ZMediumToMarkdown 3.7.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3b9b990e8f990e996a5a7dd230950f572a2a6ee80cc508a98dc9dc2122c870e3
-  data.tar.gz: 8580bbafe3ee759a0e5790c98c663388cae5e6a175a1570e34c1be6e20c73973
+  metadata.gz: 8b71926fd220e5524846da26d0ff13d8faf877a7320d40445c1e1561842fa125
+  data.tar.gz: 63910f5efe83d0ac58ff677374504b47455c0bb42b5d332273a40fa96fa687f1
 SHA512:
-  metadata.gz: 84a68dd6a63a7cb94bf86e07fa4de30e6e50c4f364ca1dbb423e9cdd325d6c356b26dabcab8909cf84a8839fe96c04ac31eaceae6c8b74acbd2ea64893991339
-  data.tar.gz: dcf05e3ade1a2653ea14ffb8f9c9881592287f45f1e13e0ff3d7db5f483cc62b4da56413171c494a44a15928f4c974857aa54dffe26c961206b3ed2538105e87
+  metadata.gz: 3f6c474eebc28e5fef007ef5a39b120632ae2e1d0514270791fcdd0aef70d4b6577a94e9e16c8519c7ec69e187f5fdd6e50b39c47532c69bc9696ee9c99f8d2e
+  data.tar.gz: fdabdef45c309724b83228b1ad72b49d2e62c5e0ad5c499d20981233ce927ea26d6ffe134fe6b49dc08ac12ef00d79866d49700a3e7c923760f6ebfa764f6f71

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 ZRealm
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/PRIVACY.md

@@ -0,0 +1,61 @@
+# Privacy Notice
+
+**ZMediumToMarkdown · Privacy `v1`** — what this CLI does and does not collect.
+
+This Notice covers only the `ZMediumToMarkdown` Ruby gem (the **"Software"**). It does not cover Medium, GitHub, RubyGems, Cloudflare, or any other third-party service the Software contacts on your behalf — those services have their own privacy policies, and you are bound by them when you choose to interact with them.
+
+## 1. Scope
+
+The Software runs entirely on **your** machine, executed by **your** Ruby interpreter, under **your** user account. The Author has no server, no analytics endpoint, no telemetry channel, and receives **no data** from your runs.
+
+## 2. What the Software does NOT collect
+
+- **No analytics.** The Software does not phone home, does not record runs, does not measure usage, and does not generate any kind of identifier that could be sent to the Author.
+- **No telemetry.** No crash reports, no performance metrics, no anonymous statistics.
+- **No transmission of article content.** The Markdown the Software produces is written to your local filesystem (or your terminal in `--stdout` mode) and is never uploaded to anywhere by the Software.
+- **No transmission of cookies to third parties.** Your Medium cookies (`sid`, `uid`, `cf_clearance`, `_cfuvid`) are sent **only** to `medium.com` itself, exactly as they would be in a normal browser request.
+
+## 3. Local data the Software stores
+
+| Path | What it is | When it is written |
+|---|---|---|
+| `~/.zmediumtomarkdown/cookies.json` (or similar) | AES-256-GCM encrypted cache of your Medium cookies. The encryption key is derived per machine; the file is readable only by your user account. | When you supply cookies via CLI flags / env vars / `--auth`. |
+| `~/.zmediumtomarkdown/.tos-v1-accepted` | Plain-text marker recording the ISO-8601 timestamp of your first-run consent and the `Terms` version. | When you type `yes` at the first-run prompt or pass `--accept-terms`. |
+| Output directory under your `cwd` | Markdown files and downloaded images. | Whenever you invoke a download (`-p` / `-u`, no `--stdout`). |
+
+You can delete any of these at any time. Removing the `.tos-vN-accepted` file restarts the consent prompt on the next run.
+
+## 4. Network calls the Software makes
+
+When you invoke a download or render command, the Software contacts the following hosts. None of these calls are visible to the Author; they go directly from your machine to the listed hosts.
+
+| Host | Purpose | Cookies attached |
+|---|---|---|
+| `medium.com/_/graphql` | Fetch post metadata + body via Medium's internal GraphQL endpoint. | Yes — your `sid` / `uid` / `cf_clearance` / `_cfuvid`. |
+| `miro.medium.com/<imageId>` | Download article images. | No (Medium's image CDN does not require auth). |
+| `cdn.syndication.twitter.com` | Expand embedded tweets into a Markdown blockquote (best-effort). | No. |
+| `gist.github.com` / `gist.githubusercontent.com` | Expand embedded GitHub Gists into Markdown code blocks. | No. |
+| `api.github.com/repos/ZhgChgLi/ZMediumToMarkdown/releases` | Check whether a newer gem version is available; printed as a one-line nudge. | No. |
+
+If you configure a Cloudflare Worker proxy via `MEDIUM_HOST` (the `--medium_host` CLI flag), the GraphQL call is routed through that origin instead. **You** own and operate that Worker; its logging is governed by your Cloudflare account settings.
+
+## 5. Cloudflare Worker proxy (optional)
+
+If you deploy the optional Cloudflare Worker proxy described in [`wiki/Setting-Up-Medium-Cookies-and-a-Cloudflare-Worker-Proxy.md`](./wiki/Setting-Up-Medium-Cookies-and-a-Cloudflare-Worker-Proxy.md), Cloudflare may log request metadata (timestamps, IPs, headers) to your Cloudflare account dashboard per its default behavior. The Author does not have access to that data. Configure retention and logging on your own Cloudflare side.
+
+## 6. Children's privacy
+
+The Software is not directed at children under the age of thirteen (13). The Author does not knowingly collect any data from anyone, but the Software's intended users are adults capable of agreeing to its [Terms of Use](./TERMS.md).
+
+## 7. Changes to this Notice
+
+Material changes are signaled by bumping the `Privacy` version string in this document and in `lib/Terms.rb`. The CLI will surface the bump on the next run.
+
+## 8. Contact
+
+Questions about this Notice: GitHub Issues at [https://github.com/ZhgChgLi/ZMediumToMarkdown/issues](https://github.com/ZhgChgLi/ZMediumToMarkdown/issues).
+
+---
+
+**Last updated:** 2026-05-10
+**Version:** `v1`

