IOStreams
+	cs := ios.ColorScheme()
+
+	var results []checkResult
+	anyFailed := false
+
+	// --- Bot token ---
+	botToken, botErr := auth.GetBotToken()
+	if botErr != nil || botToken == "" {
+		results = append(results, checkResult{
+			name:   "Bot token",
+			passed: false,
+			detail: "not configured",
+			fix:    "slackbuzz auth login --bot-token",
+		})
+		anyFailed = true
+	} else {
+		results = append(results, checkResult{
+			name:   "Bot token",
+			passed: true,
+			detail: "configured",
+		})
+
+		// Probe channels:read with bot token
+		botClient := slack.New(botToken)
+		_, _, err := botClient.GetConversations(&slack.GetConversationsParameters{
+			Types: []string{"public_channel"},
+			Limit: 1,
+		})
+		if err != nil {
+			results = append(results, checkResult{
+				name:   "Bot channels:read",
+				passed: false,
+				detail: err.Error(),
+				fix:    "Add channels:read to bot scopes at api.slack.com/apps > OAuth & Permissions",
+			})
+			anyFailed = true
+		} else {
+			results = append(results, checkResult{
+				name:   "Bot channels:read",
+				passed: true,
+				detail: "OK",
+			})
+		}
+	}
+
+	// --- User token ---
+	userToken, userErr := auth.GetUserToken()
+	if userErr != nil || userToken == "" {
+		results = append(results, checkResult{
+			name:   "User token",
+			passed: false,
+			detail: "not configured",
+			fix:    "slackbuzz auth login --user-token",
+		})
+		anyFailed = true
+	} else {
+		results = append(results, checkResult{
+			name:   "User token",
+			passed: true,
+			detail: "configured",
+		})
+
+		// Probe channels:read with user token
+		userClient := slack.New(userToken)
+		_, _, err := userClient.GetConversations(&slack.GetConversationsParameters{
+			Types: []string{"public_channel"},
+			Limit: 1,
+		})
+		if err != nil {
+			results = append(results, checkResult{
+				name:   "User channels:read",
+				passed: false,
+				detail: err.Error(),
+				fix:    "Add channels:read to user scopes, or re-run: slackbuzz app create",
+			})
+			anyFailed = true
+		} else {
+			results = append(results, checkResult{
+				name:   "User channels:read",
+				passed: true,
+				detail: "OK",
+			})
+		}
+	}
+
+	// --- Print results ---
+	fmt.Fprintln(ios.Out)
+	fmt.Fprintln(ios.Out, cs.Bold("SlackBuzz Doctor"))
+	fmt.Fprintln(ios.Out, "────────────────────────────────────────")
+
+	for _, r := range results {
+		var icon string
+		if r.passed {
+			icon = cs.Green("PASS")
+		} else {
+			icon = cs.Red("FAIL")
+		}
+		fmt.Fprintf(ios.Out, "  [%s] %-22s %s\n", icon, r.name, r.detail)
+		if !r.passed && r.fix != "" {
+			fmt.Fprintf(ios.Out, "         %s %s\n", cs.Yellow("Fix:"), r.fix)
+		}
+	}
+
+	fmt.Fprintln(ios.Out)
+
+	if anyFailed {
+		fmt.Fprintf(ios.ErrOut, "%s Some checks failed. See above for fixes.\n", cs.Red("!"))
+		return &cmdutil.SilentError{Err: fmt.Errorf("doctor checks failed")}
+	}
+
+	fmt.Fprintf(ios.Out, "%s All checks passed.\n", cs.Green("✓"))
+	return nil
+}

pkg/cmd/message/send.go

@@ -75,9 +75,13 @@ func sendRun(opts *sendOptions) error {
 	ios := opts.factory.IOStreams
 	cs := ios.ColorScheme()
 