data/README.md

@@ -0,0 +1,321 @@
+# ZMediumToMarkdown
+
+![ZMediumToMarkdown](https://user-images.githubusercontent.com/33706588/184416147-c2ec74d4-7107-484e-8ad2-302340cf6c1f.png)
+
+Download Medium posts as clean Markdown, preserving structure, images, links, code blocks, and common embeds for plain Markdown or Jekyll workflows.
+
+[![Gem](https://badge.fury.io/rb/ZMediumToMarkdown.svg)](https://rubygems.org/gems/ZMediumToMarkdown)
+
+## Try it in 30 seconds
+
+```bash
+gem install ZMediumToMarkdown
+ZMediumToMarkdown -p "https://medium.com/<USER>/<POST>"
+```
+
+The converted Markdown is written to `./Output/zmediumtomarkdown/`. Public posts usually work without cookies.
+
+For **paywalled posts**, **bulk downloads**, or **CI / GitHub Actions**, you'll need Medium login cookies. On a local TTY the tool can auto-capture them by opening Chrome the first time Cloudflare blocks; CI runs need a Cloudflare Worker proxy. See [Cookies & Cloudflare setup](#cookies--cloudflare-setup).
+
+> 📘 **[Setting Up Medium Cookies and a Cloudflare Worker Proxy →](https://github.com/ZhgChgLi/ZMediumToMarkdown/blob/main/wiki/Setting-Up-Medium-Cookies-and-a-Cloudflare-Worker-Proxy.md)**
+
+---
+
+## Features
+
+- Convert one Medium post or download every post from a Medium username.
+- Preserve headings, blockquotes, lists, inline code, fenced code blocks, images, links, and front matter.
+- Render common embeds: GitHub Gists, Twitter / X, YouTube, Vimeo, SoundCloud, Spotify, and generic OG-image cards.
+- Download images locally and emit paths for either plain Markdown output or Jekyll projects.
+- Read paywalled posts when valid Medium `sid` / `uid` cookies (Membership account) are provided.
+- Auto-capture login cookies via Chrome on a local TTY when Cloudflare blocks, into an encrypted on-disk cache reused on subsequent runs.
+- Skip unchanged posts by comparing `last_modified_at`, making scheduled backups practical.
+- Keep multilingual text stable, including CJK, Arabic, Hebrew, Cyrillic, and emoji.
+- Stream rendered Markdown to stdout for embedding callers (e.g. [mcp-medium-reader](https://github.com/ZhgChgLi/mcp-medium-reader)) via `--stdout` / `--list`, no filesystem writes.
+- Run as a Ruby gem, local CLI tool, or GitHub Action.
+
+---
+
+## Cookies & Cloudflare setup
+
+Medium's GraphQL endpoint is protected by Cloudflare. Two failure modes interrupt a run:
+
+1. **Cloudflare bot challenge** — HTTP 403 / "Just a moment…". Empirically: after ~10 posts without cookies, or ~25 posts from CI / datacenter IPs without a Worker proxy.
+2. **Paywalled posts** — return only the public preview unless `sid` / `uid` come from a logged-in Medium **Member** account.
+
+### What you need by scenario
+
+| Scenario | `sid` / `uid` cookies | Cloudflare Worker proxy |
+|---|---|---|
+| CI / CD (GitHub Actions, cloud runners) | **Strongly recommended** | **Strongly recommended** |
+| Local machine (laptop / desktop) | Recommended for paywalled posts | Optional |
+| Paywalled posts (anywhere) | **Required** (Membership account) | Independent |
+
+### Three ways to clear a Cloudflare block
+
+1. **Auto-login on a TTY (local).** When Cloudflare blocks an interactive run and Google Chrome is installed, the tool opens Chrome at <https://medium.com>; sign in / clear the challenge, and `sid` / `uid` / `cf_clearance` / `_cfuvid` are captured into an AES-256-GCM-encrypted cache at `~/.zmediumtomarkdown` (chmod 0600). Cached cookies are reused on subsequent runs and refreshed on every new block, so you rarely repeat the flow. Run `ZMediumToMarkdown --auth` once to trigger this flow on demand and seed the cache before any real run. Pass `--non-interactive` (or set `MEDIUM_NO_AUTO_BROWSER=1`) to suppress the prompt and fail fast.
+2. **Cloudflare Worker proxy.** Permanent fix, recommended for CI. Point the GraphQL endpoint (and optionally the image CDN) at your own Worker so requests originate from inside Cloudflare's network instead of a flagged datacenter IP.
+3. **Manual `cf_clearance` / `_cfuvid` cookies.** Short-term unblocking (~30 min). Useful when you can't run Chrome and don't want to set up a Worker proxy yet.
+
+### Inputs
+
+CLI flag wins over env var, env var wins over the on-disk cache.
+
+| Cookie / variable | CLI flag | Env var |
+|---|---|---|
+| `sid` (Medium login) | `-s, --cookie_sid` | `MEDIUM_COOKIE_SID` |
+| `uid` (Medium login) | `-d, --cookie_uid` | `MEDIUM_COOKIE_UID` |
+| `cf_clearance` | `--cookie_cf_clearance` | `MEDIUM_COOKIE_CF_CLEARANCE` |
+| `_cfuvid` | `--cookie_cfuvid` | `MEDIUM_COOKIE_CFUVID` |
+| Worker proxy host | `-x, --medium_host` | `MEDIUM_HOST` — set to your Worker URL with or without a `/_/graphql` suffix; the gem only uses the origin and rebuilds paths. Covers both medium.com and miro.medium.com via path dispatch. |
+| Worker shared secret | — | `MEDIUM_HOST_SECRET` (sent as `X-Medium-Proxy-Secret` header on proxy requests; matches the `SECRET` constant in the Worker script) |
+
+```bash
+# Env-var form (preferred — keeps secrets out of shell history)
+export MEDIUM_COOKIE_SID="<your sid>"
+export MEDIUM_COOKIE_UID="<your uid>"
+ZMediumToMarkdown -p "https://medium.com/..."
+
+# Or as flags for one-off runs
+ZMediumToMarkdown -p "https://medium.com/..." -s "<sid>" -d "<uid>"
+
+# Behind a single Cloudflare Worker that handles both medium.com and miro.medium.com.
+# Either form of MEDIUM_HOST works — the gem only uses the origin.
+export MEDIUM_HOST="https://my-worker.my-account.workers.dev/"
+export MEDIUM_HOST_SECRET="<your-secret>"
+ZMediumToMarkdown -u zhgchgli
+```
+
+### Full setup guide
+
+The setup guide covers cookie extraction, Cloudflare Worker deployment, security notes, and GitHub Actions wiring:
+
+> **[Setting Up Medium Cookies and a Cloudflare Worker Proxy](https://github.com/ZhgChgLi/ZMediumToMarkdown/blob/main/wiki/Setting-Up-Medium-Cookies-and-a-Cloudflare-Worker-Proxy.md)**
+
+---
+
+## Installation
+
+### Gem (recommended)
+
+```bash
+gem install ZMediumToMarkdown
+```
+
+On macOS, prefer a managed Ruby (`rbenv` / `rvm` / `asdf`) over the system Ruby. Installing gems against `/usr/bin/ruby` usually requires `sudo` and modifies the OS Ruby environment.
+
+### From source
+
+```bash
+git clone https://github.com/ZhgChgLi/ZMediumToMarkdown
+cd ZMediumToMarkdown
+bundle install
+bundle exec ruby bin/ZMediumToMarkdown -p "https://medium.com/..."
+```
+
+---
+
+## Usage
+
+```
+ZMediumToMarkdown [options]
+
+  -s, --cookie_sid SID             Medium logged-in cookie sid (or $MEDIUM_COOKIE_SID)
+  -d, --cookie_uid UID             Medium logged-in cookie uid (or $MEDIUM_COOKIE_UID)
+      --cookie_cf_clearance VALUE  Cloudflare cf_clearance cookie (or $MEDIUM_COOKIE_CF_CLEARANCE).
+                                   Short-term Cloudflare unblocking; expires ~30 min.
+      --cookie_cfuvid VALUE        Cloudflare _cfuvid cookie (or $MEDIUM_COOKIE_CFUVID).
+                                   Companion to cf_clearance.
+  -x, --medium_host URL            Cloudflare Worker proxy URL (or $MEDIUM_HOST). One Worker
+                                   covers both medium.com and miro.medium.com via path
+                                   dispatch. Set $MEDIUM_HOST_SECRET to the same secret used
+                                   in the Worker script. Strongly recommended for CI / bulk
+                                   runs — see the wiki setup guide.
+      --non-interactive            Never prompt or open Chrome on a Cloudflare block. CI runners
+                                   auto-detect this; use the flag to force the same behavior on a TTY.
+      --auth                       Open Chrome to sign in, capture cookies into the encrypted
+                                   cache (~/.zmediumtomarkdown), and exit. Run once before bulk /
+                                   scheduled jobs to seed the cache up front.
+  -u, --username USERNAME          Download every post by a Medium username
+  -p, --postURL POST_URL           Download a single post URL
+      --jekyll                     Emit Jekyll-friendly output (combine with -u or -p)
+      --stdout                     Render Markdown to stdout; skip all image/asset downloads.
+                                   Use with -p or -u. Logs and banners go to stderr.
+      --list                       With -u, emit one NDJSON line per post (title, url, dates,
+                                   tags, etc.) to stdout. Skips bodies and image downloads.
+      --limit N                    Cap the number of posts processed by -u in --stdout / --list.
+  -n, --new                        Update to the latest version (gem install only)
+  -c, --clean                      Remove every downloaded post under cwd
+  -v, --version                    Print the current version
+  -h, --help                       Show this message
+```
+
+### Examples
+
+```bash
+# Single post into ./Output/zmediumtomarkdown/
+ZMediumToMarkdown -p "https://medium.com/<user>/<slug>-<id>"
+
+# Every post by a user, Jekyll-friendly into ./_posts/zmediumtomarkdown/ + ./assets/
+ZMediumToMarkdown -u zhgchgli --jekyll
+```
+