+	agentMode := opts.factory.IsAgentMode()
+
+	// In agent mode, prefer bot token (avoids user-token scope gaps);
+	// otherwise default to user token so messages post as the user.
 	var client *api.Client
 	var err error
-	if opts.asBot {
+	if opts.asBot || agentMode {
 		client, err = opts.factory.DefaultClient()
 	} else {
 		client, err = opts.factory.UserClient()
@@ -95,13 +99,32 @@ func sendRun(opts *sendOptions) error {
 	} else {
 		channelID, err = resolver.ResolveChannel(opts.channel)
 	}
+
+	// Bot-fallback: if resolution failed with missing_scope on the user token,
+	// retry with the bot client (which typically has channels:read).
+	if err != nil && api.IsMissingScopeError(err) && !opts.asBot && !agentMode {
+		botClient, botErr := opts.factory.BotClient()
+		if botErr == nil {
+			fmt.Fprintf(ios.ErrOut, "%s User token missing scope for channel lookup — falling back to bot token\n", cs.Yellow("!"))
+			botResolver := api.NewResolver(botClient.Slack)
+			if api.LooksLikeUser(opts.channel) {
+				channelID, err = botResolver.ResolveDM(opts.channel)
+			} else {
+				channelID, err = botResolver.ResolveChannel(opts.channel)
+			}
+		}
+	}
+
 	if err != nil {
-		return err
+		return fmt.Errorf("%s", api.FormatResolveError(err, opts.channel))
 	}
 
 	// Get message text from args or stdin
 	text := opts.text
 	if text == "" {
+		if agentMode {
+			return fmt.Errorf("message text is required (SLACKBUZZ_AGENT=1 disables interactive prompts)")
+		}
 		// Read from stdin
 		if !ios.IsTerminal() {
 			data, readErr := io.ReadAll(ios.In)

pkg/cmd/root/root.go

@@ -8,6 +8,7 @@ import (
 	"github.com/triptechtravel/slackbuzz-cli/pkg/cmd/channel"
 	"github.com/triptechtravel/slackbuzz-cli/pkg/cmd/completion"
 	"github.com/triptechtravel/slackbuzz-cli/pkg/cmd/digest"
+	"github.com/triptechtravel/slackbuzz-cli/pkg/cmd/doctor"
 	"github.com/triptechtravel/slackbuzz-cli/pkg/cmd/dm"
 	"github.com/triptechtravel/slackbuzz-cli/pkg/cmd/file"
 	"github.com/triptechtravel/slackbuzz-cli/pkg/cmd/later"
@@ -140,6 +141,13 @@ TIPS
 	statusCmd.GroupID = "workspace"
 	cmd.AddCommand(statusCmd)
 
+	// Top-level shortcut: slackbuzz send → slackbuzz message send
+	sendCmd := message.NewCmdSend(f)
+	sendCmd.Use = "send <channel|user> [text]"
+	sendCmd.Short = "Send a message (shortcut for 'message send')"
+	sendCmd.GroupID = "messaging"
+	cmd.AddCommand(sendCmd)
+
 	// Utility commands
 	versionCmd := version.NewCmdVersion()
 	versionCmd.GroupID = "tools"
@@ -149,5 +157,9 @@ TIPS
 	completionCmd.GroupID = "tools"
 	cmd.AddCommand(completionCmd)
 
+	doctorCmd := doctor.NewCmdDoctor(f)
+	doctorCmd.GroupID = "tools"
+	cmd.AddCommand(doctorCmd)
+
 	return cmd
 }

pkg/cmdutil/factory.go

@@ -1,6 +1,7 @@
 package cmdutil
 
 import (
+	"os"
 	"sync"
 
 	"github.com/triptechtravel/slackbuzz-cli/internal/api"
@@ -83,3 +84,10 @@ func (f *Factory) DefaultClient() (*api.Client, error) {
 	}
 	return f.UserClient()
 }
+
+// IsAgentMode returns true when SLACKBUZZ_AGENT=1 is set.
+// Agent mode prefers bot tokens, disables interactive prompts, and
+// outputs structured JSON errors to stderr.
+func (f *Factory) IsAgentMode() bool {
+	return os.Getenv("SLACKBUZZ_AGENT") == "1"
+}