+For paywalled / bulk / CI runs, also pass cookies and (optionally) a Worker proxy — see [Cookies & Cloudflare setup](#cookies--cloudflare-setup).
+
+> **Deprecated flags.** `-j USERNAME` and `-k POST_URL` still work for backwards compatibility but emit a warning. Use `--jekyll -u …` / `--jekyll -p …` instead.
+
+### Output layout
+
+| Mode | Markdown destination | Image destination |
+|---|---|---|
+| Plain (`-p` / `-u`) | `./Output/zmediumtomarkdown/<date>-<slug>.md` | `./Output/zmediumtomarkdown/assets/<post_id>/` |
+| Jekyll (`--jekyll`) | `./_posts/zmediumtomarkdown/<date>-<post_id>.md` | `./assets/<post_id>/` |
+
+When run with `-u`, plain mode additionally nests under `./Output/users/<username>/`.
+
+Reruns are cheap — posts whose `last_modified_at` matches the existing front matter are skipped.
+
+---
+
+## Embedding callers — `--stdout` / `--list`
+
+The gem can also be invoked as a backend for tools that need rendered Markdown without filesystem side effects — most notably the [`mcp-medium-reader`](https://github.com/ZhgChgLi/mcp-medium-reader) MCP server, which exposes Medium reading to LLMs.
+
+In `--stdout` / `--list` mode:
+
+- Markdown / NDJSON is written to **stdout**; banners, progress, and warnings go to **stderr**.
+- **No filesystem writes**, no `Output/` directory, no `assets/` directory.
+- **No image downloads** — image references stay as remote URLs on `miro.medium.com` (or your `MEDIUM_HOST` proxy origin when configured).
+- Skip-already-downloaded checks are bypassed; the post is rendered fresh every time.
+
+```bash
+# Stream a single post's Markdown to stdout.
+ZMediumToMarkdown --stdout -p "https://medium.com/<user>/<slug>-<id>"
+
+# Stream every post by a user, separated by `\n\n---\n\n`. --limit caps the count.
+ZMediumToMarkdown --stdout -u zhgchgli --limit 5
+
+# List a user's posts as NDJSON (one JSON object per line). No bodies.
+ZMediumToMarkdown --list -u zhgchgli --limit 20
+# {"title":"…","url":"…","creator":"…","firstPublishedAt":"…","latestPublishedAt":"…","tags":["…"],"description":"…","pin":false}
+```
+
+Cookies and Worker-proxy env vars apply the same way as in normal mode.
+
+---
+
+## Quick-start templates
+
+- **GitHub Actions backup, no code**: [How-to walkthrough](https://github.com/ZhgChgLi/ZMediumToMarkdown/blob/main/wiki/Setting-Up-Medium-Cookies-and-a-Cloudflare-Worker-Proxy.md)
+- **Working Action repo example**: <https://github.com/ZhgChgLi/ZMediumToMarkdown-github-action>
+
+### Minimal GitHub Action
+
+```yaml
+name: ZMediumToMarkdown
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "10 1 15 * *" # 01:10 on day-of-month 15
+jobs:
+  backup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ZhgChgLi/ZMediumToMarkdown@main
+        env:
+          MEDIUM_COOKIE_SID: ${{ secrets.MEDIUM_COOKIE_SID }}
+          MEDIUM_COOKIE_UID: ${{ secrets.MEDIUM_COOKIE_UID }}
+        with:
+          command: "-u zhgchgli"
+```
+
+Store `MEDIUM_COOKIE_SID` / `MEDIUM_COOKIE_UID` as repository **secrets**, not repository variables, and never hard-code them in YAML. Pass them through the step's `env:` block instead of the `command:` string so they stay out of logs. For CI, also point `MEDIUM_HOST` at a Cloudflare Worker proxy; see the [setup guide](https://github.com/ZhgChgLi/ZMediumToMarkdown/blob/main/wiki/Setting-Up-Medium-Cookies-and-a-Cloudflare-Worker-Proxy.md).
+
+---
+
+## Example output
+
+- [Original post on Medium](https://medium.com/zrealm-ios-dev/avplayer-%E5%AF%A6%E8%B8%90%E6%9C%AC%E5%9C%B0-cache-%E5%8A%9F%E8%83%BD%E5%A4%A7%E5%85%A8-6ce488898003)
+- [Converted Markdown output](example/2021-01-31-avplayer-實踐本地-cache-功能大全-6ce488898003.md)
+
+---
+
+## Troubleshooting
+
+| Symptom | Likely cause | Fix |
+|---|---|---|
+| `Blocked by Medium's Cloudflare layer (HTTP 403)` | Cloudflare bot challenge; common after about 10 posts without cookies, or about 25 posts from CI / datacenter IPs without a Worker proxy | **Local**: on a TTY the tool auto-opens Chrome to clear the challenge and refresh cookies (cached at `~/.zmediumtomarkdown`). If Chrome is not installed, open <https://medium.com> in any browser, clear the challenge, then rerun. **CI / datacenter**: set up cookies and a Cloudflare Worker proxy — see the [setup guide](https://github.com/ZhgChgLi/ZMediumToMarkdown/blob/main/wiki/Setting-Up-Medium-Cookies-and-a-Cloudflare-Worker-Proxy.md). |
+| `This post is behind Medium's paywall…` even though I set cookies | Cookies do not belong to a Medium **Member** account that can read this post, or they have expired after inactivity | Refresh `sid` / `uid` from a logged-in browser and verify the account has access to the post. Cookies stay valid as long as they keep being used. |
+| `Error: Too Many Requests, blocked by Medium` | Hit Medium’s rate limit | Slow the schedule down or split the run; the tool already retries up to 10 times. |
+| Markdown looks fine but CJK / emoji is mojibaked | Older release — encoding regression | Upgrade to ≥ 2.6.7 (this release force-encodes all responses to UTF-8). |
+| `An iframe came back blank` | Generic embed (non-Twitter, non-gist, non-YouTube, non-widgetic) without an OG image | Expected — the source has no image to embed. The tool emits an empty line so paragraph spacing is preserved. |
+
+---
+
+## Development
+
+```bash
+bundle install
+bundle exec rake test         # run the minitest suite
+```
+
+The suite includes a 174-paragraph end-to-end fixture under `test/fixtures/`. To regenerate the golden Markdown file after intentional output changes:
+
+```bash
+UPDATE_FIXTURES=1 bundle exec rake test
+```
+
+CI runs the same `rake test` against Ruby 3.2 / 3.3 / 3.4.
+
+---
+
+## Disclaimer
+
+### Medium's Terms of Service
+
+Medium's official Terms of Service forbid using *"any software, script, robot, spider or other automatic device, process or means (including crawlers, browser plugins and add-ons or any other technology) to access the Services."* — [Medium Rules](https://policy.medium.com/medium-rules-30e5502c4eb4).
+
+ZMediumToMarkdown is exactly the kind of tool that statement contemplates. **Use of this gem may conflict with Medium's Terms of Service.** The author makes no claim that this is permitted use; you accept all risk, including account suspension, IP-address blocks, or legal action by Medium. On its first invocation the CLI prints a one-time consent prompt and requires you to type `yes` before any network call is made; in non-interactive environments set `ZMTM_TOS_ACCEPTED=1` or pass `--accept-terms` once.
+
+### Copyright
+
+All content downloaded using ZMediumToMarkdown — articles, images, video — is subject to copyright and belongs to its respective owner. This tool does not claim ownership of any downloaded content.
+
+Downloading and using copyrighted content without the owner's permission may be illegal. ZMediumToMarkdown does not condone copyright infringement and will not be held responsible for misuse of this tool. Users are solely responsible for ensuring they have the necessary permissions and rights for any content they download.
+
+By using ZMediumToMarkdown you acknowledge and agree to comply with all applicable copyright laws and regulations.
+
+### Full Terms
+
+The complete Terms of Use are in [TERMS.md](./TERMS.md); the privacy posture is in [PRIVACY.md](./PRIVACY.md). Both are versioned — when they change in a backwards-incompatible way, the CLI invalidates the existing consent marker and re-prompts on the next run.
+
+---
+
+## Other works
+
+**Ruby libraries**
+- [RubyRangeable](https://github.com/ZhgChgLi/RubyRangeable) — generic interval-set container, published as the `rangeable` gem; powers ZMediumToMarkdown's markup rendering since 3.6.0. Spec: [RangeableRFC](https://github.com/ZhgChgLi/RangeableRFC).
+
+**Swift libraries**
+- [ZMarkupParser](https://github.com/ZhgChgLi/ZMarkupParser) — pure-Swift HTML → `NSAttributedString` with customizable style/tag mapping.
+- [ZPlayerCacher](https://github.com/ZhgChgLi/ZPlayerCacher) — lightweight `AVAssetResourceLoaderDelegate` cache for `AVPlayerItem` streaming.
+- [SwiftRangeable](https://github.com/ZhgChgLi/SwiftRangeable) — Swift reference implementation of Rangeable.
+
+**Integration tools**
+- [mcp-medium-reader](https://github.com/ZhgChgLi/mcp-medium-reader) — macOS MCP server that wraps this gem so LLMs (Claude Desktop, etc.) can read Medium posts.
+- [XCFolder](https://github.com/ZhgChgLi/XCFolder) — convert Xcode virtual groups to real directories (Tuist / XcodeGen friendly).
+- [ZReviewTender](https://github.com/ZhgChgLi/ZReviewTender) — fetch App Store / Google Play reviews into your workflow.
+- [linkyee](https://github.com/ZhgChgLi/linkyee) — open-source LinkTree alternative on GitHub Pages.
+
+---
+
+## About
+
+- <https://zhgchg.li/>
+- <https://blog.zhgchg.li/>
+
+## Donate
+
+[![Buy Me A Beer](https://github.com/user-attachments/assets/63f01edf-2aa5-4d91-8f8a-861e5b6b4feb)](https://www.paypal.com/ncp/payment/CMALMPT8UUTY2)
+
+If this project helped you, please star the repo or [buy me a beer](https://www.paypal.com/ncp/payment/CMALMPT8UUTY2). PRs and issue reports welcome.

data/TERMS.md

@@ -0,0 +1,109 @@
+# Terms of Use
+
+**ZMediumToMarkdown · Terms `v1`**
+
+These Terms govern your use of the `ZMediumToMarkdown` Ruby gem and any related code in this repository (collectively, **"the Software"**). The Software is offered by **ZhgChgLi** (an individual, identified by the GitHub handle [`@ZhgChgLi`](https://github.com/ZhgChgLi); referred to here as **"the Author"**) free of charge under the MIT License.
+
+By installing, running, or otherwise using the Software you agree to these Terms. The CLI will, on its first invocation, print a one-time consent prompt and require an explicit `yes` before performing any network call. If you do not agree, do not use the Software.
+
+---
+
+## 1. What the Software is
+
+The Software is a personal command-line utility, written in Ruby, that converts a Medium post into a Markdown file by issuing HTTP requests to Medium's GraphQL endpoint using cookies that **you supply** from your own browser session. It is open source under MIT, with all source code public on [GitHub](https://github.com/ZhgChgLi/ZMediumToMarkdown).
+
+The Software is **not affiliated with, endorsed by, sponsored by, or connected to** Medium, A Medium Corporation, or any of its subsidiaries.
+
+## 2. Third-party services risk · Medium's Terms of Service
+
+Medium's official rules forbid automated access to its services. The relevant text, quoted from [Medium Rules](https://policy.medium.com/medium-rules-30e5502c4eb4), reads:
+
+> "any software, script, robot, spider or other automatic device, process or means (including crawlers, browser plugins and add-ons or any other technology) to access the Services for any purpose, including without limitation to scrape or otherwise copy any of the data or content on the Services."
+
+The Software is exactly the kind of tool that statement contemplates.
+
+**The Author makes no claim that this use is permitted by Medium.** Using the Software may technically conflict with Medium's Terms of Service. You are using it **at your own risk** and accept full responsibility for any consequence, including but not limited to:
+
+- account warning, suspension, or termination by Medium;
+- IP address rate-limiting or blocking;
+- legal action by Medium or by the original article author(s);
+- loss of access to articles you previously could read.
+
+If you are unsure whether your intended use is acceptable, do not run the Software — use Medium's own official export feature ([Settings → Account → Download your information](https://help.medium.com/hc/en-us/articles/115004551948)) instead.
+
+## 3. Eligibility
+
+You may only use the Software if you are old enough to enter into a binding agreement under the law of the jurisdiction in which you reside (typically thirteen (13) years of age or older, sixteen (16) in some countries, eighteen (18) where the law requires).
+
+## 4. License & open source
+
+The Software is released under the **MIT License**. The full license text is in [`LICENSE`](./LICENSE). The MIT License grants you broad rights to use, copy, modify, and redistribute the Software's source code; it does **not** grant any rights to the article content, images, embeds, or other materials the Software downloads from Medium.
+
+## 5. Your responsibilities
+
+By using the Software you agree that:
+
+1. **Access right.** You only convert articles that you have the legitimate right to read on Medium — typically because the article is publicly accessible, or because you are a Medium Member with active access to the article's metering tier.
+2. **Cookies are yours.** Any `sid`, `uid`, `cf_clearance`, or `_cfuvid` value you supply belongs to a Medium account that you yourself control. You will not use someone else's session.
+3. **No mass scraping.** You will not use the Software for bulk crawling, building large datasets for resale, training datasets without independent permission from the rights holders, or any commercial redistribution.
+4. **Respect copyright.** Any Markdown the Software produces remains the original Medium author's copyrighted work. You will only redistribute, republish, or otherwise share the output where the original author has granted you permission, or where the law of your jurisdiction (fair use, fair dealing, quotation, etc.) clearly permits it.
+5. **Your platform, your call.** You are responsible for compliance with Medium's Terms of Service, with applicable computer-fraud and access-control laws, and with any contractual obligation you may have toward third parties (employer policies, NDA, etc.).
+
+## 6. Intellectual property
+
+The Software's source code is © `ZhgChgLi`, licensed under MIT. The article content, images, video stills, code samples, and embeds the Software downloads belong to their respective rights holders. The existence of the Software does not transfer any ownership in those materials and does not imply a license to redistribute them.
+
+## 7. Disclaimer of warranties
+
+THE SOFTWARE IS PROVIDED **"AS IS"** AND **"AS AVAILABLE"**, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, AND NON-INFRINGEMENT. THE AUTHOR DOES NOT WARRANT THAT:
+
+- the Software will run without errors or interruption;
+- the conversion output will be complete, faithful, or lossless;
+- the Software complies with Medium's Terms of Service or with any other third party's terms;
+- the Software is fit for any particular regulatory environment.
+
+## 8. Limitation of liability
+
+TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOSS OF DATA, PROFITS, REVENUE, GOODWILL, OR ARTICLES, ARISING OUT OF OR IN CONNECTION WITH THE SOFTWARE, REGARDLESS OF THE LEGAL THEORY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+## 9. Indemnification
+
+You agree to defend, indemnify, and hold harmless the Author from and against any claim, demand, action, loss, or expense (including reasonable attorneys' fees) arising out of or related to:
+
+- your breach of these Terms;
+- your breach of Medium's Terms of Service through use of the Software;
+- your infringement of any copyright, trade secret, or other right of any third party;
+- your use of the Software in any manner that is unlawful in your jurisdiction.
+
+## 10. No support obligation
+
+The Software is offered as a personal open-source project. The Author has no obligation to provide support, fix bugs, accept patches, answer questions, or maintain compatibility with future versions of Medium's API or website. Issues and pull requests on GitHub are reviewed on a best-effort, non-binding basis.
+
+## 11. Modifications & termination
+
+The Author may modify these Terms at any time by publishing a new version in the repository. Material changes are signaled by bumping the `Terms` version string in `lib/Terms.rb`; on the next run, the CLI will print the updated summary and require fresh acceptance before proceeding.
+
+The Author may, at any time and without notice, suspend, archive, or remove the Software (including unpublishing the gem from RubyGems and archiving the GitHub repository). You will not be entitled to any compensation if this occurs.
+
+## 12. Governing law & dispute resolution
+
+The Software is provided **as-is** under the MIT License. **No specific jurisdiction is asserted.** Disputes arising from your use of the Software are governed by the law of the jurisdiction in which **you** reside, applied to the MIT License's existing "AS IS" provisions and to the disclaimers in Sections 7 – 9 above. The Author has no obligation to litigate, defend, or appear in any forum, and reserves the right to do nothing in response to any claim.
+
+Where mandatory consumer-protection or copyright law of your jurisdiction grants you rights that cannot be waived by these Terms, those rights are unaffected.
+
+## 13. Severability
+
+If any provision of these Terms is held invalid or unenforceable by a court of competent jurisdiction, that provision will be limited or removed to the minimum extent necessary, and the remainder of the Terms will continue in full force.
+
+## 14. Contact
+
+The only supported channel for questions, takedown notices, or legal inquiries about the Software itself is GitHub Issues:
+
+> [https://github.com/ZhgChgLi/ZMediumToMarkdown/issues](https://github.com/ZhgChgLi/ZMediumToMarkdown/issues)
+
+For concerns about specific Medium articles or accounts, contact Medium directly — the Author does not host, store, or distribute Medium content.
+
+---
+
+**Last updated:** 2026-05-10
+**Version:** `v1`

data/bin/ZMediumToMarkdown

@@ -14,8 +14,11 @@ quietBanner = ARGV.include?('--stdout') || ARGV.include?('--list')
 bannerOut = quietBanner ? $stderr : $stdout
 
 begin
-    bannerOut.puts "#https://github.com/ZhgChgLi/ZMediumToMarkdown"
-    bannerOut.puts "You have read and agree with the Disclaimer."
+    # Note: The first-run Terms-of-Use prompt + acceptance machinery now
+    # lives in `lib/Terms.rb` and is triggered from `CLI.main` only when the
+    # invocation actually contacts Medium. The previous unconditional
+    # "You have read and agree with the Disclaimer." line was removed — it
+    # implied consent that hadn't actually been collected.
 
     CLI.main(ARGV)
 

data/lib/CLI.rb

@@ -7,6 +7,7 @@ require 'PathPolicy'
 require 'Request'
 require 'CookieCache'
 require 'ChromeAuth'
+require 'Terms'
 
 # All CLI-side concerns for the `ZMediumToMarkdown` executable. Pulled out
 # of bin/ so it can be exercised by unit tests without spawning processes.
@@ -21,8 +22,19 @@ module CLI
         argv = argv.dup
         argv << '-h' if argv.empty?
 
+        # Strip --accept-terms / --decline-terms before OptionParser sees them
+        # (it would otherwise raise InvalidOption on these unknown flags).
+        Terms.consumeFlags!(argv, errput: errput)
+
         options = parseArgs(argv, errput: errput)
         loadCookies!
+
+        # Only block on Terms when the run will actually contact Medium.
+        # --help / --version / --clean / --new stay quick.
+        if willHitMedium?(options)
+            Terms.ensureAccepted!(errput: errput, input: $stdin)
+        end
+
         warnAboutMissingSetup(options, errput: errput)
         run(options, cwd, output: output, errput: errput)
     end

data/lib/Terms.rb

@@ -0,0 +1,127 @@
+require 'fileutils'
+require 'time'
+
+# First-run consent gate for ZMediumToMarkdown.
+#
+# Workflow (priority high → low):
+#   1. CLI flag `--accept-terms` (or `--decline-terms`)  consumed before
+#      OptionParser, so it never sees them.
+#   2. ENV var ZMTM_TOS_ACCEPTED=1                       persistent CI escape.
+#   3. Local marker file ~/.zmediumtomarkdown/.tos-vN    written on first
+#      interactive accept.
+#   4. Otherwise: print the summary and prompt on a TTY; refuse to run on
+#      a non-TTY (so a piped invocation can't accidentally bypass).
+#
+# Bumping `VERSION` invalidates every existing marker file, forcing every
+# user to re-read and re-accept the new Terms.
+module Terms
+    VERSION       = 'v1'.freeze
+    ENV_OPT_IN    = 'ZMTM_TOS_ACCEPTED'.freeze
+    ACCEPT_FLAG   = '--accept-terms'.freeze
+    DECLINE_FLAG  = '--decline-terms'.freeze
+
+    TERMS_URL   = 'https://github.com/ZhgChgLi/ZMediumToMarkdown/blob/main/TERMS.md'.freeze
+    PRIVACY_URL = 'https://github.com/ZhgChgLi/ZMediumToMarkdown/blob/main/PRIVACY.md'.freeze
+
+    module_function
+
+    def acceptDir
+        File.join(Dir.home, '.zmediumtomarkdown')
+    end
+
+    def acceptPath(version = VERSION)
+        File.join(acceptDir, ".tos-#{version}-accepted")
+    end
+
+    # Strips --accept-terms / --decline-terms out of argv (in place) before
+    # OptionParser sees them. Side effects: writing the marker on accept,
+    # SystemExit on decline.
+    def consumeFlags!(argv, errput: $stderr)
+        if argv.delete(DECLINE_FLAG)
+            errput.puts 'Terms declined. Exiting.'
+            raise SystemExit.new(2)
+        end
+
+        if argv.delete(ACCEPT_FLAG)
+            writeAcceptance!
+            errput.puts "Terms #{VERSION} accepted (see #{acceptPath})."
+        end
+    end
+
+    # Block until the user has explicitly accepted these Terms. Called
+    # before any network operation (see CLI#main).
+    def ensureAccepted!(errput: $stderr, input: $stdin)
+        return if alreadyAccepted?
+
+        printSummary(errput)
+
+        unless input.respond_to?(:tty?) && input.tty?
+            errput.puts <<~MSG.chomp
+
+                [!] Cannot prompt for consent on a non-interactive stream.
+                    Run this command in a terminal once, or set #{ENV_OPT_IN}=1,
+                    or pass #{ACCEPT_FLAG} on the command line.
+            MSG
+            raise SystemExit.new(2)
+        end
+
+        errput.print "Type 'yes' to accept and continue: "
+        answer = input.gets
+        answer = answer.to_s.strip.downcase
+
+        if answer == 'yes' || answer == 'y'
+            writeAcceptance!
+            errput.puts "Accepted. (Marker written to #{acceptPath})"
+        else
+            errput.puts 'Declined. Exiting.'
+            raise SystemExit.new(2)
+        end
+    end
+
+    def alreadyAccepted?
+        return true if ENV[ENV_OPT_IN].to_s == '1'
+        File.exist?(acceptPath)
+    end
+
+    def writeAcceptance!
+        FileUtils.mkdir_p(acceptDir)
+        File.write(acceptPath, "accepted_at: #{Time.now.utc.iso8601}\nversion: #{VERSION}\n")
+    rescue StandardError => e
+        # Don't crash if the home directory is read-only — env var still works.
+        warn "[Terms] Could not write acceptance marker (#{e.class}: #{e.message}). " \
+             "Re-prompt will appear next run unless #{ENV_OPT_IN}=1."
+    end
+
+    def printSummary(io)
+        io.puts <<~MSG
+            ────────────────────────────────────────────────────────────────────
+            ZMediumToMarkdown — first-run notice  (Terms #{VERSION})
+            ────────────────────────────────────────────────────────────────────
+            Medium's Terms of Service forbid automated access to its Services,
+            including via browser plugins, scripts, and CLI tools like this one.
+
+            Use of this tool may conflict with Medium's ToS. You are using it
+            AT YOUR OWN RISK. The author (ZhgChgLi) accepts no liability for
+            your use, including any account suspension, IP block, or legal
+            claim by Medium or by the original article authors.
+
+            By continuing you agree to:
+              • only convert articles you have legitimate access to read,
+              • respect the original author's copyright when redistributing,
+              • not use this tool for mass scraping or commercial redistribution.
+
+            Read the full Terms : #{TERMS_URL}
+            Read the Privacy    : #{PRIVACY_URL}
+
+            (To bypass this prompt non-interactively, set #{ENV_OPT_IN}=1
+             or pass #{ACCEPT_FLAG} once.)
+            ────────────────────────────────────────────────────────────────────
+        MSG
+    end
+
+    # One-line reminder used by CLI banners, after the Terms have been
+    # accepted. Kept short.
+    def acceptedBannerLine
+        "ℹ  By using this tool you agreed to the Terms (#{VERSION}) — #{TERMS_URL}"
+    end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ZMediumToMarkdown
 version: !ruby/object:Gem::Version
-  version: 3.7.0
+  version: 4.0.0
 platform: ruby
 authors:
 - ZhgChgLi
@@ -115,6 +115,10 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- LICENSE
+- PRIVACY.md
+- README.md
+- TERMS.md
 - bin/ZMediumToMarkdown
 - lib/CLI.rb
 - lib/ChromeAuth.rb
@@ -148,6 +152,7 @@ files:
 - lib/Queries/UserFollowersQuery.graphql
 - lib/Queries/UserProfileQuery.graphql
 - lib/Request.rb
+- lib/Terms.rb
 - lib/User.rb
 - lib/ZMediumFetcher.rb
 homepage: https://github.com/ZhgChgLi/ZMediumToMarkdown